GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-11-23 12:49:08 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK7575GSX rev.GT001M 698,64GB Running: ht7rgyx3.exe; Driver: C:\Users\Kasia\AppData\Local\Temp\fwddykob.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\SysWOW64\lkads.exe[2836] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000746c17fa 2 bytes CALL 76a511a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\lkads.exe[2836] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 00000000746c1860 2 bytes CALL 76a511a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\lkads.exe[2836] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 00000000746c1942 2 bytes JMP 76817089 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\lkads.exe[2836] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 00000000746c194d 2 bytes JMP 7681cba6 C:\Windows\syswow64\WS2_32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2872] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000769a1401 2 bytes JMP 76a7b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2872] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000769a1419 2 bytes JMP 76a7b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000769a1431 2 bytes JMP 76af9099 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000769a144a 2 bytes CALL 76a548ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2872] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769a14dd 2 bytes JMP 76af898f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2872] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769a14f5 2 bytes JMP 76af8b68 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2872] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000769a150d 2 bytes JMP 76af8885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2872] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000769a1525 2 bytes JMP 76af8c52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2872] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000769a153d 2 bytes JMP 76a6fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2872] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000769a1555 2 bytes JMP 76a76937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2872] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000769a156d 2 bytes JMP 76af9151 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2872] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000769a1585 2 bytes JMP 76af8cb2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2872] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000769a159d 2 bytes JMP 76af8849 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2872] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769a15b5 2 bytes JMP 76a6fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2872] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769a15cd 2 bytes JMP 76a7b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2872] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769a16b2 2 bytes JMP 76af9014 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2872] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769a16bd 2 bytes JMP 76af87de C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000769a1401 2 bytes JMP 76a7b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[3284] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000769a1419 2 bytes JMP 76a7b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000769a1431 2 bytes JMP 76af9099 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000769a144a 2 bytes CALL 76a548ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[3284] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769a14dd 2 bytes JMP 76af898f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769a14f5 2 bytes JMP 76af8b68 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[3284] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000769a150d 2 bytes JMP 76af8885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000769a1525 2 bytes JMP 76af8c52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000769a153d 2 bytes JMP 76a6fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[3284] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000769a1555 2 bytes JMP 76a76937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000769a156d 2 bytes JMP 76af9151 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000769a1585 2 bytes JMP 76af8cb2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[3284] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000769a159d 2 bytes JMP 76af8849 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769a15b5 2 bytes JMP 76a6fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769a15cd 2 bytes JMP 76a7b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769a16b2 2 bytes JMP 76af9014 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[3284] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769a16bd 2 bytes JMP 76af87de C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3400] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000769a1401 2 bytes JMP 76a7b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3400] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000769a1419 2 bytes JMP 76a7b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000769a1431 2 bytes JMP 76af9099 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000769a144a 2 bytes CALL 76a548ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3400] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769a14dd 2 bytes JMP 76af898f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3400] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769a14f5 2 bytes JMP 76af8b68 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3400] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000769a150d 2 bytes JMP 76af8885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3400] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000769a1525 2 bytes JMP 76af8c52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3400] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000769a153d 2 bytes JMP 76a6fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3400] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000769a1555 2 bytes JMP 76a76937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3400] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000769a156d 2 bytes JMP 76af9151 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3400] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000769a1585 2 bytes JMP 76af8cb2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3400] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000769a159d 2 bytes JMP 76af8849 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3400] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769a15b5 2 bytes JMP 76a6fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3400] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769a15cd 2 bytes JMP 76a7b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3400] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769a16b2 2 bytes JMP 76af9014 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3400] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769a16bd 2 bytes JMP 76af87de C:\Windows\syswow64\kernel32.dll ? C:\Windows\system32\mssprxy.dll [3400] entry point in ".rdata" section 00000000739c71e6 .text C:\Windows\SysWOW64\lkcitdl.exe[4396] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000746c17fa 2 bytes CALL 76a511a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\lkcitdl.exe[4396] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 00000000746c1860 2 bytes CALL 76a511a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\lkcitdl.exe[4396] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 00000000746c1942 2 bytes JMP 76817089 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\lkcitdl.exe[4396] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 00000000746c194d 2 bytes JMP 7681cba6 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\lktsrv.exe[4864] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000746c17fa 2 bytes CALL 76a511a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\lktsrv.exe[4864] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 00000000746c1860 2 bytes CALL 76a511a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\lktsrv.exe[4864] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 00000000746c1942 2 bytes JMP 76817089 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\lktsrv.exe[4864] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 00000000746c194d 2 bytes JMP 7681cba6 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\system32\SearchIndexer.exe[6492] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f5c0b0 5 bytes JMP 00000000770c0128 .text C:\Windows\system32\SearchIndexer.exe[6492] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f5c1d0 5 bytes JMP 00000000770c0018 .text C:\Windows\system32\SearchIndexer.exe[6492] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f5c350 5 bytes JMP 00000000770c01b0 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[6700] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007710fc50 5 bytes JMP 000000016f4519d0 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[6700] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007710fe14 5 bytes JMP 000000016f4515f0 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[6700] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077110068 5 bytes JMP 000000016f451bb0 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[6700] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076a63be3 5 bytes JMP 000000016f451760 .text C:\Windows\system32\svchost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f5c0b0 5 bytes JMP 0000000176f00128 .text C:\Windows\system32\svchost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f5c1d0 5 bytes JMP 0000000176f00018 .text C:\Windows\system32\svchost.exe[6184] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f5c350 5 bytes JMP 0000000176f001b0 .text C:\Windows\system32\svchost.exe[6184] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076d0dae0 5 bytes JMP 0000000076f000a0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7068] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007710fc50 5 bytes JMP 000000016f4519d0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7068] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007710fe14 5 bytes JMP 000000016f4515f0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7068] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077110068 5 bytes JMP 000000016f451bb0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7068] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076a63be3 5 bytes JMP 000000016f451760 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6044] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007710fc50 5 bytes JMP 000000016f4519d0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6044] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007710fe14 5 bytes JMP 000000016f4515f0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6044] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077110068 5 bytes JMP 000000016f451bb0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6044] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076a63be3 5 bytes JMP 000000016f451760 .text C:\Windows\servicing\TrustedInstaller.exe[7592] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f5c0b0 5 bytes JMP 00000000770c0128 .text C:\Windows\servicing\TrustedInstaller.exe[7592] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f5c1d0 5 bytes JMP 00000000770c0018 .text C:\Windows\servicing\TrustedInstaller.exe[7592] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f5c350 5 bytes JMP 00000000770c01b0 .text C:\Windows\servicing\TrustedInstaller.exe[7592] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076d0dae0 5 bytes JMP 00000000770c00a0 .text C:\Windows\System32\svchost.exe[7620] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f5c0b0 5 bytes JMP 0000000176f00128 .text C:\Windows\System32\svchost.exe[7620] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f5c1d0 5 bytes JMP 0000000176f00018 .text C:\Windows\System32\svchost.exe[7620] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f5c350 5 bytes JMP 0000000176f001b0 .text C:\Windows\System32\svchost.exe[7620] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076d0dae0 5 bytes JMP 0000000076f000a0 ---- Processes - GMER 2.1 ---- Process C:\Users\Kasia\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe (*** suspicious ***) @ C:\Users\Kasia\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe [4196](2012-07-24 18:26:54) 00000000001f0000 Library C:\Users\Kasia\AppData\Local\Programs\TouchFreeze\TouchFreeze.dll (*** suspicious ***) @ C:\Users\Kasia\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe [4196](2012-07-24 18:26:54) 000000006fd00000 Library C:\ProgramData\National Instruments\WebServices\NI\LVWSSysAdmin\sysadminsvc.dll (*** suspicious ***) @ D:\MultiSim\Shared\NI WebServer\SystemWebServer.exe [5508] (Web Services System Admin Service/National Instruments Corporation)(2014-11-21 10:36:04) 0000000001fe0000 Library C:\ProgramData\National Instruments\WebServices\NI\LVWSDeploySvc\deploysvc.dll (*** suspicious ***) @ D:\MultiSim\Shared\NI WebServer\ApplicationWebServer.exe [5820] (Web Services Deployment Service/National Instruments Corporation)(2014-10-27 12:34:48) 0000000001e30000 Library C:\ProgramData\National Instruments\WebServices\NI\LVWSSysAdmin\sysadminsvc.dll (*** suspicious ***) @ D:\MultiSim\Shared\NI WebServer\ApplicationWebServer.exe [5820] (Web Services System Admin Service/National Instruments Corporation)(2014-11-21 10:36:04) 0000000001e90000 Library C:\ProgramData\National Instruments\WebServices\NI\LVWSAuthSvc\niauthsvc.dll (*** suspicious ***) @ D:\MultiSim\Shared\NI WebServer\NIWebServiceContainer.exe [5836] (NI Authentication Web Service/National Instruments Corporation)(2014-10-27 12:21:32) 0000000000270000 Library C:\ProgramData\National Instruments\WebServices\NI\LVWSAuthSvc\niauthsvc.dll (*** suspicious ***) @ D:\MultiSim\Shared\NI WebServer\NIWebServiceContainer.exe [1704] (NI Authentication Web Service/National Instruments Corporation)(2014-10-27 12:21:32) 00000000003d0000 ---- EOF - GMER 2.1 ----