GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-08-19 01:10:12 Windows 6.0.6000 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0 232,89GB Running: tg4886co.exe; Driver: C:\Users\babcia\AppData\Local\Temp\pwlyipog.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[2548] ntdll.dll!LdrLoadDll 7752EB00 5 Bytes JMP 6EA91980 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2548] kernel32.dll!ActivateActCtx + 2C 760C7379 7 Bytes JMP 5A174BDC C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2548] kernel32.dll!VirtualQuery + 24 760CD172 7 Bytes JMP 59EC72D1 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2548] kernel32.dll!VirtualAllocEx + 54 760E9BC5 7 Bytes JMP 5A175949 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2548] USER32.dll!CreateWindowExA 75DCD7C6 5 Bytes JMP 5A2617E3 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2548] USER32.dll!GetWindowInfo 75DD006A 5 Bytes JMP 5ACC59B1 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2548] USER32.dll!CreateWindowExW 75DD8588 5 Bytes JMP 59EA06F3 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2548] GDI32.dll!SetTextAlign + E6 772B7EEF 7 Bytes JMP 5A1744C6 C:\Program Files\Mozilla Firefox\xul.dll ---- Devices - GMER 2.2 ---- AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Processes - GMER 2.2 ---- Process (*** hidden *** ) [4] 8363A850 ---- Registry - GMER 2.2 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\x86_wpf-presentationhostexe_31bf3856ad364e35_0.0.0.0_none_93ce28fe 8481a6f@Package_9_for_KB948610~31bf3856ad364e35~x86~~6.0.6001.2123.948610-894_neutral_LDR 6.0.6000.20864@2 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\x86_wpf-presentationhostexe_31bf3856ad364e35_0.0.0.0_none_93ce28fe 8481a6f@Package_9_for_KB948610~31bf3856ad364e35~x86~~6.0.6001.2123.948610-895_neutral_GDR 6.0.6000.16708@2 ---- EOF - GMER 2.2 ----