Hi All,
I seem to have been infected with some malware. I'm running a Dell Inspiron laptop with Windows 8.1
I noticed my Chrome homepage had been changed to Vosteran.com and when I searched anything in Chrome it started taking me to Yahoo rather than google searches. Also, getting lots of ads and popups that don't normally happen.
I can't run a DDS search as it says its not compatible with Win 8.1, and the GMER one had to be run with just sections selected. Here's the log:
GMER 2.1.19357 - GMER - Rootkit Detector and Remover
Rootkit scan 2014-12-28 21:26:24
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000001d ST1000LM024_HN-M101MBB rev.2AR20004 931.51GB
Running: gmer.exe; Driver: C:\Users\Dom\AppData\Local\Temp\fxldapow.sys
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\system32\atiesrxx.exe[512] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe0ecb169a 4 bytes [CB, 0E, FE, 7F]
.text C:\WINDOWS\system32\atiesrxx.exe[512] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe0ecb16a2 4 bytes [CB, 0E, FE, 7F]
.text C:\WINDOWS\system32\atiesrxx.exe[512] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe0ecb181a 4 bytes [CB, 0E, FE, 7F]
.text C:\WINDOWS\system32\atiesrxx.exe[512] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe0ecb1832 4 bytes [CB, 0E, FE, 7F]
.text C:\WINDOWS\system32\atieclxx.exe[912] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe0ecb169a 4 bytes [CB, 0E, FE, 7F]
.text C:\WINDOWS\system32\atieclxx.exe[912] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe0ecb16a2 4 bytes [CB, 0E, FE, 7F]
.text C:\WINDOWS\system32\atieclxx.exe[912] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe0ecb181a 4 bytes [CB, 0E, FE, 7F]
.text C:\WINDOWS\system32\atieclxx.exe[912] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe0ecb1832 4 bytes [CB, 0E, FE, 7F]
.text C:\WINDOWS\Explorer.EXE[1424] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffe0ecb169a 4 bytes [CB, 0E, FE, 7F]
.text C:\WINDOWS\Explorer.EXE[1424] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffe0ecb16a2 4 bytes [CB, 0E, FE, 7F]
.text C:\WINDOWS\Explorer.EXE[1424] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ffe0ecb181a 4 bytes [CB, 0E, FE, 7F]
.text C:\WINDOWS\Explorer.EXE[1424] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ffe0ecb1832 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2068] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe0ecb169a 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2068] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe0ecb16a2 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2068] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe0ecb181a 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2068] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe0ecb1832 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2068] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffe03a01f6a 4 bytes [A0, 03, FE, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2068] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffe03a01f82 4 bytes [A0, 03, FE, 7F]
.text C:\Windows\system32\mfevtps.exe[2248] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffe0ecb169a 4 bytes [CB, 0E, FE, 7F]
.text C:\Windows\system32\mfevtps.exe[2248] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffe0ecb16a2 4 bytes [CB, 0E, FE, 7F]
.text C:\Windows\system32\mfevtps.exe[2248] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ffe0ecb181a 4 bytes [CB, 0E, FE, 7F]
.text C:\Windows\system32\mfevtps.exe[2248] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ffe0ecb1832 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2340] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe0ecb169a 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2340] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe0ecb16a2 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2340] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe0ecb181a 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2340] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe0ecb1832 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2740] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe0ecb169a 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2740] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe0ecb16a2 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2740] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe0ecb181a 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2740] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe0ecb1832 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2896] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe0ecb169a 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2896] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe0ecb16a2 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2896] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe0ecb181a 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2896] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe0ecb1832 4 bytes [CB, 0E, FE, 7F]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3744] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe0ecb169a 4 bytes [CB, 0E, FE, 7F]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3744] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe0ecb16a2 4 bytes [CB, 0E, FE, 7F]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3744] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe0ecb181a 4 bytes [CB, 0E, FE, 7F]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3744] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe0ecb1832 4 bytes [CB, 0E, FE, 7F]
.text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[3648] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffe0ecb169a 4 bytes [CB, 0E, FE, 7F]
.text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[3648] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffe0ecb16a2 4 bytes [CB, 0E, FE, 7F]
.text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[3648] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ffe0ecb181a 4 bytes [CB, 0E, FE, 7F]
.text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[3648] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ffe0ecb1832 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[5780] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffe0ecb169a 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[5780] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffe0ecb16a2 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[5780] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ffe0ecb181a 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[5780] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ffe0ecb1832 4 bytes [CB, 0E, FE, 7F]
.text c:\PROGRA~1\mcafee\VIRUSS~1\mcvsmap.exe[7900] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffe0ecb169a 4 bytes [CB, 0E, FE, 7F]
.text c:\PROGRA~1\mcafee\VIRUSS~1\mcvsmap.exe[7900] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffe0ecb16a2 4 bytes [CB, 0E, FE, 7F]
.text c:\PROGRA~1\mcafee\VIRUSS~1\mcvsmap.exe[7900] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ffe0ecb181a 4 bytes [CB, 0E, FE, 7F]
.text c:\PROGRA~1\mcafee\VIRUSS~1\mcvsmap.exe[7900] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ffe0ecb1832 4 bytes [CB, 0E, FE, 7F]
.text c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe[6596] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffe0ecb169a 4 bytes [CB, 0E, FE, 7F]
.text c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe[6596] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffe0ecb16a2 4 bytes [CB, 0E, FE, 7F]
.text c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe[6596] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ffe0ecb181a 4 bytes [CB, 0E, FE, 7F]
.text c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe[6596] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ffe0ecb1832 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files (x86)\Hold Page\bin\HoldPage.PurBrowse64.exe[316] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe0ecb169a 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files (x86)\Hold Page\bin\HoldPage.PurBrowse64.exe[316] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe0ecb16a2 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files (x86)\Hold Page\bin\HoldPage.PurBrowse64.exe[316] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe0ecb181a 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files (x86)\Hold Page\bin\HoldPage.PurBrowse64.exe[316] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe0ecb1832 4 bytes [CB, 0E, FE, 7F]
---- EOF - GMER 2.1 ----
Any help getting rid of it would be much appreciated.
Dom
I seem to have been infected with some malware. I'm running a Dell Inspiron laptop with Windows 8.1
I noticed my Chrome homepage had been changed to Vosteran.com and when I searched anything in Chrome it started taking me to Yahoo rather than google searches. Also, getting lots of ads and popups that don't normally happen.
I can't run a DDS search as it says its not compatible with Win 8.1, and the GMER one had to be run with just sections selected. Here's the log:
GMER 2.1.19357 - GMER - Rootkit Detector and Remover
Rootkit scan 2014-12-28 21:26:24
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000001d ST1000LM024_HN-M101MBB rev.2AR20004 931.51GB
Running: gmer.exe; Driver: C:\Users\Dom\AppData\Local\Temp\fxldapow.sys
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\system32\atiesrxx.exe[512] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe0ecb169a 4 bytes [CB, 0E, FE, 7F]
.text C:\WINDOWS\system32\atiesrxx.exe[512] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe0ecb16a2 4 bytes [CB, 0E, FE, 7F]
.text C:\WINDOWS\system32\atiesrxx.exe[512] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe0ecb181a 4 bytes [CB, 0E, FE, 7F]
.text C:\WINDOWS\system32\atiesrxx.exe[512] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe0ecb1832 4 bytes [CB, 0E, FE, 7F]
.text C:\WINDOWS\system32\atieclxx.exe[912] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe0ecb169a 4 bytes [CB, 0E, FE, 7F]
.text C:\WINDOWS\system32\atieclxx.exe[912] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe0ecb16a2 4 bytes [CB, 0E, FE, 7F]
.text C:\WINDOWS\system32\atieclxx.exe[912] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe0ecb181a 4 bytes [CB, 0E, FE, 7F]
.text C:\WINDOWS\system32\atieclxx.exe[912] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe0ecb1832 4 bytes [CB, 0E, FE, 7F]
.text C:\WINDOWS\Explorer.EXE[1424] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffe0ecb169a 4 bytes [CB, 0E, FE, 7F]
.text C:\WINDOWS\Explorer.EXE[1424] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffe0ecb16a2 4 bytes [CB, 0E, FE, 7F]
.text C:\WINDOWS\Explorer.EXE[1424] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ffe0ecb181a 4 bytes [CB, 0E, FE, 7F]
.text C:\WINDOWS\Explorer.EXE[1424] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ffe0ecb1832 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2068] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe0ecb169a 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2068] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe0ecb16a2 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2068] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe0ecb181a 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2068] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe0ecb1832 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2068] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffe03a01f6a 4 bytes [A0, 03, FE, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2068] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffe03a01f82 4 bytes [A0, 03, FE, 7F]
.text C:\Windows\system32\mfevtps.exe[2248] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffe0ecb169a 4 bytes [CB, 0E, FE, 7F]
.text C:\Windows\system32\mfevtps.exe[2248] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffe0ecb16a2 4 bytes [CB, 0E, FE, 7F]
.text C:\Windows\system32\mfevtps.exe[2248] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ffe0ecb181a 4 bytes [CB, 0E, FE, 7F]
.text C:\Windows\system32\mfevtps.exe[2248] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ffe0ecb1832 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2340] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe0ecb169a 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2340] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe0ecb16a2 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2340] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe0ecb181a 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2340] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe0ecb1832 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2740] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe0ecb169a 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2740] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe0ecb16a2 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2740] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe0ecb181a 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2740] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe0ecb1832 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2896] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe0ecb169a 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2896] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe0ecb16a2 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2896] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe0ecb181a 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2896] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe0ecb1832 4 bytes [CB, 0E, FE, 7F]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3744] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe0ecb169a 4 bytes [CB, 0E, FE, 7F]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3744] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe0ecb16a2 4 bytes [CB, 0E, FE, 7F]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3744] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe0ecb181a 4 bytes [CB, 0E, FE, 7F]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3744] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe0ecb1832 4 bytes [CB, 0E, FE, 7F]
.text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[3648] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffe0ecb169a 4 bytes [CB, 0E, FE, 7F]
.text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[3648] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffe0ecb16a2 4 bytes [CB, 0E, FE, 7F]
.text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[3648] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ffe0ecb181a 4 bytes [CB, 0E, FE, 7F]
.text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[3648] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ffe0ecb1832 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[5780] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffe0ecb169a 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[5780] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffe0ecb16a2 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[5780] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ffe0ecb181a 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[5780] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ffe0ecb1832 4 bytes [CB, 0E, FE, 7F]
.text c:\PROGRA~1\mcafee\VIRUSS~1\mcvsmap.exe[7900] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffe0ecb169a 4 bytes [CB, 0E, FE, 7F]
.text c:\PROGRA~1\mcafee\VIRUSS~1\mcvsmap.exe[7900] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffe0ecb16a2 4 bytes [CB, 0E, FE, 7F]
.text c:\PROGRA~1\mcafee\VIRUSS~1\mcvsmap.exe[7900] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ffe0ecb181a 4 bytes [CB, 0E, FE, 7F]
.text c:\PROGRA~1\mcafee\VIRUSS~1\mcvsmap.exe[7900] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ffe0ecb1832 4 bytes [CB, 0E, FE, 7F]
.text c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe[6596] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffe0ecb169a 4 bytes [CB, 0E, FE, 7F]
.text c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe[6596] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffe0ecb16a2 4 bytes [CB, 0E, FE, 7F]
.text c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe[6596] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ffe0ecb181a 4 bytes [CB, 0E, FE, 7F]
.text c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe[6596] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ffe0ecb1832 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files (x86)\Hold Page\bin\HoldPage.PurBrowse64.exe[316] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe0ecb169a 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files (x86)\Hold Page\bin\HoldPage.PurBrowse64.exe[316] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe0ecb16a2 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files (x86)\Hold Page\bin\HoldPage.PurBrowse64.exe[316] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe0ecb181a 4 bytes [CB, 0E, FE, 7F]
.text C:\Program Files (x86)\Hold Page\bin\HoldPage.PurBrowse64.exe[316] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe0ecb1832 4 bytes [CB, 0E, FE, 7F]
---- EOF - GMER 2.1 ----
Any help getting rid of it would be much appreciated.
Dom