GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-02-11 11:00:33
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GC00 465,76GB
Running: gmer.exe; Driver: C:\Users\ahcarb\AppData\Local\Temp\pwldipow.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[5520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                     00000000757a1465 2 bytes [7A, 75]
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[5520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                    00000000757a14bb 2 bytes [7A, 75]
.text    ...                                                                                                                                                            * 2
.text    C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[5540] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter + 1                                  0000000076d59b81 11 bytes {MOV EAX, 0xffffffffe34e6c68; INC BYTE [RDI]; ADD [RAX], AL; JMP RAX}
.text    C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[5540] C:\Windows\system32\ole32.dll!OleLoadFromStream                                                   000007fefed475f0 5 bytes JMP 000007fffeaf00d8
.text    C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[5540] C:\Windows\system32\OLEAUT32.dll!VariantClear                                                     000007fefeb01180 5 bytes JMP 000007fffeaf01b8
.text    C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[5540] C:\Windows\system32\OLEAUT32.dll!SysFreeString                                                    000007fefeb01320 7 bytes JMP 000007fffeaf0148
.text    C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[5540] C:\Windows\system32\OLEAUT32.dll!SysAllocStringByteLen                                            000007fefeb04450 6 bytes JMP 000007fffeaf0110
.text    C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[5540] C:\Windows\system32\OLEAUT32.dll!VariantChangeType                                                000007fefeb06720 10 bytes JMP 000007fffeaf0180
.text    C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\remcserver.exe[6080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                             00000000757a1465 2 bytes [7A, 75]
.text    C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\remcserver.exe[6080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                            00000000757a14bb 2 bytes [7A, 75]
.text    ...                                                                                                                                                            * 2
.text    C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exe[1012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                               00000000757a1465 2 bytes [7A, 75]
.text    C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exe[1012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                              00000000757a14bb 2 bytes [7A, 75]
.text    ...                                                                                                                                                            * 2
.text    C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\MainApp.exe[4072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                00000000757a1465 2 bytes [7A, 75]
.text    C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\MainApp.exe[4072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                               00000000757a14bb 2 bytes [7A, 75]
.text    ...                                                                                                                                                            * 2
---- Processes - GMER 2.1 ----

Library  C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1220] (GG drive overlay/GG Network S.A.)(2012-07-13 15:57:45)    000000005c080000
Library  C:\ProgramData\PLAY ONLINE\OnlineUpdate\mingwm10.dll (*** suspicious ***) @ C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe [2812]                             000000006fbc0000
Library  C:\ProgramData\PLAY ONLINE\OnlineUpdate\libgcc_s_dw2-1.dll (*** suspicious ***) @ C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe [2812](2012-08-22 00:58:02)  000000006e940000
Library  C:\ProgramData\PLAY ONLINE\OnlineUpdate\QtCore4.dll (*** suspicious ***) @ C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe [2812](2                            000000006a1c0000
Library  C:\ProgramData\PLAY ONLINE\OnlineUpdate\QtNetwork4.dll (*** suspicious ***) @ C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe [2812](2012-08-22 00:58:02)      000000006ff00000
Library  C:\ProgramData\PLAY ONLINE\OnlineUpdate\QueryStrategy.dll (*** suspicious ***) @ C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe [2812](2012-08-22 00:58:02)   000000006efc0000
Library  C:\ProgramData\PLAY ONLINE\OnlineUpdate\QtXml4.dll (*** suspicious ***) @ C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe [2812](201                           000000006ed40000
Library  C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (*** suspicious ***) @ C:\Windows\explorer.exe [3384] (GG drive overlay/GG Network S.A.)(2012-07-13 15:57:45)    000000005c080000
Process  C:\Users\ahcarb\AppData\Local\Temp\gmer\gmer.exe (*** suspicious ***) @ C:\Users\ahcarb\AppData\Local\Temp\gmer\gmer.exe [1796](2014-                          0000000000400000

---- EOF - GMER 2.1 ----