GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-02-06 19:19:55 Windows 6.3.9600 x64 \Device\Harddisk1\DR1 -> \Device\0000002c WDC_WD2500AAJS-22L7A0 rev.01.03E01 232,88GB Running: jzis8frx.exe; Driver: C:\Users\User\AppData\Local\Temp\fxldypow.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\ntoskrnl.exe!NtCallbackReturn + 960 fffff80054d65a00 12 bytes [80, 1F, AE, FF, 82, 28, 5E, ...] .text C:\WINDOWS\system32\ntoskrnl.exe!NtCallbackReturn + 973 fffff80054d65a0d 23 bytes [9C, 57, 02, 00, C4, FF, FF, ...] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\Explorer.EXE[436] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffcd1af169a 4 bytes [AF, D1, FC, 7F] .text C:\WINDOWS\Explorer.EXE[436] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffcd1af16a2 4 bytes [AF, D1, FC, 7F] .text C:\WINDOWS\Explorer.EXE[436] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffcd1af181a 4 bytes [AF, D1, FC, 7F] .text C:\WINDOWS\Explorer.EXE[436] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffcd1af1832 4 bytes [AF, D1, FC, 7F] ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [476:492] fffff9600083c4d0 ---- Processes - GMER 2.1 ---- Library C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (*** suspicious ***) @ C:\WINDOWS\Explorer.EXE [436] (GG drive overlay/GG Network S.A.)(2013-02-02 10:07:07) 000000005c080000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control@SystemStartOptions NOEXECUTE=OPTIN Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\MSBDD_NOEDID_1414_008D_FFFFFFFF_FFFFFFFF_0^CC77560BC3634A486857716562968286@Timestamp 0x54 0xBA 0x0F 0x0B ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 760 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 4522256 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -14599157 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 186 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 403711361 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 12747 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 93fd8c39-4590-488c-b249-fbb169f Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\amdsbs\Parameters\Device-1@RaidCount 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0 Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1 ---- EOF - GMER 2.1 ----