GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-07-03 19:46:42
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST500DM002-1BD142 rev.KC48 465,76GB
Running: hxjb0srk.exe; Driver: C:\Users\xyz\AppData\Local\Temp\ugddypob.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 674                                                                                                         fffff80002db5092 4 bytes [00, 00, 00, 00]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 681                                                                                                         fffff80002db5099 9 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Windows\system32\wininit.exe[704] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                 0000000076bbef8d 1 byte [62]
.text     C:\Windows\system32\services.exe[760] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                0000000076bbef8d 1 byte [62]
.text     C:\Windows\system32\winlogon.exe[792] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                0000000076bbef8d 1 byte [62]
.text     C:\Windows\System32\svchost.exe[624] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                 0000000076bbef8d 1 byte [62]
.text     C:\Windows\system32\svchost.exe[532] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                 0000000076bbef8d 1 byte [62]
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1576] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                   0000000075f6a2fd 1 byte [62]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1708] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                         0000000075f6a2fd 1 byte [62]
.text     C:\Windows\Explorer.EXE[2180] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                        0000000076bbef8d 1 byte [62]
.text     C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2808] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                               0000000076bbef8d 1 byte [62]
.text     C:\Windows\PixArt\Pac207\Monitor.exe[2540] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                           0000000075f6a2fd 1 byte [62]
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2628] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112       0000000075f6a2fd 1 byte [62]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2900] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                               0000000075f6a2fd 1 byte [62]
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2916] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                    0000000075f6a2fd 1 byte [62]
.text     C:\Windows\system32\wbem\wmiprvse.exe[2816] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                          0000000076bbef8d 1 byte [62]
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2192] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                    0000000075f6a2fd 1 byte [62]
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                  00000000760a1465 2 bytes [0A, 76]
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                 00000000760a14bb 2 bytes [0A, 76]
.text     ...                                                                                                                                                                        * 2
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[888] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                  0000000075f6a2fd 1 byte [62]
.text     C:\Windows\System32\svchost.exe[2456] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                0000000076bbef8d 1 byte [62]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2404] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                 0000000075f6a2fd 1 byte [62]
.text     C:\Users\xyz\Downloads\hxjb0srk.exe[3660] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                      0000000075f6a2fd 1 byte [62]
---- Processes - GMER 2.1 ----

Library   C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2180] (GG drive overlay/GG Network S.A.)(2013-12-18 16:19:19)                000000005c080000
Library   C:\Users\xyz\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2180] (GG drive menu/GG Network S.A.)(2013-11-22 18:16:47)  000000005ff80000

---- EOF - GMER 2.1 ----