GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2014-11-29 01:01:00 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002a WDC_WD5000LPVX-22V0TT0 rev.01.01A01 465,76GB Running: m57g1hli.exe; Driver: C:\Users\Kasia\AppData\Local\Temp\pgdiqpoc.sys ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\atiesrxx.exe[972] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff6efd169a 4 bytes [FD, 6E, FF, 7F] .text C:\WINDOWS\system32\atiesrxx.exe[972] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff6efd16a2 4 bytes [FD, 6E, FF, 7F] .text C:\WINDOWS\system32\atiesrxx.exe[972] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff6efd181a 4 bytes [FD, 6E, FF, 7F] .text C:\WINDOWS\system32\atiesrxx.exe[972] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff6efd1832 4 bytes [FD, 6E, FF, 7F] .text C:\WINDOWS\system32\atieclxx.exe[356] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff6efd169a 4 bytes [FD, 6E, FF, 7F] .text C:\WINDOWS\system32\atieclxx.exe[356] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff6efd16a2 4 bytes [FD, 6E, FF, 7F] .text C:\WINDOWS\system32\atieclxx.exe[356] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff6efd181a 4 bytes [FD, 6E, FF, 7F] .text C:\WINDOWS\system32\atieclxx.exe[356] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff6efd1832 4 bytes [FD, 6E, FF, 7F] .text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[2280] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007fff5c491f6a 4 bytes [49, 5C, FF, 7F] .text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[2280] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007fff5c491f82 4 bytes [49, 5C, FF, 7F] .text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[3360] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff6efd169a 4 bytes [FD, 6E, FF, 7F] .text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[3360] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff6efd16a2 4 bytes [FD, 6E, FF, 7F] .text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[3360] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff6efd181a 4 bytes [FD, 6E, FF, 7F] .text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[3360] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff6efd1832 4 bytes [FD, 6E, FF, 7F] .text C:\Users\Kasia\Desktop\FRST64.exe[3376] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007fff5c491f6a 4 bytes [49, 5C, FF, 7F] .text C:\Users\Kasia\Desktop\FRST64.exe[3376] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007fff5c491f82 4 bytes [49, 5C, FF, 7F] .text C:\Users\Kasia\Desktop\FRST64.exe[3376] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff6efd169a 4 bytes [FD, 6E, FF, 7F] .text C:\Users\Kasia\Desktop\FRST64.exe[3376] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff6efd16a2 4 bytes [FD, 6E, FF, 7F] .text C:\Users\Kasia\Desktop\FRST64.exe[3376] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff6efd181a 4 bytes [FD, 6E, FF, 7F] .text C:\Users\Kasia\Desktop\FRST64.exe[3376] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff6efd1832 4 bytes [FD, 6E, FF, 7F] ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [600:628] fffff9600095bb90 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----