GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-11-29 22:37:36 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HDT725032VLA360 rev.V54OA7EA 298,09GB Running: nyx16yed.exe; Driver: C:\Users\Robert\AppData\Local\Temp\uwrdypob.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\Explorer.EXE[300] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b01650 5 bytes JMP 0000000077c60018 .text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077cafe14 5 bytes JMP 0000000175401000 .text C:\Windows\system32\SearchIndexer.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b01650 5 bytes JMP 0000000077c60018 .text C:\Users\Robert\Desktop\nyx16yed.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077cafe14 5 bytes JMP 0000000175401000 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [1112:1436] 000007fef9fc331c Thread C:\Windows\System32\svchost.exe [1112:1444] 000007fefa5dffc0 Thread C:\Windows\System32\svchost.exe [1112:2528] 000007fef81844e0 Thread C:\Windows\System32\svchost.exe [1112:2148] 000007fef84288f8 Thread C:\Windows\system32\svchost.exe [1156:2760] 000007fef78a0ea8 Thread C:\Windows\system32\svchost.exe [1156:2772] 000007fef7899db0 Thread C:\Windows\system32\svchost.exe [1156:2840] 000007fef789aa10 Thread C:\Windows\system32\svchost.exe [1156:2852] 000007fef78a1c94 Thread C:\Windows\system32\svchost.exe [1192:4316] 000007fef9f54164 Thread C:\Windows\system32\svchost.exe [1520:1572] 000007fef9b2341c Thread C:\Windows\system32\svchost.exe [1520:1580] 000007fef9b23a2c Thread C:\Windows\system32\svchost.exe [1520:1584] 000007fef9b25c20 Thread C:\Windows\system32\svchost.exe [1520:1588] 000007fef9b23768 Thread C:\Windows\system32\svchost.exe [1520:1944] 000007fef9b23900 Thread C:\Windows\system32\svchost.exe [1520:1136] 000007fef846bd88 Thread C:\Windows\system32\svchost.exe [1520:2884] 000007fef6fb5170 Thread C:\Windows\system32\svchost.exe [1520:3652] 000007fef8315124 Thread C:\Windows\System32\spoolsv.exe [1680:2436] 000007fef72210c8 Thread C:\Windows\System32\spoolsv.exe [1680:2460] 000007fef6f66144 Thread C:\Windows\System32\spoolsv.exe [1680:2464] 000007fef8535fd0 Thread C:\Windows\System32\spoolsv.exe [1680:2468] 000007fef6ed3438 Thread C:\Windows\System32\spoolsv.exe [1680:2472] 000007fef85363ec Thread C:\Windows\System32\spoolsv.exe [1680:2512] 000007fef7355e5c Thread C:\Windows\system32\svchost.exe [1708:1740] 000007fefc1f1a70 Thread C:\Windows\system32\svchost.exe [1708:1744] 000007fefc1f1a70 Thread C:\Windows\system32\svchost.exe [1708:1768] 000007fefc1f1a70 Thread C:\Windows\system32\svchost.exe [1708:1792] 000007fef8ce2c70 Thread C:\Windows\system32\svchost.exe [1708:1816] 000007fef8cefb40 Thread C:\Windows\system32\svchost.exe [1708:1828] 000007fef8d01d20 Thread C:\Windows\system32\svchost.exe [1708:1832] 000007fef8cef6f0 Thread C:\Windows\system32\svchost.exe [1708:1256] 000007fef89435c0 Thread C:\Windows\system32\svchost.exe [1708:2748] 000007fef8945600 Thread C:\Windows\system32\svchost.exe [1708:2808] 000007fef6492940 Thread C:\Windows\system32\svchost.exe [1708:2816] 000007fef6462888 Thread C:\Windows\system32\svchost.exe [1708:2820] 000007fef6462a40 Thread C:\Windows\system32\svchost.exe [2044:1928] 000007fef8535fd0 Thread C:\Windows\system32\svchost.exe [2044:1964] 000007fef85363ec Thread C:\Windows\system32\svchost.exe [2044:1404] 000007fef14f8470 Thread C:\Windows\system32\svchost.exe [2044:1544] 000007fef1502418 Thread C:\Windows\system32\svchost.exe [2044:1252] 000007fef19ef130 Thread C:\Windows\system32\svchost.exe [2044:1148] 000007fef19e4734 Thread C:\Windows\system32\svchost.exe [2044:2036] 000007fef19e4734 Thread C:\Windows\system32\taskhost.exe [2316:2480] 000007fefa671010 Thread C:\Windows\system32\taskhost.exe [2316:4040] 000007fef6fb5170 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3920:3688] 000007fefac42bf8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3920:3720] 000007fef0204830 ---- Processes - GMER 2.1 ---- Library C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [300] (GG drive overlay/GG Network S.A.)(2012-05-25 01:03:09) 000000005c080000 ---- EOF - GMER 2.1 ----