GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-04-18 00:51:34 Windows 6.3.9600 x64 \Device\Harddisk0\DR0 -> \Device\00000034 TOSHIBA_MQ01ABD075 rev.AX003J 698,64GB Running: gmer.exe; Driver: C:\Users\Pawel\AppData\Local\Temp\pglcyuow.sys ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [492:504] fffff960008112d0 ---- Processes - GMER 2.1 ---- Library C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (*** suspicious ***) @ C:\WINDOWS\Explorer.EXE [476] (GG drive overlay/GG Network S.A.)(2013-11-10 17:13:27) 000000005c080000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control@SystemStartOptions NOEXECUTE=OPTIN NUMPROC=4 HYPERVISORLAUNCHTYPE=OFF Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\MSBDD_AUO26EC0_01_07D9_65_1414_008D_FFFFFFFF_FFFFFFFF_0^251F18ABC2BFCC1F4545F41AF078B6DB@Timestamp 0x53 0xE9 0x86 0xBA ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 732 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 4521780 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -2018013415 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 200 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 440429377 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 4707 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID d4137f79-5bb1-4666-a5a4-f6af0e7 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\amdsbs\Parameters\Device-1@RaidCount 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\e4d53ddffd43 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\e4d53ddffd43@742f68354f00 0x70 0x60 0x2F 0xA5 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\e4d53ddffd43@c488e533de0a 0x8D 0xCC 0x23 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\e4d53ddffd43@f49f544c0ac7 0xED 0xF9 0xBE 0x43 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@ReadyBootPlanAge 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\SynTP\Parameters@DetectTimeMS 1386 Reg HKLM\SYSTEM\CurrentControlSet\Services\UCX01000\Parameters\Wdf@TimeOfLastSqmLog 0xE6 0x0C 0x37 0x75 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0 Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\2@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\2@RwMask 0x64 0x62 0x03 0x00 ... ---- Files - GMER 2.1 ---- File C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\mpam-9636caf7.exe (size mismatch) 2646016/0 bytes executable ---- EOF - GMER 2.1 ----