GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-04-22 15:23:50 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-9 ST3160812A rev.3.AAJ 149,05GB Running: gmer.exe; Driver: C:\Users\Mari\AppData\Local\Temp\kxldypod.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\ReducetheLag\reducethelag_v3_service.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077b81465 2 bytes [B8, 77] .text C:\Program Files (x86)\ReducetheLag\reducethelag_v3_service.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077b814bb 2 bytes [B8, 77] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2284] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075602ab1 5 bytes JMP 0000000101392ac0 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [4644:4960] 000007fef10b9688 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4688:4748] 000007fefbb72bf8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4688:4756] 000007fee7364830 ---- Processes - GMER 2.1 ---- Process C:\Users\Mari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windate.exe (*** suspicious ***) @ C:\Users\Mari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windate.exe [2704](2015-04-20 11:31:22) 0000000000400000 ---- EOF - GMER 2.1 ----