GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-10-22 11:44:11 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000005f ST950042 rev.0002 465,76GB Running: h53xdzsi.exe; Driver: C:\Users\3ESC\AppData\Local\Temp\aftcqaod.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Ray Adams\ATI Tray Tools\atitray.exe[1600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b01465 2 bytes [B0, 76] .text C:\Program Files (x86)\Ray Adams\ATI Tray Tools\atitray.exe[1600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b014bb 2 bytes [B0, 76] .text ... * 2 .text C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[2644] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000772249d7 5 bytes JMP 0000000102647b40 .text C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b01465 2 bytes [B0, 76] .text C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b014bb 2 bytes [B0, 76] .text ... * 2 .text C:\Program Files (x86)\msi\msi LED Manager\SLM.exe[3104] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryA 00000000772249d7 5 bytes JMP 0000000110007b40 .text C:\Program Files (x86)\msi\msi LED Manager\SLM.exe[3104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b01465 2 bytes [B0, 76] .text C:\Program Files (x86)\msi\msi LED Manager\SLM.exe[3104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b014bb 2 bytes [B0, 76] .text ... * 2 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3128] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000772249d7 5 bytes JMP 0000000100467b40 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b01465 2 bytes [B0, 76] .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b014bb 2 bytes [B0, 76] .text ... * 2 .text C:\Users\3ESC\Videos\h53xdzsi.exe[1616] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000772249d7 5 bytes JMP 0000000110007b40 .text C:\Users\3ESC\Videos\h53xdzsi.exe[1616] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b01465 2 bytes [B0, 76] .text C:\Users\3ESC\Videos\h53xdzsi.exe[1616] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b014bb 2 bytes [B0, 76] .text ... * 2 ---- Devices - GMER 2.1 ---- Device \Driver\atitray64 \Device\atitray fffffa800c04b9b8 ---- Processes - GMER 2.1 ---- Library C:\Users\3ESC\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1876] (GG drive menu/GG Network S.A.)(2014- 000000005ff80000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\6c626d1f321b Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\6c626d1f321b (not active ControlSet) ---- EOF - GMER 2.1 ----