GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-03-03 08:35:02 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKS-00V6A0 rev.05.01D05 465,76GB Running: 89z8tue4.exe; Driver: C:\Users\www\AppData\Local\Temp\uxrirpow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000761a1465 2 bytes [1A, 76] .text C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe[1224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761a14bb 2 bytes [1A, 76] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4440] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000761a1465 2 bytes [1A, 76] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4440] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761a14bb 2 bytes [1A, 76] .text ... * 2 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff8800193c870] \SystemRoot\system32\DRIVERS\360Box64.sys [.text] ---- Processes - GMER 2.1 ---- Library C:\Users\www\AppData\Local\FrenzyingReluctantly\ProcuringCooperators.dll (*** suspicious ***) @ C:\Windows\SysWOW64\rundll32.exe [2360](2016-02-01 07:45:40) 0000000010000000 Library C:\??\C:\Program Files (x86)\360\Total Security\safemon\SafeWrapper.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1572] 0000000073ef0000 ---- Registry - GMER 2.1 ---- Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\www\Downloads\Picasa\x00a03.9.0 Build 141.259.exe 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\www\Pictures\2015-11-21 dzis\Picasa\x00a03.exe 1 ---- EOF - GMER 2.1 ----