GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-05-30 17:18:07 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKX-75U6AA0 rev.20.01H20 465,76GB Running: rhodi0hf.exe; Driver: C:\Users\Lareco\AppData\Local\Temp\pxldqpow.sys ---- Threads - GMER 2.2 ---- Thread C:\Windows\SysWOW64\svchost.exe [5332:5356] 00000000004314d0 Thread C:\Windows\SysWOW64\svchost.exe [5332:5360] 00000000004314d0 Thread C:\Windows\SysWOW64\svchost.exe [5332:5364] 00000000004314d0 Thread C:\Windows\SysWOW64\svchost.exe [5332:5368] 00000000004314d0 Thread C:\Windows\SysWOW64\svchost.exe [5332:5372] 00000000004314d0 Thread C:\Windows\SysWOW64\rundll32.exe [5380:5424] 00000000001e14d0 Thread C:\Windows\SysWOW64\rundll32.exe [5380:5428] 00000000001e14d0 Thread C:\Windows\SysWOW64\rundll32.exe [5380:5432] 00000000001e14d0 Thread C:\Windows\SysWOW64\rundll32.exe [5380:5436] 00000000001e14d0 Thread C:\Windows\SysWOW64\rundll32.exe [5380:5440] 00000000001e14d0 ---- Processes - GMER 2.2 ---- Library c:\programdata\package cache\{e01cb7f1-3e88-4450-1764-b3cc1e205c4a}v10.1.14393.795\installers\30daf459e79c5d26366654b1b482e87.cab:dp (*** suspicious ***) @ C:\Windows\SysWOW64\svchost.exe [5332](2017-05-24 10:10:20) 0000000010000000 Library C:\ProgramData\Package Cache\{E01CB7F1-3E88-4450-1764-B3CC1E205C4A}v10.1.14393.795\Installers\30daf459e79c5d26366654b1b482e87.cab:dp (*** suspicious ***) @ C:\Windows\SysWOW64\rundll32.exe [5380](2017-05-24 10:10:20) 0000000010000000 ---- Files - GMER 2.2 ---- ADS C:\ProgramData\Package Cache\{E01CB7F1-3E88-4450-1764-B3CC1E205C4A}v10.1.14393.795\Installers\30daf459e79c5d26366654b1b482e87.cab:dp 102912 bytes executable ---- EOF - GMER 2.2 ----