GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-02-11 22:42:46 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EADS-00M2B0 rev.01.00A01 931,51GB Running: 52l1qixi.exe; Driver: C:\Users\Ann\AppData\Local\Temp\pwldrpow.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[632] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756eecd 1 byte [62] .text C:\Windows\system32\services.exe[692] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756eecd 1 byte [62] .text C:\Windows\system32\winlogon.exe[756] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[864] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[972] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756eecd 1 byte [62] .text C:\Windows\system32\atiesrxx.exe[300] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[412] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[564] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[420] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[824] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1272] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756eecd 1 byte [62] .text C:\Windows\Explorer.EXE[1564] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756eecd 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1888] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1916] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756eecd 1 byte [62] .text C:\Windows\system32\taskhost.exe[1980] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756eecd 1 byte [62] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1376] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756eecd 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2252] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756eecd 1 byte [62] .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[2416] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076caa2ba 1 byte [62] .text C:\Windows\system32\svchost.exe[2504] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756eecd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2716] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076caa2ba 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2728] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076caa2ba 1 byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[2816] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756eecd 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[2920] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756eecd 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2060] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076caa2ba 1 byte [62] .text C:\Windows\system32\svchost.exe[2104] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756eecd 1 byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3164] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[3556] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756eecd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[992] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076caa2ba 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3792] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076caa2ba 1 byte [62] .text C:\Windows\system32\AUDIODG.EXE[2796] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 000000007756eecd 1 byte [62] .text C:\Windows\notepad.exe[3196] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756eecd 1 byte [62] .text C:\Users\Ann\Desktop\52l1qixi.exe[4260] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076caa2ba 1 byte [62] ---- Processes - GMER 2.1 ---- Library C:\Users\Ann\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1564] (GG drive menu/GG Network S.A.)(2014-01 000000005ff80000 ---- EOF - GMER 2.1 ----