GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-06-19 15:41:01 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HDS721010CLA332 rev.JP4OA3MA 931,51GB Running: 5zgeb7e9.exe; Driver: C:\Users\Admin\AppData\Local\Temp\uwddakob.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[552] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007732ef8d 1 byte [62] .text C:\Windows\system32\services.exe[620] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007732ef8d 1 byte [62] .text C:\Windows\system32\winlogon.exe[644] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007732ef8d 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[860] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007732ef8d 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[884] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a7a2fd 1 byte [62] .text C:\Windows\System32\svchost.exe[292] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007732ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[508] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007732ef8d 1 byte [62] .text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[1044] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a7a2fd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007732ef8d 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007732ef8d 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1924] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a7a2fd 1 byte [62] .text C:\Windows\SysWOW64\svchost.exe[1976] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a7a2fd 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1920] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a7a2fd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1812] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007732ef8d 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[2160] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a7a2fd 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[2160] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000074ba1a22 2 bytes [BA, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2160] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000074ba1ad0 2 bytes [BA, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2160] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000074ba1b08 2 bytes [BA, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2160] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000074ba1bba 2 bytes [BA, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2160] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000074ba1bda 2 bytes [BA, 74] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2664] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007732ef8d 1 byte [62] .text C:\Windows\Explorer.EXE[3524] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007732ef8d 1 byte [62] .text C:\Windows\System32\rundll32.exe[3688] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007732ef8d 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3732] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a7a2fd 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076281465 2 bytes [28, 76] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762814bb 2 bytes [28, 76] .text ... * 2 .text C:\Program Files (x86)\Vtune\TBPANEL.exe[3892] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a7a2fd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4044] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007732ef8d 1 byte [62] .text C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe[4072] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a7a2fd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\avastui.exe[3324] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075a58791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[3324] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a7a2fd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1272] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007732ef8d 1 byte [62] .text C:\Windows\system32\conhost.exe[3376] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007732ef8d 1 byte [62] .text C:\Windows\notepad.exe[2620] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007732ef8d 1 byte [62] .text C:\Users\Admin\Desktop\fixitpc\gmer\5zgeb7e9.exe[4368] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a7a2fd 1 byte [62] ---- Processes - GMER 2.1 ---- Library C:\Users\Admin\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [3524] (GG drive menu/GG Network S.A.)(201 000000005ff80000 ---- EOF - GMER 2.1 ----