GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-08-12 21:24:29 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD502HJ rev.1AJ100E4 465,76GB Running: jvjorh10.exe; Driver: C:\Users\Wilk\AppData\Local\Temp\kxldqpoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1664] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076148791 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1664] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000769f1465 2 bytes [9F, 76] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1664] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000769f14bb 2 bytes [9F, 76] .text ... * 2 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000769f1465 2 bytes [9F, 76] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769f14bb 2 bytes [9F, 76] .text ... * 2 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000769f1465 2 bytes [9F, 76] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769f14bb 2 bytes [9F, 76] .text ... * 2 ? C:\Windows\system32\mssprxy.dll [2784] entry point in ".rdata" section 00000000745971e6 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3644] C:\Windows\syswow64\USER32.dll!GetMenu + 388 0000000075e75835 7 bytes JMP 0000000110053ac0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3644] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW + 104 0000000075e79662 7 bytes JMP 0000000110053bf0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3644] C:\Windows\syswow64\USER32.dll!SendMessageA + 81 0000000075e8ef45 7 bytes JMP 0000000110053c10 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3644] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA + 199 0000000075ebfe28 7 bytes JMP 0000000110053c60 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3644] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW + 52 0000000075ebfe61 7 bytes JMP 0000000110053d30 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3644] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 31 0000000075ebfe85 7 bytes JMP 0000000110053ce0 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [3264:2536] 000007fef06e9688 ---- Processes - GMER 2.1 ---- Library C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1824] (GG drive overlay/GG Network S.A.)(2013-01-22 20:38:08) 000000005c080000 ---- EOF - GMER 2.1 ----