GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-07-16 17:51:07 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000029 WDC_WD5000LPVX-60V0TT0 rev.01.01A01 465,76GB Running: r33ps6un.exe; Driver: C:\Users\Joanna\AppData\Local\Temp\pgldipow.sys ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2592] @ C:\WINDOWS\SYSTEM32\BROWCLI.DLL[msvcrt.dll!??3@YAXPEAX@Z] [0] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2592] @ C:\WINDOWS\SYSTEM32\BROWCLI.DLL[msvcrt.dll!??1type_info@@UEAA@XZ] [0] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2592] @ C:\WINDOWS\SYSTEM32\BROWCLI.DLL[msvcrt.dll!memcpy] [0] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2592] @ C:\WINDOWS\SYSTEM32\BROWCLI.DLL[msvcrt.dll!isdigit] [1d8] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2592] @ C:\WINDOWS\SYSTEM32\BROWCLI.DLL[msvcrt.dll!_wcsnicmp] [0] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2592] @ C:\WINDOWS\SYSTEM32\BROWCLI.DLL[msvcrt.dll!qsort] [c0aac3f8f0] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2592] @ C:\WINDOWS\SYSTEM32\BROWCLI.DLL[msvcrt.dll!_itow_s] [c0aac3faf0] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2592] @ C:\WINDOWS\SYSTEM32\BROWCLI.DLL[msvcrt.dll!__RTDynamicCast] [c0aac3f860] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2592] @ C:\WINDOWS\SYSTEM32\BROWCLI.DLL[msvcrt.dll!strcpy_s] [0] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2592] @ C:\WINDOWS\SYSTEM32\BROWCLI.DLL[msvcrt.dll!wcscpy_s] [c0aac3f960] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2592] @ C:\WINDOWS\SYSTEM32\BROWCLI.DLL[msvcrt.dll!wcscat_s] [c0aac3fb40] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2592] @ C:\WINDOWS\SYSTEM32\BROWCLI.DLL[msvcrt.dll!strchr] [c0aac3f830] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2592] @ C:\WINDOWS\SYSTEM32\BROWCLI.DLL[msvcrt.dll!memset] [c0aab40f50] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2592] @ C:\WINDOWS\SYSTEM32\BROWCLI.DLL[msvcrt.dll!wcsncpy_s] [c0aac3f890] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2592] @ C:\WINDOWS\SYSTEM32\BROWCLI.DLL[msvcrt.dll!_initterm] [c0aac3fd70] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2592] @ C:\WINDOWS\SYSTEM32\BROWCLI.DLL[msvcrt.dll!malloc] [c0aac3fe90] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2592] @ C:\WINDOWS\SYSTEM32\BROWCLI.DLL[msvcrt.dll!free] [c0aac3fa10] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2592] @ C:\WINDOWS\SYSTEM32\BROWCLI.DLL[msvcrt.dll!_amsg_exit] [c0aac3fc90] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2592] @ C:\WINDOWS\SYSTEM32\BROWCLI.DLL[msvcrt.dll!_XcptFilter] [2c00c0a8c9d5a0] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2592] @ C:\WINDOWS\SYSTEM32\BROWCLI.DLL[msvcrt.dll!_wcsicmp] [0] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2592] @ C:\WINDOWS\SYSTEM32\BROWCLI.DLL[RPCRT4.dll!RpcStringBindingComposeW] [0] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2592] @ C:\WINDOWS\SYSTEM32\BROWCLI.DLL[RPCRT4.dll!NdrClientCall3] [0] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2592] @ C:\WINDOWS\SYSTEM32\BROWCLI.DLL[RPCRT4.dll!RpcBindingFromStringBindingW] [0] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2592] @ C:\WINDOWS\SYSTEM32\BROWCLI.DLL[RPCRT4.dll!I_RpcExceptionFilter] [0] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2592] @ C:\WINDOWS\SYSTEM32\BROWCLI.DLL[RPCRT4.dll!RpcStringFreeW] [0] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2592] @ C:\WINDOWS\SYSTEM32\BROWCLI.DLL[RPCRT4.dll!RpcBindingFree] [0] ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [648:672] fffff960008772d0 ---- Processes - GMER 2.1 ---- Library C:\Users\Joanna\AppData\Local\Temp\GUMF0D4.tmp\GoogleUpdate.exe (*** suspicious ***) @ C:\Users\Joanna\AppData\Local\Temp\GUMF0D4.tmp\GoogleUpdate.exe [2848] 00000000008c0000 Library C:\Users\Joanna\AppData\Local\Temp\GUMF0D4.tmp\goopdate.dll (*** suspicious ***) @ C:\Users\Joanna\AppData\Local\Temp\GUMF0D4.tmp\GoogleUpdate.exe [2848] 0000000069e50000 Library C:\Users\Joanna\AppData\Local\Temp\GUMF0D4.tmp\GoogleUpdateSetup.exe (*** suspicious ***) @ C:\Users\Joanna\AppData\Local\Temp\GUMF0D4.tmp\GoogleUpdateSetup.exe [4100] 0000000000c10000 Library C:\Program Files (x86)\GUM1218.tmp\GoogleUpdate.exe (*** suspicious ***) @ C:\Program Files (x86)\GUM1218.tmp\GoogleUpdate.exe [2420] 00000000000f0000 Library C:\Program Files (x86)\GUM1218.tmp\goopdate.dll (*** suspicious ***) @ C:\Program Files (x86)\GUM1218.tmp\GoogleUpdate.exe [2420] 00000000690e0000 ---- EOF - GMER 2.1 ----