GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-02-26 17:27:22 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L Running: 02h9xc12.exe; Driver: C:\Users\Damian\AppData\Local\Temp\awrdrpog.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002dfc000 45 bytes [00, 00, 1B, 02, 4D, 6D, 43, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff80002dfc02f 16 bytes [00, 05, 00, 00, 00, 00, 00, ...] ? C:\Windows\system32\DRIVERS\Jula.sys [0] entry point in "init" section fffff8800699a010 ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3232] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075071465 2 bytes [07, 75] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3232] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000750714bb 2 bytes [07, 75] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [660:1284] 000007fef9c6331c Thread C:\Windows\System32\svchost.exe [660:4512] 000007fef8df44e0 Thread C:\Windows\System32\svchost.exe [660:4844] 000007fef22f3efc Thread C:\Windows\System32\svchost.exe [660:4920] 000007fef2338a4c Thread C:\Windows\System32\svchost.exe [660:4476] 000007fef92688f8 Thread C:\Windows\system32\svchost.exe [1308:1340] 000007fef9b2341c Thread C:\Windows\system32\svchost.exe [1308:1348] 000007fef9b23a2c Thread C:\Windows\system32\svchost.exe [1308:1352] 000007fef9b23768 Thread C:\Windows\system32\svchost.exe [1308:1356] 000007fef9b25c20 Thread C:\Windows\system32\svchost.exe [1308:1796] 000007fef92abd88 Thread C:\Windows\system32\svchost.exe [1308:3212] 000007fef8fb5124 Thread C:\Windows\system32\svchost.exe [1308:8256] 000007fef9b23900 Thread C:\Windows\system32\taskhost.exe [2988:3216] 000007fef65e5170 Thread C:\Windows\system32\Dwm.exe [3068:2408] 000007fef6e1f0d8 Thread C:\Windows\system32\Dwm.exe [3068:2316] 000007fef68babf0 Thread C:\Windows\System32\svchost.exe [3992:5580] 000007fef65e5170 Thread C:\Windows\System32\svchost.exe [3992:12824] 000007fef8fb9874 ---- Processes - GMER 2.1 ---- Library C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2152] (GG drive overlay/GG Network S.A.)(2013-09-24 11:02:38) 000000005c080000 Library C:\Users\Damian\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2152] (GG drive menu/GG Network S.A.)(2 000000005ff80000 ---- EOF - GMER 2.1 ----