So I've plugged in the External HDD, I disabled autorun before I plugged it in although I have this feeling that the rootkit has already latched onto my pc. Here is the GMER log(Scan for External HDD): GMER 2.1.19357 - http://www.gmer.netRootkit scan 2014-10-06 13:45:00Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5 WDC_WD5000AAKX-22ERMA0 rev.17.01H17 465.76GBRunning: 00jz3806.exe; Driver: C:\Users\ANGEL&~1\AppData\Local\Temp\kxldrkob.sys---- System - GMER 2.1 ----SSDT 91A539AE ZwCreateSectionSSDT 91A539B8 ZwRequestWaitReplyPortSSDT 91A539B3 ZwSetContextThreadSSDT 91A539BD ZwSetSecurityObjectSSDT 91A539C2 ZwSystemDebugControlSSDT 91A5394F ZwTerminateProcess---- Kernel code sections - GMER 2.1 ----.text ntkrnlpa.exe!ZwSaveKey + 13C1 82A45339 1 Byte [06].text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A7ED52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82A85EEC 4 Bytes [AE, 39, A5, 91].text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82A86248 4 Bytes [B8, 39, A5, 91].text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82A8628C 4 Bytes [B3, 39, A5, 91] {MOV BL, 0x39; MOVSD ; XCHG ECX, EAX}.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82A86308 4 Bytes [BD, 39, A5, 91].text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82A8635C 4 Bytes [C2, 39, A5, 91] {RET 0xa539; XCHG ECX, EAX}.text ... ---- User code sections - GMER 2.1 ----.text C:\Program Files\Garena Plus\ggdllhost.exe[2740] ntdll.dll!DbgUserBreakPoint 76EC40EC 1 Byte [C3].text C:\Program Files\Garena Plus\ggdllhost.exe[2740] ntdll.dll!DbgBreakPoint 76EC40F0 1 Byte [C3]---- EOF - GMER 2.1 ----Avira Anti-Rootkit Log(Scan for PC): aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST SoftwareRun date: 2014-10-05 07:50:21-----------------------------07:50:21.370 OS Version: Windows 6.1.7601 Service Pack 107:50:21.370 Number of processors: 2 586 0x6B0207:50:21.373 ComputerName: FAMILYCOMPUTER UserName: PC07:50:23.084 Initialize success07:50:23.154 VM: initialized successfully07:50:23.176 VM: Amd CPU virtualization not supported 07:52:03.244 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-507:52:03.247 Disk 0 Vendor: WDC_WD5000AAKX-22ERMA0 17.01H17 Size: 476940MB BusType: 1107:52:03.463 Disk 0 MBR read successfully07:52:03.466 Disk 0 MBR scan07:52:03.469 Disk 0 Windows 7 default MBR code07:52:03.474 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476938 MB offset 204807:52:03.479 Disk 0 Boot: NTFS code=107:52:03.485 Disk 0 scanning sectors +97677107207:52:03.552 Disk 0 scanning C:\Windows\system32\drivers07:52:13.509 Service scanning07:52:27.898 Service MEMSWEEP2 C:\Windows\system32\534D.tmp **HIDDEN**07:52:52.045 Modules scanning07:53:28.176 Disk 0 trace - called modules:07:53:28.210 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys 07:53:28.223 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x854ff798]07:53:28.231 3 CLASSPNP.SYS[8839f59e] -> nt!IofCallDriver -> [0x85012c10]07:53:28.248 5 ACPI.sys[87dae3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-5[0x8507c908]07:53:28.255 Scan finished successfully07:57:38.137 Disk 0 MBR has been saved successfully to "C:\Users\PC\Documents\MBR.dat"07:57:38.148 The log file has been saved successfully to "C:\Users\PC\Documents\aswMBR.txt"