GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-25 11:42:37 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST1000DM003-9YN162 rev.CC4C 931,51GB Running: msz4hd38.exe; Driver: C:\Users\KUZNIC~1\AppData\Local\Temp\pwlyqpog.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\Explorer.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!atan 0000000077519604 39 bytes [40, 53, 48, 83, EC, 30, 80, ...] .text C:\Windows\Explorer.EXE[352] C:\Windows\SYSTEM32\ntdll.dll!atan + 40 000000007751962c 1 byte [F8] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77] .text ... * 2 .text F:\OTL.exe[1888] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69 00000000770d1465 2 bytes [0D, 77] .text F:\OTL.exe[1888] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155 00000000770d14bb 2 bytes [0D, 77] .text ... * 2 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[352] @ C:\Windows\system32\kernel32.dll[ntdll.dll!NtResumeThread] [3e33ee0] IAT C:\Windows\Explorer.EXE[352] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtResumeThread] [3e33ee0] ---- Threads - GMER 2.1 ---- Thread C:\Windows\Explorer.EXE [352:1264] 0000000003e348b0 Thread C:\Windows\Explorer.EXE [352:1268] 0000000003e357a0 Thread C:\Windows\System32\svchost.exe [1304:1228] 000007feee459688 ---- EOF - GMER 2.1 ----