GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-05-16 21:03:00 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EADS-00M2B0 rev.01.00A01 931,51GB Running: cevwn45v.exe; Driver: C:\Users\Ann\AppData\Local\Temp\pwldrpow.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[664] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007702ef8d 1 byte [62] .text C:\Windows\system32\services.exe[724] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007702ef8d 1 byte [62] .text C:\Windows\system32\winlogon.exe[812] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007702ef8d 1 byte [62] .text C:\Windows\system32\atiesrxx.exe[432] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007702ef8d 1 byte [62] .text C:\Windows\System32\svchost.exe[692] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007702ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[496] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007702ef8d 1 byte [62] .text C:\Windows\Explorer.EXE[1652] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007702ef8d 1 byte [62] .text C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe[2032] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000756da2fd 1 byte [62] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1728] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007702ef8d 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2196] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007702ef8d 1 byte [62] .text C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe[2512] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000756da2fd 1 byte [62] .text C:\Program Files (x86)\webget\updatewebget.exe[2680] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000756da2fd 1 byte [62] .text C:\Program Files (x86)\webget\bin\utilwebget.exe[2808] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000756da2fd 1 byte [62] .text C:\Program Files (x86)\webget\bin\utilwebget.exe[2808] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075691465 2 bytes [69, 75] .text C:\Program Files (x86)\webget\bin\utilwebget.exe[2808] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000756914bb 2 bytes [69, 75] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3704] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000756da2fd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3712] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000756b8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3712] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000756da2fd 1 byte [62] .text C:\Program Files (x86)\webget\bin\webget.BrowserAdapter.exe[2728] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000756da2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3140] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000756da2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1236] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000756da2fd 1 byte [62] .text C:\Users\Ann\Desktop\OTL.exe[5068] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000756da2fd 1 byte [62] .text C:\Users\Ann\Desktop\OTL.exe[5068] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69 0000000075691465 2 bytes [69, 75] .text C:\Users\Ann\Desktop\OTL.exe[5068] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155 00000000756914bb 2 bytes [69, 75] .text ... * 2 .text C:\Windows\system32\NOTEPAD.EXE[4148] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007702ef8d 1 byte [62] .text C:\Users\Ann\Desktop\cevwn45v.exe[4184] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000756da2fd 1 byte [62] ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\svchost.exe [920:1276] 000007fef5620ea8 Thread C:\Windows\system32\svchost.exe [920:1448] 000007fef5619db0 Thread C:\Windows\system32\svchost.exe [920:2496] 000007fef561aa10 Thread C:\Windows\system32\svchost.exe [920:1600] 000007fef5621c94 Thread C:\Windows\system32\svchost.exe [920:3808] 000007fef70dd3c8 Thread C:\Windows\system32\svchost.exe [920:3812] 000007fef70dd3c8 Thread C:\Windows\system32\svchost.exe [920:3816] 000007fef70dd3c8 Thread C:\Windows\system32\svchost.exe [920:3820] 000007fef70dd3c8 Thread C:\Windows\System32\svchost.exe [4880:224] 000007fef0549688 ---- EOF - GMER 2.1 ----