GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-01-15 16:20:03 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006b HGST rev.GG2O 465,76GB Running: tsvyeftu.exe; Driver: C:\Users\PAWE~1\AppData\Local\Temp\kwddrkog.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002fa2000 63 bytes [00, 00, 15, 02, 46, 69, 6C, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 592 fffff80002fa2040 1 byte [01] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1300] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000757d1465 2 bytes [7D, 75] .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1300] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000757d14bb 2 bytes [7D, 75] .text ... * 2 ? C:\Windows\system32\mssprxy.dll [1796] entry point in ".rdata" section 00000000751b71e6 .text C:\Program Files (x86)\EagleGet\EGMonitor.exe[3360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000757d1465 2 bytes [7D, 75] .text C:\Program Files (x86)\EagleGet\EGMonitor.exe[3360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757d14bb 2 bytes [7D, 75] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Program Files (x86)\EagleGet\EGMonitor.exe [3360:3444] 0000000000290000 Thread C:\Program Files (x86)\EagleGet\EGMonitor.exe [3360:4868] 00000000002a0000 Thread C:\Program Files (x86)\EagleGet\EGMonitor.exe [3360:3640] 00000000002906d2 ---- Processes - GMER 2.1 ---- Library c:\users\pawe~1\appdata\local\temp\7zs0e1f\hpslpsvc64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [2112] (HP Network Devices Support/Hewlett-Packard Co.)(2014-10-14 15:31:12) 0000000180000000 ---- Files - GMER 2.1 ---- File C:\Windows\temp\TMP0000002FD8FF5D528F02C6CF 0 bytes ---- EOF - GMER 2.1 ----