GMER 2.0.18454 - http://www.gmer.net Rootkit scan 2013-04-08 18:48:49 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-4 WDC_WD400BB-32AUA1 rev.18.20D18 37,27GB Running: 7ohtgt8p.exe; Driver: C:\Users\Stecmen\AppData\Local\Temp\pxldqpow.sys ---- User code sections - GMER 2.0 ---- .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1412] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753f1401 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1412] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753f1419 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753f1431 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753f144a 2 bytes [3F, 75] .text ... * 9 .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1412] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753f14dd 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1412] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753f14f5 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1412] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753f150d 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1412] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753f1525 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1412] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753f153d 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1412] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753f1555 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1412] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753f156d 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1412] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753f1585 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1412] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753f159d 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1412] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753f15b5 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1412] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753f15cd 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1412] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753f16b2 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1412] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753f16bd 2 bytes [3F, 75] .text C:\Program Files (x86)\uTorrent\uTorrent.exe[2400] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753f1401 2 bytes [3F, 75] .text C:\Program Files (x86)\uTorrent\uTorrent.exe[2400] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753f1419 2 bytes [3F, 75] .text C:\Program Files (x86)\uTorrent\uTorrent.exe[2400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753f1431 2 bytes [3F, 75] .text C:\Program Files (x86)\uTorrent\uTorrent.exe[2400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753f144a 2 bytes [3F, 75] .text ... * 9 .text C:\Program Files (x86)\uTorrent\uTorrent.exe[2400] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753f14dd 2 bytes [3F, 75] .text C:\Program Files (x86)\uTorrent\uTorrent.exe[2400] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753f14f5 2 bytes [3F, 75] .text C:\Program Files (x86)\uTorrent\uTorrent.exe[2400] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753f150d 2 bytes [3F, 75] .text C:\Program Files (x86)\uTorrent\uTorrent.exe[2400] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753f1525 2 bytes [3F, 75] .text C:\Program Files (x86)\uTorrent\uTorrent.exe[2400] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753f153d 2 bytes [3F, 75] .text C:\Program Files (x86)\uTorrent\uTorrent.exe[2400] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753f1555 2 bytes [3F, 75] .text C:\Program Files (x86)\uTorrent\uTorrent.exe[2400] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753f156d 2 bytes [3F, 75] .text C:\Program Files (x86)\uTorrent\uTorrent.exe[2400] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753f1585 2 bytes [3F, 75] .text C:\Program Files (x86)\uTorrent\uTorrent.exe[2400] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753f159d 2 bytes [3F, 75] .text C:\Program Files (x86)\uTorrent\uTorrent.exe[2400] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753f15b5 2 bytes [3F, 75] .text C:\Program Files (x86)\uTorrent\uTorrent.exe[2400] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753f15cd 2 bytes [3F, 75] .text C:\Program Files (x86)\uTorrent\uTorrent.exe[2400] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753f16b2 2 bytes [3F, 75] .text C:\Program Files (x86)\uTorrent\uTorrent.exe[2400] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753f16bd 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753f1401 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2908] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753f1419 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753f1431 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753f144a 2 bytes [3F, 75] .text ... * 9 .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2908] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753f14dd 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753f14f5 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2908] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753f150d 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753f1525 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753f153d 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2908] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753f1555 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753f156d 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753f1585 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2908] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753f159d 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753f15b5 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753f15cd 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753f16b2 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753f16bd 2 bytes [3F, 75] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2924] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 00000000753f1401 2 bytes [3F, 75] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2924] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 00000000753f1419 2 bytes [3F, 75] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2924] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 00000000753f1431 2 bytes [3F, 75] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2924] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 00000000753f144a 2 bytes [3F, 75] .text ... * 9 .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2924] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 00000000753f14dd 2 bytes [3F, 75] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2924] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 00000000753f14f5 2 bytes [3F, 75] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2924] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 00000000753f150d 2 bytes [3F, 75] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2924] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 00000000753f1525 2 bytes [3F, 75] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2924] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 00000000753f153d 2 bytes [3F, 75] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2924] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 00000000753f1555 2 bytes [3F, 75] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2924] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 00000000753f156d 2 bytes [3F, 75] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2924] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 00000000753f1585 2 bytes [3F, 75] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2924] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 00000000753f159d 2 bytes [3F, 75] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2924] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 00000000753f15b5 2 bytes [3F, 75] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2924] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 00000000753f15cd 2 bytes [3F, 75] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2924] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 00000000753f16b2 2 bytes [3F, 75] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2924] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 00000000753f16bd 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2956] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753f1401 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2956] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753f1419 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753f1431 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753f144a 2 bytes [3F, 75] .text ... * 9 .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2956] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753f14dd 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2956] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753f14f5 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2956] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753f150d 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2956] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753f1525 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2956] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753f153d 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2956] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753f1555 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2956] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753f156d 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2956] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753f1585 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2956] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753f159d 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2956] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753f15b5 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2956] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753f15cd 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2956] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753f16b2 2 bytes [3F, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2956] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753f16bd 2 bytes [3F, 75] ---- Threads - GMER 2.0 ---- Thread C:\Windows\System32\svchost.exe [4044:4528] 000007fef0a1239c Thread C:\Windows\System32\svchost.exe [4044:4548] 000007fef13e9688 ---- EOF - GMER 2.0 ----