GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2014-12-10 22:51:40 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.D004 465,76GB Running: m57g1hli.exe; Driver: C:\Users\Iwonka\AppData\Local\Temp\awrdypow.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[544] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743f1fd 1 byte [62] .text C:\Windows\system32\services.exe[612] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743f1fd 1 byte [62] .text C:\Windows\system32\lsass.exe[632] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743f1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[740] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743f1fd 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[816] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743f1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[860] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743f1fd 1 byte [62] .text C:\Windows\System32\svchost.exe[928] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743f1fd 1 byte [62] .text C:\Windows\System32\svchost.exe[960] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743f1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[988] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743f1fd 1 byte [62] .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\STacSV64.exe[300] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743f1fd 1 byte [62] .text C:\Windows\system32\winlogon.exe[312] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743f1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[1128] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743f1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743f1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743f1fd 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[1356] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743f1fd 1 byte [62] .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743f1fd 1 byte [62] .text C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE[1492] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743f1fd 1 byte [62] .text C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe[1516] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007743f1fd 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1768] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743f1fd 1 byte [62] .text C:\Windows\Explorer.EXE[1872] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743f1fd 1 byte [62] .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe[1924] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743f1fd 1 byte [62] .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2068] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007534b0c5 1 byte [62] .text C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE[2664] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007743f1fd 1 byte [62] .text C:\Windows\System32\rundll32.exe[2680] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743f1fd 1 byte [62] .text C:\Windows\system32\svchost.exe[2692] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743f1fd 1 byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2780] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743f1fd 1 byte [62] .text C:\Program Files\IDT\WDM\sttray64.exe[2804] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743f1fd 1 byte [62] .text C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe[2840] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007534b0c5 1 byte [62] .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[2848] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007534b0c5 1 byte [62] .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3068] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007534b0c5 1 byte [62] .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2064] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007534b0c5 1 byte [62] .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a61465 2 bytes [A6, 76] .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a614bb 2 bytes [A6, 76] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2060] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007534b0c5 1 byte [62] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[3212] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007534b0c5 1 byte [62] .text C:\Users\Iwonka\AppData\Roaming\blueconnect\ouc.exe[3228] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007534b0c5 1 byte [62] .text C:\Windows\system32\svchost.exe[3868] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743f1fd 1 byte [62] .text C:\Windows\System32\svchost.exe[3140] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743f1fd 1 byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[828] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743f1fd 1 byte [62] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[4264] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007534b0c5 1 byte [62] .text C:\Program Files (x86)\blueconnect\DataCardMonitor.exe[4604] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007534b0c5 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5036] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 000000007532d03c 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5036] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007534b0c5 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a61465 2 bytes [A6, 76] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a614bb 2 bytes [A6, 76] .text ... * 2 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5044] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007534b0c5 1 byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[604] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743f1fd 1 byte [62] .text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[1144] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007534b0c5 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[3996] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007534b0c5 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[2292] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743f1fd 1 byte [62] .text C:\Users\Iwonka\AppData\Local\Temp\Temp1_gm.zip\m57g1hli.exe[5828] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007534b0c5 1 byte [62] ---- EOF - GMER 2.1 ----