GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-01-12 23:39:22 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\00000061 KINGSTON rev.506A 111,79GB Running: v4iohus7.exe; Driver: C:\Users\SOK~1\AppData\Local\Temp\uwldypow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Origin\Origin.exe[2896] C:\Windows\syswow64\kernel32.dll!CreateFileW 0000000076e73f5c 13 bytes JMP 000000016aee53a0 .text C:\Program Files (x86)\Origin\Origin.exe[2896] C:\Windows\syswow64\USER32.dll!SetWindowPos 0000000075878e4e 5 bytes JMP 000000016aee5210 .text C:\Program Files (x86)\Origin\Origin.exe[2896] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000075880dfb 5 bytes JMP 000000016aee5070 .text C:\Program Files (x86)\Origin\Origin.exe[2896] C:\Windows\syswow64\USER32.dll!SetFocus 0000000075882175 5 bytes JMP 000000016aee5150 .text C:\Program Files (x86)\Origin\Origin.exe[2896] C:\Windows\syswow64\USER32.dll!SetActiveWindow 0000000075883208 5 bytes JMP 000000016aee52e0 .text C:\Program Files (x86)\Origin\Origin.exe[2896] C:\Windows\syswow64\USER32.dll!BringWindowToTop 0000000075887b3b 13 bytes JMP 000000016aee4e00 .text C:\Program Files (x86)\Origin\Origin.exe[2896] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 000000007589f170 13 bytes JMP 000000016aee4d40 .text C:\Program Files (x86)\Origin\Origin.exe[2896] C:\Windows\syswow64\USER32.dll!SwitchToThisWindow 00000000758b90fc 13 bytes JMP 000000016aee4ec0 .text C:\Program Files (x86)\Origin\Origin.exe[2896] C:\Windows\syswow64\USER32.dll!ShowWindowAsync 00000000758d7d97 5 bytes JMP 000000016aee4f90 .text C:\Windows\SysWOW64\msiexec.exe[2956] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000775afc40 5 bytes JMP 000000007ef938b1 .text C:\Windows\SysWOW64\msiexec.exe[2956] C:\Windows\syswow64\ws2_32.dll!GetAddrInfoW 0000000075644889 5 bytes JMP 00000001002e1370 .text C:\Windows\SysWOW64\msiexec.exe[2956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ad1465 2 bytes [AD, 75] .text C:\Windows\SysWOW64\msiexec.exe[2956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ad14bb 2 bytes [AD, 75] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\SysWOW64\msiexec.exe [2956:1468] 000000007ef9392e Thread C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe [3032:4084] 0000000002d93e68 ---- EOF - GMER 2.1 ----