GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-07-26 11:48:19 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002e TOSHIBA_MQ01ABD100 rev.AX001C 931,51GB Running: 35sw4v10.exe; Driver: C:\Users\Duda\AppData\Local\Temp\pxloapow.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\atieclxx.exe[5540] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ffcec6177a 4 bytes [C6, CE, FF, 07] .text C:\Windows\system32\atieclxx.exe[5540] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ffcec61782 4 bytes [C6, CE, FF, 07] .text C:\Windows\system32\atieclxx.exe[5540] C:\Windows\system32\WSOCK32.dll!recvfrom + 742 000007ffc9851b32 4 bytes [85, C9, FF, 07] .text C:\Windows\system32\atieclxx.exe[5540] C:\Windows\system32\WSOCK32.dll!recvfrom + 750 000007ffc9851b3a 4 bytes [85, C9, FF, 07] .text C:\Windows\Explorer.EXE[3168] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ffcec6177a 4 bytes [C6, CE, FF, 07] .text C:\Windows\Explorer.EXE[3168] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ffcec61782 4 bytes [C6, CE, FF, 07] .text C:\Windows\System32\igfxpers.exe[5004] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ffcec6177a 4 bytes [C6, CE, FF, 07] .text C:\Windows\System32\igfxpers.exe[5004] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ffcec61782 4 bytes [C6, CE, FF, 07] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5016] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ffcec6177a 4 bytes [C6, CE, FF, 07] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5016] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ffcec61782 4 bytes [C6, CE, FF, 07] .text C:\Windows\WindowsMobile\wmdc.exe[8144] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ffcec6177a 4 bytes [C6, CE, FF, 07] .text C:\Windows\WindowsMobile\wmdc.exe[8144] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ffcec61782 4 bytes [C6, CE, FF, 07] .text C:\Windows\WindowsMobile\wmdc.exe[8144] C:\Windows\system32\WSOCK32.dll!recvfrom + 742 000007ffc9851b32 4 bytes [85, C9, FF, 07] .text C:\Windows\WindowsMobile\wmdc.exe[8144] C:\Windows\system32\WSOCK32.dll!recvfrom + 750 000007ffc9851b3a 4 bytes [85, C9, FF, 07] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2352] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ffcec6177a 4 bytes [C6, CE, FF, 07] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2352] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ffcec61782 4 bytes [C6, CE, FF, 07] ---- Threads - GMER 2.1 ---- Thread C:\Windows\SYSTEM32\ntdll.dll [3352:1916] 0000000000d71c24 Thread C:\Windows\SYSTEM32\ntdll.dll [3352:3076] 0000000058a1e54e Thread C:\Windows\SYSTEM32\ntdll.dll [3352:4832] 00000000573b0eb8 Thread C:\Windows\SYSTEM32\ntdll.dll [3352:5232] 00000000573b0eb8 Thread C:\Windows\SYSTEM32\ntdll.dll [3352:5092] 00000000573b0eb8 Thread C:\Windows\SYSTEM32\ntdll.dll [3352:5468] 000000005765319b Thread C:\Windows\SYSTEM32\ntdll.dll [3352:2080] 00000000568b4b0d Thread C:\Windows\SYSTEM32\ntdll.dll [3352:2788] 0000000056938d99 Thread C:\Windows\SYSTEM32\ntdll.dll [3352:3340] 00000000555016dc Thread C:\Windows\system32\csrss.exe [2424:7380] fffff960009a35e8 ---- Processes - GMER 2.1 ---- Library C:\Users\Duda\Downloads\OTL.exe (*** suspicious ***) @ C:\Users\Duda\Downloads\OTL.exe [2268] 0000000000400000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----