GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-03-05 16:50:54 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002e ST500LM012_HN-M500MBB rev.2AR10002 465,76GB Running: nh1gyuqn.exe; Driver: C:\Users\me\AppData\Local\Temp\pxlorpow.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\atiesrxx.exe[904] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f90210177a 4 bytes [10, 02, F9, 07] .text C:\Windows\system32\atiesrxx.exe[904] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f902101782 4 bytes [10, 02, F9, 07] .text C:\Windows\system32\atieclxx.exe[1236] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f90210177a 4 bytes [10, 02, F9, 07] .text C:\Windows\system32\atieclxx.exe[1236] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f902101782 4 bytes [10, 02, F9, 07] .text C:\Windows\system32\atieclxx.exe[1236] C:\Windows\system32\WSOCK32.dll!recvfrom + 742 000007f8fcdc1b32 4 bytes [DC, FC, F8, 07] .text C:\Windows\system32\atieclxx.exe[1236] C:\Windows\system32\WSOCK32.dll!recvfrom + 750 000007f8fcdc1b3a 4 bytes [DC, FC, F8, 07] .text C:\Windows\System32\spoolsv.exe[1536] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f90210177a 4 bytes [10, 02, F9, 07] .text C:\Windows\System32\spoolsv.exe[1536] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f902101782 4 bytes [10, 02, F9, 07] .text C:\Windows\system32\svchost.exe[2072] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f90210177a 4 bytes [10, 02, F9, 07] .text C:\Windows\system32\svchost.exe[2072] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f902101782 4 bytes [10, 02, F9, 07] .text C:\Windows\System32\igfxpers.exe[3740] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f90210177a 4 bytes [10, 02, F9, 07] .text C:\Windows\System32\igfxpers.exe[3740] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f902101782 4 bytes [10, 02, F9, 07] .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3792] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f90210177a 4 bytes [10, 02, F9, 07] .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3792] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f902101782 4 bytes [10, 02, F9, 07] .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3792] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f8fc421532 4 bytes [42, FC, F8, 07] .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3792] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f8fc42153a 4 bytes [42, FC, F8, 07] .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3792] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f8fc42165a 4 bytes [42, FC, F8, 07] ? C:\Windows\SYSTEM32\BsHelpCSps.dll [4072] entry point in ".data" section 0000000003ed5055 ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [600:624] fffff960009235e8 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----