GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-04-20 10:36:51 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000037 WDC_WD5000LPVT-08G33T1 rev.02.01A02 465,76GB Running: nh9kc8xv.exe; Driver: C:\Users\AGU~1\AppData\Local\Temp\pxlorpow.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\PersonalizeEnabler.exe[524] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fecbaa177a 4 bytes [AA, CB, FE, 07] .text C:\Windows\PersonalizeEnabler.exe[524] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fecbaa1782 4 bytes [AA, CB, FE, 07] .text C:\Program Files\Windows Defender\MsMpEng.exe[944] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 306 000007fecbaa177a 4 bytes [AA, CB, FE, 07] .text C:\Program Files\Windows Defender\MsMpEng.exe[944] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 314 000007fecbaa1782 4 bytes [AA, CB, FE, 07] .text C:\Windows\System32\igfxpers.exe[3544] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fecbaa177a 4 bytes [AA, CB, FE, 07] .text C:\Windows\System32\igfxpers.exe[3544] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fecbaa1782 4 bytes [AA, CB, FE, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3572] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fec7df1532 4 bytes [DF, C7, FE, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3572] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fec7df153a 4 bytes [DF, C7, FE, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3572] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fec7df165a 4 bytes [DF, C7, FE, 07] ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [580:604] fffff960008365e8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -1402682489 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\6036dd7edb22 ---- Files - GMER 2.1 ---- File C:\Users\Aguœ\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\703C.tmp 0 bytes File C:\Users\Aguœ\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\703D.tmp 0 bytes File C:\Windows\SoftwareDistribution\Download\Install 0 bytes File C:\Windows\WinSxS\amd64_microsoft-windows-msmpeg2vdec_31bf3856ad364e35_6.2.9200.16430_none_e9f2fc8441a149d2 0 bytes File C:\Windows\WinSxS\amd64_microsoft-windows-msmpeg2vdec_31bf3856ad364e35_6.2.9200.16430_none_e9f2fc8441a149d2\msmpeg2vdec-ppdlic.xrm-ms 3283 bytes File C:\Windows\WinSxS\amd64_microsoft-windows-msmpeg2vdec_31bf3856ad364e35_6.2.9200.16430_none_e9f2fc8441a149d2\msmpeg2vdec.dll 2893824 bytes executable File C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.2.9200.16551_none_c5177bb73dd1a2d5 0 bytes File C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.2.9200.16551_none_c5177bb73dd1a2d5\ntoskrnl.exe 6991592 bytes executable File C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.2.9200.20655_none_c5a519aa56eba7fb 0 bytes File C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.2.9200.20655_none_c5a519aa56eba7fb\ntoskrnl.exe 6962408 bytes executable ---- EOF - GMER 2.1 ----