GMER 2.0.18454 - http://www.gmer.net Rootkit scan 2013-01-30 00:55:00 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003e SanDisk_SSD_U100_SMG2 rev.10.56.04 117,38GB Running: gmer.exe; Driver: C:\Users\Victor\AppData\Local\Temp\ufdyypow.sys ---- User code sections - GMER 2.0 ---- .text C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[124] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fe3307177a 4 bytes [07, 33, FE, 07] .text C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[124] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fe33071782 4 bytes [07, 33, FE, 07] .text C:\Program Files\Elantech\ETDCtrl.exe[2900] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fe2a6f1532 4 bytes [6F, 2A, FE, 07] .text C:\Program Files\Elantech\ETDCtrl.exe[2900] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fe2a6f153a 4 bytes [6F, 2A, FE, 07] .text C:\Program Files\Elantech\ETDCtrl.exe[2900] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fe2a6f165a 4 bytes [6F, 2A, FE, 07] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2748] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fe2a6f1532 4 bytes [6F, 2A, FE, 07] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2748] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fe2a6f153a 4 bytes [6F, 2A, FE, 07] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2748] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fe2a6f165a 4 bytes [6F, 2A, FE, 07] .text C:\Windows\System32\igfxpers.exe[3552] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fe3307177a 4 bytes [07, 33, FE, 07] .text C:\Windows\System32\igfxpers.exe[3552] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fe33071782 4 bytes [07, 33, FE, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3124] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fe2a6f1532 4 bytes [6F, 2A, FE, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3124] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fe2a6f153a 4 bytes [6F, 2A, FE, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3124] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fe2a6f165a 4 bytes [6F, 2A, FE, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fe2a6f1532 4 bytes [6F, 2A, FE, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fe2a6f153a 4 bytes [6F, 2A, FE, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fe2a6f165a 4 bytes [6F, 2A, FE, 07] .text C:\Windows\System32\rundll32.exe[4040] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fe2a6f1532 4 bytes [6F, 2A, FE, 07] .text C:\Windows\System32\rundll32.exe[4040] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fe2a6f153a 4 bytes [6F, 2A, FE, 07] .text C:\Windows\System32\rundll32.exe[4040] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fe2a6f165a 4 bytes [6F, 2A, FE, 07] .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[3664] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fe3307177a 4 bytes [07, 33, FE, 07] .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[3664] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fe33071782 4 bytes [07, 33, FE, 07] ---- Threads - GMER 2.0 ---- Thread C:\windows\system32\csrss.exe [772:780] fffff960008845e8 ---- Disk sectors - GMER 2.0 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.0 ----