GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-09-24 09:27:36 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000038 WDC_WD5000BPVT-22HXZT3 rev.01.01A01 465,76GB Running: 2vwztmuy.exe; Driver: C:\Users\Acer\AppData\Local\Temp\ugliipog.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[2844] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ff89b5177a 4 bytes [B5, 89, FF, 07] .text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[2844] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ff89b51782 4 bytes [B5, 89, FF, 07] .text C:\Windows\System32\dwm.exe[3740] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff855d1532 4 bytes [5D, 85, FF, 07] .text C:\Windows\System32\dwm.exe[3740] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff855d153a 4 bytes [5D, 85, FF, 07] .text C:\Windows\System32\dwm.exe[3740] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff855d165a 4 bytes [5D, 85, FF, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4628] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff855d1532 4 bytes [5D, 85, FF, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4628] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff855d153a 4 bytes [5D, 85, FF, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4628] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff855d165a 4 bytes [5D, 85, FF, 07] .text C:\Windows\system32\nvvsvc.exe[3080] C:\Windows\system32\MSIMG32.dll!GradientFill + 690 000007ff855d1532 4 bytes [5D, 85, FF, 07] .text C:\Windows\system32\nvvsvc.exe[3080] C:\Windows\system32\MSIMG32.dll!GradientFill + 698 000007ff855d153a 4 bytes [5D, 85, FF, 07] .text C:\Windows\system32\nvvsvc.exe[3080] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246 000007ff855d165a 4 bytes [5D, 85, FF, 07] .text C:\Windows\system32\nvvsvc.exe[3080] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ff89b5177a 4 bytes [B5, 89, FF, 07] .text C:\Windows\system32\nvvsvc.exe[3080] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ff89b51782 4 bytes [B5, 89, FF, 07] .text C:\Windows\system32\taskhostex.exe[4708] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff855d1532 4 bytes [5D, 85, FF, 07] .text C:\Windows\system32\taskhostex.exe[4708] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff855d153a 4 bytes [5D, 85, FF, 07] .text C:\Windows\system32\taskhostex.exe[4708] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff855d165a 4 bytes [5D, 85, FF, 07] .text C:\Windows\Explorer.EXE[3952] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff855d1532 4 bytes [5D, 85, FF, 07] .text C:\Windows\Explorer.EXE[3952] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff855d153a 4 bytes [5D, 85, FF, 07] .text C:\Windows\Explorer.EXE[3952] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff855d165a 4 bytes [5D, 85, FF, 07] .text C:\Program Files\Elantech\ETDCtrl.exe[1080] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff855d1532 4 bytes [5D, 85, FF, 07] .text C:\Program Files\Elantech\ETDCtrl.exe[1080] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff855d153a 4 bytes [5D, 85, FF, 07] .text C:\Program Files\Elantech\ETDCtrl.exe[1080] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff855d165a 4 bytes [5D, 85, FF, 07] .text C:\Windows\system32\wbem\unsecapp.exe[4176] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff855d1532 4 bytes [5D, 85, FF, 07] .text C:\Windows\system32\wbem\unsecapp.exe[4176] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff855d153a 4 bytes [5D, 85, FF, 07] .text C:\Windows\system32\wbem\unsecapp.exe[4176] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff855d165a 4 bytes [5D, 85, FF, 07] .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4032] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff855d1532 4 bytes [5D, 85, FF, 07] .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4032] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff855d153a 4 bytes [5D, 85, FF, 07] .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4032] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff855d165a 4 bytes [5D, 85, FF, 07] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[680] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff855d1532 4 bytes [5D, 85, FF, 07] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[680] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff855d153a 4 bytes [5D, 85, FF, 07] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[680] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff855d165a 4 bytes [5D, 85, FF, 07] .text C:\Windows\system32\igfxext.exe[3692] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff855d1532 4 bytes [5D, 85, FF, 07] .text C:\Windows\system32\igfxext.exe[3692] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff855d153a 4 bytes [5D, 85, FF, 07] .text C:\Windows\system32\igfxext.exe[3692] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff855d165a 4 bytes [5D, 85, FF, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5008] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff855d1532 4 bytes [5D, 85, FF, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5008] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff855d153a 4 bytes [5D, 85, FF, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5008] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff855d165a 4 bytes [5D, 85, FF, 07] .text C:\Windows\System32\igfxtray.exe[2652] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff855d1532 4 bytes [5D, 85, FF, 07] .text C:\Windows\System32\igfxtray.exe[2652] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff855d153a 4 bytes [5D, 85, FF, 07] .text C:\Windows\System32\igfxtray.exe[2652] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff855d165a 4 bytes [5D, 85, FF, 07] .text C:\Windows\System32\hkcmd.exe[2092] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff855d1532 4 bytes [5D, 85, FF, 07] .text C:\Windows\System32\hkcmd.exe[2092] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff855d153a 4 bytes [5D, 85, FF, 07] .text C:\Windows\System32\hkcmd.exe[2092] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff855d165a 4 bytes [5D, 85, FF, 07] .text C:\Windows\System32\igfxpers.exe[2088] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ff89b5177a 4 bytes [B5, 89, FF, 07] .text C:\Windows\System32\igfxpers.exe[2088] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ff89b51782 4 bytes [B5, 89, FF, 07] .text C:\Windows\System32\igfxpers.exe[2088] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff855d1532 4 bytes [5D, 85, FF, 07] .text C:\Windows\System32\igfxpers.exe[2088] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff855d153a 4 bytes [5D, 85, FF, 07] .text C:\Windows\System32\igfxpers.exe[2088] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff855d165a 4 bytes [5D, 85, FF, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2184] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff855d1532 4 bytes [5D, 85, FF, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2184] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff855d153a 4 bytes [5D, 85, FF, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2184] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff855d165a 4 bytes [5D, 85, FF, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[968] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff855d1532 4 bytes [5D, 85, FF, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[968] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff855d153a 4 bytes [5D, 85, FF, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[968] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff855d165a 4 bytes [5D, 85, FF, 07] .text C:\Dolby PCEE4\pcee4.exe[2524] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff855d1532 4 bytes [5D, 85, FF, 07] .text C:\Dolby PCEE4\pcee4.exe[2524] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff855d153a 4 bytes [5D, 85, FF, 07] .text C:\Dolby PCEE4\pcee4.exe[2524] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff855d165a 4 bytes [5D, 85, FF, 07] .text C:\Windows\system32\wbem\unsecapp.exe[1836] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff855d1532 4 bytes [5D, 85, FF, 07] .text C:\Windows\system32\wbem\unsecapp.exe[1836] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff855d153a 4 bytes [5D, 85, FF, 07] .text C:\Windows\system32\wbem\unsecapp.exe[1836] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff855d165a 4 bytes [5D, 85, FF, 07] .text C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe[4340] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff855d1532 4 bytes [5D, 85, FF, 07] .text C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe[4340] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff855d153a 4 bytes [5D, 85, FF, 07] .text C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe[4340] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff855d165a 4 bytes [5D, 85, FF, 07] .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4188] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff855d1532 4 bytes [5D, 85, FF, 07] .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4188] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff855d153a 4 bytes [5D, 85, FF, 07] .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4188] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff855d165a 4 bytes [5D, 85, FF, 07] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4152] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff855d1532 4 bytes [5D, 85, FF, 07] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4152] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff855d153a 4 bytes [5D, 85, FF, 07] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4152] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff855d165a 4 bytes [5D, 85, FF, 07] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4152] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007ff81d01b32 4 bytes [D0, 81, FF, 07] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4152] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007ff81d01b3a 4 bytes [D0, 81, FF, 07] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[2228] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff855d1532 4 bytes [5D, 85, FF, 07] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[2228] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff855d153a 4 bytes [5D, 85, FF, 07] .text C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe[2228] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff855d165a 4 bytes [5D, 85, FF, 07] .text C:\Windows\WinStore\WSHost.exe[2144] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff855d1532 4 bytes [5D, 85, FF, 07] .text C:\Windows\WinStore\WSHost.exe[2144] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff855d153a 4 bytes [5D, 85, FF, 07] .text C:\Windows\WinStore\WSHost.exe[2144] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff855d165a 4 bytes [5D, 85, FF, 07] .text C:\Windows\system32\NOTEPAD.EXE[3184] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff855d1532 4 bytes [5D, 85, FF, 07] .text C:\Windows\system32\NOTEPAD.EXE[3184] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff855d153a 4 bytes [5D, 85, FF, 07] .text C:\Windows\system32\NOTEPAD.EXE[3184] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff855d165a 4 bytes [5D, 85, FF, 07] ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [4244:3764] fffff960009945e8 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----