GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-10-14 11:02:11 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000041 ST1000LM024_HN-M101MBB rev.2AR10002 931,51GB Running: vf7yrrq3.exe; Driver: C:\Users\arekw77\AppData\Local\Temp\pxlorpoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ff6e8f177a 4 bytes [8F, 6E, FF, 07] .text C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ff6e8f1782 4 bytes [8F, 6E, FF, 07] .text C:\windows\system32\dwm.exe[952] C:\windows\system32\KERNEL32.DLL!RegSetValueExW 000007ff6d4e257c 8 bytes JMP 000008006ba603b0 .text C:\windows\system32\dwm.exe[952] C:\windows\system32\KERNEL32.DLL!RegQueryValueExW 000007ff6d4e6b10 9 bytes JMP 000008006ba60308 .text C:\windows\system32\dwm.exe[952] C:\windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 000007ff6d565658 7 bytes JMP 000008006ba60260 .text C:\windows\system32\dwm.exe[952] C:\windows\system32\KERNEL32.DLL!K32GetModuleInformation 000007ff6d565778 7 bytes JMP 000008006ba602d0 .text C:\windows\system32\dwm.exe[952] C:\windows\system32\KERNEL32.DLL!RegDeleteValueW 000007ff6d581564 3 bytes JMP 000008006ba60340 .text C:\windows\system32\dwm.exe[952] C:\windows\system32\KERNEL32.DLL!RegDeleteValueW + 4 000007ff6d581568 3 bytes [FE, CC, CC] .text C:\windows\system32\dwm.exe[952] C:\windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 000007ff6d5940e4 7 bytes JMP 000008006ba60298 .text C:\windows\system32\dwm.exe[952] C:\windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 000007ff6d594178 8 bytes JMP 000008006ba60228 .text C:\windows\system32\dwm.exe[952] C:\windows\system32\KERNEL32.DLL!RegSetValueExA 000007ff6d59479c 8 bytes JMP 000008006ba60378 .text C:\windows\system32\dwm.exe[952] C:\windows\system32\USER32.dll!CreateWindowExW 000007ff6cc4c5b0 7 bytes JMP 000008006ba60490 .text C:\windows\system32\dwm.exe[952] C:\windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 000007ff6cc531f0 9 bytes JMP 000008006ba603e8 .text C:\windows\system32\dwm.exe[952] C:\windows\system32\USER32.dll!EnumDisplayDevicesW 000007ff6cc533e0 5 bytes JMP 000008006ba60458 .text C:\windows\system32\dwm.exe[952] C:\windows\system32\USER32.dll!EnumDisplayDevicesA 000007ff6cc57160 5 bytes JMP 000008006ba60420 .text C:\windows\system32\dwm.exe[952] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007ff6ca31070 8 bytes JMP 000008006ba601f0 .text C:\windows\system32\dwm.exe[952] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007ff6ca50bc0 8 bytes JMP 000008006ba601b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff67f71532 4 bytes [F7, 67, FF, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff67f7153a 4 bytes [F7, 67, FF, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff67f7165a 4 bytes [F7, 67, FF, 07] .text C:\windows\system32\nvvsvc.exe[1336] C:\windows\system32\MSIMG32.dll!GradientFill + 690 000007ff67f71532 4 bytes [F7, 67, FF, 07] .text C:\windows\system32\nvvsvc.exe[1336] C:\windows\system32\MSIMG32.dll!GradientFill + 698 000007ff67f7153a 4 bytes [F7, 67, FF, 07] .text C:\windows\system32\nvvsvc.exe[1336] C:\windows\system32\MSIMG32.dll!TransparentBlt + 246 000007ff67f7165a 4 bytes [F7, 67, FF, 07] .text C:\windows\system32\nvvsvc.exe[1336] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ff6e8f177a 4 bytes [8F, 6E, FF, 07] .text C:\windows\system32\nvvsvc.exe[1336] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ff6e8f1782 4 bytes [8F, 6E, FF, 07] .text C:\windows\system32\WLANExt.exe[1512] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ff6e8f177a 4 bytes [8F, 6E, FF, 07] .text C:\windows\system32\WLANExt.exe[1512] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ff6e8f1782 4 bytes [8F, 6E, FF, 07] .text C:\windows\system32\WLANExt.exe[1512] C:\windows\system32\MSIMG32.dll!GradientFill + 690 000007ff67f71532 4 bytes [F7, 67, FF, 07] .text C:\windows\system32\WLANExt.exe[1512] C:\windows\system32\MSIMG32.dll!GradientFill + 698 000007ff67f7153a 4 bytes [F7, 67, FF, 07] .text C:\windows\system32\WLANExt.exe[1512] C:\windows\system32\MSIMG32.dll!TransparentBlt + 246 000007ff67f7165a 4 bytes [F7, 67, FF, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1464] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff67f71532 4 bytes [F7, 67, FF, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1464] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff67f7153a 4 bytes [F7, 67, FF, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1464] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff67f7165a 4 bytes [F7, 67, FF, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1464] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ff6e8f177a 4 bytes [8F, 6E, FF, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1464] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ff6e8f1782 4 bytes [8F, 6E, FF, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1464] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007ff62c91b32 4 bytes [C9, 62, FF, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1464] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007ff62c91b3a 4 bytes [C9, 62, FF, 07] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2572] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ff6e8f177a 4 bytes [8F, 6E, FF, 07] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2572] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ff6e8f1782 4 bytes [8F, 6E, FF, 07] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2572] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff67f71532 4 bytes [F7, 67, FF, 07] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2572] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff67f7153a 4 bytes [F7, 67, FF, 07] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2572] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff67f7165a 4 bytes [F7, 67, FF, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3340] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff67f71532 4 bytes [F7, 67, FF, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3340] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff67f7153a 4 bytes [F7, 67, FF, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3340] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff67f7165a 4 bytes [F7, 67, FF, 07] .text C:\windows\system32\wbem\wmiprvse.exe[868] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ff6e8f177a 4 bytes [8F, 6E, FF, 07] .text C:\windows\system32\wbem\wmiprvse.exe[868] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ff6e8f1782 4 bytes [8F, 6E, FF, 07] .text C:\windows\system32\wbem\wmiprvse.exe[868] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff67f71532 4 bytes [F7, 67, FF, 07] .text C:\windows\system32\wbem\wmiprvse.exe[868] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff67f7153a 4 bytes [F7, 67, FF, 07] .text C:\windows\system32\wbem\wmiprvse.exe[868] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff67f7165a 4 bytes [F7, 67, FF, 07] .text C:\Windows\System32\igfxpers.exe[4308] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ff6e8f177a 4 bytes [8F, 6E, FF, 07] .text C:\Windows\System32\igfxpers.exe[4308] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ff6e8f1782 4 bytes [8F, 6E, FF, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4460] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff67f71532 4 bytes [F7, 67, FF, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4460] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff67f7153a 4 bytes [F7, 67, FF, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4460] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff67f7165a 4 bytes [F7, 67, FF, 07] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[msvcrt.dll!memmove] [4c004c0044002e] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[msvcrt.dll!_initterm] [6f007200500001] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[msvcrt.dll!malloc] [74006300750064] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[msvcrt.dll!free] [65006d0061004e] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[msvcrt.dll!_amsg_exit] [69004d00000000] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[msvcrt.dll!_XcptFilter] [73006f00720063] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[msvcrt.dll!wcsncmp] [ae00740066006f] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[msvcrt.dll!memcpy] [6e006900570020] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[msvcrt.dll!memset] [730077006f0064] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[ntdll.dll!RtlVirtualUnwind] [74006100720065] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[ntdll.dll!RtlLookupFunctionEntry] [200067006e0069] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[ntdll.dll!RtlCaptureContext] [74007300790053] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[ntdll.dll!RtlQueryHeapInformation] [6d0065] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[ntdll.dll!RtlInt64ToUnicodeString] [500001000f0042] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[ntdll.dll!NtQueryObject] [750064006f0072] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[ntdll.dll!NtOpenDirectoryObject] [65005600740063] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[ntdll.dll!NtQueryDirectoryObject] [6f006900730072] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[ntdll.dll!NtOpenJobObject] [2e00360000006e] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[ntdll.dll!NtOpenProcess] [320039002e0032] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[ntdll.dll!RtlCopyUnicodeString] [31002e00300030] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[ntdll.dll!NtQueryVirtualMemory] [30003200340036] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[ntdll.dll!NtReadVirtualMemory] [4400000000] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[ntdll.dll!NtQueryInformationProcess] [72006100560001] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[ntdll.dll!NtQueryValueKey] [65006c00690046] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[ntdll.dll!RtlNtStatusToDosError] [6f0066006e0049] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[ntdll.dll!RtlAppendUnicodeToString] [4002400000000] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[ntdll.dll!RtlInitUnicodeString] [61007200540000] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[ntdll.dll!NtQuerySystemInformation] [61006c0073006e] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[ntdll.dll!NtOpenKey] [6e006f00690074] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[ntdll.dll!NtGetContextThread] [4b0040900000000] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[ntdll.dll!NtClose] [2404d495243] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[ntdll.dll!NtOpenThread] [100010003] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[ntdll.dll!RtlIntegerToUnicodeString] [457f8abb7f9d83de] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!GetLastError] [44002e004b0053] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!HeapFree] [4c004c] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!OpenProcess] [4c0001002e0080] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!GetSystemTimeAsFileTime] [6c006100670065] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!HeapDestroy] [790070006f0043] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!HeapCreate] [68006700690072] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!lstrlenW] [2000a900000074] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!SetLastError] [7200630069004d] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!DisableThreadLibraryCalls] [66006f0073006f] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!lstrcmpiW] [6f004300200074] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!GetTickCount] [72006f00700072] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!CloseHandle] [6f006900740061] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!GetCurrentProcess] [410020002e006e] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!GetCurrentThreadId] [74006800670069] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!GetCurrentProcessId] [65007200200073] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!QueryPerformanceCounter] [76007200650073] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!TerminateProcess] [2e00640065] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [4f0001000d0042] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!UnhandledExceptionFilter] [69006700690072] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!Sleep] [46006c0061006e] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!GetSystemInfo] [6e0065006c0069] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!IsWow64Process] [65006d0061] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!QueryInformationJobObject] [46005200450050] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[ADVAPI32.dll!ReportEventA] [38006e00690077] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[ADVAPI32.dll!OpenProcessToken] [7200640067005f] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[ADVAPI32.dll!LookupPrivilegeValueA] [3000320031002e] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[ADVAPI32.dll!AdjustTokenPrivileges] [2d003900310039] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[ADVAPI32.dll!RegisterEventSourceW] [33003100380031] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[ADVAPI32.dll!RegQueryValueExW] [d003a00000029] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[ADVAPI32.dll!DeregisterEventSource] [74006e00490001] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[ADVAPI32.dll!RegOpenKeyExW] [61006e00720065] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[ADVAPI32.dll!RegCloseKey] [6d0061004e006c] IAT C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[1016] @ C:\windows\System32\perfproc.dll[ADVAPI32.dll!ReportEventW] [45005000000065] ---- Threads - GMER 2.1 ---- Thread C:\windows\system32\csrss.exe [720:744] fffff960009105e8 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----