GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-02-04 18:20:38 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000039 TOSHIBA_MK6475GSX rev.GT001M 596,17GB Running: 52iesvdr.exe; Driver: C:\Users\vvr0na.44\AppData\Local\Temp\uxdorpob.sys ---- User code sections - GMER 2.1 ---- .text C:\windows\system32\atiesrxx.exe[976] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fdb587177a 4 bytes [87, B5, FD, 07] .text C:\windows\system32\atiesrxx.exe[976] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fdb5871782 4 bytes [87, B5, FD, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1152] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fdaf7d1532 4 bytes [7D, AF, FD, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1152] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fdaf7d153a 4 bytes [7D, AF, FD, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1152] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fdaf7d165a 4 bytes [7D, AF, FD, 07] .text C:\windows\system32\atieclxx.exe[1344] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fdb587177a 4 bytes [87, B5, FD, 07] .text C:\windows\system32\atieclxx.exe[1344] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fdb5871782 4 bytes [87, B5, FD, 07] .text C:\windows\System32\svchost.exe[1980] c:\windows\system32\WSOCK32.dll!recvfrom + 742 000007fdadb01b32 4 bytes [B0, AD, FD, 07] .text C:\windows\System32\svchost.exe[1980] c:\windows\system32\WSOCK32.dll!recvfrom + 750 000007fdadb01b3a 4 bytes [B0, AD, FD, 07] .text C:\windows\System32\svchost.exe[2044] c:\windows\system32\WSOCK32.dll!recvfrom + 742 000007fdadb01b32 4 bytes [B0, AD, FD, 07] .text C:\windows\System32\svchost.exe[2044] c:\windows\system32\WSOCK32.dll!recvfrom + 750 000007fdadb01b3a 4 bytes [B0, AD, FD, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3440] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fdaf7d1532 4 bytes [7D, AF, FD, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3440] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fdaf7d153a 4 bytes [7D, AF, FD, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3440] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fdaf7d165a 4 bytes [7D, AF, FD, 07] ---- Threads - GMER 2.1 ---- Thread C:\windows\system32\csrss.exe [668:692] fffff960008b85e8 Thread C:\windows\SYSTEM32\ntdll.dll [2584:2588] 0000000001301c94 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----