GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-06-11 20:08:25 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 ST380815AS rev.4.AAB 74,53GB Running: 7qbw29ly.exe; Driver: C:\Users\Admin\AppData\Local\Temp\pgddyaoc.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000777b13e0 7 bytes [48, B8, 50, 40, FE, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000777b13e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000777b1550 7 bytes [48, B8, D0, 40, FE, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 00000000777b1558 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777b1570 7 bytes [48, B8, C0, 44, FE, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000777b1578 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00000000777b1580 7 bytes [48, B8, B0, 42, FE, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000777b1588 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000777b1590 7 bytes [48, B8, 30, 3F, FE, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000777b1598 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000777b15b0 7 bytes [48, B8, A0, 3F, FE, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000777b15b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000777b1600 7 bytes [48, B8, 40, 41, FE, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000777b1608 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00000000777b1610 7 bytes [48, B8, 10, 45, FE, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000777b1618 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777b1640 7 bytes [48, B8, 30, 42, FE, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000777b1648 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000777b16e0 7 bytes [48, B8, 70, 42, FE, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000777b16e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777b1860 7 bytes [48, B8, B0, 41, FE, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000777b1868 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000777b22d0 7 bytes [48, B8, F0, 44, FE, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000777b22d8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777b2320 4 bytes [48, B8, 90, 44] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 5 00000000777b2325 2 bytes [3F, 01] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000777b2470 7 bytes [48, B8, 90, 42, FE, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000777b2478 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000777b13e0 7 bytes [48, B8, 50, 40, FE, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000777b13e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000777b1550 7 bytes [48, B8, D0, 40, FE, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 00000000777b1558 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777b1570 7 bytes [48, B8, C0, 44, FE, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000777b1578 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00000000777b1580 7 bytes [48, B8, B0, 42, FE, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000777b1588 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000777b1590 7 bytes [48, B8, 30, 3F, FE, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000777b1598 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000777b15b0 7 bytes [48, B8, A0, 3F, FE, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000777b15b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000777b1600 7 bytes [48, B8, 40, 41, FE, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000777b1608 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00000000777b1610 7 bytes [48, B8, 10, 45, FE, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000777b1618 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777b1640 7 bytes [48, B8, 30, 42, FE, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000777b1648 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000777b16e0 7 bytes [48, B8, 70, 42, FE, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000777b16e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777b1860 7 bytes [48, B8, B0, 41, FE, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000777b1868 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000777b22d0 7 bytes [48, B8, F0, 44, FE, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000777b22d8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777b2320 4 bytes [48, B8, 90, 44] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 5 00000000777b2325 2 bytes [3F, 01] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000777b2470 7 bytes [48, B8, 90, 42, FE, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000777b2478 6 bytes {ADD [RAX], AL; JMP RAX} ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Windows\explorer.exe[2348] @ C:\Windows\system32\EhStorAPI.dll[msvcrt.dll!wcsncpy_s] [0] IAT C:\Windows\explorer.exe[2348] @ C:\Windows\system32\EhStorAPI.dll[msvcrt.dll!wcsrchr] [0] IAT C:\Windows\explorer.exe[2348] @ C:\Windows\system32\EhStorAPI.dll[msvcrt.dll!malloc] [0] IAT C:\Windows\explorer.exe[2348] @ C:\Windows\system32\EhStorAPI.dll[msvcrt.dll!calloc] [0] IAT C:\Windows\explorer.exe[2348] @ C:\Windows\system32\EhStorAPI.dll[msvcrt.dll!??2@YAPEAX_K@Z] [4a5bcc9500000000] IAT C:\Windows\explorer.exe[2348] @ C:\Windows\system32\EhStorAPI.dll[msvcrt.dll!memmove_s] [200000000] IAT C:\Windows\explorer.exe[2348] @ C:\Windows\system32\EhStorAPI.dll[msvcrt.dll!memcpy_s] [1f780000002f] IAT C:\Windows\explorer.exe[2348] @ C:\Windows\system32\EhStorAPI.dll[msvcrt.dll!mbstowcs] [1378] IAT C:\Windows\explorer.exe[2348] @ C:\Windows\system32\EhStorAPI.dll[msvcrt.dll!??_U@YAPEAX_K@Z] [0] IAT C:\Windows\explorer.exe[2348] @ C:\Windows\system32\EhStorAPI.dll[msvcrt.dll!_CxxThrowException] [44531de45cde9f0e] IAT C:\Windows\explorer.exe[2348] @ C:\Windows\system32\EhStorAPI.dll[msvcrt.dll!__CxxFrameHandler3] [3dfa2e83e856a996] IAT C:\Windows\explorer.exe[2348] @ C:\Windows\system32\EhStorAPI.dll[msvcrt.dll!wcscpy_s] [2] IAT C:\Windows\explorer.exe[2348] @ C:\Windows\system32\EhStorAPI.dll[msvcrt.dll!wcscat_s] [11d2953d28636aa6] IAT C:\Windows\explorer.exe[2348] @ C:\Windows\system32\EhStorAPI.dll[msvcrt.dll!memset] [d018d94fc000d6b5] IAT C:\Windows\explorer.exe[2348] @ C:\Windows\system32\EhStorAPI.dll[msvcrt.dll!_XcptFilter] [4efddf1ca45c254e] IAT C:\Windows\explorer.exe[2348] @ C:\Windows\system32\EhStorAPI.dll[msvcrt.dll!_initterm] [e050a846d1672080] IAT C:\Windows\explorer.exe[2348] @ C:\Windows\system32\EhStorAPI.dll[msvcrt.dll!_amsg_exit] [e] IAT C:\Windows\explorer.exe[2348] @ C:\Windows\system32\EhStorAPI.dll[msvcrt.dll!??1type_info@@UEAA@XZ] [4acaf73a63c6d5b8] IAT C:\Windows\explorer.exe[2348] @ C:\Windows\system32\EhStorAPI.dll[msvcrt.dll!realloc] [59b5e087c70c7e96] IAT C:\Windows\explorer.exe[2348] @ C:\Windows\system32\EhStorAPI.dll[msvcrt.dll!_errno] [5003] IAT C:\Windows\explorer.exe[2348] @ C:\Windows\system32\EhStorAPI.dll[msvcrt.dll!_unlock] [43fdecc0656a3bb3] IAT C:\Windows\explorer.exe[2348] @ C:\Windows\system32\EhStorAPI.dll[msvcrt.dll!__dllonexit] [cd964a40e04a7784] IAT C:\Windows\explorer.exe[2348] @ C:\Windows\system32\EhStorAPI.dll[msvcrt.dll!_lock] [1001] IAT C:\Windows\explorer.exe[2348] @ C:\Windows\system32\EhStorAPI.dll[msvcrt.dll!_onexit] [43fdecc0656a3bb3] IAT C:\Windows\explorer.exe[2348] @ C:\Windows\system32\EhStorAPI.dll[msvcrt.dll!??3@YAXPEAX@Z] [cd964a40e04a7784] IAT C:\Windows\explorer.exe[2348] @ C:\Windows\system32\EhStorAPI.dll[msvcrt.dll!_purecall] [3004] IAT C:\Windows\explorer.exe[2348] @ C:\Windows\system32\EhStorAPI.dll[msvcrt.dll!memcpy] [43fdecc0656a3bb3] IAT C:\Windows\explorer.exe[2348] @ C:\Windows\system32\EhStorAPI.dll[USER32.dll!PostQuitMessage] [0] IAT C:\Windows\explorer.exe[2348] @ C:\Windows\system32\EhStorAPI.dll[KERNEL32.dll!WaitForMultipleObjects] [0] IAT C:\Windows\explorer.exe[2348] @ C:\Windows\system32\EhStorAPI.dll[KERNEL32.dll!UnhandledExceptionFilter] [0] IAT C:\Windows\explorer.exe[2348] @ C:\Windows\system32\EhStorAPI.dll[KERNEL32.dll!OutputDebugStringA] [0] IAT C:\Windows\explorer.exe[2348] @ C:\Windows\system32\EhStorAPI.dll[KERNEL32.dll!GetLastError] [0] IAT C:\Windows\explorer.exe[2348] @ C:\Windows\system32\EhStorAPI.dll[KERNEL32.dll!CloseHandle] [0] IAT C:\Windows\explorer.exe[2348] @ C:\Windows\system32\EhStorAPI.dll[ole32.dll!CoTaskMemRealloc] [3005] IAT C:\Windows\explorer.exe[2348] @ C:\Windows\system32\EhStorAPI.dll[ole32.dll!CoCreateInstance] [43fdecc0656a3bb3] IAT C:\Windows\explorer.exe[2348] @ C:\Windows\system32\EhStorAPI.dll[ole32.dll!CoTaskMemFree] [cd964a40e04a7784] IAT C:\Windows\explorer.exe[2348] @ C:\Windows\system32\EhStorAPI.dll[ole32.dll!CoTaskMemAlloc] [3006] IAT C:\Windows\explorer.exe[2348] @ C:\Windows\system32\EhStorAPI.dll[ole32.dll!StringFromGUID2] [43fdecc0656a3bb3] IAT C:\Windows\explorer.exe[2348] @ C:\Windows\system32\EhStorAPI.dll[SETUPAPI.dll!SetupDiGetClassDevsW] [0] IAT C:\Windows\explorer.exe[2348] @ C:\Windows\system32\EhStorAPI.dll[SETUPAPI.dll!SetupDiGetClassDevsExW] [0] ---- Modules - GMER 2.2 ---- Module \??\C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys fffff88003a57000-fffff88003a66000 (61440 bytes) ---- Threads - GMER 2.2 ---- Thread System [4:1476] fffffa8002bb7cd8 Thread System [4:1852] fffffa8002bf0a1c Thread System [4:2512] fffffa8002bf9c84 Thread System [4:924] fffffa8002bf8580 Thread System [4:3832] fffffa8002bf21a4 Thread C:\Windows\System32\svchost.exe [1020:1116] 000007fefa0f331c Thread C:\Windows\System32\svchost.exe [1020:1176] 000007fefa0b31f4 Thread C:\Windows\System32\svchost.exe [1020:1328] 000007fef9bd3f1c Thread C:\Windows\System32\svchost.exe [1020:1340] 000007fef99159a0 Thread C:\Windows\System32\svchost.exe [1020:2244] 000007fef56120c0 Thread C:\Windows\System32\svchost.exe [1020:2256] 000007fef56126a8 Thread C:\Windows\System32\svchost.exe [1020:2236] 000007fef56129dc Thread C:\Windows\System32\svchost.exe [1020:3804] 000007fefc5488f8 Thread C:\Windows\system32\svchost.exe [156:3240] 000007fef1aa506c Thread C:\Windows\system32\svchost.exe [156:2368] 000007fef6d75124 Thread C:\Windows\system32\svchost.exe [156:2196] 000007fef47f5170 Thread C:\Windows\system32\svchost.exe [156:744] 000007fef47f5170 Thread C:\Windows\system32\svchost.exe [156:4168] 000007fee730e1c4 Thread C:\Windows\system32\svchost.exe [156:2524] 000007fef15b4164 Thread C:\Windows\system32\svchost.exe [156:3328] 000007fef4681ab0 Thread C:\Windows\system32\svchost.exe [1044:2208] 000007fef59b0ea8 Thread C:\Windows\system32\svchost.exe [1044:2228] 000007fef59a9db0 Thread C:\Windows\system32\svchost.exe [1044:2308] 000007fef59b1c94 Thread C:\Windows\system32\svchost.exe [1044:2324] 000007fef59aaa10 Thread C:\Windows\system32\svchost.exe [1044:2996] 000007fee6d8d3c8 Thread C:\Windows\system32\svchost.exe [1044:1924] 000007fee6d8d3c8 Thread C:\Windows\system32\svchost.exe [1044:2856] 000007fee6d8d3c8 Thread C:\Windows\system32\svchost.exe [1044:2628] 000007fee6d8d3c8 Thread C:\Windows\system32\svchost.exe [1044:5088] 000007fef1b8b1b0 Thread C:\Windows\system32\svchost.exe [1592:1988] 000007fef70335c0 Thread C:\Windows\system32\svchost.exe [1592:2216] 000007fef7035600 Thread C:\Windows\system32\svchost.exe [1592:2276] 000007fef51d2888 Thread C:\Windows\system32\svchost.exe [1592:2280] 000007fef51b2940 Thread C:\Windows\Explorer.EXE [1656:4196] 0000000003b7449c Thread C:\Windows\Explorer.EXE [1656:4200] 0000000009154840 Thread C:\Windows\Explorer.EXE [1656:4204] 000000000921dbb4 Thread C:\Windows\Explorer.EXE [1656:4208] 000000000921dbb4 Thread C:\Windows\Explorer.EXE [1656:4216] 000000000921dbb4 Thread C:\Windows\Explorer.EXE [1656:4220] 000000000921dbb4 Thread C:\Program Files\Microsoft Security Client\msseces.exe [1972:1264] 000007fefbd02ab8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2852:3936] 000007fefbd02ab8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2852:3868] 000007fee7acd618 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2852:2504] 000007fef6d75124 ---- Files - GMER 2.2 ---- ADS C:\Windows\System32\drivers:ucdrv-x64.sys 50888 bytes executable ADS C:\Windows\System32\drivers:x64 749456 bytes executable ADS C:\Windows\System32\drivers:x86 611728 bytes executable ADS C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys 50888 bytes executable <-- ROOTKIT !!! ADS C:\Program Files (x86)\UCBrowser\Security:x64 749456 bytes executable ADS C:\Program Files (x86)\UCBrowser\Security:x86 611728 bytes executable ---- Services - GMER 2.2 ---- Service C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [SYSTEM] ucdrv <-- ROOTKIT !!! ---- EOF - GMER 2.2 ----