GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-10-17 22:38:16 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000007e ST1000LM rev.2AR1 931,51GB Running: bu039cq0.exe; Driver: C:\Users\PAB0EF~1.J\AppData\Local\Temp\uxriqpow.sys ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Modules - GMER 2.1 ---- Module \SystemRoot\system32\drivers\pctDS64.sys fffff8800196a000-fffff880019db000 (462848 bytes) Module \SystemRoot\system32\drivers\PCTCore64.sys fffff88001a33000-fffff88001a9c000 (430080 bytes) Module \SystemRoot\system32\drivers\pctEFA64.sys fffff88001c98000-fffff88001da8000 (1114112 bytes) Module \SystemRoot\system32\drivers\TfFsMon.sys fffff88001da8000-fffff88001dbc000 (81920 bytes) Module \SystemRoot\system32\drivers\TfSysMon.sys fffff88001112000-fffff880011c2000 (720896 bytes) Module \??\C:\Windows\System32\drivers\pctgntdi64.sys fffff8800389f000-fffff880038f9000 (368640 bytes) Module \Device\Harddisk0\Partition2\windows\system32\drivers\PctWfpFilter64.sys fffff880038f9000-fffff8800393c000 (274432 bytes) Module \SystemRoot\System32\Drivers\PCTBD64.sys fffff8801e033000-fffff8801e049000 (90112 bytes) Module \??\C:\windows\system32\Drivers\PROCEXP113.SYS fffff8801e021000-fffff8801e029000 (32768 bytes) Module \??\C:\Users\PAB0EF~1.J\AppData\Local\Temp\uxriqpow.sys (GMER) fffff8801e1db000-fffff8801e1eb000 (65536 bytes) ---- Threads - GMER 2.1 ---- Thread C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3276:2816] 0000000075987587 Thread C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3276:2864] 0000000072f07712 Thread C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3276:2892] 0000000077802e65 Thread C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3276:4580] 0000000077803e85 Thread C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3276:4780] 0000000077803e85 Thread C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3276:3840] 0000000077803e85 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4988:2296] 000007fefa522bf8 ---- Processes - GMER 2.1 ---- Library \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll (*** suspicious ***) @ C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1064] (FILE NOT FOUND) 000007fefbee0000 Library \\?\C:\Program Files\Bitdefender\Bitdefender 2015\bdnc.dll (*** suspicious ***) @ C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1064] (FILE NOT FOUND) 000007fefbce0000 ---- EOF - GMER 2.1 ----