GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-10-05 20:14:00 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002c ST1000DX001-1CM162 rev.CC43 931,51GB Running: n749q2pd.exe; Driver: C:\Windows\TEMP\ugldrpob.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe[876] C:\Windows\system32\KERNEL32.DLL!UnhandledExceptionFilter + 1 00007ff80777d48d 5 bytes [B8, 30, 08, 03, 02] .text C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe[876] C:\Windows\system32\KERNEL32.DLL!UnhandledExceptionFilter + 7 00007ff80777d493 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe[876] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff805f2169a 4 bytes [F2, 05, F8, 7F] .text C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe[876] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff805f216a2 4 bytes [F2, 05, F8, 7F] .text C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe[876] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff805f2181a 4 bytes [F2, 05, F8, 7F] .text C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe[876] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff805f21832 4 bytes [F2, 05, F8, 7F] .text C:\Windows\system32\atiesrxx.exe[836] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff805f2169a 4 bytes [F2, 05, F8, 7F] .text C:\Windows\system32\atiesrxx.exe[836] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff805f216a2 4 bytes [F2, 05, F8, 7F] .text C:\Windows\system32\atiesrxx.exe[836] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff805f2181a 4 bytes [F2, 05, F8, 7F] .text C:\Windows\system32\atiesrxx.exe[836] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff805f21832 4 bytes [F2, 05, F8, 7F] .text C:\Windows\system32\atieclxx.exe[1208] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff805f2169a 4 bytes [F2, 05, F8, 7F] .text C:\Windows\system32\atieclxx.exe[1208] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff805f216a2 4 bytes [F2, 05, F8, 7F] .text C:\Windows\system32\atieclxx.exe[1208] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff805f2181a 4 bytes [F2, 05, F8, 7F] .text C:\Windows\system32\atieclxx.exe[1208] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff805f21832 4 bytes [F2, 05, F8, 7F] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1840] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffffb9b1f6a 4 bytes [9B, FB, FF, 7F] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1840] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffffb9b1f82 4 bytes [9B, FB, FF, 7F] .text C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe[2160] C:\Windows\system32\KERNEL32.DLL!UnhandledExceptionFilter + 1 00007ff80777d48d 5 bytes [B8, 30, 08, 15, 01] .text C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe[2160] C:\Windows\system32\KERNEL32.DLL!UnhandledExceptionFilter + 7 00007ff80777d493 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe[2160] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff805f2169a 4 bytes [F2, 05, F8, 7F] .text C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe[2160] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff805f216a2 4 bytes [F2, 05, F8, 7F] .text C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe[2160] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff805f2181a 4 bytes [F2, 05, F8, 7F] .text C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe[2160] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff805f21832 4 bytes [F2, 05, F8, 7F] .text C:\Windows\Explorer.EXE[2872] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ff804f30f90 5 bytes JMP 00007ff784f50018 .text C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[3788] C:\Windows\system32\KERNEL32.DLL!UnhandledExceptionFilter + 1 00007ff80777d48d 5 bytes [B8, 30, 08, 46, 02] .text C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[3788] C:\Windows\system32\KERNEL32.DLL!UnhandledExceptionFilter + 7 00007ff80777d493 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[3788] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff805f2169a 4 bytes [F2, 05, F8, 7F] .text C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[3788] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff805f216a2 4 bytes [F2, 05, F8, 7F] .text C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[3788] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff805f2181a 4 bytes [F2, 05, F8, 7F] .text C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[3788] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff805f21832 4 bytes [F2, 05, F8, 7F] ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\csrss.exe [588:612] fffff96000967b90 Thread C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2452:2368] 00007fffe99189f0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 532756025 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C58F7E1B-48EA-4162-ADF0-43C510F4BFE9}@LeaseObtainedTime 1475685699 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C58F7E1B-48EA-4162-ADF0-43C510F4BFE9}@T1 1475689299 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C58F7E1B-48EA-4162-ADF0-43C510F4BFE9}@T2 1475691999 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C58F7E1B-48EA-4162-ADF0-43C510F4BFE9}@LeaseTerminatesTime 1475692899 ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----