GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-11-15 16:56:55 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.01.0 298,09GB Running: bljrig4w.exe; Driver: C:\Users\Acer\AppData\Local\Temp\kwldrpoc.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff960001a3c00 7 bytes [00, 96, F3, FF, 01, A2, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff960001a3c08 3 bytes [C0, 06, 02] ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075551465 2 bytes [55, 75] .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755514bb 2 bytes [55, 75] .text ... * 2 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075551465 2 bytes [55, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755514bb 2 bytes [55, 75] .text ... * 2 .text C:\Users\Acer\AppData\Local\Akamai\netsession_win.exe[4508] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075551465 2 bytes [55, 75] .text C:\Users\Acer\AppData\Local\Akamai\netsession_win.exe[4508] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755514bb 2 bytes [55, 75] .text ... * 2 .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075551465 2 bytes [55, 75] .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755514bb 2 bytes [55, 75] .text ... * 2 .text C:\Program Files\Autodesk\AutoCAD 2015\acad.exe[1656] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter 0000000077a09b80 5 bytes [90, 33, C0, 90, C3] ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\08edb953d1d2 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\08edb953d1d2@8c71f89630a9 0x2E 0x23 0xE0 0x53 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\08edb953d1d2@205476cd930f 0x4B 0x9A 0x37 0xC4 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\08edb953d1d2 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\08edb953d1d2@8c71f89630a9 0x2E 0x23 0xE0 0x53 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\08edb953d1d2@205476cd930f 0x4B 0x9A 0x37 0xC4 ... ---- EOF - GMER 2.2 ----