GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-05-26 23:34:50 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000042 Samsung_SSD_840_EVO_250GB rev.EXT0BB6Q 232,89GB Running: 8p5vy2wg.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\uwldqpod.sys ---- Devices - GMER 2.1 ---- Device \Driver\NDProxy \Device\NDProxy fffff800b6264920 Device \Driver\RDPDR \Device\FakeVid10 fffff800b658b000 Device \Driver\secdrv \Device\AscKmd fffff800b52ab62c Device \Driver\RDPDR \Device\FakeVid11 fffff800b658b000 Device \Driver\RDPDR \Device\FakeVid8 fffff800b658b000 Device \FileSystem\srvnet \Device\SrvAdmin fffff800b2ee77c0 Device \Driver\RDPDR \Device\FakeVid12 fffff800b658b000 Device \Driver\RDPDR \Device\FakeVid4 fffff800b658b000 Device \Driver\RDPDR \Device\FakeVid13 fffff800b658b000 Device \Driver\RDPDR \Device\FakeVid0 fffff800b658b000 Device \FileSystem\srv \Device\LanmanServer fffff800b63b5f90 Device \Driver\RDPDR \Device\FakeVid14 fffff800b658b000 Device \Driver\RDPDR \Device\FakeVid15 fffff800b658b000 Device \Driver\RDPDR \Device\RdpDrPort fffff800b658b000 Device \Driver\Ndu \Device\NduIoDevice fffff800b53a2824 Device \Driver\RDPDR \Device\FakeVid9 fffff800b658b000 Device \Driver\RDPDR \Device\FakeVid5 fffff800b658b000 Device \Driver\RDPDR \Device\FakeVid1 fffff800b658b000 Device \FileSystem\srvnet \Device\SrvNet fffff800b2ee77c0 Device \Driver\IPNAT \Device\IPNAT fffff800b6486990 Device \Driver\RdpVideoMiniport \Device\RdpVideoMiniport10 fffff800b65567b0 Device \Driver\RDPDR \Device\DrDynVc fffff800b658b000 Device \Driver\RdpVideoMiniport \Device\RdpVideoMiniport11 fffff800b65567b0 Device \Driver\RdpVideoMiniport \Device\RdpVideoMiniport12 fffff800b65567b0 Device \Driver\RDPDR \Device\FakeVid6 fffff800b658b000 Device \Driver\RdpVideoMiniport \Device\RdpVideoMiniport13 fffff800b65567b0 Device \Driver\RDPDR \Device\FakeVid2 fffff800b658b000 Device \Driver\RdpVideoMiniport \Device\RdpVideoMiniport14 fffff800b65567b0 Device \Driver\RdpVideoMiniport \Device\RdpVideoMiniport0 fffff800b65567b0 Device \Driver\RdpVideoMiniport \Device\RdpVideoMiniport15 fffff800b65567b0 Device \Driver\RdpVideoMiniport \Device\RdpVideoMiniport1 fffff800b65567b0 Device \Driver\secdrv \Device\Secdrv fffff800b52ab62c Device \Driver\RdpVideoMiniport \Device\RdpVideoMiniport2 fffff800b65567b0 Device \Driver\RdpVideoMiniport \Device\RdpVideoMiniport3 fffff800b65567b0 Device \Driver\RdpVideoMiniport \Device\RdpVideoMiniport4 fffff800b65567b0 Device \Driver\RdpVideoMiniport \Device\RdpVideoMiniport5 fffff800b65567b0 Device \Driver\RdpVideoMiniport \Device\RdpVideoMiniport6 fffff800b65567b0 Device \Driver\RdpVideoMiniport \Device\RdpVideoMiniport7 fffff800b65567b0 Device \Driver\RDPDR \Device\FakeVid7 fffff800b658b000 Device \Driver\RdpVideoMiniport \Device\RdpVideoMiniport8 fffff800b65567b0 Device \FileSystem\srv2 \Device\Srv2 fffff800b6316830 Device \Driver\NdisTapi \Device\NdisTapi fffff800b643d290 Device \Driver\RDPDR \Device\FakeVid3 fffff800b658b000 Device \Driver\RdpVideoMiniport \Device\RdpVideoMiniport9 fffff800b65567b0 ---- Threads - GMER 2.1 ---- Thread System [4:3108] fffff800b53ac954 Thread System [4:3392] fffff800b630a810 Thread System [4:3396] fffff800b630a810 Thread System [4:3400] fffff800b630a810 Thread System [4:3404] fffff800b631a898 Thread C:\Windows\system32\csrss.exe [584:608] fffff960008fc2d0 ---- Processes - GMER 2.1 ---- Library C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [3100](2014-05-21 05:00:40) 000000006fbc0000 Library C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [3100](2014-05-21 05:00:40) 000000006e940000 Library C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [3100](2014-05-21 05:00:40) 000000006a1c0000 Library C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [3100](2014-05-21 05:00:40) 000000006ff00000 Library C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [3100](2014-05-21 05:00:40) 000000006efc0000 Library C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [3100](2014-05-21 05:00:40) 000000006ed40000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0xAC 0xC8 0xF4 0x0C ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0x9C 0xB9 0xA3 0xF4 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0x53 0xF7 0xF4 0x0C ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime 0xB5 0x52 0xB1 0xDC ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 36 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\CMN15BC0_25_07DC_26^FEECC2A12402BD90FD9AE37EF3632F31@Timestamp 0x57 0x52 0xFA 0x0D ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 640 Reg HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\e276e160-7cb0-43c6-b20b-73f5dce39954\a1662ab2-9d34-4e53-ba8b-2639b9e20857@Attributes 1 Reg HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\f693fb01-e858-4f00-b20f-f30e12ac06d6\191f65b5-d45c-4a4f-8aae-1ab8bfd980e6@Attributes 1 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations \??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\cleanup.old??\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware??\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.old??\??\C:\Users\ADMINI~1\AppData\Local\Temp\_iu14D2N.tmp??\??\C:\Users\ADMINI~1\AppData\Local\Temp\~nsu.tmp\Au_.exe??\??\C:\Users\ADMINI~1\AppData\Local\Temp\~nsu.tmp??\??\C:\Users\ADMINI~1\AppData\Local\Temp\~nsu.tmp\Au_.exe??\??\C:\Users\ADMINI~1\AppData\Local\Temp\~nsu.tmp??\??\C:\Users\ADMINI~1\AppData\Local\Temp\~nsu.tmp\Au_.exe??\??\C:\Users\ADMINI~1\AppData\Local\Temp\~nsu.tmp??\??\C:\Users\ADMINI~1\AppData\Local\Temp\~nsu.tmp\Au_.exe??\??\C:\Users\ADMINI~1\AppData\Local\Temp\~nsu.tmp??\??\C:\Users\Administrator\AppData\Roaming\Genieo\Application\Partner\uninstall\partner_uninstall.exe??\??\C:\Users\Administrator\AppData\Roaming\Genieo\Application\Partner\uninstall\??\??\C:\Users\Administrator\AppData\Roaming\Genieo\Application\Partner\??\??\C:\Users\Administrator\AppData\Roaming\Genieo\Application\Updater\ Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 3900015 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 1412799191 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 38 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 443717623 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 3066 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime 2782 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID f9768045-ee1e-416e-bcad-7afd269 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\fc4dd4553691 Reg HKLM\SYSTEM\CurrentControlSet\Services\bthserv\Parameters\BluetoothControlPanelTasks@State 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 14030 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 1257 Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 37 Reg HKLM\SYSTEM\CurrentControlSet\Services\SynTP\Parameters@DetectTimeMS 906 Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE7CD045-E861-484F-8273-0445EE161910}\iexplore@Count 17 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\iexplore@Count 64 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce@CleanupUninstallerTemp cmd.exe /c del /F /Q "%temp%\updater_uninstall.exe" /f ---- EOF - GMER 2.1 ----