GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-06-16 18:22:39 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002f WDC_WD5000LPVX-75V0TT0 rev.01.01A01 465,76GB Running: f9bc83s0.exe; Driver: C:\Users\Milten\AppData\Local\Temp\kwxdqaob.sys ---- User code sections - GMER 2.2 ---- ? C:\WINDOWS\SYSTEM32\iertutil.dll [3180] entry point in ".rdata" section 0000000071e83590 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [3180] entry point in ".rdata" section 00000000717abb10 ? C:\WINDOWS\system32\apphelp.dll [5512] entry point in ".rdata" section 0000000073cf0380 ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [624:5356] fffff9600fa04030 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations \??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\PS5UI.DLL?\??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\PS5UI.DLL?\??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\PSCRIPT5.DLL?\??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\PSCRIPT5.DLL?\??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\UNIDRV.DLL?\??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\UNIDRV.DLL?\??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\UNIDRVUI.DLL?\??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\UNIDRVUI.DLL?\??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\UNIRES.DLL?\??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\UNIRES.DLL?\??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\New\PrintConfig.dll?\??\C:\WINDOWS\system32\spool\DRIVERS\x64\3\PrintConfig.dll?\??\C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\New\PrintConfig.dll?\??\C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\PrintConfig.dll? Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -467490861 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\4cbb583ed4ca Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{63AC96EC-C151-41D2-88C2-4F48EBB46E77}@DefunctTimestamp 0x44 0xF7 0x43 0x59 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 676 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 29 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0d7a3b8e-4944-4e16-9c18-7437305b8247}@LeaseObtainedTime 1497626438 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0d7a3b8e-4944-4e16-9c18-7437305b8247}@T1 1497628238 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0d7a3b8e-4944-4e16-9c18-7437305b8247}@T2 1497629588 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0d7a3b8e-4944-4e16-9c18-7437305b8247}@LeaseTerminatesTime 1497630038 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0xBD 0x53 0xEB 0x1B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0xBD 0xBB 0xAF 0x7D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0xBD 0xEB 0x26 0xBA ... ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----