GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-06-16 19:59:14 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000025 ST500LT012-1DG142 rev.0003SDM1 465,76GB Running: rmq2tm48.exe; Driver: C:\Users\pc\AppData\Local\Temp\fxldrpoc.sys ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3580] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7fff47cb002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3580] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7fff47cc006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3580] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fff47cc002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3580] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7fff47cc006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3580] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7fff47cb002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3580] @ C:\Windows\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7fff47cc006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3580] @ C:\Windows\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7fff47cc006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3580] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7fff47cc006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3580] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7fff47cb002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3580] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fff47cb002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3580] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fff47cc006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3580] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fff0bf72730] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3580] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\COMCTL32.dll[GDI32.dll!GetStockObject] [7fff47cc006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3580] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\COMCTL32.dll[USER32.dll!RegisterClassW] [7fff47cb002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6028] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7fff47cb002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6028] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7fff47cc006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6028] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fff47cc002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6028] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7fff47cc006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6028] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7fff47cb002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6028] @ C:\Windows\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7fff47cc006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6028] @ C:\Windows\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7fff47cc006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6028] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7fff47cc006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6028] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7fff47cb002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6028] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fff47cb002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6028] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fff47cc006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6028] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fff0bf72730] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6028] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\COMCTL32.dll[GDI32.dll!GetStockObject] [7fff47cc006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6028] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\COMCTL32.dll[USER32.dll!RegisterClassW] [7fff47cb002c] ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\csrss.exe [976:1000] fffff9600092a2d0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 293183493 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\ac72891d052d Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 8692 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\ImmersiveShell\StateStore@ProcessedPackageStateChangeVersion 1482 ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.2 ---- File C:\Windows\Installer\inprogressinstallinfo.ipi 81920 bytes File C:\Windows\Installer\MSI20F5.tmp 712256 bytes executable File C:\Windows\Installer\MSI8A8F.tmp 22518677 bytes File C:\Windows\SoftwareDistribution\Download\4622157e412720c496304beeb425c67f\img 0 bytes File C:\Windows\SoftwareDistribution\Download\4622157e412720c496304beeb425c67f\img\outlook-x-none.msp 98271232 bytes File C:\Windows\SoftwareDistribution\Download\4622157e412720c496304beeb425c67f\img\outlook-x-none.xml 46158 bytes executable File C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1_for_KB4022730~31bf3856ad364e35~amd64~~6.3.1.0.cat 9772 bytes File C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_for_KB4022730_RTM_GM~31bf3856ad364e35~amd64~~6.3.1.0.cat 8827 bytes File C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_for_KB4022730_RTM~31bf3856ad364e35~amd64~~6.3.1.0.cat 8830 bytes File C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_for_KB4022730~31bf3856ad364e35~amd64~~6.3.1.0.cat 8828 bytes File C:\Windows\System32\MRT.exe (size mismatch) 132223576/133627792 bytes executable ---- EOF - GMER 2.2 ----