GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-02-06 06:37:08 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000028 Samsung_SSD_850_EVO_250GB rev.EMT01B6Q 232,89GB Running: 2e8m9u5y.exe; Driver: C:\Users\Rockfor\AppData\Local\Temp\uflcqpog.sys ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [544:3860] fffff960008b72d0 ---- Processes - GMER 2.1 ---- Library C:\Users\Rockfor\AppData\Local\MotetsMinistry\BrookedOveranalyzing.dll (*** suspicious ***) @ C:\Windows\SysWOW64\rundll32.exe [4684](2016-01-21 22:15:40) 0000000010000000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -665209862 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\GWX\Usage@UsageTime 0xFF 0x0F 0x97 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime 0x61 0x0C 0xAE 0x37 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime 0x61 0x0C 0xAE 0x37 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime 0x61 0x0C 0xAE 0x37 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime 0x61 0x0C 0xAE 0x37 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest 0xE4 0x97 0xBD 0xEA ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce@Report C:\AdwCleaner\AdwCleaner[C1].txt Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData@PendingOperations 10 ---- EOF - GMER 2.1 ----