GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-08-04 14:36:02 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002b Samsung_SSD_840_EVO_250GB rev.EXT0BB6Q 232,89GB Running: x3gux2tj.exe; Driver: C:\Users\Julia\AppData\Local\Temp\awadipod.sys ---- User code sections - GMER 2.2 ---- ? C:\WINDOWS\SYSTEM32\iertutil.dll [2100] entry point in ".rdata" section 00000000716ad3c0 ? C:\WINDOWS\SYSTEM32\wship6.dll [2100] entry point in ".rdata" section 00000000733624b0 ? C:\WINDOWS\SYSTEM32\srpapi.dll [2100] entry point in ".rdata" section 00000000713c2a90 ? C:\WINDOWS\SYSTEM32\iertutil.dll [6060] entry point in ".rdata" section 00000000716ad3c0 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [6060] entry point in ".rdata" section 000000006e37bb10 ? C:\Windows\SYSTEM32\iertutil.dll [5244] entry point in ".rdata" section 00000000716ad3c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [4892] entry point in ".rdata" section 00000000716ad3c0 ? C:\WINDOWS\system32\apphelp.dll [4892] entry point in ".rdata" section 00000000731b0380 ? C:\WINDOWS\SYSTEM32\iertutil.dll [2056] entry point in ".rdata" section 00000000716ad3c0 ? C:\WINDOWS\system32\apphelp.dll [1244] entry point in ".rdata" section 00000000731b0380 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [1244] entry point in ".rdata" section 000000006e37bb10 ? C:\Windows\SYSTEM32\iertutil.dll [1244] entry point in ".rdata" section 00000000716ad3c0 ? C:\Windows\SYSTEM32\ActXPrxy.dll [1244] entry point in ".rdata" section 000000006bbbbd10 ? C:\WINDOWS\system32\apphelp.dll [6616] entry point in ".rdata" section 00000000731b0380 ? C:\WINDOWS\system32\apphelp.dll [7132] entry point in ".rdata" section 00000000731b0380 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [7132] entry point in ".rdata" section 000000006e37bb10 ? C:\WINDOWS\system32\apphelp.dll [5816] entry point in ".rdata" section 00000000731b0380 ? C:\WINDOWS\system32\apphelp.dll [5156] entry point in ".rdata" section 00000000731b0380 ---- Devices - GMER 2.2 ---- Device \Driver\WudfRd \Device\UMDFCtrlDev-f5df880a-54fc-11e6-8d9b-74d43587c335 fffff8002b1f6a40 ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [6004:3956] fffff961b8cc4030 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations \??\C:\Program Files (x86)\Google\Update\1.3.30.3?? Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -892538029 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\00-22-6b-f6-7f-96@AddressCreationTimestamp 0xCA 0x56 0xB2 0x0D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\00-22-6b-f6-7f-96@ClientLocalPort 62967 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\00-22-6b-f6-7f-96@TeredoAddress 2001:0:5ef5:79fd:2c65:a08:a0ce:4bab Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\00-22-6b-f6-7f-96@UPnPExternalPort 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 1577 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeConfidence 6 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x4D 0x48 0xD4 0x15 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x4D 0xB0 0x98 0x77 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x4D 0xE0 0x0F 0xB4 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeTickCount 0x2D 0x21 0x15 0x22 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\WpdUpFltr\Parameters\Wdf@TimeOfLastTelemetryLog 0x0B 0x52 0x4A 0xE2 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@RwMask 0x64 0x62 0x03 0x00 ... ---- EOF - GMER 2.2 ----