GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-09-01 18:26:10 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002d ST1000LM014-SSHD-8GB rev.LVD4 931,51GB Running: cgccppjr.exe; Driver: C:\Users\MARTYN~1\AppData\Local\Temp\fxlyrpod.sys ---- User code sections - GMER 2.2 ---- ? C:\WINDOWS\system32\apphelp.dll [3180] entry point in ".rdata" section 00000000737a0380 ? C:\WINDOWS\SYSTEM32\iertutil.dll [3180] entry point in ".rdata" section 000000007316d7a0 ? C:\WINDOWS\system32\wbem\wbemsvc.dll [3824] entry point in ".rdata" section 000000006f508fa0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [3824] entry point in ".rdata" section 000000007316d7a0 ? C:\WINDOWS\system32\wbem\wbemsvc.dll [1564] entry point in ".rdata" section 000000006f508fa0 ? C:\Windows\SYSTEM32\iertutil.dll [1564] entry point in ".rdata" section 000000007316d7a0 ? C:\Windows\SYSTEM32\ActXPrxy.dll [1564] entry point in ".rdata" section 000000006974bd10 ? C:\WINDOWS\SYSTEM32\apphelp.dll [1564] entry point in ".rdata" section 00000000737a0380 ? C:\WINDOWS\system32\mssprxy.dll [1564] entry point in ".rdata" section 000000006a81a4e0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [5140] entry point in ".rdata" section 000000007316d7a0 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [5140] entry point in ".rdata" section 0000000067bbbb10 ? C:\WINDOWS\system32\apphelp.dll [1584] entry point in ".rdata" section 00000000737a0380 ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [772:800] fffff960fad14030 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 1065961918 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 5912 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalResumeTime 3076846 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnFromHandlerTimestamp 3076236 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@SleeperThreadEndTimestamp 3076236 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnSystemPowerState 3076626 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@DeviceResumeTime 359 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeCompleteTimestamp 0x1E 0x0F 0x2F 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\d07e35d6c314 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ?czw.?, ?wrz ?01 ?16, 05:18:27????????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 8920 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b76f0937-0d23-4a67-aadb-27fee63a6f32}@LeaseObtainedTime 1472742988 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b76f0937-0d23-4a67-aadb-27fee63a6f32}@T1 1472744788 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b76f0937-0d23-4a67-aadb-27fee63a6f32}@T2 1472746138 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b76f0937-0d23-4a67-aadb-27fee63a6f32}@LeaseTerminatesTime 1472746588 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x04 0xF0 0x61 0x3F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x04 0x58 0x26 0xA1 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x04 0x88 0x9D 0xDD ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeTickCount 0x25 0xD0 0x09 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\63\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\63\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\63\1@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\63\1@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\63\2@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\63\2@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\63\3@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\63\3@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@PolicyDocumentLastRefresh 0xE0 0xFF 0xB6 0xC1 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime 0x67 0x2F 0x4A 0xC4 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime 0x67 0x2F 0x4A 0xC4 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime 0x67 0x2F 0x4A 0xC4 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime 0x67 0x2F 0x4A 0xC4 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest 0xC7 0x19 0x19 0x77 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData@PendingOperations 19 Reg HKCU\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Window_3ea2c71dd03bf2e0cacb2f133a9dea3c76b514b8_00c55871_2087abb3 Reg HKCU\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles@CheckingForSolutionDialog 0xF0 0x03 0x05 0x00 ... ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----