GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-09-13 15:30:12 Windows 6.2.9200 x64 \Device\Harddisk2\DR2 -> \Device\0000002e Crucial_CT250MX200SSD1 rev.MU03 232,89GB Running: lu890ski.exe; Driver: C:\Users\macie\AppData\Local\Temp\ufldypog.sys ---- User code sections - GMER 2.2 ---- ? C:\Windows\SYSTEM32\dbgcore.DLL [2200] entry point in ".rdata" section 000000006ebac940 ? C:\Windows\system32\dbgcore.DLL [2252] entry point in ".rdata" section 000000006ebac940 ? C:\Windows\system32\wbem\wbemsvc.dll [3964] entry point in ".rdata" section 000000006c3c8fc0 ? C:\Windows\System32\iertutil.dll [3964] entry point in ".rdata" section 000000006b2a00e0 ? C:\Windows\system32\mssprxy.dll [3964] entry point in ".rdata" section 000000006cdaa650 ? C:\Windows\System32\ActXPrxy.dll [3964] entry point in ".rdata" section 000000006ab49b80 ? C:\Windows\SYSTEM32\NTASN1.dll [3984] entry point in ".rdata" section 000000006cf8a020 ? C:\Windows\system32\ncryptsslp.dll [3984] entry point in ".rdata" section 000000006cf604f0 ? C:\Windows\SYSTEM32\iertutil.dll [6244] entry point in ".rdata" section 000000006b2a00e0 ? C:\Windows\SYSTEM32\dbgcore.DLL [6244] entry point in ".rdata" section 000000006ebac940 ? C:\Windows\SYSTEM32\NTASN1.dll [6244] entry point in ".rdata" section 000000006cf8a020 ? C:\Windows\system32\ncryptsslp.dll [6244] entry point in ".rdata" section 000000006cf604f0 ? C:\Windows\System32\ActXPrxy.dll [6244] entry point in ".rdata" section 000000006ab49b80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6412] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007fff501f5340 16 bytes {MOV RAX, 0x7fff2a582f54; JMP RAX} ? C:\Windows\system32\apphelp.dll [616] entry point in ".rdata" section 000000006d0df7c0 ? C:\Windows\system32\apphelp.dll [1744] entry point in ".rdata" section 000000006d0df7c0 ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] @ C:\Windows\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7fff8dbe006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] @ C:\Windows\System32\USER32.dll[GDI32.dll!GetStockObject] [7fff8dbe006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] @ C:\Windows\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fff8dbe002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] @ C:\Windows\System32\ole32.dll[GDI32.dll!GetStockObject] [7fff8dbe006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] @ C:\Windows\System32\ole32.dll[USER32.dll!RegisterClassW] [7fff8fa8002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] @ C:\Windows\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7fff8fa8002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] @ C:\Windows\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7fff8dbe006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] @ C:\Windows\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fff8fa8002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] @ C:\Windows\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fff8dbe006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8\COMCTL32.dll[GDI32.dll!GetStockObject] [7fff8dbe006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8\COMCTL32.dll[USER32.dll!RegisterClassW] [7fff8fa8002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3896] @ C:\Windows\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fff246aaf84] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.101\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6848] @ C:\Windows\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7fff8dbe006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6848] @ C:\Windows\System32\USER32.dll[GDI32.dll!GetStockObject] [7fff8dbe006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6848] @ C:\Windows\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fff8dbe002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6848] @ C:\Windows\System32\ole32.dll[GDI32.dll!GetStockObject] [7fff8dbe006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6848] @ C:\Windows\System32\ole32.dll[USER32.dll!RegisterClassW] [7fff8fa8002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6848] @ C:\Windows\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7fff8fa8002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6848] @ C:\Windows\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7fff8dbe006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6848] @ C:\Windows\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fff8fa8002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6848] @ C:\Windows\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fff8dbe006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6848] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8\COMCTL32.dll[GDI32.dll!GetStockObject] [7fff8dbe006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6848] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8\COMCTL32.dll[USER32.dll!RegisterClassW] [7fff8fa8002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6848] @ C:\Windows\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fff246aaf84] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.101\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6804] @ C:\Windows\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7fff8dbe006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6804] @ C:\Windows\System32\USER32.dll[GDI32.dll!GetStockObject] [7fff8dbe006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6804] @ C:\Windows\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fff8dbe002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6804] @ C:\Windows\System32\ole32.dll[GDI32.dll!GetStockObject] [7fff8dbe006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6804] @ C:\Windows\System32\ole32.dll[USER32.dll!RegisterClassW] [7fff8fa8002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6804] @ C:\Windows\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7fff8fa8002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6804] @ C:\Windows\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7fff8dbe006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6804] @ C:\Windows\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fff8fa8002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6804] @ C:\Windows\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fff8dbe006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6804] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8\COMCTL32.dll[GDI32.dll!GetStockObject] [7fff8dbe006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6804] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8\COMCTL32.dll[USER32.dll!RegisterClassW] [7fff8fa8002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6804] @ C:\Windows\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fff246aaf84] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.101\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7004] @ C:\Windows\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7fff8dbe006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7004] @ C:\Windows\System32\USER32.dll[GDI32.dll!GetStockObject] [7fff8dbe006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7004] @ C:\Windows\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fff8dbe002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7004] @ C:\Windows\System32\ole32.dll[GDI32.dll!GetStockObject] [7fff8dbe006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7004] @ C:\Windows\System32\ole32.dll[USER32.dll!RegisterClassW] [7fff8fa8002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7004] @ C:\Windows\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7fff8fa8002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7004] @ C:\Windows\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7fff8dbe006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7004] @ C:\Windows\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fff8fa8002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7004] @ C:\Windows\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fff8dbe006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7004] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8\COMCTL32.dll[GDI32.dll!GetStockObject] [7fff8dbe006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7004] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8\COMCTL32.dll[USER32.dll!RegisterClassW] [7fff8fa8002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7004] @ C:\Windows\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fff246aaf84] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.101\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5764] @ C:\Windows\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7fff8dbe006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5764] @ C:\Windows\System32\USER32.dll[GDI32.dll!GetStockObject] [7fff8dbe006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5764] @ C:\Windows\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fff8dbe002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5764] @ C:\Windows\System32\ole32.dll[GDI32.dll!GetStockObject] [7fff8dbe006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5764] @ C:\Windows\System32\ole32.dll[USER32.dll!RegisterClassW] [7fff8fa8002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5764] @ C:\Windows\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7fff8fa8002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5764] @ C:\Windows\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7fff8dbe006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5764] @ C:\Windows\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fff8fa8002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5764] @ C:\Windows\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fff8dbe006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5764] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8\COMCTL32.dll[GDI32.dll!GetStockObject] [7fff8dbe006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5764] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8\COMCTL32.dll[USER32.dll!RegisterClassW] [7fff8fa8002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5764] @ C:\Windows\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fff246aaf84] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.101\chrome_child.dll ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\csrss.exe [588:884] fffffeecb0b36c20 Thread C:\Windows\system32\csrss.exe [588:892] fffffeecb0b36c20 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0x8F 0x5B 0xBF 0xFE ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0xA4 0xA8 0xA1 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 11 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\DELA09A36WJX5945LRB_24_07DF_6F+SAM0686H9XZA02700_29_07DA_62^EF028C20D37B547084CA1273780759FE@Timestamp 0x7C 0x9A 0x7A 0xFF ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 664 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations \??\C:\Users\macie\AppData\Local\Temp\~nsu.tmp\Au_.exe??\??\C:\Users\macie\AppData\Local\Temp\~nsu.tmp??\??\C:\Users\macie\AppData\Local\Temp\nst2E6E.tmp\??\??\C:\Users\macie\AppData\Local\Temp\nst2E6E.tmp\Lang\ENU.dll??\??\C:\Users\macie\AppData\Local\Temp\nst2E6E.tmp\Lang\PLK.dll?? Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 1268371 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -1833022776 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 11 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 483850382 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 5325 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime 5082 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 6da96a58-01aa-44c9-b1a9-ac63b0a Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\Aksfridge@FileCounter 10 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\akshhl@CookieCounter 12 Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS\Performance@PerfMMFileName Global\MMF_BITSa77147e8-305d-4ab5-a28c-528f704a9a3b Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{c1c133f6-42d4-41cd-a3e4-615959b3210e}@LastProbeTime 1473777201 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{BE8F3D84-F65B-441F-A355-1FB48C350FFC}@DefunctTimestamp 0x0C 0xF2 0xD7 0x57 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\f4-f2-6d-7b-0e-da@ClientLocalPort 50663 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\f4-f2-6d-7b-0e-da@AddressCreationTimestamp 0x86 0x83 0xE8 0x0D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\f4-f2-6d-7b-0e-da@NatDetectionTimestamp 0x86 0x83 0xE8 0x0D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\f4-f2-6d-7b-0e-da@TeredoAddress 2001:0:5ef5:79fb:248e:2541:ace0:6bb7 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 675 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 73 Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 10 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3e7b9935-4ff6-4388-a2f6-9de35ee7b76b}@LeaseObtainedTime 1473770000 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3e7b9935-4ff6-4388-a2f6-9de35ee7b76b}@T1 1473813200 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3e7b9935-4ff6-4388-a2f6-9de35ee7b76b}@T2 1473845600 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3e7b9935-4ff6-4388-a2f6-9de35ee7b76b}@LeaseTerminatesTime 1473856400 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x6E 0xFF 0xBC 0x6B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x6E 0x67 0x81 0xCD ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x6E 0x97 0xF8 0x09 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Object List 10540 10546 10556 10566 10586 10630 10640 10678 10684 10700 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Counter 10706 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Help 10707 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Counter 10540 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Help 10541 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime 0x05 0x79 0xFF 0x4B ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime 0x05 0x79 0xFF 0x4B ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime 0x05 0x79 0xFF 0x4B ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime 0x05 0x79 0xFF 0x4B ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search@JumpListChangedAppIds D:\Steam\Steam.exe?{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\mspaint.exe? Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@D:\Steam\Steam.exe 0x9A 0x7E 0xA3 0xBA ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\mspaint.exe 0x64 0xF8 0x93 0xC6 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{3A31A4BD-E088-4A9F-9E93-730D862BB2A1}@LastAccessedTime 0x00 0xBA 0x16 0x0A ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{3A31A4BD-E088-4A9F-9E93-730D862BB2A1}@LaunchCount 16 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{48B3B469-68F7-4D82-9661-D3AE9788D538}@LastAccessedTime 0xF0 0x2C 0x86 0x0F ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{48B3B469-68F7-4D82-9661-D3AE9788D538}@LaunchCount 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData@PendingOperations 0 ---- Files - GMER 2.2 ---- File C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\289d4b1fe718870f7e94fee27d30fc37_e53575c7-41c7-4866-ab77-ea57d0b32c0d 2246 bytes File C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\31430c583b814c7706762107d08ea6e8_e53575c7-41c7-4866-ab77-ea57d0b32c0d 2246 bytes File C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b7a6b26eddd60c1747a3627d49b11adf_e53575c7-41c7-4866-ab77-ea57d0b32c0d 2246 bytes File C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\02a8ffb648faf1415c57934c0f782558_e53575c7-41c7-4866-ab77-ea57d0b32c0d 2246 bytes ---- EOF - GMER 2.2 ----