GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-10-19 23:47:29 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000030 WDC_WD5000AAJS-00A8B0 rev.01.03B01 465,63GB Running: m1b4p811.exe; Driver: C:\Users\FruGo\AppData\Local\Temp\kxgdipog.sys ---- User code sections - GMER 2.2 ---- ? C:\Windows\SYSTEM32\NTASN1.dll [4192] entry point in ".rdata" section 000000007346a020 ? C:\Windows\system32\ncryptsslp.dll [4192] entry point in ".rdata" section 00000000734404f0 ? C:\Windows\system32\apphelp.dll [4192] entry point in ".rdata" section 00000000743af7c0 ? C:\Windows\system32\wbem\wbemsvc.dll [6032] entry point in ".rdata" section 000000006d518fc0 ? C:\Windows\SYSTEM32\iertutil.dll [6032] entry point in ".rdata" section 00000000624c1310 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffdf8eb5340 16 bytes {MOV RAX, 0x7ffdd6bf2f54; JMP RAX} ? C:\Windows\SYSTEM32\atlthunk.dll [2780] entry point in ".data" section 0000000068a84290 ? C:\Windows\SYSTEM32\apphelp.dll [2780] entry point in ".rdata" section 00000000743af7c0 ? C:\Windows\system32\mssprxy.dll [2780] entry point in ".rdata" section 00000000630fa650 ? C:\Windows\System32\iertutil.dll [2780] entry point in ".rdata" section 00000000624c1310 ? C:\Windows\system32\PhotoMetadataHandler.dll [2780] entry point in ".rdata" section 0000000062125d20 ? C:\Windows\system32\apphelp.dll [1404] entry point in ".rdata" section 00000000743af7c0 ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3288] @ C:\Windows\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffdc0fe404c] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4492] @ C:\Windows\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffdc0fe404c] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7808] @ C:\Windows\AppPatch\AppPatch64\AcGenral.dll[USER32.dll!GetMonitorInfoW] [7ffe36bc012c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8112] @ C:\Windows\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffe38be006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8112] @ C:\Windows\System32\USER32.dll[GDI32.dll!GetStockObject] [7ffe38be006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8112] @ C:\Windows\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffe38be002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8112] @ C:\Windows\System32\ole32.dll[GDI32.dll!GetStockObject] [7ffe38be006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8112] @ C:\Windows\System32\ole32.dll[USER32.dll!RegisterClassW] [7ffe36bc002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8112] @ C:\Windows\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffe36bc002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8112] @ C:\Windows\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffe38be006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8112] @ C:\Windows\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffe36bc002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8112] @ C:\Windows\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffe38be006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8112] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffe38be006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8112] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffe36bc002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8112] @ C:\Windows\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffdc0fe404c] C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\chrome_child.dll ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\csrss.exe [8104:7632] ffff8784a9796c20 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -1346305736 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2747b31e-494d-46d3-8f20-d84a2e08759e}@LeaseObtainedTime 1476891784 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2747b31e-494d-46d3-8f20-d84a2e08759e}@T1 1476891814 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2747b31e-494d-46d3-8f20-d84a2e08759e}@T2 1476891836 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2747b31e-494d-46d3-8f20-d84a2e08759e}@LeaseTerminatesTime 1476891844 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0xED 0xA6 0x03 0x77 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0xED 0x0E 0xC8 0xD8 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0xED 0x3E 0x3F 0x15 ... ---- EOF - GMER 2.2 ----