GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-01-01 20:11:34 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000038 WDC_WD10EZEX-00WN4A0 rev.01.01A01 931,51GB Running: yj0q982z.exe; Driver: C:\Users\macie\AppData\Local\Temp\ffrdqfob.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [5296:4440] ffff9136b9b36c20 Thread C:\WINDOWS\Explorer.EXE [2320:6236] 00007ff8b26220e0 Thread C:\WINDOWS\Explorer.EXE [2320:9704] 00007ff8b26220e0 Thread C:\WINDOWS\Explorer.EXE [2320:7996] 00007ff8b26220e0 Thread C:\WINDOWS\Explorer.EXE [2320:4436] 00007ff8acdc20e0 Thread C:\WINDOWS\Explorer.EXE [2320:4052] 00007ff8ab7620e0 Thread C:\WINDOWS\Explorer.EXE [2320:7536] 00007ff8ab7620e0 Thread C:\WINDOWS\Explorer.EXE [2320:2416] 00007ff8acdc20e0 Thread C:\WINDOWS\Explorer.EXE [2320:1356] 00007ff8acdc20e0 Thread C:\WINDOWS\Explorer.EXE [2320:3040] 00007ff8acdc20e0 Thread C:\WINDOWS\Explorer.EXE [2320:8560] 00007ff8ab7620e0 Thread C:\WINDOWS\Explorer.EXE [2320:7540] 00007ff8ab7620e0 Thread C:\WINDOWS\Explorer.EXE [2320:796] 00007ff8ab7620e0 Thread C:\WINDOWS\Explorer.EXE [2320:6272] 00007ff89ed720e0 Thread C:\WINDOWS\Explorer.EXE [2320:5416] 00007ff89ed720e0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\BNQ78A0D5G09593SL0_15_07E0_9B^F6C6FF6BF2FEF9E366FF217F6C3B5899@Timestamp 0x85 0xA1 0x1E 0x23 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 2105364585 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x50 0xA8 0xCB 0xFB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x50 0x10 0x90 0x5D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x50 0x40 0x07 0x9A ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@Chrome 0x6E 0xBC 0x05 0x57 ... ---- Files - GMER 2.2 ---- File C:\Windows\Temp\WAXABD4.tmp (size mismatch) 12394496/0 bytes executable ---- EOF - GMER 2.2 ----