GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-01-14 00:27:42 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-6 SAMSUNG_HE502IJ rev.1AA01118 465,76GB Running: ui44c0f3.exe; Driver: C:\Users\Xantyr\AppData\Local\Temp\kwwoipob.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [592:644] ffffca4de1136c20 ---- Processes - GMER 2.2 ---- Library C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8959448E-C65F-4541-B339-E53D43C6FBCF}\mpengine.dll (*** suspicious ***) @ C:\Program Files\Windows Defender\MsMpEng.exe [2472] 00007ff8982d0000 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 331259506 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0xE2 0x41 0x54 0xE1 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0xE2 0xA9 0x18 0x43 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0xE2 0xD9 0x8F 0x7F ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@Chrome 0x59 0xCD 0x46 0x86 ... ---- EOF - GMER 2.2 ----