GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-02-17 16:53:58 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-3 rev. 0,00MB Running: urzfyh3t.exe; Driver: C:\Users\Dom\AppData\Local\Temp\uxriqpow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3284] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000752b2097 5 bytes JMP 0000000100e62ac0 ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\svchost.exe [792:1252] 000007fefc874af4 Thread C:\Windows\system32\svchost.exe [792:3328] 000007fefb762154 Thread C:\Windows\System32\svchost.exe [936:996] 000007fefb99f2f4 Thread C:\Windows\System32\svchost.exe [936:1016] 000007fefba86204 Thread C:\Windows\System32\svchost.exe [936:348] 000007fefb34d8f8 Thread C:\Windows\System32\svchost.exe [936:480] 000007fefb345620 Thread C:\Windows\System32\svchost.exe [936:324] 000007fefb346e74 Thread C:\Windows\System32\svchost.exe [936:1028] 000007fefb31ffc0 Thread C:\Windows\System32\svchost.exe [936:1048] 000007fefaf7331c Thread C:\Windows\System32\svchost.exe [936:1088] 000007fefaf331f4 Thread C:\Windows\System32\svchost.exe [936:2872] 000007fef52920c0 Thread C:\Windows\System32\svchost.exe [936:2876] 000007fef52926a8 Thread C:\Windows\System32\svchost.exe [936:2880] 000007fef52929dc Thread C:\Windows\System32\svchost.exe [936:4080] 000007fefde5c608 Thread C:\Windows\System32\svchost.exe [936:4084] 000007fefde5c608 Thread C:\Windows\System32\svchost.exe [936:4088] 000007fefde5c608 Thread C:\Windows\System32\svchost.exe [936:4092] 000007fefde5c608 Thread C:\Windows\System32\svchost.exe [936:3080] 000007fefde5c608 Thread C:\Windows\System32\svchost.exe [936:3296] 000007feefd93efc Thread C:\Windows\System32\svchost.exe [936:2248] 000007feefe78a4c Thread C:\Windows\System32\svchost.exe [936:2208] 000007fef7c444e0 Thread C:\Windows\System32\svchost.exe [936:2404] 000007fef78b88f8 Thread C:\Windows\System32\svchost.exe [936:4064] 000007fef67f14a0 Thread C:\Windows\System32\svchost.exe [936:4632] 000007fefde5c608 Thread C:\Windows\system32\svchost.exe [976:2864] 000007fefb42506c Thread C:\Windows\system32\svchost.exe [976:2972] 000007fef4771c20 Thread C:\Windows\system32\svchost.exe [976:3068] 000007fef4771c20 Thread C:\Windows\system32\svchost.exe [976:4028] 000007fef7664164 Thread C:\Windows\system32\svchost.exe [328:3104] 000007fef3ed6ed4 Thread C:\Windows\system32\svchost.exe [328:3108] 000007fef3ed6b8c Thread C:\Windows\system32\svchost.exe [328:3976] 000007fef0efd3c8 Thread C:\Windows\system32\svchost.exe [328:1188] 000007fef0efd3c8 Thread C:\Windows\system32\svchost.exe [328:3820] 000007fef0efd3c8 Thread C:\Windows\system32\svchost.exe [328:380] 000007fef0efd3c8 Thread C:\Windows\system32\svchost.exe [1136:1168] 000007fefa2b341c Thread C:\Windows\system32\svchost.exe [1136:1192] 000007fefa2b3a2c Thread C:\Windows\system32\svchost.exe [1136:1196] 000007fefa2b3768 Thread C:\Windows\system32\svchost.exe [1136:1200] 000007fefa2b5c20 Thread C:\Windows\system32\svchost.exe [1136:1184] 000007fef7b6bec4 Thread C:\Windows\system32\svchost.exe [1136:2796] 000007fef7b05124 Thread C:\Windows\system32\svchost.exe [1136:2924] 000007fef1f55170 Thread C:\Windows\system32\svchost.exe [1136:1572] 000007fefa2b3900 Thread C:\Windows\System32\spoolsv.exe [1356:2608] 000007fef49a10c8 Thread C:\Windows\System32\spoolsv.exe [1356:2616] 000007fef4966144 Thread C:\Windows\System32\spoolsv.exe [1356:2620] 000007fef8c85fd0 Thread C:\Windows\System32\spoolsv.exe [1356:2624] 000007fef7f03438 Thread C:\Windows\System32\spoolsv.exe [1356:2628] 000007fef8c863ec Thread C:\Windows\System32\spoolsv.exe [1356:2636] 000007fef73b5e5c Thread C:\Windows\System32\spoolsv.exe [1356:2640] 000007fef4a55090 Thread C:\Windows\system32\svchost.exe [1388:1420] 000007fefd051a70 Thread C:\Windows\system32\svchost.exe [1388:1464] 000007fefd051a70 Thread C:\Windows\system32\svchost.exe [1388:1476] 000007fefd051a70 Thread C:\Windows\system32\svchost.exe [1388:1484] 000007fef9b62c70 Thread C:\Windows\system32\svchost.exe [1388:1520] 000007fef9b6fb40 Thread C:\Windows\system32\svchost.exe [1388:1532] 000007fef9b81d20 Thread C:\Windows\system32\svchost.exe [1388:1536] 000007fef9b6f6f0 Thread C:\Windows\system32\svchost.exe [1388:1828] 000007fef90635c0 Thread C:\Windows\system32\svchost.exe [1388:2840] 000007fef9065600 Thread C:\Windows\system32\svchost.exe [1388:3008] 000007fef4e32888 Thread C:\Windows\system32\svchost.exe [1388:2720] 000007fef4e22940 Thread C:\Windows\system32\svchost.exe [1164:2064] 000007feff1ca808 Thread C:\Windows\system32\svchost.exe [1164:2084] 000007fef7e27130 Thread C:\Windows\system32\svchost.exe [1164:2088] 000007fef7e1d5c0 Thread C:\Windows\system32\svchost.exe [1164:2096] 000007fef8c85fd0 Thread C:\Windows\system32\svchost.exe [1164:2100] 000007fef7f03438 Thread C:\Windows\system32\svchost.exe [1164:2104] 000007fef8c863ec Thread C:\Windows\system32\svchost.exe [1164:2108] 000007fefbd02ab8 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk1\DR1 sector 0: rootkit-like behavior ---- Files - GMER 2.1 ---- File C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F63.tmp 28134 bytes File C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F74.tmp 28134 bytes File C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F75.tmp 28134 bytes File C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F76.tmp 28134 bytes File C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F77.tmp 28134 bytes File C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F78.tmp 28134 bytes File C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F79.tmp 28134 bytes File C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F7A.tmp 28134 bytes File C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F8B.tmp 28134 bytes File C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F8C.tmp 28134 bytes File C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F8D.tmp 28134 bytes File C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F8E.tmp 28134 bytes File C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F8F.tmp 28134 bytes File C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F90.tmp 28134 bytes File C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F91.tmp 28134 bytes File C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F92.tmp 28134 bytes File C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F93.tmp 0 bytes File C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F94.tmp 28134 bytes File C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F95.tmp 28134 bytes File C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F96.tmp 28134 bytes File C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F97.tmp 28134 bytes File C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\F98.tmp 28134 bytes File C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\FA8.tmp 28134 bytes File C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\FA9.tmp 28134 bytes ---- EOF - GMER 2.1 ----