GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-03-23 13:59:58 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002c ADATA_SP900 rev.5.2.5 238,47GB Running: 7dhuku7j.exe; Driver: C:\Users\A101\AppData\Local\Temp\pxldrpog.sys ---- User code sections - GMER 2.2 ---- ? C:\WINDOWS\SYSTEM32\NTASN1.dll [2928] entry point in ".rdata" section 000000006c47bb10 ? C:\WINDOWS\system32\apphelp.dll [2172] entry point in ".rdata" section 000000006dc40380 ? C:\Windows\SYSTEM32\ActXPrxy.dll [4088] entry point in ".rdata" section 000000006befbc40 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [6380] entry point in ".rdata" section 000000006c47bb10 ? C:\WINDOWS\SYSTEM32\iertutil.dll [6712] entry point in ".rdata" section 000000007312caf0 ? C:\Windows\SYSTEM32\ActXPrxy.dll [6712] entry point in ".rdata" section 000000006befbc40 ? C:\WINDOWS\SYSTEM32\apphelp.dll [6712] entry point in ".rdata" section 000000006dc40380 ? C:\WINDOWS\system32\mssprxy.dll [6712] entry point in ".rdata" section 00000000608fa4e0 ? C:\WINDOWS\SYSTEM32\PhotoMetadataHandler.dll [6712] entry point in ".rdata" section 0000000061265fc0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [6852] entry point in ".rdata" section 000000007312caf0 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [6852] entry point in ".rdata" section 000000006c47bb10 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [3012] entry point in ".rdata" section 000000006c47bb10 ? C:\Windows\SYSTEM32\iertutil.dll [1080] entry point in ".rdata" section 000000007312caf0 ? C:\WINDOWS\system32\apphelp.dll [1080] entry point in ".rdata" section 000000006dc40380 ? C:\WINDOWS\system32\wbem\wbemsvc.dll [2856] entry point in ".rdata" section 000000006d978fa0 ? C:\WINDOWS\system32\d3d10_1.dll [2856] entry point in ".rdata" section 0000000061c924b0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [2856] entry point in ".rdata" section 000000007312caf0 ? C:\WINDOWS\system32\apphelp.dll [7692] entry point in ".rdata" section 000000006dc40380 ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [752:3676] fffff9600f864060 Thread C:\WINDOWS\Explorer.EXE [4056:3664] 00007ffddbd90250 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStopTime 0x22 0x55 0xD6 0xB3 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -88149208 Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS\Performance@1008 0xCD 0x88 0x4B 0x04 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeConfidence 6 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0xA1 0xED 0xF0 0x44 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0xA1 0x55 0xB5 0xA6 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0xA1 0x85 0x2C 0xE3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeTickCount 0xB0 0xC6 0x89 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@RwMask 0x64 0x62 0x03 0x00 ... ---- EOF - GMER 2.2 ----