GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-04-08 09:17:21 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000043 HGST_HTS721010A9E630 rev.JB0OA3J0 931,51GB Running: jsrn5t4u.exe; Driver: C:\Users\MSI\AppData\Local\Temp\pxldipob.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [6992:7556] fffff961f3464060 Thread C:\WINDOWS\system32\AUDIODG.EXE [7724:4988] 000000005cb468c8 Thread C:\WINDOWS\system32\AUDIODG.EXE [7724:11976] 000000005cb46b30 Thread C:\WINDOWS\system32\AUDIODG.EXE [7724:3468] 000000005cb5f0c8 Thread C:\WINDOWS\system32\AUDIODG.EXE [7724:7660] 000000005cb5f2ec Thread C:\WINDOWS\system32\AUDIODG.EXE [7724:3056] 000000005cb468c8 Thread C:\WINDOWS\system32\AUDIODG.EXE [7724:6296] 000000005cb46b30 Thread C:\WINDOWS\system32\AUDIODG.EXE [7724:5132] 00007ffd76548440 Thread C:\WINDOWS\system32\AUDIODG.EXE [7724:3636] 00007ffd76548440 Thread C:\WINDOWS\system32\AUDIODG.EXE [7724:9676] 00007ffd81622a60 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -1892574445 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\94659cc0b3b2 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 3566 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeConfidence 7 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0xA7 0xD5 0xB9 0x6C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0xA7 0x3D 0x7E 0xCE ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0xA7 0x6D 0xF5 0x0A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeTickCount 0x07 0x2E 0x99 0x37 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\1@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\1@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\10@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\10@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\11@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\11@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\12@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\12@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\13@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\13@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\14@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\14@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\15@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\15@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\2@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\2@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\3@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\3@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\4@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\4@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\5@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\5@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\6@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\6@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\7@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\7@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\8@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\8@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\9@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\9@RwMask 0x64 0x62 0x03 0x00 ... ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.2 ---- File C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\1A03.tmp 28134 bytes File C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\1A04.tmp 28134 bytes File C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\1A05.tmp 28134 bytes File C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\1A16.tmp 28134 bytes File C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\1A17.tmp 28134 bytes File C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\1A18.tmp 28134 bytes File C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\1A28.tmp 28134 bytes File C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\1A29.tmp 28134 bytes File C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\1A2A.tmp 28134 bytes File C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\1A2B.tmp 28134 bytes File C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\1A3C.tmp 28134 bytes File C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\1A3D.tmp 28134 bytes File C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\1A3E.tmp 28134 bytes File C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\1A3F.tmp 28134 bytes File C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\1A4F.tmp 28134 bytes File C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\1A50.tmp 0 bytes File C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\1A51.tmp 28134 bytes File C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\1A52.tmp 28134 bytes File C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\1A63.tmp 28134 bytes File C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\1A64.tmp 28134 bytes File C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\1A65.tmp 0 bytes File C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\D7EB.tmp 28134 bytes File C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\D7EC.tmp 28134 bytes File C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\D7ED.tmp 0 bytes File C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\D7FE.tmp 0 bytes File C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\D7FF.tmp 0 bytes File C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\D800.tmp 0 bytes File C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\D810.tmp 0 bytes File C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\D811.tmp 0 bytes File C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\D812.tmp 0 bytes File C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\D823.tmp 0 bytes File C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\D824.tmp 0 bytes File C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\D825.tmp 0 bytes File C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\D836.tmp 0 bytes File C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\D837.tmp 0 bytes File C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\D838.tmp 0 bytes File C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\D839.tmp 0 bytes File C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\D83A.tmp 0 bytes File C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\D84A.tmp 28134 bytes File C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\D85B.tmp 28134 bytes File C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\D85C.tmp 28134 bytes ---- EOF - GMER 2.2 ----