GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-05-23 16:03:03 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000035 ST1000DM003-1ER162 rev.CC45 931,51GB Running: gmer.exe; Driver: C:\Users\PENTUR~1\AppData\Local\Temp\pwtcaaoc.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000146300 15 bytes [80, 12, F1, 01, 00, 87, 6C, ...] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 16 fffff96000146310 11 bytes [00, 93, FC, FF, C0, 27, B9, ...] ---- User code sections - GMER 2.2 ---- ? C:\ProgramData\Windows Security\winsecurity.exe [1940] entry point in "UPX1" section 0000000000a31140 ? C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe [728] entry point in "UPX1" section 0000000000d0f620 ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\csrss.exe [704:5200] fffff960009112d0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -2042786330 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 6718 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithList@MRUList bca Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\iexplore@Count 751 Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Watch_Dogs+27Tr-_534f42858df9db071c5abe568b41d5167bd9c3a_d934b8c4_07ccca6d Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles@FirstLevelConsentDialog 0xD6 0x02 0x03 0x00 ... ---- EOF - GMER 2.2 ----