GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-07-02 15:08:42 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000036 ST1000DM003-1ER162 rev.CC43 931,51GB Running: iets5m7c.exe; Driver: C:\Users\Camilo\AppData\Local\Temp\pxldqpod.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff960000afb00 15 bytes [80, 23, EF, 01, 00, 0D, 6A, ...] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 16 fffff960000afb10 11 bytes [00, E1, FB, FF, C0, 1A, E6, ...] ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\csrss.exe [676:700] fffff9600094e2d0 Thread C:\Windows\Explorer.EXE [3284:6704] 00007ffe35d0e630 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@TotalReboots 62 Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@TotalRebootsWithCMF 52 Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime 0xD8 0xD2 0x5E 0x89 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0x0F 0x0E 0x5A 0x89 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -394451651 Reg HKLM\SYSTEM\CurrentControlSet\Control\Winlogon\Notifications\Components\TrustedInstaller@Events CreateSession Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 27366 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{95CDADF7-7882-4FE9-A163-1DD1910DCC8B}@LeaseObtainedTime 1467459551 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{95CDADF7-7882-4FE9-A163-1DD1910DCC8B}@T1 1467761951 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{95CDADF7-7882-4FE9-A163-1DD1910DCC8B}@T2 1467988751 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{95CDADF7-7882-4FE9-A163-1DD1910DCC8B}@LeaseTerminatesTime 1468064351 Reg HKLM\SYSTEM\CurrentControlSet\Services\TrustedInstaller@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\TrustedInstaller Reg HKCU\Software\Microsoft\Windows\CurrentVersion\GWX\Usage@UsageTime 0xE8 0xAA 0x45 0x79 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@CloudSettingsDirtyMarks 2 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@CloudUsertileDirtyMarks 2 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@WindowsBandwidthBucketCounter 189873 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@WindowsRequestBucketCounter 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime 0x4D 0x58 0x86 0x97 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime 0x4D 0x58 0x86 0x97 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@OtherBandwidthBucketCounter 7794 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime 0x4D 0x58 0x86 0x97 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@GlobalBandwidthBucketCounter 96167 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime 0x4D 0x58 0x86 0x97 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@RoamingSyncToken LM%3d63603054876327%3bID%3d33EB613F52EAB8D4!107%3bLR%3d63603054871550%3bEP%3d10%3bSI%3d78%3bTD%3dTrue%3bSO%3d0%3bPI%3d49 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LocalSettingsDirtyMarks 2 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastUploadTime 0x94 0xA4 0x78 0xE5 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@BackupDeviceRootSyncToken LM%3d63601668104253%3bID%3d33EB613F52EAB8D4!171%3bLR%3d63603056422150%3bEP%3d10%3bSI%3d51%3bTD%3dTrue%3bSO%3d4%3bPI%3d57 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest 0xB1 0xC8 0x8B 0x98 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\Namespace\Windows\PowerAndSleep@BackupState 2 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData@PendingOperations 26 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\browsersettings\wininet-internet-explorer@PendingOperations 64 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\SHC@1 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk?C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\Silverlight.Configuration.exe?? ---- Files - GMER 2.2 ---- File C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00cae0 132501 bytes File C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\4373.tmp 0 bytes File C:\Windows\Temp\_avast_\ws12A5C7C0.dat 32295 bytes ---- EOF - GMER 2.2 ----