GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-07-07 21:17:06 Windows 6.2.9200 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 SPCC_Solid_State_Disk rev.S8FM08.3 111,79GB Running: gmer.exe; Driver: C:\Users\Mikej\AppData\Local\Temp\aglcypow.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [596:716] fffff9604a314030 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0xD8 0x90 0x21 0x69 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0x2B 0x20 0xEB 0xB3 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 13 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\ACR03E1T0EEE0058581_1B_07DF_65^07835CFE756C2E26D3C1CED5BB23692F@Timestamp 0xFF 0x75 0x15 0x6A ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 636 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations \??\C:\Users\Mikej\AppData\Local\Temp\nsc69B6.tmp\p\syschk.dll??\??\C:\Users\Mikej\AppData\Local\Temp\nsc69B6.tmp\p\??\??\C:\Users\Mikej\AppData\Local\Temp\nsc69B6.tmp\ui\pfUI.dll??\??\C:\Users\Mikej\AppData\Local\Temp\nsc69B6.tmp\ui\res\Montserrat-Regular.otf??\??\C:\Users\Mikej\AppData\Local\Temp\nsc69B6.tmp\ui\res\??\??\C:\Users\Mikej\AppData\Local\Temp\nsc69B6.tmp\ui\??\??\C:\Users\Mikej\AppData\Local\Temp\nsc69B6.tmp\??\??\C:\Users\Mikej\AppData\Local\Temp\nsx32E2.tmp\KillProcPath.dll??\??\C:\Users\Mikej\AppData\Local\Temp\nsx32E2.tmp\?? Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 3900052 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 2036009910 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 14 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 478114424 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 15696 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 8dc9f854-ca99-4469-8a71-89a02b2 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\AITEventLog@FileCounter 3 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\WdiContextLog@FileCounter 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\AmdPPM\Parameters\Wdf@TimeOfLastTelemetryLog 0xB5 0x60 0x4B 0x76 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\cdrom\Parameters\Wdf@TimeOfLastTelemetryLog 0xD6 0x23 0x6F 0x76 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\CompositeBus\Parameters\Wdf@TimeOfLastTelemetryLog 0xB5 0x60 0x4B 0x76 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{a8e1f137-a347-4687-b7d1-f1d8fdc0db20}@LastProbeTime 1467903585 Reg HKLM\SYSTEM\CurrentControlSet\Services\HDAudBus\Parameters\Wdf@TimeOfLastTelemetryLog 0x95 0xD7 0x60 0x76 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\monitor\Parameters\Wdf@TimeOfLastTelemetryLog 0xA4 0xF5 0x6D 0x3F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\msisadrv\Parameters\Wdf@TimeOfLastTelemetryLog 0xAD 0x7F 0xA1 0x73 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\NdisVirtualBus\Parameters\Wdf@TimeOfLastTelemetryLog 0xD6 0x04 0xCD 0x76 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 2847 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 376 Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 12 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{06e45987-582b-4cce-acc4-80db1d185aad}@LeaseObtainedTime 1467914382 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{06e45987-582b-4cce-acc4-80db1d185aad}@T1 1467917982 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{06e45987-582b-4cce-acc4-80db1d185aad}@T2 1467920682 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{06e45987-582b-4cce-acc4-80db1d185aad}@LeaseTerminatesTime 1467921582 Reg HKLM\SYSTEM\CurrentControlSet\Services\umbus\Parameters\Wdf@TimeOfLastTelemetryLog 0xB5 0x60 0x4B 0x76 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\USBHUB3\Parameters\Wdf@TimeOfLastTelemetryLog 0xB5 0x42 0xE1 0x76 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\USBXHCI\Parameters\Wdf@TimeOfLastTelemetryLog 0xA3 0xFE 0x67 0x76 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrvroot\Parameters\Wdf@TimeOfLastTelemetryLog 0x27 0x30 0xB2 0x73 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\vwifibus\Parameters\Wdf@TimeOfLastTelemetryLog 0xF4 0x48 0xA6 0x76 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0xA1 0xA2 0x15 0x2C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0xA1 0x0A 0xDA 0x8D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0xA1 0x3A 0x51 0xCA ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeTickCount 0x0A 0xC2 0x17 0x01 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0 Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\63\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\63\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search@JumpListChangedAppIds E7CF176E110C211B? ---- EOF - GMER 2.2 ----