GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-09-25 20:30:28 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 GOODRAM_C40 rev.S8FM08.0 223,57GB Running: pigpz58p.exe; Driver: C:\Users\sm\AppData\Local\Temp\pxrdqpow.sys ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\csrss.exe [572:584] fffff9600084c2d0 Thread C:\Windows\system32\svchost.exe [1396:2976] 00007ffcf48f4440 Thread C:\Windows\system32\svchost.exe [1396:2980] 00007ffcf48a1600 Thread C:\Windows\system32\svchost.exe [1396:3032] 00007ffcf44f1b70 Thread C:\Windows\Explorer.EXE [1168:3864] 00007ffd0529e630 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0x2F 0x41 0x0C 0xCB ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0x7F 0x00 0xF4 0xA6 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 592 Reg HKLM\SYSTEM\CurrentControlSet\Control\CrashControl@LastCrashTime 0x26 0x08 0x14 0xBB ... Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\ENC183370952027_08_07D7_26^D9EA2C49A9BB0C3E62D4C89215DEFE59@Timestamp 0x72 0xD2 0xBF 0xCB ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 688 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 5190746 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 36d8f8b3-d820-414b-8234-dc98ad8 Reg HKLM\SYSTEM\CurrentControlSet\Control\WDI\Config@ServerName \BaseNamedObjects\WDI_{a70a5dd2-694d-42a6-b360-b98aec8949c4} Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{8034059c-0f0d-46b1-bb4b-59f74bdb1861}@LastProbeTime 1474829845 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 4367 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 2162 Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 593 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{651EA570-BE25-4CF0-B508-399AD4E6479A}@LeaseObtainedTime 1474826244 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{651EA570-BE25-4CF0-B508-399AD4E6479A}@T1 1474829844 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{651EA570-BE25-4CF0-B508-399AD4E6479A}@T2 1474832544 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{651EA570-BE25-4CF0-B508-399AD4E6479A}@LeaseTerminatesTime 1474833444 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{553891B7-A0D5-4526-BE18-D3CE461D6310}\iexplore@Count 1557 Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_FRST64.exe_bd36a7bc3cc33aac9fa214696e8b6993dc98d75_cd35db7c_0734c091 ---- EOF - GMER 2.2 ----