GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-10-21 01:38:11 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000022 WDC_WD5000LPCX-24C6HT0 rev.02.01A02 465,76GB Running: bqfvl8xg.exe; Driver: C:\Users\myy\AppData\Local\Temp\uxrdypow.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [580:604] fffff9600090f2d0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 1731179742 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\acd1b8138724 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\acd1b8138724@10304768043e 0x49 0x05 0xB8 0x74 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\acd1b8138724@1c56fe1a20a2 0x5D 0xB2 0xD8 0x57 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 8401 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FBAD7563-9F4B-4C43-BA80-B39BFE235E68}@LeaseObtainedTime 1476989120 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FBAD7563-9F4B-4C43-BA80-B39BFE235E68}@T1 1476990920 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FBAD7563-9F4B-4C43-BA80-B39BFE235E68}@T2 1476992270 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FBAD7563-9F4B-4C43-BA80-B39BFE235E68}@LeaseTerminatesTime 1476992720 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew@Classes .accdb?.bmp?.contact?.docx?.jnt?.library-ms?.lnk?.pptx?.pub?.rar?.txt?.xlsx?.zip?Folder? Reg HKCU\Software\Microsoft\Windows\CurrentVersion\ImmersiveShell\Grid@Logo100 %USERPROFILE%\AppData\Local\Microsoft\Windows\Explorer\TileCacheLogo-41014171_100.dat Reg HKCU\Software\Microsoft\Windows\CurrentVersion\ImmersiveShell\Grid@StartView80 %USERPROFILE%\AppData\Local\Microsoft\Windows\Explorer\TileCacheStartView-41013125_80.dat Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\DirtyLocalCollections@windows-startlayout 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@PolicyDocumentLastRefresh 0xEC 0x99 0xB2 0x64 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@WindowsBandwidthBucketCounter 22093 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@WindowsRequestBucketCounter 1095 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime 0xE0 0x87 0x7F 0x26 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime 0xE0 0x87 0x7F 0x26 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime 0xE0 0x87 0x7F 0x26 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@GlobalBandwidthBucketCounter 45902 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@GlobalRequestBucketCounter 383 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime 0xE0 0x87 0x7F 0x26 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastUploadTime 0xE0 0x2D 0x05 0x28 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest 0x92 0xBB 0x92 0x19 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData@PendingOperations 44 ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.2 ---- File C:\Windows\System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB 0 bytes ---- EOF - GMER 2.2 ----