GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-10-27 19:04:31 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000038 HGST_HTS541010A9E680 rev.JA0OA560 931,51GB Running: mfyvb1t3.exe; Driver: C:\Users\Asus_\AppData\Local\Temp\pglcrpog.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [800:848] ffff9053de136c20 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{417367AD-1457-4643-B051-F2BA6C05F9F1}\Connection@Name Reusable ISATAP Interface {417367AD-1457-4643-B051-F2BA6C05F9F1} Reg HKLM\SYSTEM\CurrentControlSet\Control\RadioManagement\SystemRadioState@ 1 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -1937701148 Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS\Performance@PerfMMFileName Global\MMF_BITSa4728ab8-d62c-47b4-a61c-69b64a71c05f Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\28c2dd59c044 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\28c2dd59c044@68764f4d42d3 0xDE 0xE6 0x1F 0xE1 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{ff707cf5-f298-47ba-ba8a-dc4955a5f84f}@LastProbeTime 1477436934 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Diagnostics@ReadyBootTrainingCountSinceLastServicing 9 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@ReadyBootPlanAge 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ?wt.?, ?pa? ?25 ?16, 11:12:16?????????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@EffectivePends 108 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 3520 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 964 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c5efae81-27d7-4d10-9649-fb180e4b2f70}@LeaseObtainedTime 1477579622 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c5efae81-27d7-4d10-9649-fb180e4b2f70}@T1 1477622822 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c5efae81-27d7-4d10-9649-fb180e4b2f70}@T2 1477655222 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c5efae81-27d7-4d10-9649-fb180e4b2f70}@LeaseTerminatesTime 1477666022 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0xED 0xEE 0x0E 0xD7 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0xED 0x56 0xD3 0x38 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0xED 0x86 0x4A 0x75 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Object List 10644 10650 10662 10698 10708 10718 10738 10782 10792 10830 10836 10852 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Counter 10858 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Help 10859 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Counter 10644 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Help 10645 Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\2@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\2@RwMask 0x64 0x62 0x03 0x00 ... ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----