GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-11-21 19:55:25 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 ST3500418AS rev.CC38 465,76GB Running: ht3drlpm.exe; Driver: C:\Users\jarzzz\AppData\Local\Temp\pwldypoc.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [5800:7652] fffff161a4fc6c20 Thread C:\WINDOWS\Explorer.EXE [7368:3700] 00007ffb9b6820e0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\GSM571C724549_0B_07D9_26^058CD9C0F6AB950B6EAB6DA6CC0B1529@Timestamp 0x8B 0xCC 0x48 0x4A ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations \??\C:\Program Files (x86)\Google\Chrome\Temp\scoped_dir_6928_29774\old_chrome.exe??\??\C:\Program Files (x86)\Google\Chrome\Temp\scoped_dir_6928_29774??\??\C:\Program Files (x86)\Google\Chrome\Temp??\??\C:\WINDOWS\TEMP\ehd150B.tmp??\??\C:\WINDOWS\TEMP\ekb1BE2.tmp??\??\C:\WINDOWS\TEMP\eam2096.tmp??\??\C:\WINDOWS\TEMP\epf273E.tmp??\??\C:\WINDOWS\TEMP\epf2BC3.tmp??\??\C:\Program Files (x86)\Mozilla Firefox\tobedeleted\moz3292.tmp??\??\C:\Program Files (x86)\Mozilla Firefox\tobedeleted??\??\C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe??\??\C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll.old?? Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -34414537 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x28 0xA1 0x1D 0x6A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x28 0x09 0xE2 0xCB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x28 0x39 0x59 0x08 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@Chrome 0x1C 0xF8 0x61 0xB6 ... ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----