GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-12-21 19:39:35 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000029 WDC_WD10JPCX-24UE4T0 rev.01.01A01 931,51GB Running: yboq16ld.exe; Driver: C:\Users\maria\AppData\Local\Temp\uwxdapob.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [588:624] fffffd8af5d96c20 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -423333892 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\34e6adaab878 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ??r.?, ?gru ?21 ?16, 06:01:25 PM????????????????)?????????????? Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0xF5 0x8A 0xE5 0xBB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0xF5 0xF2 0xA9 0x1D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0xF5 0x22 0x21 0x5A ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@Chrome.ABAW2JM77DPHZ4Y3UZ2ANH4SPY 0xF8 0xBC 0xD7 0xDB ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{52470284-CD31-44AF-BFD6-C9911FD9B233}@LastAccessedTime 0x00 0x1F 0x72 0x60 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{52470284-CD31-44AF-BFD6-C9911FD9B233}@LaunchCount 72 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Security and Maintenance@MessageTime 0x00 0x53 0x62 0x0C ... ---- EOF - GMER 2.2 ----