GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-12-11 21:59:09 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000023 ST750LM022_HN-M750MBB rev.2AR10002 698,64GB Running: cms3q4i0.exe; Driver: C:\Users\Adrian\AppData\Local\Temp\uxtdyfog.sys ---- User code sections - GMER 2.2 ---- ? C:\WINDOWS\System32\BsHelpCSps.dll [2560] entry point in ".data" section 0000000010005055 ? C:\WINDOWS\system32\wbem\wbemsvc.dll [2560] entry point in ".rdata" section 0000000071868fc0 ? C:\WINDOWS\System32\BlueSoleilCSps.dll [2560] entry point in ".rdata" section 0000000001b64085 ? C:\WINDOWS\SYSTEM32\iertutil.dll [7076] entry point in ".rdata" section 0000000072b11590 ? C:\WINDOWS\SYSTEM32\iertutil.dll [7136] entry point in ".rdata" section 0000000072b11590 ? C:\WINDOWS\SYSTEM32\MPRAPI.dll [7136] entry point in ".rdata" section 000000006954f5e0 ? C:\WINDOWS\System32\BsHelpCSps.dll [7136] entry point in ".data" section 00000000043e5055 ? C:\WINDOWS\System32\BlueSoleilCSps.dll [7136] entry point in ".rdata" section 0000000004bf4085 ? C:\WINDOWS\SYSTEM32\iertutil.dll [10104] entry point in ".rdata" section 0000000072b11590 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [10104] entry point in ".rdata" section 000000006faba020 ? C:\WINDOWS\system32\ncryptsslp.dll [10104] entry point in ".rdata" section 000000006fa904f0 ? C:\WINDOWS\SYSTEM32\atlthunk.dll [10104] entry point in ".data" section 000000006fc64290 ? C:\Windows\System32\iertutil.dll [11180] entry point in ".rdata" section 0000000072b11590 ? C:\WINDOWS\SYSTEM32\srpapi.dll [11180] entry point in ".rdata" section 00000000625e6100 ? C:\WINDOWS\SYSTEM32\apphelp.dll [11180] entry point in ".rdata" section 000000007093f7c0 ? C:\WINDOWS\SYSTEM32\atlthunk.dll [11180] entry point in ".data" section 000000006fc64290 ? C:\Windows\System32\ActXPrxy.dll [11180] entry point in ".rdata" section 0000000063f59c50 ? C:\Windows\System32\iertutil.dll [1708] entry point in ".rdata" section 0000000072b11590 ? C:\Windows\System32\srpapi.dll [1708] entry point in ".rdata" section 00000000625e6100 ? C:\WINDOWS\SYSTEM32\atlthunk.dll [1708] entry point in ".data" section 000000006fc64290 ? C:\WINDOWS\SYSTEM32\apphelp.dll [1708] entry point in ".rdata" section 000000007093f7c0 ? C:\WINDOWS\system32\apphelp.dll [8472] entry point in ".rdata" section 000000007093f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [8472] entry point in ".rdata" section 0000000072b11590 ? C:\WINDOWS\SYSTEM32\atlthunk.dll [8472] entry point in ".data" section 000000006fc64290 ? C:\WINDOWS\system32\mssprxy.dll [8472] entry point in ".rdata" section 000000006347a650 ? C:\Windows\System32\ActXPrxy.dll [8472] entry point in ".rdata" section 0000000063f59c50 ? C:\Windows\System32\OneCoreCommonProxyStub.dll [8472] entry point in ".rdata" section 000000006345da90 ? C:\WINDOWS\system32\apphelp.dll [10552] entry point in ".rdata" section 000000007093f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [10552] entry point in ".rdata" section 0000000072b11590 ? C:\WINDOWS\system32\apphelp.dll [76] entry point in ".rdata" section 000000007093f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [76] entry point in ".rdata" section 0000000072b11590 ? C:\WINDOWS\system32\apphelp.dll [8972] entry point in ".rdata" section 000000007093f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [8972] entry point in ".rdata" section 0000000072b11590 ? C:\WINDOWS\system32\apphelp.dll [9212] entry point in ".rdata" section 000000007093f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [9212] entry point in ".rdata" section 0000000072b11590 ? C:\WINDOWS\system32\apphelp.dll [11028] entry point in ".rdata" section 000000007093f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [11028] entry point in ".rdata" section 0000000072b11590 ? C:\WINDOWS\system32\apphelp.dll [7948] entry point in ".rdata" section 000000007093f7c0 ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [832:880] fffffe8604336c20 Thread C:\WINDOWS\system32\svchost.exe [368:80] 00007ffe3fc2f950 Thread C:\WINDOWS\system32\svchost.exe [368:688] 00007ffe3fc2ed20 Thread C:\WINDOWS\system32\svchost.exe [368:608] 00007ffe3fa28ae0 Thread C:\WINDOWS\system32\svchost.exe [1136:11076] 00007ffe21739040 Thread C:\WINDOWS\system32\svchost.exe [1136:10852] 00007ffe38a099e0 Thread C:\WINDOWS\system32\svchost.exe [1136:9280] 00007ffe3b042cf0 Thread [1504:1604] 00007ffe43643db0 Thread [1668:1696] 00007ffe43643db0 Thread C:\WINDOWS\system32\svchost.exe [1944:1992] 00007ffe3a5ce830 Thread C:\WINDOWS\system32\svchost.exe [1944:2020] 00007ffe3a4e10a0 Thread C:\WINDOWS\system32\svchost.exe [1944:1780] 00007ffe3b042cf0 Thread C:\WINDOWS\system32\svchost.exe [1944:1968] 00007ffe388b5bd0 Thread C:\WINDOWS\system32\svchost.exe [1944:2056] 00007ffe388b9b20 Thread C:\WINDOWS\system32\svchost.exe [1944:2064] 00007ffe3b042cf0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:1776] 0000000000f6ad60 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:2080] 0000000073971410 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:2108] 000000007704d5b0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:2112] 00000000742d7ea0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:2236] 000000007704d5b0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:2256] 000000007704d5b0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:3776] 000000007704d5b0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:3016] 000000007704d5b0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:3768] 000000007704d5b0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:116] 000000007704d5b0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:3784] 0000000071230b70 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:2988] 0000000073115c60 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:3736] 0000000073115c60 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:3968] 0000000073115c60 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:4024] 0000000073115c60 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:4032] 0000000073115c60 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:4044] 0000000073115c60 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:3256] 0000000073115c60 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:3132] 0000000073115c60 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:3608] 0000000073115c60 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:3216] 0000000071230a20 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:3648] 0000000071230a20 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:3580] 0000000073115c60 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:3684] 0000000073116f60 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:3652] 0000000073116f60 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:3984] 0000000073116190 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:3100] 000000007319c080 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:2568] 000000007319ac60 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:3772] 000000007319b080 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:860] 0000000073119450 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:852] 0000000073119450 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:840] 0000000073119450 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:828] 0000000073119450 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:4100] 0000000073119450 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:4104] 0000000073119450 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:4108] 0000000073119450 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:4112] 0000000073119450 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:4116] 0000000073119450 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:4120] 0000000073119450 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:4124] 0000000073119120 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:4128] 00000000711d1330 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:4132] 00000000711920c0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:4136] 000000007704d5b0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:4140] 00000000711978d0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:4144] 00000000711978d0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:4152] 000000007704d5b0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:4156] 0000000073146790 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:4160] 0000000073118ab0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:4172] 000000007704d5b0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:4176] 000000007704d5b0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:4184] 000000007704d5b0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:4188] 0000000070e80ee0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:4192] 000000007704d5b0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:4196] 0000000073210c20 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:4212] 0000000073519b70 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:4228] 00000000711d19c0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:4240] 000000007704d5b0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:4244] 000000007358bf00 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:4248] 000000007358f7b0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:4268] 000000007704d5b0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:4272] 0000000070b7a0e0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:4304] 000000007704d5b0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:4316] 000000007704d5b0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:4356] 000000007704d5b0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:4360] 000000007704d5b0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:4564] 00000000709c7fd0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:4568] 00000000709c7fd0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:4572] 00000000709c7fd0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:4576] 00000000709c7fd0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:4580] 00000000709c7fd0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:4584] 00000000709c7fd0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:3712] 000000007704d5b0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:3676] 000000007704d5b0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:3324] 000000007704d5b0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:3228] 000000007704d5b0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:4816] 000000007704d5b0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:916] 000000007704d5b0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:1088] 000000007704d5b0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:148] 000000006f919370 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:724] 000000007704d5b0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:5876] 000000007704d5b0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:9288] 0000000072708420 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:8812] 000000007704d5b0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:2276] 000000007704d5b0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1676:9960] 000000007704d5b0 Thread C:\WINDOWS\system32\svchost.exe [2712:3264] 00007ffe320e5bc0 Thread C:\WINDOWS\system32\svchost.exe [2712:3272] 00007ffe320c2740 Thread [2720:2848] 00007ffe43643db0 Thread C:\WINDOWS\system32\svchost.exe [3992:4036] 00007ffe29a7b180 Thread C:\WINDOWS\system32\svchost.exe [3992:4040] 00007ffe29a7f5f0 Thread [5292:5324] 00007ffe23137944 Thread [5292:5328] 00007ffe22ffbeb4 Thread [5292:5664] 00007ffe22ffbeb4 Thread [5700:5880] 00007ffe43995f10 Thread C:\WINDOWS\system32\SettingSyncHost.exe [4372:1528] 0000000065026d5c Thread C:\WINDOWS\system32\SettingSyncHost.exe [4372:4296] 00007ffe37da9010 Thread [6300:6360] 00007ffe40555110 Thread [6396:6448] 00007ffe1346c198 Thread [6396:6452] 00007ffe1346c198 Thread [6396:6564] 000000006ce91dbc Thread [6396:6568] 000000006ce91dbc Thread [6396:6584] 00007ffe13289e00 Thread [6396:6692] 00007ffe13462ef0 Thread C:\Users\Adrian\AppData\Local\Microsoft\OneDrive\OneDrive.exe [6480:8076] 000000006efa6aec Thread C:\Users\Adrian\AppData\Local\Microsoft\OneDrive\OneDrive.exe [6480:8080] 000000006efa6aec Thread C:\WINDOWS\SYSTEM32\ntdll.dll [6508:6512] 00000000002f7da2 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [6508:3664] 000000006480ed90 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [6444:6440] 0000000000322baa Thread C:\WINDOWS\SYSTEM32\ntdll.dll [6444:1628] 0000000063fa1a39 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [6444:7732] 00000000720e35f0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [6444:4224] 0000000072708420 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 2116427644 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14734205408592280@SetupOperations ???6?????6?6?6???????????h??????????????????????????????????????????????????? ???????6???????????6???????? ??? ??????????????????????6???d??Commited?w???6?6?6?6?6?6?6?6?????????????=???????????????????????????????????6???????????????????????????6???N???????s?????6?????7?7?7?7?8???????????A???????????????????O??????????????4????5??????????? ???????4?????6?????6??????????P?1??????&???????6???-?????e1D??aswSnx???????6?6?6?6?6?6?6?6??????L??6???C?????n6}??avast! virtualization driver (aswSnx)????????????\???????????????m??td???????????v???????C????P??6??????????????\SystemRoot\system32\drivers\aswSnx.sys?ys?m F????0??6??????p???FSFilter Virtualization??????????6???????????e??FltMgr??????? ???????6?????6?????6?????????? ????????????????? ??6???????????e??aswSnx Instance??????6?????6???6????? ???????6???????????6???????????????????????e???????6??????????137600??In???6?6?????????????l??sA?????6????? ???????6???????????6??????????T??? ???????B???? T??6??????????????\??\C:\Program Files\AVAST Software\Avast????6?6??? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14734205729372280@SetupOperations ???6?????7?7?7?7?8???????????A???????????????????O??????????????4????5??????????? ???????4?????6?????6??????????P?1??????&???????6???-?????e1D??aswSnx???????6?6?6?6?6?6?6?6??????L??6???C?????n6}??avast! virtualization driver (aswSnx)????????????\???????????????m??td???????????v???????C????P??6??????????????\SystemRoot\system32\drivers\aswSnx.sys?ys?m F????0??6??????p???FSFilter Virtualization??????????6???????????e??FltMgr??????? ???????6?????6?????6?????????? ????????????????? ??6???????????e??aswSnx Instance??????6?????6???6????? ???????6???????????6???????????????????????e???????6??????????137600??In???6?6?????????????l??sA?????6????? ???????6???????????6??????????T??? ???????B???? T??6??????????????\??\C:\Program Files\AVAST Software\Avast????6?6????? P??6??????????????\??\C:\ProgramData\AVAST Software\Avast?????? ???????4?????6?????6??????????N?2?????P????????6???(?????e????aswSP????6?6?6?6?6?6?6?6??????.??6?????????n00??avast! Self Protection?000???????????????????????????2??tC???????????T??????&V????N Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0008f4207e3f Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\50b7c35ad988 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\50b7c35ad988@00020235353d 0x21 0x75 0xB7 0xD0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x61 0x2F 0x5A 0xDD ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x61 0x97 0x1E 0x3F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x61 0xC7 0x95 0x7B ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\2@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\2@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\Pnp\CurrentControlSet\Control\DeviceMigration\Devices\SWD\DAFUPNPPROVIDER\UUID:9406CB18-018E-768C-F701-059FC5D2B40A\Interfaces\{d0875fb4-2196-4c7a-a63d-e416addd60a1}\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000E@ 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\Pnp\CurrentControlSet\Control\DeviceMigration\Devices\SWD\DAFUPNPPROVIDER\UUID:9406CB18-018E-768C-F701-059FC5D2B40A\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000E@ 0x64 0x62 0x03 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\18f0ad94 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\18f0ad94@FileExtension jpg Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\18f0ad94@Url wpnidm:http://store-images.s-microsoft.com/image/global.44032.acentoprodimg.ba660576-23f2-466a-b14d-9d6323e2917d.668b3cc4-e8e7-4738-9549-76a9fdfea7f6?w=600&foreground=%2300000033 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\18f0ad94@FileName C:\Users\Adrian\AppData\Local\Microsoft\Windows\Notifications\wpnidm\18f0ad94.jpg Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\18f0ad94@FileSize 69161 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\18f0ad94@Flag 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\18f0ad94@LocalPath C:\Users\Adrian\AppData\Local\Microsoft\Windows\Notifications\wpnidm\18f0ad94.jpg Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\18f0ad94@Aumid Microsoft.WindowsStore_8wekyb3d8bbwe!App Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\18f0ad94@Expiration 0x00 0x00 0x00 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\18f0ad94@NotificationsCount 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\18f0ad94@Notifications 0x15 0xB3 0x00 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\282eb09f Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\282eb09f@FileExtension jpg Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\282eb09f@Url wpnidm:http://store-images.s-microsoft.com/image/global.33062.acentoprodimg.bbfebc59-71fc-430f-8e5a-66578d8934e4.cbc8bf62-a12a-4092-9f57-dc1131512c58?w=600&foreground=%2300000033 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\282eb09f@FileName C:\Users\Adrian\AppData\Local\Microsoft\Windows\Notifications\wpnidm\282eb09f.jpg Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\282eb09f@FileSize 61625 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\282eb09f@Flag 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\282eb09f@LocalPath C:\Users\Adrian\AppData\Local\Microsoft\Windows\Notifications\wpnidm\282eb09f.jpg Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\282eb09f@Aumid Microsoft.WindowsStore_8wekyb3d8bbwe!App Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\282eb09f@Expiration 0x00 0x00 0x00 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\282eb09f@NotificationsCount 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\282eb09f@Notifications 0x11 0xB3 0x00 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\7b89201e Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\7b89201e@FileExtension jpg Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\7b89201e@Url wpnidm:http://store-images.s-microsoft.com/image/global.20555.acentoprodimg.f60a17ac-4bff-44fe-8ee4-1d560ef563aa.d863ca2a-00ca-4d22-aab7-491c629f93b7?w=600&foreground=%2300000033 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\7b89201e@FileName C:\Users\Adrian\AppData\Local\Microsoft\Windows\Notifications\wpnidm\7b89201e.jpg Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\7b89201e@FileSize 37614 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\7b89201e@Flag 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\7b89201e@LocalPath C:\Users\Adrian\AppData\Local\Microsoft\Windows\Notifications\wpnidm\7b89201e.jpg Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\7b89201e@Aumid Microsoft.WindowsStore_8wekyb3d8bbwe!App Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\7b89201e@Expiration 0x00 0x00 0x00 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\7b89201e@NotificationsCount 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\7b89201e@Notifications 0x14 0xB3 0x00 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\9fd921b0 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\9fd921b0@FileExtension jpg Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\9fd921b0@Url wpnidm:http://store-images.s-microsoft.com/image/global.61506.acentoprodimg.99cf9a84-f1e5-44bb-80ff-cb921f1bf5f6.2ca43dd8-72cc-444a-9086-ebf4560e4921?w=600&foreground=%2300000033 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\9fd921b0@FileName C:\Users\Adrian\AppData\Local\Microsoft\Windows\Notifications\wpnidm\9fd921b0.jpg Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\9fd921b0@FileSize 45253 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\9fd921b0@Flag 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\9fd921b0@LocalPath C:\Users\Adrian\AppData\Local\Microsoft\Windows\Notifications\wpnidm\9fd921b0.jpg Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\9fd921b0@Aumid Microsoft.WindowsStore_8wekyb3d8bbwe!App Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\9fd921b0@Expiration 0x00 0x00 0x00 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\9fd921b0@NotificationsCount 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\9fd921b0@Notifications 0x12 0xB3 0x00 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\e59d2773 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\e59d2773@FileExtension jpg Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\e59d2773@Url wpnidm:http://store-images.s-microsoft.com/image/global.19162.acentoprodimg.261720aa-f89f-4be1-8505-e78244d3729f.900e86ee-9d3a-4b29-bd21-78284271934c?w=600&foreground=%2300000033 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\e59d2773@FileName C:\Users\Adrian\AppData\Local\Microsoft\Windows\Notifications\wpnidm\e59d2773.jpg Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\e59d2773@FileSize 35333 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\e59d2773@Flag 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\e59d2773@LocalPath C:\Users\Adrian\AppData\Local\Microsoft\Windows\Notifications\wpnidm\e59d2773.jpg Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\e59d2773@Aumid Microsoft.WindowsStore_8wekyb3d8bbwe!App Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\e59d2773@Expiration 0x00 0x00 0x00 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\e59d2773@NotificationsCount 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm\e59d2773@Notifications 0x13 0xB3 0x00 0x00 ... ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.2 ---- File C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_001578 1773018 bytes File C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_001579 1752415 bytes File C:\Users\Adrian\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\8188eb4b-7bb3-4372-ac3b-2a5f854e33eb.down_data 626216 bytes File C:\Users\Adrian\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\8188eb4b-7bb3-4372-ac3b-2a5f854e33eb.up_meta 0 bytes File C:\Users\Adrian\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\8188eb4b-7bb3-4372-ac3b-2a5f854e33eb.up_meta_body 0 bytes File C:\Users\Adrian\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\67f6ebe1-30f0-47d5-b1b9-ec8230c95ffb.down_data 247685 bytes File C:\Users\Adrian\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\67f6ebe1-30f0-47d5-b1b9-ec8230c95ffb.up_meta 0 bytes File C:\Users\Adrian\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\67f6ebe1-30f0-47d5-b1b9-ec8230c95ffb.up_meta_body 0 bytes File C:\Users\Adrian\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\aaf0fcb0-b985-460d-a448-6b7299db63d6.down_data 624660 bytes File C:\Users\Adrian\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\aaf0fcb0-b985-460d-a448-6b7299db63d6.up_meta 0 bytes File C:\Users\Adrian\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\aaf0fcb0-b985-460d-a448-6b7299db63d6.up_meta_body 0 bytes File C:\Users\Adrian\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\e3f0bdca-e02c-4397-b46c-c5cd72e5cf66.down_data 292927 bytes File C:\Users\Adrian\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\e3f0bdca-e02c-4397-b46c-c5cd72e5cf66.up_meta 0 bytes File C:\Users\Adrian\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\e3f0bdca-e02c-4397-b46c-c5cd72e5cf66.up_meta_body 0 bytes File C:\Users\Adrian\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\e5428c21-eb23-4828-b527-c1152e7609fb.down_data 620747 bytes File C:\Users\Adrian\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\e5428c21-eb23-4828-b527-c1152e7609fb.up_meta 0 bytes File C:\Users\Adrian\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\e5428c21-eb23-4828-b527-c1152e7609fb.up_meta_body 0 bytes File C:\Users\Adrian\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\909c8526-cdd3-466c-b52f-69f43bc93388.down_data 446241 bytes File C:\Users\Adrian\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\909c8526-cdd3-466c-b52f-69f43bc93388.up_meta 0 bytes File C:\Users\Adrian\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\909c8526-cdd3-466c-b52f-69f43bc93388.up_meta_body 0 bytes File C:\Users\Adrian\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1481487557 0 bytes ---- EOF - GMER 2.2 ----