GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-02-14 23:51:21 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000035 SAMSUNG_HD642JJ rev.1AA01118 596,17GB Running: fvsw3kkh.exe; Driver: C:\Users\eafae\AppData\Local\Temp\kwldapob.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff960000caa00 15 bytes [00, 2E, F4, 01, 80, A0, 6E, ...] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 17 fffff960000caa11 10 bytes [5E, FC, FF, 00, BB, C7, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\dwm.exe[940] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffa15b5169a 4 bytes [B5, 15, FA, 7F] .text C:\Windows\system32\dwm.exe[940] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffa15b516a2 4 bytes [B5, 15, FA, 7F] .text C:\Windows\system32\dwm.exe[940] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffa15b5181a 4 bytes [B5, 15, FA, 7F] .text C:\Windows\system32\dwm.exe[940] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffa15b51832 4 bytes [B5, 15, FA, 7F] .text C:\Windows\system32\nvvsvc.exe[300] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffa15b5169a 4 bytes [B5, 15, FA, 7F] .text C:\Windows\system32\nvvsvc.exe[300] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffa15b516a2 4 bytes [B5, 15, FA, 7F] .text C:\Windows\system32\nvvsvc.exe[300] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffa15b5181a 4 bytes [B5, 15, FA, 7F] .text C:\Windows\system32\nvvsvc.exe[300] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffa15b51832 4 bytes [B5, 15, FA, 7F] .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1792] C:\Windows\system32\PsApi.dll!GetModuleBaseNameA + 506 00007ffa15b5169a 4 bytes [B5, 15, FA, 7F] .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1792] C:\Windows\system32\PsApi.dll!GetModuleBaseNameA + 514 00007ffa15b516a2 4 bytes [B5, 15, FA, 7F] .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1792] C:\Windows\system32\PsApi.dll!QueryWorkingSet + 118 00007ffa15b5181a 4 bytes [B5, 15, FA, 7F] .text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[1792] C:\Windows\system32\PsApi.dll!QueryWorkingSet + 142 00007ffa15b51832 4 bytes [B5, 15, FA, 7F] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2084] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffa15b5169a 4 bytes [B5, 15, FA, 7F] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2084] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffa15b516a2 4 bytes [B5, 15, FA, 7F] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2084] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffa15b5181a 4 bytes [B5, 15, FA, 7F] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2084] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffa15b51832 4 bytes [B5, 15, FA, 7F] .text C:\Windows\Explorer.EXE[2312] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffa15b5169a 4 bytes [B5, 15, FA, 7F] .text C:\Windows\Explorer.EXE[2312] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffa15b516a2 4 bytes [B5, 15, FA, 7F] .text C:\Windows\Explorer.EXE[2312] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffa15b5181a 4 bytes [B5, 15, FA, 7F] .text C:\Windows\Explorer.EXE[2312] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffa15b51832 4 bytes [B5, 15, FA, 7F] .text C:\Program Files\Windows Defender\MsMpEng.exe[1212] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffa15b5169a 4 bytes [B5, 15, FA, 7F] .text C:\Program Files\Windows Defender\MsMpEng.exe[1212] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffa15b516a2 4 bytes [B5, 15, FA, 7F] .text C:\Program Files\Windows Defender\MsMpEng.exe[1212] C:\Windows\system32\psapi.dll!QueryWorkingSet + 118 00007ffa15b5181a 4 bytes [B5, 15, FA, 7F] .text C:\Program Files\Windows Defender\MsMpEng.exe[1212] C:\Windows\system32\psapi.dll!QueryWorkingSet + 142 00007ffa15b51832 4 bytes [B5, 15, FA, 7F] .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3000] C:\Windows\system32\PsApi.dll!GetModuleBaseNameA + 506 00007ffa15b5169a 4 bytes [B5, 15, FA, 7F] .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3000] C:\Windows\system32\PsApi.dll!GetModuleBaseNameA + 514 00007ffa15b516a2 4 bytes [B5, 15, FA, 7F] .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3000] C:\Windows\system32\PsApi.dll!QueryWorkingSet + 118 00007ffa15b5181a 4 bytes [B5, 15, FA, 7F] .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3000] C:\Windows\system32\PsApi.dll!QueryWorkingSet + 142 00007ffa15b51832 4 bytes [B5, 15, FA, 7F] ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [632:656] fffff960008a0b90 ---- Processes - GMER 2.1 ---- Process C:\Users\eafae\AppData\Local\Installer\Installiwebar_18987\ytdieamodc_amodc_inst.exe (*** suspicious ***) @ C:\Users\eafae\AppData\Local\Installer\Installiwebar_18987\ytdieamodc_amodc_inst.exe [4252](2016-01-11 11:46:30) 0000000000b20000 Process C:\Users\eafae\AppData\Local\Installer\Installiwebar_18987\ytdieamodc_amodc_inst.exe (*** suspicious ***) @ C:\Users\eafae\AppData\Local\Installer\Installiwebar_18987\ytdieamodc_amodc_inst.exe [4876](2016-01-11 11:46:30) 0000000000b20000 Process C:\ProgramData\Airtostrong\Airtostrong.exe (*** suspicious ***) @ C:\ProgramData\Airtostrong\Airtostrong.exe [3836](2016-02-14 21:58:32) 0000000000d60000 Process C:\ProgramData\Airtostrong\Airtostrong.exe (*** suspicious ***) @ C:\ProgramData\Airtostrong\Airtostrong.exe [2304](2016-02-14 21:58:32) 0000000000d60000 ---- Services - GMER 2.1 ---- Service C:\Program Files\cmdidx\cmdidx.exe (*** hidden *** ) [DISABLED] cmdidx <-- ROOTKIT !!! Service  (*** hidden *** ) [DISABLED] sbmntr <-- ROOTKIT !!! Service C:\Program Files\Common Files\ShopperPro3\spbiw.sys (*** hidden *** ) [DISABLED] SPBIUpdd <-- ROOTKIT !!! Service C:\Program Files (x86)\ShopperPro3\JSDriver\1.42.1.10630\jsdrv.sys (*** hidden *** ) [DISABLED] SPDRIVER_1.42.1.10630 <-- ROOTKIT !!! ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0xE7 0x23 0xEE 0xB9 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0x13 0x4C 0xF5 0xB9 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@en-US 247 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\NOEDID_10DE_1187_00000001_00000000_100100^98290FAC0883AFFD5967E41FA7ED41A6@Timestamp 0x76 0xF7 0xDF 0x7A ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 692 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Configuration Manager\Defrag@LastRun 02:13:2016 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Configuration Manager\Defrag@TotalBytesSaved 0x00 0x90 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 1752581300 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID c33cba41-12b3-411b-a681-0145622 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@GlassSessionId 10 Reg HKLM\SYSTEM\CurrentControlSet\Services\acpipagr\Parameters\Wdf@TimeOfLastSqmLog 0x2F 0x8E 0x39 0xBB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS Reg HKLM\SYSTEM\CurrentControlSet\Services\cdrom\Parameters\Wdf@TimeOfLastSqmLog 0x9E 0xF0 0x3B 0xBB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\cmdidx Reg HKLM\SYSTEM\CurrentControlSet\Services\cmdidx@Type 16 Reg HKLM\SYSTEM\CurrentControlSet\Services\cmdidx@Start 4 Reg HKLM\SYSTEM\CurrentControlSet\Services\cmdidx@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\cmdidx@ImagePath "C:\Program Files\cmdidx\cmdidx.exe" /s iid=4106176 did=APSnapdoAMRev sid=3 ref=0a32b0ac-fe92-152a-474b-238738d446e6-PolicyMac id=ca6a7235dfdc016f7b2cc23216fc66a68b1859e2a081b04f7323a6e425ae2397 Reg HKLM\SYSTEM\CurrentControlSet\Services\cmdidx@DisplayName cmdidx Reg HKLM\SYSTEM\CurrentControlSet\Services\cmdidx@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\Services\cmdidx@FailureActions 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\cmdidx@DeleteFlag 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\cmdidx Reg HKLM\SYSTEM\CurrentControlSet\Services\CompositeBus\Parameters\Wdf@TimeOfLastSqmLog 0x67 0x41 0xED 0xBA ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{badfc310-c367-4f5a-ae88-4c734bd7b2e6}@LastProbeTime 1454969401 Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{e2fcb444-500c-4cb6-8e41-4a621e740aa3}@LastProbeTime 1454966785 Reg HKLM\SYSTEM\CurrentControlSet\Services\HDAudBus\Parameters\Wdf@TimeOfLastSqmLog 0xFB 0xB6 0x02 0xBB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\intelppm\Parameters\Wdf@TimeOfLastSqmLog 0x2F 0x8E 0x39 0xBB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MEIx64\Parameters\Wdf@TimeOfLastSqmLog 0xCB 0x7B 0x07 0xBB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\monitor\Parameters\Wdf@TimeOfLastSqmLog 0x3A 0x01 0x1B 0xBD ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MsLldp\Parameters\Wdf@TimeOfLastSqmLog 0x9A 0x67 0xA1 0x0A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\NdisVirtualBus\Parameters\Wdf@TimeOfLastSqmLog 0x2F 0x8E 0x39 0xBB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\PEAUTH\Parameters\Wdf@TimeOfLastSqmLog 0x19 0x3C 0x75 0xCF ... Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@ReadyBootPlanAge 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ?Sun?, ?Feb ?14 ?16, 06:46:21 PM??????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Performance@1023 0x94 0xB0 0xA9 0xC5 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sbmntr Reg HKLM\SYSTEM\CurrentControlSet\Services\sbmntr@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sbmntr@Start 4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sbmntr@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sbmntr@ImagePath \??\C:\PROGRA~2\YTDOWN~1\sbmntr.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\sbmntr@DisplayName SBMNTR Reg HKLM\SYSTEM\CurrentControlSet\Services\sbmntr@DependOnService BFE? Reg HKLM\SYSTEM\CurrentControlSet\Services\sbmntr@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sbmntr@LogMessage DriverEntry succeeded Reg HKLM\SYSTEM\CurrentControlSet\Services\sbmntr@NtStatus 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sbmntr@DeleteFlag 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sbmntr Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 7673 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 4123 Reg HKLM\SYSTEM\CurrentControlSet\Services\SPBIUpdd Reg HKLM\SYSTEM\CurrentControlSet\Services\SPBIUpdd@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\SPBIUpdd@Start 4 Reg HKLM\SYSTEM\CurrentControlSet\Services\SPBIUpdd@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\SPBIUpdd@ImagePath \??\C:\Program Files\Common Files\ShopperPro3\spbiw.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\SPBIUpdd@DisplayName ShopperPro3 UpdateD Reg HKLM\SYSTEM\CurrentControlSet\Services\SPBIUpdd@DeleteFlag 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\SPBIUpdd Reg HKLM\SYSTEM\CurrentControlSet\Services\SPDRIVER_1.42.1.10630 Reg HKLM\SYSTEM\CurrentControlSet\Services\SPDRIVER_1.42.1.10630@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\SPDRIVER_1.42.1.10630@Start 4 Reg HKLM\SYSTEM\CurrentControlSet\Services\SPDRIVER_1.42.1.10630@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\SPDRIVER_1.42.1.10630@ImagePath \??\C:\Program Files (x86)\ShopperPro3\JSDriver\1.42.1.10630\jsdrv.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\SPDRIVER_1.42.1.10630@DisplayName SPDRIVER_1.42.1.10630 Reg HKLM\SYSTEM\CurrentControlSet\Services\SPDRIVER_1.42.1.10630@DependOnService BFE? Reg HKLM\SYSTEM\CurrentControlSet\Services\SPDRIVER_1.42.1.10630@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\SPDRIVER_1.42.1.10630@DeleteFlag 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\SPDRIVER_1.42.1.10630\Parameters Reg HKLM\SYSTEM\CurrentControlSet\Services\SPDRIVER_1.42.1.10630\Parameters\Wdf Reg HKLM\SYSTEM\CurrentControlSet\Services\SPDRIVER_1.42.1.10630\Parameters\Wdf@WdfMajorVersion 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\SPDRIVER_1.42.1.10630\Parameters\Wdf@WdfMinorVersion 9 Reg HKLM\SYSTEM\CurrentControlSet\Services\SPDRIVER_1.42.1.10630\Parameters\Wdf@TimeOfLastSqmLog 0xFE 0x2C 0x91 0xE3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\SPDRIVER_1.42.1.10630 Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 247 Reg HKLM\SYSTEM\CurrentControlSet\Services\ssdevfactory\Parameters\Wdf@TimeOfLastSqmLog 0x2F 0x8E 0x39 0xBB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sshid\Parameters\Wdf@TimeOfLastSqmLog 0xAE 0x38 0x76 0xBB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@DhcpDomain Business Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@DhcpNameServer 194.204.152.34 194.204.159.1 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{13999E7E-8529-46FC-AD5D-46F719F8F9C3}@LeaseObtainedTime 1455119857 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{13999E7E-8529-46FC-AD5D-46F719F8F9C3}@T1 1470887857 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{13999E7E-8529-46FC-AD5D-46F719F8F9C3}@T2 1482713857 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{13999E7E-8529-46FC-AD5D-46F719F8F9C3}@LeaseTerminatesTime 1486655857 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{50758027-CD0D-418D-80DC-61A6C0BABC25}@LeaseObtainedTime 1455475494 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{50758027-CD0D-418D-80DC-61A6C0BABC25}@T1 1455518694 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{50758027-CD0D-418D-80DC-61A6C0BABC25}@T2 1455551094 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{50758027-CD0D-418D-80DC-61A6C0BABC25}@LeaseTerminatesTime 1455561894 Reg HKLM\SYSTEM\CurrentControlSet\Services\umbus\Parameters\Wdf@TimeOfLastSqmLog 0x67 0x41 0xED 0xBA ... Reg HKLM\SYSTEM\CurrentControlSet\Services\USBHUB3\Parameters\Wdf@TimeOfLastSqmLog 0x0E 0x97 0x4E 0xBB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\USBXHCI\Parameters\Wdf@TimeOfLastSqmLog 0x34 0xDE 0x09 0xBB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@1008 0x5C 0x01 0xE8 0xC5 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer@GlobalAssocChangedCounter 185 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016011120160118 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016011120160118@CachePrefix :2016011120160118: Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016011120160118@CachePath %USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012016011120160118 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016011120160118@CacheOptions 11 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016011120160118@CacheRepair 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016011120160118@CacheLimit 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016011820160125 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016011820160125@CachePrefix :2016011820160125: Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016011820160125@CachePath %USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012016011820160125 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016011820160125@CacheOptions 11 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016011820160125@CacheRepair 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016011820160125@CacheLimit 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016020220160203 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016020220160203@CachePrefix :2016020220160203: Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016020220160203@CachePath %USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012016020220160203 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016020220160203@CacheOptions 11 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016020220160203@CacheRepair 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016020220160203@CacheLimit 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016020420160205 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016020420160205@CachePrefix :2016020420160205: Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016020420160205@CachePath %USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012016020420160205 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016020420160205@CacheOptions 11 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016020420160205@CacheRepair 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016020420160205@CacheLimit 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016020520160206 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016020520160206@CachePrefix :2016020520160206: Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016020520160206@CachePath %USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012016020520160206 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016020520160206@CacheOptions 11 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016020520160206@CacheRepair 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016020520160206@CacheLimit 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce@Report C:\AdwCleaner\AdwCleaner[C1].txt Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\SHC@1 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk?C:\Program Files (x86)\Google\Chrome\Application\chrome.exe?? ---- Files - GMER 2.1 ---- File C:\Users\eafae\AppData\Roaming\TS3Client\cache\remote\image\png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAMAAABEpIrGAAAAflBMVEVNZplMZ6BGYpxHY52KncVkfrJXcqlac6ZZdKpedqhcdq1AXJc9WZFCXpllfKtfeK5RbKXo7fjg5vVug6z\2+PxieqxpgbZAWYvO2fDL1u\S2eXU3fHd5PTD0Ozu8vpuhLM\V4l8kb68x92rt86Wp8tRapx4j71edJ+6w9X\pDG9AAABY0lEQVQ4jYWT2VaDMBRFgUgK1BAqLaA4pFSp 0 bytes File C:\Users\eafae\AppData\Roaming\TS3Client\cache\remote\image\png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAMAAABEpIrGAAAAflBMVEVNZplMZ6BGYpxHY52KncVkfrJXcqlac6ZZdKpedqhcdq1AXJc9WZFCXpllfKtfeK5RbKXo7fjg5vVug6z\2+PxieqxpgbZAWYvO2fDL1u\S2eXU3fHd5PTD0Ozu8vpuhLM\V4l8kb68x92rt86Wp8tRapx4j71edJ+6w9X\pDG9AAABY0lEQVQ4jYWT2VaDMBRFgUgK1BAqLaA4pFSp\v8Pes69DJW1utwkudNueCnRsa+ju9T9Meqj8HCXgHEdhjYlbYuoqYa2DUPA9UNop75E1dSFgfcM6RY 0 bytes File C:\Users\eafae\AppData\Roaming\TS3Client\cache\remote\image\png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAMAAABEpIrGAAAAflBMVEVNZplMZ6BGYpxHY52KncVkfrJXcqlac6ZZdKpedqhcdq1AXJc9WZFCXpllfKtfeK5RbKXo7fjg5vVug6z\2+PxieqxpgbZAWYvO2fDL1u\S2eXU3fHd5PTD0Ozu8vpuhLM\V4l8kb68x92rt86Wp8tRapx4j71edJ+6w9X\pDG9AAABY0lEQVQ4jYWT2VaDMBRFgUgK1BAqLaA4pFSp\v8Pes69DJW1utwkudNueCnRsa+ju9T9Meqj8HCXgHEdhjYlbYuoqYa2DUPA9UNop75E1dSFgfcM6RY\Rh0ephSunj1u73V 0 bytes File C:\Users\eafae\AppData\Roaming\TS3Client\cache\remote\image\png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAMAAABEpIrGAAAAflBMVEVNZplMZ6BGYpxHY52KncVkfrJXcqlac6ZZdKpedqhcdq1AXJc9WZFCXpllfKtfeK5RbKXo7fjg5vVug6z\2+PxieqxpgbZAWYvO2fDL1u\S2eXU3fHd5PTD0Ozu8vpuhLM\V4l8kb68x92rt86Wp8tRapx4j71edJ+6w9X\pDG9AAABY0lEQVQ4jYWT2VaDMBRFgUgK1BAqLaA4pFSp\v8Pes69DJW1utwkudNueCnRsa+ju9T9Meqj8HCXgHEdhjYlbYuoqYa2DUPA9UNop75E1dSFgfcM6RY\Rh0ephSunj1u73V\5yOgOkVQvAbShlT8D6oUDAvuArweVLYo5D6rPDZgvf9ImQ+pVAU1hZyWDk5vKS8q7ANhMzid7qt3PEBGpSWC4LdQmEpVKiqylaM1nbd+QDOXddJH0L1h8OK1BDieB4iidf5hbXcwH4sFcLTwgW9OJYbblmFL6lFMMwMg6w3MPUMhSQxsmQnxiQUzFQYCDgN+6IxvgJV8fAG51ySYGHzSURgzQkE5 0 bytes File C:\Users\eafae\AppData\Roaming\TS3Client\cache\remote\image\png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAMAAABEpIrGAAAAflBMVEVNZplMZ6BGYpxHY52KncVkfrJXcqlac6ZZdKpedqhcdq1AXJc9WZFCXpllfKtfeK5RbKXo7fjg5vVug6z\2+PxieqxpgbZAWYvO2fDL1u\S2eXU3fHd5PTD0Ozu8vpuhLM\V4l8kb68x92rt86Wp8tRapx4j71edJ+6w9X\pDG9AAABY0lEQVQ4jYWT2VaDMBRFgUgK1BAqLaA4pFSp\v8Pes69DJW1utwkudNueCnRsa+ju9T9Meqj8HCXgHEdhjYlbYuoqYa2DUPA9UNop75E1dSFgfcM6RY\Rh0ephSunj1u73V\5yOgOkVQvAbShlT8D6oUDAvuArweVLYo5D6rPDZgvf9ImQ+pVAU1hZyWDk5vKS8q7ANhMzid7qt3PEBGpSWC4LdQmEpVKiqylaM1nbd+QDOXddJH0L1h8OK1BDieB4iidf5hbXcwH4sFcLTwgW9OJYbblmFL6lFMMwMg6w3MPUMhSQxsmQnxiQUzFQYCDgN+6IxvgJV8fAG51ySYGHzSURgzQkE5\Z8FGSOAgIKHBSmqdPE7Z 0 bytes File C:\Users\eafae\AppData\Roaming\TS3Client\cache\remote\image\png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAMAAABEpIrGAAAAflBMVEVNZplMZ6BGYpxHY52KncVkfrJXcqlac6ZZdKpedqhcdq1AXJc9WZFCXpllfKtfeK5RbKXo7fjg5vVug6z\2+PxieqxpgbZAWYvO2fDL1u\S2eXU3fHd5PTD0Ozu8vpuhLM\V4l8kb68x92rt86Wp8tRapx4j71edJ+6w9X\pDG9AAABY0lEQVQ4jYWT2VaDMBRFgUgK1BAqLaA4pFSp\v8Pes69DJW1utwkudNueCnRsa+ju9T9Meqj8HCXgHEdhjYlbYuoqYa2DUPA9UNop75E1dSFgfcM6RY\Rh0ephSunj1u73V\5yOgOkVQvAbShlT8D6oUDAvuArweVLYo5D6rPDZgvf9ImQ+pVAU1hZyWDk5vKS8q7ANhMzid7qt3PEBGpSWC4LdQmEpVKiqylaM1nbd+QDOXddJH0L1h8OK1BDieB4iidf5hbXcwH4sFcLTwgW9OJYbblmFL6lFMMwMg6w3MPUMhSQxsmQnxiQUzFQYCDgN+6IxvgJV8fAG51ySYGHzSURgzQkE5\Z8FGSOAgIKHBSmqdPE7Z\B3mmDNzxueQFLAaFs8rxpeGjIKcx5SSGnkK 0 bytes File C:\Users\eafae\AppData\Roaming\TS3Client\cache\remote\image\png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAMAAABEpIrGAAAAflBMVEVNZplMZ6BGYpxHY52KncVkfrJXcqlac6ZZdKpedqhcdq1AXJc9WZFCXpllfKtfeK5RbKXo7fjg5vVug6z\2+PxieqxpgbZAWYvO2fDL1u\S2eXU3fHd5PTD0Ozu8vpuhLM\V4l8kb68x92rt86Wp8tRapx4j71edJ+6w9X\pDG9AAABY0lEQVQ4jYWT2VaDMBRFgUgK1BAqLaA4pFSp\v8Pes69DJW1utwkudNueCnRsa+ju9T9Meqj8HCXgHEdhjYlbYuoqYa2DUPA9UNop75E1dSFgfcM6RY\Rh0ephSunj1u73V\5yOgOkVQvAbShlT8D6oUDAvuArweVLYo5D6rPDZgvf9ImQ+pVAU1hZyWDk5vKS8q7ANhMzid7qt3PEBGpSWC4LdQmEpVKiqylaM1nbd+QDOXddJH0L1h8OK1BDieB4iidf5hbXcwH4sFcLTwgW9OJYbblmFL6lFMMwMg6w3MPUMhSQxsmQnxiQUzFQYCDgN+6IxvgJV8fAG51ySYGHzSURgzQkE5\Z8FGSOAgIKHBSmqdPE7Z\B3mmDNzxueQFLAaFs8rxpeGjIKcx5SSGnkK\CO9gKf6Aw5yLsSC5HjqiC9kRoEIXd7kbVmOMvV4 0 bytes File C:\Users\eafae\AppData\Roaming\TS3Client\cache\remote\image\png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAMAAABEpIrGAAAAflBMVEVNZplMZ6BGYpxHY52KncVkfrJXcqlac6ZZdKpedqhcdq1AXJc9WZFCXpllfKtfeK5RbKXo7fjg5vVug6z\2+PxieqxpgbZAWYvO2fDL1u\S2eXU3fHd5PTD0Ozu8vpuhLM\V4l8kb68x92rt86Wp8tRapx4j71edJ+6w9X\pDG9AAABY0lEQVQ4jYWT2VaDMBRFgUgK1BAqLaA4pFSp\v8Pes69DJW1utwkudNueCnRsa+ju9T9Meqj8HCXgHEdhjYlbYuoqYa2DUPA9UNop75E1dSFgfcM6RY\Rh0ephSunj1u73V\5yOgOkVQvAbShlT8D6oUDAvuArweVLYo5D6rPDZgvf9ImQ+pVAU1hZyWDk5vKS8q7ANhMzid7qt3PEBGpSWC4LdQmEpVKiqylaM1nbd+QDOXddJH0L1h8OK1BDieB4iidf5hbXcwH4sFcLTwgW9OJYbblmFL6lFMMwMg6w3MPUMhSQxsmQnxiQUzFQYCDgN+6IxvgJV8fAG51ySYGHzSURgzQkE5\Z8FGSOAgIKHBSmqdPE7Z\B3mmDNzxueQFLAaFs8rxpeGjIKcx5SSGnkK\CO9gKf6Aw5yLsSC5HjqiC9kRoEIXd7kbVmOMvV4\lPNqCN4w1vs6xvMuI8X+f 0 bytes File C:\Users\eafae\AppData\Roaming\TS3Client\cache\remote\image\png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAMAAABEpIrGAAAAflBMVEVNZplMZ6BGYpxHY52KncVkfrJXcqlac6ZZdKpedqhcdq1AXJc9WZFCXpllfKtfeK5RbKXo7fjg5vVug6z\2+PxieqxpgbZAWYvO2fDL1u\S2eXU3fHd5PTD0Ozu8vpuhLM\V4l8kb68x92rt86Wp8tRapx4j71edJ+6w9X\pDG9AAABY0lEQVQ4jYWT2VaDMBRFgUgK1BAqLaA4pFSp\v8Pes69DJW1utwkudNueCnRsa+ju9T9Meqj8HCXgHEdhjYlbYuoqYa2DUPA9UNop75E1dSFgfcM6RY\Rh0ephSunj1u73V\5yOgOkVQvAbShlT8D6oUDAvuArweVLYo5D6rPDZgvf9ImQ+pVAU1hZyWDk5vKS8q7ANhMzid7qt3PEBGpSWC4LdQmEpVKiqylaM1nbd+QDOXddJH0L1h8OK1BDieB4iidf5hbXcwH4sFcLTwgW9OJYbblmFL6lFMMwMg6w3MPUMhSQxsmQnxiQUzFQYCDgN+6IxvgJV8fAG51ySYGHzSURgzQkE5\Z8FGSOAgIKHBSmqdPE7Z\B3mmDNzxueQFLAaFs8rxpeGjIKcx5SSGnkK\CO9gKf6Aw5yLsSC5HjqiC9kRoEIXd7kbVmOMvV4\lPNqCN4w1vs6xvMuI8X+f\y9BXixF8yLnMgAAAABJRU5ErkJggg== 550 bytes ---- EOF - GMER 2.1 ----