GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-03-17 20:22:27 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003c ST1000LM024_HN-M101MBB rev.2BA30001 931,51GB Running: 160ixvfn.exe; Driver: C:\Users\stan\AppData\Local\Temp\fxldrpog.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [256:6140] fffff9618c824060 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 2078773179 Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS\Performance@PerfMMFileName Global\MMF_BITS_s Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\801934d25d3d Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\801934d25d3d@0ca69423a7db 0x76 0xF5 0x53 0x57 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\801934d25d3d@0022373c8e6a 0x94 0x0F 0xCC 0x98 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\801934d25d3d@148f21455878 0xD7 0x60 0x19 0x5E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0002 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0002@BackupContext 0x02 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0002@Bluetooth_UniqueID {00000000-0000-0000-0000-000000000000}#0CA69423A7DB_00000000 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0002@ConnectionCount 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0004 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0004@BackupContext 0x02 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0004@Bluetooth_UniqueID {00000000-0000-0000-0000-000000000000}#0022373C8E6A_00000000 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0004@ConnectionCount 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0005 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0005@BackupContext 0x02 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0005@Bluetooth_UniqueID {0000110a-0000-1000-8000-00805f9b34fb}#0022373C8E6A_C00000000 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0005@ConnectionCount 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0006 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0006@BackupContext 0x02 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0006@Bluetooth_UniqueID {0000110c-0000-1000-8000-00805f9b34fb}#0022373C8E6A_C00000000 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0006@ConnectionCount 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 2443 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 382 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{B647B79E-3AAF-4C06-8570-BA19D47FD0F0} v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.CommsPhone_2.12.14001.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|Desc=@{Microsoft.CommsPhone_2.12.14001.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|LUOwn=S-1-5-21-2831285199-3536826771-1048164271-1002|AppPkgId=S-1-15-2-3502142457-1175083276-1468359876-1514580144-2717768582-2562788200-3268064651|EmbedCtxt=@{Microsoft.CommsPhone_2.12.14001.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{2E7ED16B-FCC3-4433-AA39-2497643A660E} v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.CommsPhone_2.12.14001.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|Desc=@{Microsoft.CommsPhone_2.12.14001.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|LUOwn=S-1-5-21-2831285199-3536826771-1048164271-1002|AppPkgId=S-1-15-2-3502142457-1175083276-1468359876-1514580144-2717768582-2562788200-3268064651|EmbedCtxt=@{Microsoft.CommsPhone_2.12.14001.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{ED57AD9E-EF14-4550-9E82-515DC35D1611} v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{microsoft.windowscommunicationsapps_17.6568.46271.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_DisplayName}|Desc=@{microsoft.windowscommunicationsapps_17.6568.46271.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_Description}|LUOwn=S-1-5-21-2831285199-3536826771-1048164271-1002|AppPkgId=S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433|EmbedCtxt=@{microsoft.windowscommunicationsapps_17.6568.46271.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_DisplayName}|Platform=2:6:2|Platform2=GTEQ| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{77E4370D-9533-41C6-948F-FAA3BBA13030} v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{microsoft.windowscommunicationsapps_17.6568.46271.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_DisplayName}|Desc=@{microsoft.windowscommunicationsapps_17.6568.46271.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_Description}|LUOwn=S-1-5-21-2831285199-3536826771-1048164271-1002|AppPkgId=S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433|EmbedCtxt=@{microsoft.windowscommunicationsapps_17.6568.46271.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_DisplayName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System@{FB6CA776-D42F-4C1C-B784-5DCCDA295840} v2.25|Action=Block|Active=TRUE|Dir=In|Name=@{Microsoft.CommsPhone_2.12.14001.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|Desc=@{Microsoft.CommsPhone_2.12.14001.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|LUOwn=S-1-5-21-2831285199-3536826771-1048164271-1002|AppPkgId=S-1-15-2-3502142457-1175083276-1468359876-1514580144-2717768582-2562788200-3268064651|EmbedCtxt=@{Microsoft.CommsPhone_2.12.14001.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System@{5199DC91-6BD4-4D06-81A8-B6C4225A239F} v2.25|Action=Block|Active=TRUE|Dir=Out|Name=@{Microsoft.CommsPhone_2.12.14001.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|Desc=@{Microsoft.CommsPhone_2.12.14001.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|LUOwn=S-1-5-21-2831285199-3536826771-1048164271-1002|AppPkgId=S-1-15-2-3502142457-1175083276-1468359876-1514580144-2717768582-2562788200-3268064651|EmbedCtxt=@{Microsoft.CommsPhone_2.12.14001.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System@{FF9D6DB5-DE30-4302-9275-241E3D91D8EF} v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|RA42=IntErnet|RA62=IntErnet|Name=@{Microsoft.CommsPhone_2.12.14001.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|Desc=@{Microsoft.CommsPhone_2.12.14001.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-2)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-2831285199-3536826771-1048164271-1002|AppPkgId=S-1-15-2-3502142457-1175083276-1468359876-1514580144-2717768582-2562788200-3268064651|EmbedCtxt=@{Microsoft.CommsPhone_2.12.14001.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System@{AC3F06E3-698A-4B0B-9DCF-394C3ED9F75F} v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|RA42=IntErnet|RA62=IntErnet|Name=@{Microsoft.CommsPhone_2.12.14001.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|Desc=@{Microsoft.CommsPhone_2.12.14001.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-2)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-2831285199-3536826771-1048164271-1002|AppPkgId=S-1-15-2-3502142457-1175083276-1468359876-1514580144-2717768582-2562788200-3268064651|EmbedCtxt=@{Microsoft.CommsPhone_2.12.14001.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System@{A1B3364D-F12C-4F44-9D08-33DD592C7848} v2.25|Action=Block|Active=TRUE|Dir=In|Name=@{microsoft.windowscommunicationsapps_17.6568.46271.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_DisplayName}|Desc=@{microsoft.windowscommunicationsapps_17.6568.46271.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_Description}|LUOwn=S-1-5-21-2831285199-3536826771-1048164271-1002|AppPkgId=S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433|EmbedCtxt=@{microsoft.windowscommunicationsapps_17.6568.46271.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_DisplayName}| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System@{15569C30-7EC0-4BDF-A289-C6F3D2D23AD7} v2.25|Action=Block|Active=TRUE|Dir=Out|Name=@{microsoft.windowscommunicationsapps_17.6568.46271.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_DisplayName}|Desc=@{microsoft.windowscommunicationsapps_17.6568.46271.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_Description}|LUOwn=S-1-5-21-2831285199-3536826771-1048164271-1002|AppPkgId=S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433|EmbedCtxt=@{microsoft.windowscommunicationsapps_17.6568.46271.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_DisplayName}| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System@{D6CFF47E-82B3-4AB3-BAB2-E2B6A27D1BFA} v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|RA42=IntrAnet|RA62=IntrAnet|Name=@{microsoft.windowscommunicationsapps_17.6568.46271.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_DisplayName}|Desc=@{microsoft.windowscommunicationsapps_17.6568.46271.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_Description}|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-2831285199-3536826771-1048164271-1002|AppPkgId=S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433|EmbedCtxt=@{microsoft.windowscommunicationsapps_17.6568.46271.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_DisplayName}| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System@{AEBE97B8-616A-4AD8-A9B0-5094090E2755} v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|RA42=IntrAnet|RA62=IntrAnet|Name=@{microsoft.windowscommunicationsapps_17.6568.46271.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_DisplayName}|Desc=@{microsoft.windowscommunicationsapps_17.6568.46271.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_Description}|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-2831285199-3536826771-1048164271-1002|AppPkgId=S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433|EmbedCtxt=@{microsoft.windowscommunicationsapps_17.6568.46271.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_DisplayName}| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System@{B6DB181E-8BD8-42FA-9E30-398C8CBB9AC9} v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Private|Profile=Public|RA42=RmtIntrAnet|RA62=RmtIntrAnet|Name=@{microsoft.windowscommunicationsapps_17.6568.46271.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_DisplayName}|Desc=@{microsoft.windowscommunicationsapps_17.6568.46271.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_Description}|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-2831285199-3536826771-1048164271-1002|AppPkgId=S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433|EmbedCtxt=@{microsoft.windowscommunicationsapps_17.6568.46271.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_DisplayName}|Security=Authenticate| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System@{A6D77A23-CB64-4EFB-90B1-D98F9F85ADCA} v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Private|Profile=Public|RA42=RmtIntrAnet|RA62=RmtIntrAnet|Name=@{microsoft.windowscommunicationsapps_17.6568.46271.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_DisplayName}|Desc=@{microsoft.windowscommunicationsapps_17.6568.46271.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_Description}|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-2831285199-3536826771-1048164271-1002|AppPkgId=S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433|EmbedCtxt=@{microsoft.windowscommunicationsapps_17.6568.46271.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_DisplayName}|Security=Authenticate| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System@{39539B99-4B95-474A-A6B1-9C7CDD8CE50A} v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|RA42=IntErnet|RA62=IntErnet|Name=@{microsoft.windowscommunicationsapps_17.6568.46271.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_DisplayName}|Desc=@{microsoft.windowscommunicationsapps_17.6568.46271.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_Description}|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-2)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-2831285199-3536826771-1048164271-1002|AppPkgId=S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433|EmbedCtxt=@{microsoft.windowscommunicationsapps_17.6568.46271.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_DisplayName}| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System@{B78CB144-50B8-41BF-B26B-7F8ADC4068D2} v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|RA42=IntErnet|RA62=IntErnet|Name=@{microsoft.windowscommunicationsapps_17.6568.46271.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_DisplayName}|Desc=@{microsoft.windowscommunicationsapps_17.6568.46271.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_Description}|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-2)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-2831285199-3536826771-1048164271-1002|AppPkgId=S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433|EmbedCtxt=@{microsoft.windowscommunicationsapps_17.6568.46271.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_DisplayName}| Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeConfidence 8 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x5C 0xD8 0x5D 0xF4 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x5C 0x40 0x22 0x56 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x5C 0x70 0x99 0x92 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeTickCount 0xE3 0x79 0x56 0x01 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\1@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\1@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@PolicyDocumentLastRefresh 0x25 0x9B 0x78 0x8A ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime 0x2F 0x39 0x81 0x8A ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime 0x2F 0x39 0x81 0x8A ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime 0x2F 0x39 0x81 0x8A ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime 0x2F 0x39 0x81 0x8A ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest 0xD6 0x5E 0x4E 0x3D ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search@JumpListChangedAppIds Chrome? Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Security and Maintenance@MessageTime 0x02 0x60 0x78 0x04 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData@PendingOperations 19 Reg HKCU\SOFTWARE\Microsoft\Windows\Windows Error Reporting@LastRateLimitedDumpGenerationTime 0x73 0x4A 0x59 0xE4 ... Reg HKCU\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_igfxHK.exe_e6d28b21348c3b7c1c4bd222288477424765868_fed373c3_26e16d0a Reg HKCU\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles@CheckingForSolutionDialog 0x40 0x02 0x01 0x00 ... ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.2 ---- File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002b 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002e 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000031 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000037 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000045 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000046 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00004a 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00004f 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000057 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000089 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00008a 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000091 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000098 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000099 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000a4 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000a5 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000a6 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000aa 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ac 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ad 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ae 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b5 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b6 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b7 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b8 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b9 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ba 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000bb 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000bc 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000bd 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c0 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c6 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c7 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c9 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ca 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000cc 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000cd 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ce 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000cf 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000d0 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000d1 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000d2 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000d3 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000d4 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000d5 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000d6 0 bytes File C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0001e6 0 bytes File C:\Users\stan\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131027063485820417.txt 0 bytes File C:\Users\stan\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131027065821885204.txt 0 bytes File C:\Users\stan\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131027065983686646.txt 0 bytes File C:\Users\stan\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131027066819635760.txt 0 bytes File C:\Users\stan\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131027066910620500.txt 0 bytes File C:\Users\stan\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131027067003436683.txt 0 bytes File C:\Users\stan\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131027067034374958.txt 0 bytes File C:\Users\stan\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131027071636012905.txt 0 bytes File C:\Users\stan\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131027080636255605.txt 0 bytes ---- EOF - GMER 2.2 ----