GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-08-01 09:49:27 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003b SAMSUNG_MZNLF128HCHP-000H1 rev.FXT21H1Q 119,24GB Running: p98l6b5o.exe; Driver: C:\Users\Agusia\AppData\Local\Temp\pwdoqpog.sys ---- Devices - GMER 2.2 ---- Device \Driver\USBSTOR -> DriverStartIo \Device\00000094 fffff8005fc25070 Device \Driver\USBSTOR \Device\00000094 fffff8005fc3dd20 Device \Driver\USBSTOR -> DriverStartIo \Device\00000095 fffff8005fc25070 Device \Driver\USBSTOR \Device\00000095 fffff8005fc3dd20 Device \Driver\USBSTOR -> DriverStartIo \Device\00000096 fffff8005fc25070 Device \Driver\USBSTOR \Device\00000096 fffff8005fc3dd20 Device \Driver\USBSTOR -> DriverStartIo \Device\00000097 fffff8005fc25070 Device \Driver\USBSTOR \Device\00000097 fffff8005fc3dd20 ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [924:2564] fffff9612bf84030 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [3028:3032] 0000000000ff288e ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToSnapshot@OfficeODC ?????????????????????????r???3?????????????????????????????????????????????????????????????????????????????"???)???????)???)???????*???*???????????????*???*???*???????*?????????:?*???*???+???+???????+???+???????,???,???,???,???????????,???,???????????,???-???-???/???/???0???????0??????????????>???>???????????>???????>???>???>???>???>?????A?D???D???????D???D???D???D???D???????????D???D???D?C?D???D???D???D???D???????????D???D???E???E???????E???????H????????\System Volume Information\FVE2.{e40ad34d-dae9-4bc7-95bd-b16218c10f72}.*????\System Volume Information\FVE2.{c9ca54a3-6983-46b7-8684-a7e5e23499e3}??????\System Volume Information\FVE2.{24e6f0ae-6a00-4f73-984b-75ce9942852d}????????????????????e?????\System Volume Information\FVE2.{9ef82dfa-1239-4a30-83e6-3b3e9b8fed08}??????? ??????????????o???\System Volume Information\FVE2.{aff97bac-a69b-45da-aba1-2cfbce434750}.*????? ??????????????????\System Volume Information\FVE2.{9ef82dfa-1239-4a30-83e6-3b3e9b8fed08}.*???????????????????l????\Sy Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0x3C 0x66 0x66 0x59 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0xC0 0xC8 0x18 0xEC ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0x3C 0x66 0x66 0x59 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime 0xBC 0x2A 0x1B 0xEC ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 63 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\SDC55440_00_07DF_E9^144FE8AE16D89D430DBAFE0B6AA1D7EF@Timestamp 0x25 0x09 0x5B 0x5A ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 1004 Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{867ACC59-EFC6-4AC7-8CF0-8FE3F56CBE2F}\Connection@Name isatap.Home Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 2710554 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -1802760704 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 64 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 480196869 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 13695177 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime 13695183 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalResumeTime 1750971 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnFromHandlerTimestamp 1750542 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@SleeperThreadEndTimestamp 1750542 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnSystemPowerState 1750932 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@DeviceResumeTime 369 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeCompleteTimestamp 0xE9 0x12 0x0B 0x01 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 5d5e0a21-49de-4c55-b35c-c140ff4 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\WdiContextLog@FileCounter 1 Reg HKLM\SYSTEM\CurrentControlSet\Enum@NextParentID.8f9235.6 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\606dc7f064e0 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\606dc7f064e0@00a09631f60b 0xBC 0xE9 0x2A 0x3E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\606dc7f064e0@00a09614ae0c 0x3E 0x78 0xF1 0xD2 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\606dc7f064e0@bc79ad8d0ee0 0xFC 0x46 0x12 0x62 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings Reg HKLM\SYSTEM\CurrentControlSet\Services\bthserv\Parameters\BluetoothControlPanelTasks@State 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{08318dda-3521-4b19-a5b4-a117f0c234dc}@LastProbeTime 1468847100 Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{c8fdd9cc-07e9-4178-b146-81706bf90f69}@LastProbeTime 1470036003 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{6AB3A369-C58A-4272-8DC6-5F3A0757FBBF}@InterfaceName Reusable ISATAP Interface {6AB3A369-C58A-4272-8DC6-5F3A0757FBBF} Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{6AB3A369-C58A-4272-8DC6-5F3A0757FBBF}@ReusableType 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{6AB3A369-C58A-4272-8DC6-5F3A0757FBBF}@DefunctTimestamp 0x7C 0xE4 0x90 0x57 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{867ACC59-EFC6-4AC7-8CF0-8FE3F56CBE2F}@DefunctTimestamp 0x6F 0xE5 0x9E 0x57 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{C8FD31C5-EB3D-4814-BEA5-9752B52F24A3}@DefunctTimestamp 0x19 0x62 0x9E 0x57 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\14-cc-20-68-64-98@AddressCreationTimestamp 0x07 0x6D 0xAF 0x0D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\14-cc-20-68-64-98@ClientLocalPort 65022 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\14-cc-20-68-64-98@UPnPExternalPort 65022 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\14-cc-20-68-64-98@TeredoAddress 2001:0:9d38:90d7:18c8:201:acfa:21af Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\50-9f-27-7c-6b-e9@ClientLocalPort 63004 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\50-9f-27-7c-6b-e9@AddressCreationTimestamp 0x21 0x00 0xA0 0x0D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\50-9f-27-7c-6b-e9@TeredoAddress 2001:0:9d38:6abd:3c6a:9e3:da07:fdf6 Reg HKLM\SYSTEM\CurrentControlSet\Services\monitor\Parameters\Wdf@TimeOfLastTelemetryLog 0x09 0xEF 0x2E 0xC3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 73129 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 3848 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-In v2.25|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|LPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=p2psvc|Name=@%systemroot%\system32\provsvc.dll,-200|Desc=@%systemroot%\system32\provsvc.dll,-201|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-Out v2.25|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|RPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=p2psvc|Name=@%systemroot%\system32\provsvc.dll,-203|Desc=@%systemroot%\system32\provsvc.dll,-204|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-In v2.25|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|LPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=@%systemroot%\system32\provsvc.dll,-205|Desc=@%systemroot%\system32\provsvc.dll,-206|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-Out v2.25|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|RPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=@%systemroot%\system32\provsvc.dll,-207|Desc=@%systemroot%\system32\provsvc.dll,-208|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202| Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 62 Reg HKLM\SYSTEM\CurrentControlSet\Services\SynTP\Parameters@DetectTimeMS 97 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@DhcpDomain Home Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@DhcpNameServer 192.168.1.1 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3ca50631-f79a-41c4-8481-ca7737d19a19}@LeaseObtainedTime 1470028803 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3ca50631-f79a-41c4-8481-ca7737d19a19}@T1 1470072003 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3ca50631-f79a-41c4-8481-ca7737d19a19}@T2 1470104403 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3ca50631-f79a-41c4-8481-ca7737d19a19}@LeaseTerminatesTime 1470115203 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3ca50631-f79a-41c4-8481-ca7737d19a19}@DhcpConnForceBroadcastFlag 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3ca50631-f79a-41c4-8481-ca7737d19a19}@DhcpNetworkHint 4505D2C494E4B4F5D416C64716 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3ca50631-f79a-41c4-8481-ca7737d19a19}@DhcpDomain Home Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3ca50631-f79a-41c4-8481-ca7737d19a19}\845514755494D25453737363D263245493 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3ca50631-f79a-41c4-8481-ca7737d19a19}\845514755494D25453737363D263245493@EnableDHCP 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3ca50631-f79a-41c4-8481-ca7737d19a19}\845514755494D25453737363D263245493@Domain Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3ca50631-f79a-41c4-8481-ca7737d19a19}\845514755494D25453737363D263245493@NameServer Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3ca50631-f79a-41c4-8481-ca7737d19a19}\845514755494D25453737363D263245493@UseZeroBroadcast 255 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3ca50631-f79a-41c4-8481-ca7737d19a19}\845514755494D25453737363D263245493@DhcpIPAddress 192.168.1.100 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3ca50631-f79a-41c4-8481-ca7737d19a19}\845514755494D25453737363D263245493@DhcpSubnetMask 255.255.255.0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3ca50631-f79a-41c4-8481-ca7737d19a19}\845514755494D25453737363D263245493@DhcpServer 192.168.1.1 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3ca50631-f79a-41c4-8481-ca7737d19a19}\845514755494D25453737363D263245493@Lease 86400 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3ca50631-f79a-41c4-8481-ca7737d19a19}\845514755494D25453737363D263245493@LeaseObtainedTime 1469095609 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3ca50631-f79a-41c4-8481-ca7737d19a19}\845514755494D25453737363D263245493@T1 1469138809 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3ca50631-f79a-41c4-8481-ca7737d19a19}\845514755494D25453737363D263245493@T2 1469171209 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3ca50631-f79a-41c4-8481-ca7737d19a19}\845514755494D25453737363D263245493@LeaseTerminatesTime 1469182009 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3ca50631-f79a-41c4-8481-ca7737d19a19}\845514755494D25453737363D263245493@AddressType 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3ca50631-f79a-41c4-8481-ca7737d19a19}\845514755494D25453737363D263245493@IsServerNapAware 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3ca50631-f79a-41c4-8481-ca7737d19a19}\845514755494D25453737363D263245493@DhcpConnForceBroadcastFlag 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3ca50631-f79a-41c4-8481-ca7737d19a19}\845514755494D25453737363D263245493@DhcpNetworkHint 845514755494D25453737363D263245493 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3ca50631-f79a-41c4-8481-ca7737d19a19}\845514755494D25453737363D263245493@DhcpInterfaceOptions 0xFC 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3ca50631-f79a-41c4-8481-ca7737d19a19}\845514755494D25453737363D263245493@DhcpDomain www.huaweimobilewifi.com Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3ca50631-f79a-41c4-8481-ca7737d19a19}\845514755494D25453737363D263245493@DhcpNameServer 192.168.1.1 192.168.1.1 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3ca50631-f79a-41c4-8481-ca7737d19a19}\845514755494D25453737363D263245493@DhcpDefaultGateway 192.168.1.1? Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3ca50631-f79a-41c4-8481-ca7737d19a19}\845514755494D25453737363D263245493@DhcpSubnetMaskOpt 255.255.255.0? Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3ca50631-f79a-41c4-8481-ca7737d19a19}\845514755494D25453737363D263245493@DhcpGatewayHardware 0xC0 0xA8 0x01 0x01 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3ca50631-f79a-41c4-8481-ca7737d19a19}\845514755494D25453737363D263245493@DhcpGatewayHardwareCount 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{3ca50631-f79a-41c4-8481-ca7737d19a19}@Dhcpv6State 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{3ca50631-f79a-41c4-8481-ca7737d19a19}@DhcpV6NetworkHint 4505D2C494E4B4F5D416C64716 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{3ca50631-f79a-41c4-8481-ca7737d19a19}\4505D2C494E4B4F5D416C64716@Dhcpv6State 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\TPM@OsBootCount 88 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0xFD 0x0B 0xCE 0xF3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0xFD 0x73 0x92 0x55 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0xFD 0xA3 0x09 0x92 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeTickCount 0x58 0xD4 0x24 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0 Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\1@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\1@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@GlobalAssocChangedCounter 1322 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\StagingInfo\Volume{88138238-25d1-11e6-9c03-606dc7f064e0}@DriveNumber 7 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@CloudSettingsDirtyMarks 911 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest 0x5F 0x93 0x9A 0xBC ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Lock Screen\Creative@CreativeId 1469781336`20000000000263470`0`b95fa3b6c7224a65b1f7e9d409b12735`86400`209807`0 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Lock Screen\Creative@CreativeJson {"cdm":{"creativeId":"1469781336`20000000000263470`0`b95fa3b6c7224a65b1f7e9d409b12735`86400`209807`0","placementId":"LockScreenOverlay","impressionToken":"_imp","assetFolderRootPath":"C:\\Users\\Agusia\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\Assets","imagePairIndex":"001","feedbackEvents":{"onHover":"impr|20000000000263470","onPositiveFeedback":"pos|20000000000263470","onNegativeFeedback":"neg|20000000000263470","feedbackProvided":false}},"assets":{"eid":{"t":"txt","tx":"20000000000263470"}},"parameters":{"_id":"20000000000263470","_imp":"post:https://rpt.msn.com/Selector?RPTIMP=&PID=400013921&TID=700009040&CID=20000000000263470&BID=1764296972&PG=PC000P0FR5.0000000IOO&TPID=400013921&REQASID=43DC493D666542FA9834098C4B9FCE54&ASID={ASID}&TIME={DATETIME}&CNIMP=5&CNNA=2&CNMC=20&PG=PC000P0FR5.0000000G8R&UNID=209807&Cats=Productivity&MAP_TID=13caa129-4b99-466d-8d5c-dc71477fe702&NCT=1&PN=da63df93-3dbc-42ae-a505-b34988683ac7&ASID=43dc493d666542fa9834098c4b9fce54& Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search@JumpListChangedAppIds Chrome? ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----