GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-09-23 17:26:55 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002e HGST_HTS545050A7E380 rev.GG2OACA0 465,76GB Running: gmer.exe; Driver: C:\Users\HP\AppData\Local\Temp\kgldrpow.sys ---- User code sections - GMER 2.2 ---- ? C:\WINDOWS\SYSTEM32\NTASN1.dll [13048] entry point in ".rdata" section 000000007102a020 ? C:\WINDOWS\system32\ncryptsslp.dll [13048] entry point in ".rdata" section 000000006d9404f0 ? C:\WINDOWS\system32\apphelp.dll [10964] entry point in ".rdata" section 000000006a40f7c0 ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\svchost.exe [928:92] 00007fff88d3faa0 Thread C:\WINDOWS\system32\svchost.exe [928:80] 00007fff88d3ee70 Thread C:\WINDOWS\system32\svchost.exe [928:344] 00007fff88bf89f0 Thread C:\WINDOWS\System32\svchost.exe [652:9232] 00007fff7caac820 Thread C:\WINDOWS\System32\svchost.exe [652:5832] 00007fff7caac820 Thread C:\WINDOWS\System32\svchost.exe [652:9220] 00007fff7caac820 Thread C:\WINDOWS\System32\svchost.exe [652:7532] 00007fff746b5b60 Thread C:\WINDOWS\system32\svchost.exe [612:1252] 00007fff875aa770 Thread C:\WINDOWS\system32\svchost.exe [612:3560] 00007fff7a699620 Thread C:\WINDOWS\system32\svchost.exe [612:3848] 00007fff7a692680 Thread C:\WINDOWS\system32\svchost.exe [612:4796] 00007fff73869040 Thread C:\WINDOWS\system32\svchost.exe [612:280] 00007fff81e399e0 Thread C:\WINDOWS\system32\svchost.exe [612:3292] 00007fff86e62cf0 Thread C:\WINDOWS\system32\svchost.exe [612:4956] 00007fff84ce1670 Thread C:\WINDOWS\system32\svchost.exe [612:6972] 00007fff7efb5bc0 Thread C:\WINDOWS\system32\svchost.exe [1164:13488] 00007fff85642a20 Thread C:\WINDOWS\system32\svchost.exe [1164:13480] 00007fff85642610 Thread C:\WINDOWS\system32\svchost.exe [1188:3268] 00007fff7b9c1a50 Thread C:\WINDOWS\system32\svchost.exe [1188:2672] 00007fff7a671040 Thread C:\WINDOWS\system32\svchost.exe [1188:1524] 00007fff7b2248e0 Thread C:\WINDOWS\system32\svchost.exe [1188:3432] 00007fff7b2248e0 Thread C:\WINDOWS\system32\svchost.exe [1188:180] 00007fff7f180ed0 Thread C:\WINDOWS\system32\svchost.exe [1188:9344] 00007fff7f174fc0 Thread C:\WINDOWS\system32\svchost.exe [1188:6136] 00007fff70ad6380 Thread C:\WINDOWS\system32\svchost.exe [1188:6916] 00007fff7eab78e0 Thread C:\WINDOWS\system32\svchost.exe [1188:5872] 00007fff70b0c8c0 Thread C:\WINDOWS\system32\svchost.exe [1188:6424] 00007fff70b10bf0 Thread C:\WINDOWS\system32\svchost.exe [1188:9560] 00007fff7f217ac0 Thread C:\WINDOWS\system32\svchost.exe [1188:760] 00007fff7f217ac0 Thread C:\WINDOWS\System32\svchost.exe [1280:1684] 00007fff84e4c030 Thread C:\WINDOWS\System32\svchost.exe [1280:1716] 00007fff84e47000 Thread C:\WINDOWS\System32\svchost.exe [1280:1720] 00007fff84e48370 Thread C:\WINDOWS\System32\svchost.exe [1280:1724] 00007fff84e4ad30 Thread C:\WINDOWS\System32\svchost.exe [1280:2364] 00007fff7f7687e0 Thread C:\WINDOWS\System32\svchost.exe [1280:3480] 00007fff86f330f0 Thread C:\WINDOWS\System32\svchost.exe [1280:12152] 00007fff7caac820 Thread C:\WINDOWS\System32\svchost.exe [1280:11572] 00007fff7caac820 Thread C:\WINDOWS\System32\svchost.exe [1280:7840] 00007fff84e4c830 Thread C:\WINDOWS\System32\svchost.exe [1280:5908] 00007fff84e47d50 Thread C:\WINDOWS\System32\svchost.exe [1280:9880] 00007fff7f6b2400 Thread C:\WINDOWS\system32\svchost.exe [1448:2656] 00007fff7f41af40 Thread C:\WINDOWS\system32\svchost.exe [1448:2676] 00007fff7f41ca00 Thread C:\WINDOWS\system32\svchost.exe [1448:288] 00007fff7c691240 Thread C:\WINDOWS\system32\svchost.exe [1448:2236] 00007fff7bc3a3b0 Thread C:\WINDOWS\system32\svchost.exe [1448:3092] 00007fff7bbe25e0 Thread C:\WINDOWS\system32\svchost.exe [1448:560] 00007fff729a3bc0 Thread C:\WINDOWS\system32\svchost.exe [1448:7380] 00007fff729a2080 Thread C:\WINDOWS\system32\svchost.exe [1672:1772] 00007fff84c0e830 Thread C:\WINDOWS\system32\svchost.exe [1672:1812] 00007fff84b710a0 Thread C:\WINDOWS\system32\svchost.exe [1672:1268] 00007fff86e62cf0 Thread C:\WINDOWS\system32\svchost.exe [1672:1876] 00007fff81ce5bc0 Thread C:\WINDOWS\system32\svchost.exe [1672:1884] 00007fff81ce9b10 Thread C:\WINDOWS\system32\svchost.exe [1672:1856] 00007fff86e62cf0 Thread C:\WINDOWS\system32\svchost.exe [1828:1292] 00007fff8db8b310 Thread C:\WINDOWS\system32\svchost.exe [1828:1372] 00007fff81ea44b0 Thread C:\WINDOWS\system32\svchost.exe [1828:1744] 00007fff89706750 Thread [1868:1348] 0000000073561410 Thread [1868:1444] 00000000773a6020 Thread [1868:1604] 000000007444d5b0 Thread [1868:1644] 00000000745d7ea0 Thread [1868:2248] 000000007444d5b0 Thread [1868:2460] 000000007444d5b0 Thread [1868:3576] 000000007444d5b0 Thread [1868:3580] 000000007444d5b0 Thread [1868:3584] 000000007444d5b0 Thread [1868:3588] 000000006c550b70 Thread [1868:3592] 0000000072dc5d70 Thread [1868:3596] 0000000072dc5d70 Thread [1868:3600] 0000000072dc5d70 Thread [1868:3612] 0000000072dc5d70 Thread [1868:3616] 0000000072dc5d70 Thread [1868:3620] 0000000072dc5d70 Thread [1868:3624] 0000000072dc5d70 Thread [1868:3628] 0000000072dc5d70 Thread [1868:3632] 0000000072dc5d70 Thread [1868:3636] 0000000072dc5d70 Thread [1868:3640] 0000000072dc7070 Thread [1868:3644] 0000000072dc7070 Thread [1868:3648] 0000000072dc62a0 Thread [1868:3652] 0000000072e4c1d0 Thread [1868:3656] 0000000072e4adb0 Thread [1868:3660] 0000000072e4b1d0 Thread [1868:3664] 0000000072dc9560 Thread [1868:3668] 0000000072dc9560 Thread [1868:3672] 0000000072dc9560 Thread [1868:3676] 0000000072dc9560 Thread [1868:3680] 0000000072dc9560 Thread [1868:3684] 0000000072dc9560 Thread [1868:3688] 0000000072dc9560 Thread [1868:3692] 0000000072dc9560 Thread [1868:3696] 0000000072dc9560 Thread [1868:3700] 0000000072dc9560 Thread [1868:3704] 0000000072dc9230 Thread [1868:3736] 000000006b201330 Thread [1868:3744] 000000006b1c20c0 Thread [1868:3748] 000000007444d5b0 Thread [1868:3752] 000000006b1c78d0 Thread [1868:3756] 000000006b1c78d0 Thread [1868:3764] 000000007444d5b0 Thread [1868:3768] 0000000072df6b70 Thread [1868:3772] 0000000072dc8bc0 Thread [1868:3884] 000000007444d5b0 Thread [1868:3888] 000000007444d5b0 Thread [1868:3900] 0000000072d49b70 Thread [1868:3904] 000000006b2019c0 Thread [1868:3908] 000000007444d5b0 Thread [1868:3932] 000000007444d5b0 Thread [1868:3936] 000000007318aeb0 Thread [1868:3940] 000000007318e580 Thread [1868:3964] 000000006a7ea0e0 Thread [1868:4024] 000000007444d5b0 Thread [1868:4064] 000000007444d5b0 Thread [1868:1380] 000000007444d5b0 Thread [1868:2144] 000000006a648000 Thread [1868:3036] 000000006a648000 Thread [1868:2768] 000000006a648000 Thread [1868:2792] 000000006a648000 Thread [1868:844] 000000006a648000 Thread [1868:992] 000000006a648000 Thread [1868:3952] 000000007444d5b0 Thread [1868:4048] 000000007444d5b0 Thread [1868:4348] 000000007444d5b0 Thread [1868:4360] 000000007444d5b0 Thread [1868:4364] 000000007444d5b0 Thread [1868:4368] 000000007444d5b0 Thread [1868:4372] 000000007444d5b0 Thread [1868:4384] 000000007444d5b0 Thread [1868:4388] 000000007444d5b0 Thread [1868:4400] 000000007444d5b0 Thread [1868:10348] 0000000076bf57b0 Thread [1868:5540] 00000000773a6020 Thread [1868:5604] 00000000773a6020 Thread [1868:7960] 00000000773a6020 Thread [1868:14140] 000000007444d5b0 Thread [1868:4968] 000000006fafed50 Thread [1868:9556] 00000000773a6020 Thread [1868:2268] 00000000773a6020 Thread [1868:7540] 000000006c550a20 Thread [1868:6412] 000000006c550a20 Thread [1868:5224] 00000000773a6020 Thread [1868:12784] 00000000773a6020 Thread [1868:5048] 00000000773a6020 Thread [1868:8296] 00000000773a6020 Thread [1868:11516] 0000000072308420 Thread [1868:8836] 000000006a7f9a20 Thread [1868:2544] 000000007444d5b0 Thread [1868:12176] 000000007444d5b0 Thread [1868:2864] 000000007444d5b0 Thread [1868:14276] 00000000747a2600 Thread C:\WINDOWS\system32\svchost.exe [2240:3104] 00007fff7efb5bc0 Thread C:\WINDOWS\system32\svchost.exe [2240:3108] 00007fff7efc7d70 Thread C:\WINDOWS\system32\svchost.exe [2240:3464] 00007fff7b13b180 Thread C:\WINDOWS\system32\svchost.exe [2240:3468] 00007fff7b13f5f0 Thread C:\WINDOWS\system32\svchost.exe [2240:14224] 00007fff6dfbe0b0 Thread C:\WINDOWS\system32\svchost.exe [2240:13564] 00007fff6dfbe0b0 Thread [4588:4608] 00007fff8b9a3db0 Thread [4588:812] 00007fff8e162800 Thread C:\WINDOWS\system32\csrss.exe [7876:8732] ffff9650e6236c20 Thread [14112:9604] 000000007c3493a3 Thread [14112:10808] 00000000745d7ea0 Thread [14112:11064] 000000007c3493a3 Thread [14112:852] 0000000071ea25a0 Thread [14112:13936] 000000007c3493a3 Thread [14112:5424] 00000000701ca2e0 Thread [14112:1768] 0000000010058f60 Thread [14112:13548] 00000000100018e0 Thread [14112:11936] 0000000002ff8070 Thread [14112:13328] 000000007c3494f6 Thread [14112:12372] 000000007c3493a3 Thread [14112:5652] 000000007c3493a3 Thread [14112:10256] 000000007c3493a3 Thread C:\WINDOWS\system32\svchost.exe [10836:10928] 00007fff7caac820 Thread C:\WINDOWS\system32\svchost.exe [10836:8248] 00007fff7caac820 Thread [5192:6796] 00007fff7f3a0610 Thread [5192:4164] 00007fff8e162800 Thread [5192:1776] 00007fff8e162800 Thread [5192:2296] 00007fff8e162800 Thread [5192:2828] 00007fff8e162800 Thread [5192:2228] 00007fff8e162800 Thread [5192:5840] 00007fff8dcb58f0 Thread [5192:13628] 00007fff8e162800 Thread [5192:8468] 00007fff8e162800 Thread [5192:8164] 00007fff8e162800 Thread C:\WINDOWS\Explorer.EXE [12952:3196] 00007fff732b63b0 Thread C:\WINDOWS\Explorer.EXE [12952:10340] 00007fff835d9f20 Thread C:\WINDOWS\Explorer.EXE [12952:10760] 00007fff835d9f20 Thread C:\WINDOWS\Explorer.EXE [12952:14324] 00007fff732b63b0 Thread C:\WINDOWS\Explorer.EXE [12952:14252] 00007fff89c0faa0 Thread C:\WINDOWS\Explorer.EXE [12952:5576] 00000000615101d0 Thread C:\WINDOWS\Explorer.EXE [12952:8320] 00007fff7ae05110 Thread C:\WINDOWS\Explorer.EXE [12952:772] 00007fff86e62cf0 Thread C:\WINDOWS\Explorer.EXE [12952:11776] 000000005c158e00 Thread C:\WINDOWS\Explorer.EXE [12952:11404] 00007fff86881ba0 Thread C:\WINDOWS\Explorer.EXE [12952:13252] 00007fff732b63b0 Thread C:\WINDOWS\Explorer.EXE [12952:7452] 00007fff86e62cf0 Thread C:\WINDOWS\Explorer.EXE [12952:6156] 00007fff8613bb70 Thread C:\WINDOWS\Explorer.EXE [12952:780] 00007fff86e62cf0 Thread C:\WINDOWS\Explorer.EXE [12952:5700] 00007fff86e62cf0 Thread C:\WINDOWS\Explorer.EXE [12952:13392] 00007fff66f5ffd0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [11048:7980] 00007fff8dcb58f0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [11048:8216] 00007fff8a6759c0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [11048:13668] 00007fff6f2c2bc0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [11048:13804] 00007fff82d048e0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [11048:4100] 00007fff8a6770d0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [11048:11380] 00007fff88fd11a0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [11048:9368] 00007fff8a6759c0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [11048:9296] 00007fff6f2c2bc0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [11048:6212] 00007fff8a6759c0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [11048:9372] 00007fff6f2c2bc0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [11048:7164] 00007fff8dcb58f0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [11048:11248] 00007fff74881040 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [11048:8784] 00007fff717797b0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [11048:7208] 00007fff8649e010 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [11048:804] 00007fff8dcb58f0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [11048:11708] 00007fff8dcb58f0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [11048:5744] 00007fff74881040 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [11048:8160] 00007fff8649e010 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [11048:8168] 00007fff6f148600 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [11048:14216] 00007fff6f148600 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [11048:8848] 00007fff6f148600 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [11048:11448] 00007fff6f148600 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [11048:13552] 00007fff8b11a1e0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [11048:9008] 00007fff74881040 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [11048:13756] 00007fff6f188ff0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [11048:3916] 00007fff6f188ff0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [11048:7816] 00007fff6f188ff0 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [10988:4696] 00007fff8dcb58f0 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [10988:12820] 00007fff8a6759c0 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [10988:7312] 00007fff6f2c2bc0 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [10988:5412] 00007fff82d048e0 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [10988:6204] 00007fff8a6770d0 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [10988:5404] 00007fff8649e010 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [10988:8580] 00007fff88fd11a0 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [10988:12228] 00007fff8dcb58f0 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [10988:4916] 00007fff8db8b310 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [10988:9436] 00007fff8db8b310 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [10988:11520] 00007fff8db8b310 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [10988:4200] 00007fff69230830 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [10988:5792] 00007fff692aabe0 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [10988:12004] 00007fff69268100 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [10988:9500] 00007fff692aabe0 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [10988:976] 00007fff8db8b310 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [10988:10012] 00007fff8db8b310 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [10988:7204] 00007fff8db8b310 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [10988:1236] 00007fff692b28d0 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [10988:8268] 00007fff8adf25b0 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [10988:13476] 00007fff8db8b310 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [10988:11240] 00007fff8db8b310 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [10988:7984] 00007fff6f188ff0 Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7167.40817.0_x64__8wekyb3d8bbwe\HxMail.exe [9996:6332] 00007fff8dcb58f0 Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7167.40817.0_x64__8wekyb3d8bbwe\HxMail.exe [9996:1076] 00007fff8a6759c0 Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7167.40817.0_x64__8wekyb3d8bbwe\HxMail.exe [9996:4616] 00007fff6f2c2bc0 Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7167.40817.0_x64__8wekyb3d8bbwe\HxMail.exe [9996:14008] 00007fff82d048e0 Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7167.40817.0_x64__8wekyb3d8bbwe\HxMail.exe [9996:5256] 00007fff8a6770d0 Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7167.40817.0_x64__8wekyb3d8bbwe\HxMail.exe [9996:4904] 00007fff8649e010 Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7167.40817.0_x64__8wekyb3d8bbwe\HxMail.exe [9996:5508] 00007fff8dcb58f0 Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7167.40817.0_x64__8wekyb3d8bbwe\HxMail.exe [9996:10132] 00007fff88fd11a0 Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7167.40817.0_x64__8wekyb3d8bbwe\HxMail.exe [9996:7304] 00007fff6f148600 Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7167.40817.0_x64__8wekyb3d8bbwe\HxMail.exe [9996:11236] 00007fff6f148600 Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7167.40817.0_x64__8wekyb3d8bbwe\HxMail.exe [9996:11052] 00007fff6f148600 Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7167.40817.0_x64__8wekyb3d8bbwe\HxMail.exe [9996:876] 00007fff6f148600 Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7167.40817.0_x64__8wekyb3d8bbwe\HxMail.exe [9996:10116] 00007fff8adf25b0 Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7167.40817.0_x64__8wekyb3d8bbwe\HxMail.exe [9996:9992] 00007fff835d9f20 Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7167.40817.0_x64__8wekyb3d8bbwe\HxMail.exe [9996:1968] 00007fff835d9f20 Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7167.40817.0_x64__8wekyb3d8bbwe\HxMail.exe [9996:10204] 00007fff6f188ff0 Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7167.40817.0_x64__8wekyb3d8bbwe\HxTsr.exe [12384:8172] 00007fff8dcb58f0 Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7167.40817.0_x64__8wekyb3d8bbwe\HxTsr.exe [12384:10104] 00007fff82d048e0 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [11540:7996] 00007fff8dcb58f0 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [11540:10140] 00007fff8a6759c0 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [11540:7084] 00007fff6f2c2bc0 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [11540:7680] 00007fff8a6770d0 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [11540:11820] 00007fff88682880 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [11540:13204] 00007fff8a6759c0 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [11540:6340] 00007fff86e62cf0 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [11540:12260] 00007fff8613bb70 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [11540:8016] 00007fff86e62cf0 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [11540:12676] 00007fff86e62cf0 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [11540:13604] 00007fff8dcb58f0 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [11540:12016] 00007fff8dcb58f0 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [11540:11600] 00007fff8dcb58f0 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [11540:10052] 00007fff8dcb58f0 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [11540:10624] 00007fff88fd11a0 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [11540:11996] 00007fff8649e010 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [11540:11744] 00007fff6f188ff0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 1979156853 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14700573019842276@SetupOperations ???)?????)?)?*?*?????????????????????????????P??????????????????????????????????? ???????)???????????)???????? ??????????????????????????)??????Commited?????)?)?*?*?*?*?*?*???????????????????t?(?????????????*?????)??????????????MoveFile("\??\C:\Program Files\AVAST Software\Avast\HTM248A.tmp","\??\C:\Program Files\AVAST Software\Avast\HTMLayout.dll",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\avB2539.tmp","\??\C:\Program Files\AVAST Software\Avast\avBugReport.exe",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\AvD2599.tmp","\??\C:\Program Files\AVAST Software\Avast\AvDump32.exe",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\x64\AvD25CA.tmp","\??\C:\Program Files\AVAST Software\Avast\x64\AvDump64.exe",TRUE)?DeleteFile("\??\C:\Program Files\AVAST Software\Avast\setup\CRT\avast.vc110.crt\amd64")?DeleteFile("\??\C:\Program Files\AVAST Software\Avast\setup\CRT\avast.vc110.crt\x86")?DeleteFile("\??\C:\Program Files\AVAST Software\Avast\setup\CRT\avast.vc140.crt\amd64")?DeleteFil Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14700573798122276@SetupOperations ???*?????)??????????????MoveFile("\??\C:\Program Files\AVAST Software\Avast\HTM248A.tmp","\??\C:\Program Files\AVAST Software\Avast\HTMLayout.dll",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\avB2539.tmp","\??\C:\Program Files\AVAST Software\Avast\avBugReport.exe",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\AvD2599.tmp","\??\C:\Program Files\AVAST Software\Avast\AvDump32.exe",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\x64\AvD25CA.tmp","\??\C:\Program Files\AVAST Software\Avast\x64\AvDump64.exe",TRUE)?DeleteFile("\??\C:\Program Files\AVAST Software\Avast\setup\CRT\avast.vc110.crt\amd64")?DeleteFile("\??\C:\Program Files\AVAST Software\Avast\setup\CRT\avast.vc110.crt\x86")?DeleteFile("\??\C:\Program Files\AVAST Software\Avast\setup\CRT\avast.vc140.crt\amd64")?DeleteFile("\??\C:\Program Files\AVAST Software\Avast\setup\CRT\avast.vc140.crt\x86")?DeleteFile("\??\C:\Program Files\AVAST Software\Avast\setup\CRT\avast.vc140.mfc\x86")?DeleteFile("\??\C:\Program Files\AVAST So Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\485ab667dfee Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0xCA 0x28 0xED 0xCD ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0xCA 0x90 0xB1 0x2F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0xCA 0xC0 0x28 0x6C ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----