GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-12-02 13:16:45 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000036 ST1000DM003-1ER162 rev.CC43 931,51GB Running: 4okv0vxu.exe; Driver: C:\Users\Camilo\AppData\Local\Temp\pxldqpod.sys ---- User code sections - GMER 2.2 ---- ? C:\Windows\System32\PlayToDevice.dll [3696] entry point in ".data" section 00007ffd3e0122d0 ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!memcpy] [0] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!memcmp] [1000000006] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!??3@YAXPEAX@Z] [55002d006e0065] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!__CxxFrameHandler3] [53] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!??2@YAPEAX_K@Z] [0] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!_onexit] [0] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!memcpy_s] [0] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!_ultow_s] [0] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!memmove_s] [0] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!realloc] [0] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!_wcsnicmp] [0] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!??_U@YAPEAX_K@Z] [0] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!wcschr] [0] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!iswdigit] [0] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!iswalpha] [0] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!towupper] [0] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!__dllonexit] [0] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!_unlock] [0] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!_lock] [0] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!_initterm] [0] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!malloc] [0] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!free] [0] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!_amsg_exit] [0] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!_XcptFilter] [0] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!_purecall] [0] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!_vsnwprintf] [0] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!??_V@YAXPEAX@Z] [0] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[msvcrt.dll!memset] [0] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNELBASE.dll!Sleep] [5f00650075006c] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[USER32.dll!MsgWaitForMultipleObjectsEx] [65006d0061] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[USER32.dll!PeekMessageW] [62006f006c0047] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[USER32.dll!TranslateMessage] [6c006c006f0043] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[USER32.dll!DispatchMessageW] [6f006900740061] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[USER32.dll!PostThreadMessageW] [73006f0048006e] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[SHLWAPI.dll!SHSetThreadRef] [2e00640065] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[SHLWAPI.dll!SHGetThreadRef] [4f000100160054] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[SHLWAPI.dll!SHCreateThreadRef] [69006700690072] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[SHLWAPI.dll!SHStrDupW] [46006c0061006e] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[SHELL32.dll!SHGetKnownFolderPath] [65007200200073] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[ntdll.dll!RtlCaptureContext] [0] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[ntdll.dll!RtlLookupFunctionEntry] [0] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[ntdll.dll!RtlVirtualUnwind] [0] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[ntdll.dll!RtlWaitOnAddress] [0] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[ntdll.dll!RtlWakeAddressAll] [0] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[RPCRT4.dll!NdrStubCall3] [74006e00490001] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[RPCRT4.dll!CStdStubBuffer_Disconnect] [61006e00720065] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[RPCRT4.dll!CStdStubBuffer_IsIIDSupported] [6d0061004e006c] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[RPCRT4.dll!CStdStubBuffer_Invoke] [6c004700000065] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[RPCRT4.dll!CStdStubBuffer_Connect] [6f00430062006f] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[RPCRT4.dll!NdrCStdStubBuffer_Release] [740061006c006c] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[RPCRT4.dll!NdrDllCanUnloadNow] [48006e006f0069] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[RPCRT4.dll!NdrCStdStubBuffer2_Release] [2e00740073006f] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[RPCRT4.dll!RpcServerInqCallAttributesW] [6c006c0064] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[RPCRT4.dll!IUnknown_AddRef_Proxy] [4c0001002e0080] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[RPCRT4.dll!CStdStubBuffer_QueryInterface] [6c006100670065] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[RPCRT4.dll!NdrDllGetClassObject] [790070006f0043] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[RPCRT4.dll!CStdStubBuffer_AddRef] [68006700690072] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[RPCRT4.dll!IUnknown_QueryInterface_Proxy] [2000a900000074] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[RPCRT4.dll!NdrOleFree] [7200630069004d] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[RPCRT4.dll!NdrStubForwardingFunction] [66006f0073006f] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[RPCRT4.dll!NdrOleAllocate] [6f004300200074] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[RPCRT4.dll!CStdStubBuffer_CountRefs] [72006f00700072] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[RPCRT4.dll!IUnknown_Release_Proxy] [6f006900740061] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[RPCRT4.dll!CStdStubBuffer_DebugServerQueryInterface] [410020002e006e] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[RPCRT4.dll!CStdStubBuffer_DebugServerRelease] [720020006c006c] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[ole32.dll!PropVariantClear] [0] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!HeapFree] [0] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!WaitForSingleObject] [1000000000000] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!SetEvent] [8000005000000001] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!GetTickCount] [1000000000000] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!GetProcessHeap] [8000006800000001] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!DuplicateHandle] [0] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!RegCreateKeyExW] [9000000409] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!GetComputerNameW] [0] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!ReleaseMutex] [3b8000470b0] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!CreateMutexExW] [0] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!SetLastError] [490055004d0003] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!LoadLibraryW] [0] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!SetErrorMode] [560000003403b8] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!GetModuleHandleExA] [450056005f0053] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!RegOpenKeyExW] [4f004900530052] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!CheckTokenCapability] [4e0049005f004e] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!GetCurrentThread] [4f0046] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!MultiByteToWideChar] [10000feef04bd] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!ResetEvent] [258046b000060003] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!CreateEventW] [258046b000060003] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!CompareStringOrdinal] [3f] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!RegDeleteValueW] [0] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!RegGetValueW] [31600000000] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!RegCloseKey] [72007400530001] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!RegSetValueExW] [490065006c0069] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!GetTickCount64] [6f0066006e] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!VirtualProtect] [610070006d006f] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!LoadLibraryExA] [61004e0079006e] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!GetSystemInfo] [65006d] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!LocalAlloc] [7200630069004d] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!GetProcAddress] [66006f0073006f] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!RaiseException] [6f004300200074] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!GetModuleHandleW] [72006f00700072] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!VirtualQuery] [12004c0000006e] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [6c006900460001] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!UnhandledExceptionFilter] [73006500440065] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!GetSystemTimeAsFileTime] [70006900720063] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!QueryPerformanceCounter] [6e006f00690074] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!CloseHandle] [6c004700000000] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!TrySubmitThreadpoolCallback] [6f00430062006f] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!OpenSemaphoreW] [740061006c006c] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!CallbackMayRunLong] [740073006f] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!CreateThreadpoolTimer] [460001002a0074] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!CreateEventExW] [560065006c0069] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!CreateSemaphoreW] [2e0033002e0036] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!GetLastError] [3000380031002e] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[KERNEL32.dll!ReleaseSemaphore] [28002000360039] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[WS2_32.dll!InetPtonW] [ae00740066006f] IAT C:\Windows\Explorer.EXE[3696] @ C:\Windows\System32\PlayToDevice.dll[WS2_32.dll!InetNtopW] [6e006900570020] ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\csrss.exe [668:676] fffff9600099f2d0 Thread C:\Windows\system32\svchost.exe [568:4448] 00007ffd37f91050 ---- Services - GMER 2.2 ---- Service C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys (*** hidden *** ) [MANUAL] NTIOLib_1_0_3 <-- ROOTKIT !!! ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control@LastBootShutdown 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0x54 0x87 0x42 0x11 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0xD4 0xE9 0x44 0x11 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime 0xFF 0xD1 0x66 0x34 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0x8B 0x6F 0x64 0x34 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 138 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\NEC66C56X506052NB_29_07D6_EA^9023AAAF658AFF949CFAFCBE6B435CEA@Timestamp 0xE9 0x63 0x7A 0x94 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 764 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 3900121 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -2125033814 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 144 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 490423291 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 7704 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime 7675 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID b49d9faf-d8b8-4378-8ea3-f83136a Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@GlassSessionId 6 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\AITEventLog@FileCounter 3 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\SQMLogger@FileCounter 4 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\acpiex\Parameters\Wdf@TimeOfLastSqmLog 0x38 0x1B 0x06 0x07 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\acpipagr\Parameters\Wdf@TimeOfLastSqmLog 0xB6 0xE3 0x22 0x0F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@BootCounter 15 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14736000371092280@SetupOperations ???)?????)?)?*???????????????????????????|??????????????????????????????????? ???????)???????????)???????? ??? ??????????????????????)??????Commited?????)?)?)?)?)?)?)?)???????????????????????????????????????tO????????)???????????????????????????)???????????s?????)?????*?*?*?+?+???????????????????????????|??????????????????4???????????????? ???????(?????+?????)??????????P?%??????\???????????b??t.???)?)?)?)?)?)?)?)????????????????t????????????o??????il????P??)???f????h\Av??\SystemRoot\system32\drivers\aswSnx.sys?ys?\AV???????)???e?????e\s??aswSnx??\?????0??)???m??pl??FSFilter Virtualization?tu???????)???????????e??FltMgr??og????L??+???o?????nil???+?+?????)??????????????MoveFile("\??\c:\program files\avast software\avast\webrep\ie\templates\safeshop\safeshop.js.147731527229601","\??\c:\program files\avast software\avast\webrep\ie\templates\safeshop\safeshop.js",TRUE)?MoveFile("\??\c:\program files\avast software\avast\webrep\ie\templates\safeshop\safeshop.js.sum.147731527229601","\??\c:\program files\avast soft Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14736000716402280@SetupOperations ???)?????*?*?*?+?+???????????????????????????|??????????????????4???????????????? ???????(?????+?????)??????????P?%??????\???????????b??t.???)?)?)?)?)?)?)?)????????????????t????????????o??????il????P??)???f????h\Av??\SystemRoot\system32\drivers\aswSnx.sys?ys?\AV???????)???e?????e\s??aswSnx??\?????0??)???m??pl??FSFilter Virtualization?tu???????)???????????e??FltMgr??og????L??+???o?????nil???+?+?????)??????????????MoveFile("\??\c:\program files\avast software\avast\webrep\ie\templates\safeshop\safeshop.js.147731527229601","\??\c:\program files\avast software\avast\webrep\ie\templates\safeshop\safeshop.js",TRUE)?MoveFile("\??\c:\program files\avast software\avast\webrep\ie\templates\safeshop\safeshop.js.sum.147731527229601","\??\c:\program files\avast software\avast\webrep\ie\templates\safeshop\safeshop.js.sum",TRUE)?MoveFile("\??\c:\program files\avast software\avast\webrep\ie\templates\show_safeshop_toolbar.js.147731527229601","\??\c:\program files\avast software\avast\webrep\ie\templates\show_safeshop_toolba Reg HKLM\SYSTEM\CurrentControlSet\Services\aswStm\Parameters\Wdf@TimeOfLastSqmLog 0xEB 0xDF 0x61 0x18 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\athrusb\Parameters\Wdf@TimeOfLastSqmLog 0x43 0xBD 0x5F 0x10 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\cdrom\Parameters\Wdf@TimeOfLastSqmLog 0x82 0xA8 0x27 0x0F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\CompositeBus\Parameters\Wdf@TimeOfLastSqmLog 0xC5 0x0B 0x0B 0x0F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{6394324a-7d91-4681-a654-d3e3ae67eb88}@LastProbeTime 1480504339 Reg HKLM\SYSTEM\CurrentControlSet\Services\EhStorClass\Parameters\Wdf@TimeOfLastSqmLog 0xF8 0x8F 0x3A 0x07 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\HDAudBus\Parameters\Wdf@TimeOfLastSqmLog 0x4A 0x92 0xC0 0x0F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\ikbevent\Parameters\Wdf@TimeOfLastSqmLog 0x81 0xEC 0xC8 0x10 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\imsevent\Parameters\Wdf@TimeOfLastSqmLog 0x4A 0x92 0xC0 0x0F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\INETMON\Parameters\Wdf@TimeOfLastSqmLog 0x1A 0xB7 0x2B 0x38 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\intelppm\Parameters\Wdf@TimeOfLastSqmLog 0xB6 0xE3 0x22 0x0F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{397C9D71-8A31-4038-BAF4-20F0B8750D55}@DefunctTimestamp 0x15 0x47 0x41 0x58 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\00-1f-95-bd-67-84@AddressCreationTimestamp 0x93 0xF3 0x50 0x0E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\00-1f-95-bd-67-84@TeredoAddress 2001:0:5ef5:79fd:28dc:78a:acf7:f53c Reg HKLM\SYSTEM\CurrentControlSet\Services\MEIx64\Parameters\Wdf@TimeOfLastSqmLog 0xB9 0xF7 0x16 0x0F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\monitor\Parameters\Wdf@TimeOfLastSqmLog 0xFD 0xF9 0xB4 0x11 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\msisadrv\Parameters\Wdf@TimeOfLastSqmLog 0x64 0x2E 0x19 0x07 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\NdisVirtualBus\Parameters\Wdf@TimeOfLastSqmLog 0xB6 0xE3 0x22 0x0F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\NTIOLib_1_0_3 Reg HKLM\SYSTEM\CurrentControlSet\Services\NTIOLib_1_0_3@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\NTIOLib_1_0_3@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\NTIOLib_1_0_3@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\NTIOLib_1_0_3@ImagePath \??\C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\NTIOLib_1_0_3@DisplayName NTIOLib_1_0_3 Reg HKLM\SYSTEM\CurrentControlSet\Services\NTIOLib_1_0_3@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\NTIOLib_1_0_3 Reg HKLM\SYSTEM\CurrentControlSet\Services\PEAUTH\Parameters\Wdf@TimeOfLastSqmLog 0x5B 0xC7 0xBB 0x21 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ??r?, ?lis ?30 ?16, 11:17:41??????}???????}???????????????}???? Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 35205 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 7426 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-In v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|LPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=p2psvc|Name=@%systemroot%\system32\provsvc.dll,-200|Desc=@%systemroot%\system32\provsvc.dll,-201|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-Out v2.22|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|RPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=p2psvc|Name=@%systemroot%\system32\provsvc.dll,-203|Desc=@%systemroot%\system32\provsvc.dll,-204|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-In v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|LPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=@%systemroot%\system32\provsvc.dll,-205|Desc=@%systemroot%\system32\provsvc.dll,-206|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-Out v2.22|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|RPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=@%systemroot%\system32\provsvc.dll,-207|Desc=@%systemroot%\system32\provsvc.dll,-208|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202| Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 139 Reg HKLM\SYSTEM\CurrentControlSet\Services\UCX01000\Parameters\Wdf@TimeOfLastSqmLog 0x43 0x0D 0xF1 0x0B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\umbus\Parameters\Wdf@TimeOfLastSqmLog 0xC5 0x0B 0x0B 0x0F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\USBHUB3\Parameters\Wdf@TimeOfLastSqmLog 0x76 0xAB 0xD0 0x0F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\USBXHCI\Parameters\Wdf@TimeOfLastSqmLog 0x28 0x5A 0x19 0x0F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrvroot\Parameters\Wdf@TimeOfLastSqmLog 0x2D 0xDF 0x29 0x07 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband@FavoritesChanges 2904 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@CloudSettingsDirtyMarks 2 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@CloudUsertileDirtyMarks 2 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@WindowsBandwidthBucketCounter 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@WindowsRequestBucketCounter 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime 0xAC 0x58 0xFF 0xB1 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime 0xAC 0x58 0xFF 0xB1 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime 0xAC 0x58 0xFF 0xB1 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@GlobalBandwidthBucketCounter 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime 0xAC 0x58 0xFF 0xB1 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@RoamingSyncToken LM%3d63616187330590%3bID%3d33EB613F52EAB8D4!107%3bLR%3d63616211426543%3bEP%3d13%3bSI%3d78%3bTD%3dTrue%3bSO%3d0%3bPI%3d49 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastUploadTime 0xAF 0xCA 0x74 0x48 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest 0x9E 0x53 0xD0 0x64 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData@PendingOperations 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Store@LastTileRefresh 0x75 0xF6 0xF8 0x06 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Store\RefreshBannedAppList@BannedAppsLastModified 0x00 0x69 0x30 0x6B ... Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.9.9600.18340_96841cccd03dd56cfef19d62c741d999fd6cd61a_00000000_080a8ab9 ---- Files - GMER 2.2 ---- File C:\Users\Camilo\AppData\Local\Microsoft\Windows\Notifications\cf6358eb91e811e48253448a5ba2af28\AAkWE6e[2].jpg 2038 bytes ---- EOF - GMER 2.2 ----