GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-12-29 09:36:04 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002f HGST_HTS545050A7E680 rev.GG2OAF10 465,76GB Running: gmer.exe; Driver: C:\Users\Bob\AppData\Local\Temp\fxldrpog.sys ---- Threads - GMER 2.2 ---- Thread C:\Windows\System32\RuntimeBroker.exe [4560:8136] 00007ffe380420e0 Thread C:\Windows\System32\RuntimeBroker.exe [4560:3844] 00007ffe380420e0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:9364] 00007ffe43045f10 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:804] 00007ffe406459c0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:11392] 00007ffe2d2c3990 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:13280] 00007ffe394048e0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:9640] 00007ffe406459c0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:6188] 00007ffe2d2c3990 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:12040] 00007ffe406459c0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:12176] 00007ffe2d2c3990 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:5056] 00007ffe43045f10 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:5932] 00007ffe3a5ce010 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:5800] 00007ffe3a5ce010 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:1524] 00007ffe2d149310 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:9580] 00007ffe2d149310 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:12780] 00007ffe2d149310 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:9072] 00007ffe2d149310 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:8040] 00007ffe406459c0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:7976] 00007ffe2d2c3990 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:4976] 00007ffe3a5ce010 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:9240] 00007ffe406459c0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:7360] 00007ffe3a5ce010 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:11644] 00007ffe406459c0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:12712] 00007ffe3a5ce010 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:4124] 00007ffe3d9a30f0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:7716] 00007ffe406459c0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:7564] 00007ffe3a5ce010 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:9960] 00007ffe406459c0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:12204] 00007ffe3a5ce010 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:3976] 00007ffe406459c0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:11948] 00007ffe3a5ce010 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:7592] 00007ffe406459c0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:8828] 00007ffe3a5ce010 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:8448] 00007ffe406459c0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:1160] 00007ffe3a5ce010 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:11364] 00007ffe406459c0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:3696] 00007ffe3a5ce010 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:8456] 00007ffe406459c0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:7472] 00007ffe3a5ce010 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:11952] 00007ffe406459c0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:11736] 00007ffe3a5ce010 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:7124] 00007ffe406459c0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:13284] 00007ffe3a5ce010 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:13240] 00007ffe406470d0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:11320] 00007ffe26619780 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:3444] 00007ffe369acaf0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:11004] 00007ffe43045f10 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:7552] 00007ffe369acaf0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:12524] 00007ffe406459c0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:4964] 00007ffe2d2c3990 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:8432] 00007ffe3a5ce010 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:5528] 00007ffe3f94a200 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:11220] 00007ffe369acaf0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:7296] 00007ffe2d189de0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:11828] 00007ffe2d189de0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:10392] 00007ffe2d189de0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:8920] 00007ffe2d189de0 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [7872:5000] 00007ffe2d189de0 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [8364:9088] 00007ffe43045f10 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [8364:5616] 00007ffe406459c0 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [8364:9980] 00007ffe2d2c3990 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [8364:6052] 00007ffe406470d0 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [8364:7184] 00007ffe3d652880 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [8364:8924] 00007ffe406459c0 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [8364:8356] 00007ffe3c0c2cf0 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [8364:11176] 00007ffe3850bb70 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [8364:5564] 00007ffe3c0c2cf0 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [8364:7816] 00007ffe3c0c2cf0 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [8364:7048] 00007ffe43045f10 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [8364:8256] 00007ffe43045f10 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [8364:216] 00007ffe43045f10 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [8364:6172] 00007ffe3e0f11a0 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [8364:10916] 00007ffe3a5ce010 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [8364:8124] 00007ffe2d189de0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 300375814 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 1202 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x88 0xAE 0x17 0x6A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x88 0x16 0xDC 0xCB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x88 0x46 0x53 0x08 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\2@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\2@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\3@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\3@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\4@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\4@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\5@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\5@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\6@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\6@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA58ED58-01DD-4D91-8333-CF10577473F7}\iexplore@Count 1091 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search@JumpListChangedAppIds Chrome.UserData.Profile1? Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@Chrome.UserData.Profile1 0x69 0xBD 0xA2 0x5C ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{BD003342-EAB4-4E7B-94D9-C461DC819F03}@LastAccessedTime 0x40 0x39 0x16 0x23 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{BD003342-EAB4-4E7B-94D9-C461DC819F03}@LaunchCount 6 ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----