GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-10-19 13:30:19 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000032 ST1000LM024_HN-M101MBB rev.2BA30001 931,51GB Running: m2ghim6f.exe; Driver: C:\Users\Catilina\AppData\Local\Temp\axliqpow.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\svchost.exe [940:388] 00007ffeefa3faa0 Thread C:\WINDOWS\system32\svchost.exe [940:392] 00007ffeefa3ee70 Thread C:\WINDOWS\system32\svchost.exe [940:668] 00007ffeef8289f0 Thread C:\WINDOWS\system32\svchost.exe [632:2508] 00007ffee42d1040 Thread C:\WINDOWS\system32\svchost.exe [632:2516] 00007ffee47548e0 Thread C:\WINDOWS\system32\svchost.exe [632:2512] 00007ffee47548e0 Thread C:\WINDOWS\system32\svchost.exe [632:2536] 00007ffee4241930 Thread C:\WINDOWS\system32\svchost.exe [632:2296] 00007ffee37041f0 Thread C:\WINDOWS\system32\svchost.exe [632:3432] 00007ffee13739b0 Thread C:\WINDOWS\system32\svchost.exe [632:3496] 00007ffedec61a50 Thread C:\WINDOWS\system32\svchost.exe [632:4208] 00007ffee37041f0 Thread C:\WINDOWS\system32\svchost.exe [632:5196] 00007ffeec8730f0 Thread C:\WINDOWS\system32\svchost.exe [632:10088] 00007ffeec632cf0 Thread C:\WINDOWS\system32\svchost.exe [924:1736] 00007ffeeb524310 Thread C:\WINDOWS\system32\svchost.exe [924:3000] 00007ffee3672af0 Thread C:\WINDOWS\system32\svchost.exe [924:3004] 00007ffee3672a40 Thread C:\WINDOWS\system32\svchost.exe [924:4228] 00007ffee366fdf0 Thread C:\WINDOWS\system32\svchost.exe [924:5812] 00007ffee3665c80 Thread C:\WINDOWS\system32\svchost.exe [924:9704] 00007ffee154c820 Thread C:\WINDOWS\system32\svchost.exe [924:8940] 00007ffee154c820 Thread C:\WINDOWS\system32\svchost.exe [924:8304] 00007ffee154c820 Thread C:\WINDOWS\system32\svchost.exe [1052:5400] 00007ffed5209620 Thread C:\WINDOWS\system32\svchost.exe [1052:5408] 00007ffed5202680 Thread C:\WINDOWS\system32\svchost.exe [1052:7940] 00007ffee4901670 Thread C:\WINDOWS\system32\svchost.exe [1376:2116] 00007ffee59e99e0 Thread C:\WINDOWS\system32\svchost.exe [1376:2124] 00007ffeec632cf0 Thread C:\WINDOWS\system32\svchost.exe [1420:1468] 00007ffeee7d04c0 Thread C:\WINDOWS\system32\svchost.exe [1420:2680] 00007ffef0396750 Thread C:\WINDOWS\system32\svchost.exe [1420:2708] 00007ffef0396750 Thread C:\WINDOWS\system32\svchost.exe [1420:2812] 00007ffef3813db0 Thread C:\WINDOWS\system32\svchost.exe [1420:2844] 00007ffee3a2af40 Thread C:\WINDOWS\system32\svchost.exe [1420:2848] 00007ffee3a2ca00 Thread C:\WINDOWS\system32\svchost.exe [1420:2852] 00007ffef0396750 Thread C:\WINDOWS\system32\svchost.exe [1420:2216] 00007ffee3c1c5a0 Thread C:\WINDOWS\system32\svchost.exe [1420:2288] 00007ffee3f46cf0 Thread C:\WINDOWS\system32\svchost.exe [1420:3196] 00007ffee3c1eab0 Thread C:\WINDOWS\system32\svchost.exe [1420:3200] 00007ffee3c1d2d0 Thread C:\WINDOWS\system32\svchost.exe [1420:3204] 00007ffee3c1e100 Thread C:\WINDOWS\system32\svchost.exe [1420:3376] 00007ffee03c1240 Thread C:\WINDOWS\system32\svchost.exe [1420:3380] 00007ffee053a3b0 Thread C:\WINDOWS\system32\svchost.exe [1420:3416] 00007ffedecd25e0 Thread C:\WINDOWS\system32\svchost.exe [1420:2464] 00007ffeece63bc0 Thread C:\WINDOWS\system32\svchost.exe [1420:5176] 00007ffeece62080 Thread C:\WINDOWS\System32\svchost.exe [1512:2692] 00007ffee3dc87e0 Thread C:\WINDOWS\System32\svchost.exe [1512:4640] 00007ffee154c820 Thread C:\WINDOWS\System32\svchost.exe [1512:4868] 00007ffee154c820 Thread C:\WINDOWS\system32\svchost.exe [1884:1940] 00007ffee880e830 Thread C:\WINDOWS\system32\svchost.exe [1884:1980] 00007ffee86410a0 Thread C:\WINDOWS\system32\svchost.exe [1884:2132] 00007ffeec632cf0 Thread C:\WINDOWS\system32\svchost.exe [1884:2300] 00007ffee5225bc0 Thread C:\WINDOWS\system32\svchost.exe [1884:2308] 00007ffee5229b10 Thread C:\WINDOWS\system32\svchost.exe [1884:2312] 00007ffeec632cf0 Thread C:\WINDOWS\system32\svchost.exe [1988:296] 00007ffef3e2b310 Thread C:\WINDOWS\system32\svchost.exe [1988:2080] 00007ffee5a044b0 Thread C:\WINDOWS\system32\svchost.exe [1988:2188] 00007ffef0396750 Thread C:\WINDOWS\System32\spoolsv.exe [2552:116] 00007ffed92c5bc0 Thread C:\WINDOWS\System32\spoolsv.exe [2552:4100] 00007ffed91a2740 Thread C:\WINDOWS\System32\spoolsv.exe [2552:4108] 00007ffeecdc1180 Thread C:\WINDOWS\System32\spoolsv.exe [2552:4112] 00007ffeecee8e40 Thread C:\WINDOWS\System32\spoolsv.exe [2552:4564] 00007ffeecf74490 Thread C:\WINDOWS\System32\spoolsv.exe [2552:5012] 0000000000402264 Thread C:\WINDOWS\System32\spoolsv.exe [2552:5052] 00007ffeecd492d0 Thread C:\WINDOWS\system32\svchost.exe [4196:4372] 00007ffef126ca70 Thread C:\WINDOWS\system32\svchost.exe [4196:4952] 00007ffef126ca70 Thread C:\WINDOWS\system32\svchost.exe [4196:5108] 00007ffef126ca70 Thread C:\WINDOWS\system32\svchost.exe [4196:3460] 00007ffef126ca70 Thread C:\WINDOWS\system32\svchost.exe [4196:9072] 00007ffee154c820 Thread C:\WINDOWS\system32\svchost.exe [4196:9076] 00007ffee154c820 Thread C:\WINDOWS\Explorer.EXE [4332:9788] 00007ffee6e120e0 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6016:5244] 00007ffef39258f0 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6016:5240] 00007ffef13d59c0 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6016:5236] 00007ffed0e72bc0 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6016:1692] 00007ffeec5548e0 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6016:1764] 00007ffef13d59c0 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6016:1756] 00007ffed0e72bc0 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6016:3328] 00007ffef39258f0 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6016:1876] 00007ffee498e010 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6016:5448] 00007ffed0cf8600 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6016:1780] 00007ffed0cf8600 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6016:1660] 00007ffed0cf8600 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6016:5708] 00007ffed0cf8600 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6016:2900] 00007ffef13d59c0 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6016:2896] 00007ffed0e72bc0 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6016:3056] 00007ffee498e010 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6016:8744] 00007ffef13d59c0 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6016:9336] 00007ffee498e010 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6016:7576] 00007ffef13d59c0 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6016:1924] 00007ffee498e010 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6016:9152] 00007ffef13d59c0 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6016:2276] 00007ffee498e010 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6016:5420] 00007ffef13d59c0 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6016:5140] 00007ffee498e010 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6016:7548] 00007ffef13d59c0 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6016:3444] 00007ffee498e010 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6016:5156] 00007ffef13d70d0 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6016:10176] 00007ffedc1797b0 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6016:8460] 00007ffed50ccaf0 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6016:1592] 00007ffed50ccaf0 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6016:3700] 00007ffed50ccaf0 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6016:10012] 00007ffed50ccaf0 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6016:8448] 00007ffed50ccaf0 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6016:6908] 00007ffef13d59c0 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6016:4324] 00007ffed0e72bc0 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6016:6828] 00007ffee498e010 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6016:8060] 00007ffedae64c90 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6016:8732] 00007ffef194a1e0 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6016:5616] 00007ffef39258f0 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6016:216] 00007ffed0d38ff0 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6016:4788] 00007ffed0d38ff0 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6016:1208] 00007ffed0d38ff0 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [6016:10156] 00007ffed0d38ff0 Thread C:\Windows\System32\RuntimeBroker.exe [4812:9444] 00007ffecad70030 Thread C:\Windows\System32\RuntimeBroker.exe [4812:8092] 00007ffecad70030 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [3424:892] 00007ffef39258f0 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [3424:2200] 00007ffef13d59c0 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [3424:6844] 00007ffeec5548e0 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [3424:2472] 00007ffed0e72bc0 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [3424:8288] 00007ffef13d70d0 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [3424:2764] 00007ffee498e010 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [3424:8308] 00007ffef39258f0 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [3424:7700] 00007ffef3e2b310 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [3424:3720] 00007ffeccebf900 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [3424:9640] 00007ffeccf3a040 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [3424:1712] 00007ffeccef71c0 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [3424:9116] 00007ffeefc011a0 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [3424:352] 00007ffeccf3a040 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [3424:6224] 00007ffef3e2b310 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [3424:2488] 00007ffef3e2b310 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [3424:9464] 00007ffeccf41da0 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [3424:6980] 00007ffeccf3a040 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [3424:8144] 00007ffef194a1e0 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [3424:2740] 00007ffeec552a60 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [3424:6868] 00007ffed0d38ff0 Thread C:\Program Files (x86)\Microsoft Office\Office15\FirstRun.exe [2712:5992] 000000000f47835c Thread C:\Program Files (x86)\Microsoft Office\Office15\FirstRun.exe [2712:5168] 000000000f47810f Thread C:\Program Files (x86)\Microsoft Office\Office15\FirstRun.exe [2712:8868] 000000000f47835c Thread C:\Program Files (x86)\Microsoft Office\Office15\FirstRun.exe [2712:7756] 000000000f49a579 Thread C:\Program Files (x86)\Microsoft Office\Office15\FirstRun.exe [2712:348] 00000000771e6020 Thread C:\Program Files (x86)\Microsoft Office\Office15\FirstRun.exe [2712:8820] 000000000f4a9100 Thread C:\Program Files (x86)\Microsoft Office\Office15\FirstRun.exe [2712:2404] 000000000f47835c Thread C:\Program Files (x86)\Microsoft Office\Office15\FirstRun.exe [2712:3664] 000000000f47835c Thread C:\Program Files (x86)\Microsoft Office\Office15\FirstRun.exe [2712:7316] 00000000771e6020 Thread C:\Program Files (x86)\Microsoft Office\Office15\FirstRun.exe [2712:6444] 00000000771e6020 Thread C:\Program Files (x86)\Microsoft Office\Office15\FirstRun.exe [2712:9604] 00000000771e6020 Thread C:\Program Files (x86)\Microsoft Office\Office15\FirstRun.exe [2712:6084] 00000000771e6020 Thread C:\Program Files (x86)\Microsoft Office\Office15\FirstRun.exe [2712:1028] 00000000771e6020 Thread C:\Program Files (x86)\Microsoft Office\Office15\FirstRun.exe [2712:9708] 00000000771e6020 Thread C:\Program Files (x86)\Microsoft Office\Office15\FirstRun.exe [2712:3584] 00000000771e6020 Thread C:\Program Files (x86)\Microsoft Office\Office15\FirstRun.exe [2712:6812] 00000000771e6020 Thread C:\Program Files (x86)\Microsoft Office\Office15\FirstRun.exe [2712:956] 00000000771e6020 Thread C:\WINDOWS\system32\ApplicationFrameHost.exe [4076:8652] 00007ffef13d59c0 Thread C:\WINDOWS\system32\ApplicationFrameHost.exe [4076:7760] 00007ffef13d59c0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -802826057 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14734486272342280@SetupOperations ???5?????5?5?5???????5???????5???5??????????????MoveFile("\??\c:\program files\avast software\avast\ashbase.dll.147491746517101","\??\c:\program files\avast software\avast\ashbase.dll",TRUE)?MoveFile("\??\c:\program files\avast software\avast\ashbase.dll.sum.147491746517101","\??\c:\program files\avast software\avast\ashbase.dll.sum",TRUE)????????????????}???????????????W???D???????????????????3??????????? ???????4???????????5???????? ?????????????????????Commited?????5?5?5?5?5?5?5?5?????????????????????????????????&?????t?????????5???????????????????????????5???????????s?????5?????5?6?6?6?6???????????????????????????W??????????????????4???????????????? ???????4?????5?????5??????????P?.??????????????5?????????e????aswSnx???????5?5?5?5?5?5?5?5??????L??5?????????n????avast! virtualization driver (aswSnx)????????????????????????????6??t4???????????0??????-3????P??5???}????h??(??\SystemRoot\system32\drivers\aswSnx.sys?3D????0??5??????????FSFilter Virtualization??????????5??????????????FltMgr??????? ???????5????? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14734486827502280@SetupOperations ???5?????5?6?6?6?6???????????????????????????W??????????????????4???????????????? ???????4?????5?????5??????????P?.??????????????5?????????e????aswSnx???????5?5?5?5?5?5?5?5??????L??5?????????n????avast! virtualization driver (aswSnx)????????????????????????????6??t4???????????0??????-3????P??5???}????h??(??\SystemRoot\system32\drivers\aswSnx.sys?3D????0??5??????????FSFilter Virtualization??????????5??????????????FltMgr??????? ???????5?????5?????5?????????? ?????????s??????? ??5???????????e??aswSnx Instance????????5???5????? ???????5???????????5???????????????????????e???????5??????????137600???????5?5????????????????s??????5????? J??????5???????????5??????????T??? ???????????? T??5??????????r???\??\C:\Program Files\AVAST Software\Avast????5?5????? P??5??????????????\??\C:\ProgramData\AVAST Software\Avast?????? ???????4?????5?????5??????????N?/?????P????????5?????????e????aswSP????5?5?5?5?5?5?5?5??????.??5?????????n????avast! Self Protection????????????????????????????????????????????????????????????N??5????? Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\28c2dd9a3522 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ??r.?, ?pa? ?19 ?16, 11:56:20 AM??????????????????????J???????? Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0xD4 0x5B 0x67 0xB8 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0xD4 0xC3 0x2B 0x1A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0xD4 0xF3 0xA2 0x56 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\2@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\2@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\3@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\3@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\4@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\4@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@Chrome 0xC5 0x42 0x53 0x68 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\UFH\SHC@0 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk?C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe?? ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----