View Single Post
  #34  
Old January 17th, 2019, 01:12 AM
sportsfan7702 sportsfan7702 is offline
Senior Member
 
Join Date: Sep 2008
Posts: 306
GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2019-01-16 18:12:11
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002c TOSHIBA_MQ01ABD075 rev.AX1P2C 698.64GB
Running: tnmspzf6.exe; Driver: C:\Users\MattS\AppData\Local\Temp\kwddiaow.sys


---- Disk sectors - GMER 2.2 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- Threads - GMER 2.2 ----

Thread C:\WINDOWS\system32\csrss.exe [764:8092] ffff85a0893d6840
Thread C:\WINDOWS\system32\svchost.exe [588:1120] 00007ffb0a2e8b00
Thread C:\WINDOWS\system32\svchost.exe [588:1244] 00007ffb0a4ebfd0
Thread C:\WINDOWS\system32\svchost.exe [1492:2972] 00007ffafe3cbc70
Thread C:\WINDOWS\system32\svchost.exe [1492:3036] 00007ffafe3fd080
Thread C:\WINDOWS\system32\svchost.exe [1492:3184] 00007ffafe3adb20
Thread C:\WINDOWS\system32\svchost.exe [1492:3188] 00007ffafe3a4b10
Thread c:\windows\system32\svchost.exe [2036:2080] 00007ffb0347d600
Thread c:\windows\system32\svchost.exe [2036:3652] 00007ffb0fddaaf0
Thread c:\windows\system32\svchost.exe [2036:4008] 00007ffb033b28c0
Thread c:\windows\system32\svchost.exe [2056:2144] 00007ffb032e3420
Thread c:\windows\system32\svchost.exe [2064:2236] 00007ffb03103100
Thread c:\windows\system32\svchost.exe [2064:2240] 00007ffb031460b0
Thread c:\windows\system32\svchost.exe [2064:1028] 00007ffb03103100
Thread C:\WINDOWS\System32\svchost.exe [2328:4248] 00007ffb034e6330
Thread C:\WINDOWS\system32\svchost.exe [2652:3132] 00007ffafe032670
Thread C:\WINDOWS\system32\svchost.exe [2652:3440] 00007ffb0afd6b20
Thread c:\windows\system32\svchost.exe [2716:2908] 00007ffafeac5a50
Thread c:\windows\system32\svchost.exe [2992:3272] 00007ffaf8ea0cf0
Thread c:\windows\system32\svchost.exe [2992:3800] 00007ffaf8ea0cf0
Thread c:\windows\system32\svchost.exe [2992:7544] 00007ffafe283aa0
Thread c:\windows\system32\svchost.exe [3068:5632] 00007ffb034e6330
Thread c:\windows\system32\svchost.exe [3236:3308] 00007ffb0d8cf130
Thread C:\WINDOWS\system32\WLANExt.exe [3248:3472] 00007ffb034e6330
Thread C:\WINDOWS\system32\WLANExt.exe [3248:3476] 00007ffb034e6330
Thread C:\WINDOWS\system32\WLANExt.exe [3248:3784] 00007ffb034e6330
Thread C:\WINDOWS\system32\WLANExt.exe [3248:3788] 00007ffb034e6330
Thread c:\windows\system32\svchost.exe [3908:3988] 00007ffafb426e50
Thread c:\windows\system32\svchost.exe [3908:3996] 00007ffafb42b0c0
Thread c:\windows\system32\svchost.exe [4156:4184] 00007ffb0d8cf130
Thread c:\windows\system32\svchost.exe [4156:4188] 00007ffafad814a0
Thread c:\windows\system32\svchost.exe [5400:5512] 00007ffb0fddaaf0
Thread C:\WINDOWS\Explorer.EXE [5588:5884] 00007ffae1bec730
Thread C:\WINDOWS\Explorer.EXE [5588:5956] 00007ffafa4897d0
Thread C:\WINDOWS\Explorer.EXE [5588:5976] 00007ffae468f360
Thread C:\WINDOWS\Explorer.EXE [5588:6120] 00007ffafed4a490
Thread C:\WINDOWS\Explorer.EXE [5588:5380] 00007ffae4579220
Thread C:\WINDOWS\Explorer.EXE [5588:6252] 00007ffafed4a490
Thread C:\WINDOWS\Explorer.EXE [5588:7768] 00007ffaf94e91e0
Thread C:\WINDOWS\Explorer.EXE [5588:3292] 00007ffafed4a490
Thread C:\WINDOWS\Explorer.EXE [5588:9052] 00007ffb034e6330
Thread C:\WINDOWS\Explorer.EXE [5588:9088] 00007ffacc218ea0
Thread C:\WINDOWS\Explorer.EXE [5588:9092] 00007ffb034e6330
Thread C:\WINDOWS\Explorer.EXE [5588:9096] 00007ffb034e6330
Thread C:\WINDOWS\Explorer.EXE [5588:8616] 00007ffafed4a490
Thread C:\WINDOWS\Explorer.EXE [5588:8660] 00007ffae0ed7160
Thread C:\WINDOWS\Explorer.EXE [5588:5044] 00007ffaedbc3610
Thread C:\WINDOWS\Explorer.EXE [5588:4924] 00007ffad0485c40
Thread C:\WINDOWS\Explorer.EXE [5588:3836] 00007ffafb280ce0
Thread C:\WINDOWS\Explorer.EXE [5588:5288] 00007ffad07022a0
Thread C:\WINDOWS\Explorer.EXE [5588:5708] 00007ffae4579220
Thread C:\WINDOWS\Explorer.EXE [5588:8012] 00007ffaedbd1a70
Thread C:\WINDOWS\Explorer.EXE [5588:10144] 00007ffadf6e6d60
Thread C:\WINDOWS\Explorer.EXE [5588:5376] 00007ffae4579220
Thread C:\WINDOWS\Explorer.EXE [5588:10780] 00007ffae0ed7160
Thread C:\WINDOWS\Explorer.EXE [5588:5432] 00007ffacc3118e0
Thread C:\WINDOWS\Explorer.EXE [5588:11096] 00007ffadfd6b8b0
Thread C:\WINDOWS\Explorer.EXE [5588:5968] 00007ffae0ed7160
Thread C:\WINDOWS\Explorer.EXE [5588:10964] 00007ffadf6e6d60
Thread C:\Windows\System32\RuntimeBroker.exe [6016:5180] 00007ffb0ccb6d50
Thread C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x6 4__kzf8qxf38zg5c\SkypeApp.exe [7008:6720] 00007ffafa687580
Thread C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x6 4__kzf8qxf38zg5c\SkypeApp.exe [7008:4652] 00007ffacb528d20
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe [7056:6300] 00007ffb0a06f6f0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe [7056:540] 00007ffad794db30
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe [7056:1356] 00007ffaf94e91e0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe [7056:4672] 00007ffada9e3d30
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe [7056:4716] 00007ffada9ef580
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe [7056:4128] 00007ffada9ef580
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe [7056:6228] 00007ffad794cfc0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe [7056:1180] 00007ffaf8ea0cf0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe [7056:3244] 00007ffaf8ea0cf0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe [7056:7820] 00007ffada9ef580
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe [7056:7824] 00007ffaef60c0f0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe [7056:7888] 00007ffafb280ce0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe [7056:8084] 00007ffae7621a40
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe [7056:8096] 00007ffb0a6fbc80
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe [7056:8100] 00007ffb0a6fbc80
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe [7056:8104] 00007ffb0a6fbc80
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe [7056:8108] 00007ffb0a6fbc80
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe [7056:8624] 00007ffaf964a7b0
Thread C:\Windows\System32\RuntimeBroker.exe [7836:8964] 00007ffb0ccb6d50
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6232:8392] 00007ffacf350f00
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6232:8428] 00007ffacf349230
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6232:8472] 00007ffacf351070
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6232:8476] 00007ffacf350800
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6232:8480] 00007ffb0d843ec0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6232:8520] 00007ffada9e3d30
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6232:8536] 00007ffb0d843ec0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6232:8552] 00007ffacf3505a0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6232:8588] 00007ffb0d81a1c0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6232:8604] 00007ffada9ef580
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6232:8636] 00007ffacf384670
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6232:8720] 00007ffb0fddaaf0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6232:8724] 00007ffb0fddaaf0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6232:8824] 00007ffafb280ce0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6232:8828] 00007ffad9338fa0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6232:8832] 00007ffad95733e0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6232:8836] 00007ffad95d6e20
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6232:8840] 00007ffad9582470
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6232:9140] 00007ffad95d6e20
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6232:9144] 00007ffb0fddaaf0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6232:9212] 00007ffb0ccb6d50
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6504:8404] 00007ffacf350f00
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6504:8432] 00007ffacf349230
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6504:8496] 00007ffacf351070
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6504:8500] 00007ffacf350800
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6504:8524] 00007ffb0d843ec0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6504:8544] 00007ffada9e3d30
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6504:8556] 00007ffb0d843ec0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6504:8576] 00007ffacf3505a0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6504:8600] 00007ffb0d81a1c0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [6504:8628] 00007ffacf384670
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [504:8396] 00007ffacf350f00
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [504:8424] 00007ffacf349230
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [504:8440] 00007ffb0d843ec0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [504:8452] 00007ffada9e3d30
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [504:8456] 00007ffada9ef580
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [504:8460] 00007ffacf3505a0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [504:8492] 00007ffb0d843ec0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [504:8592] 00007ffb0d81a1c0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [1860:8400] 00007ffacf350f00
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [1860:8436] 00007ffacf349230
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [1860:8484] 00007ffacf351070
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [1860:8488] 00007ffacf350800
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [1860:8516] 00007ffb0d843ec0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [1860:8548] 00007ffb0d843ec0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [1860:8568] 00007ffada9e3d30
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [1860:8580] 00007ffacf3505a0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [1860:8596] 00007ffb0d81a1c0
Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe [1860:8632] 00007ffacf384670
Thread C:\Windows\System32\RuntimeBroker.exe [4656:5148] 00007ffb0ccb6d50
Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.100 1.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe [5224:8356] 00007ffafe8edd40
Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.100 1.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe [5224:6676] 00007ffb0d843ec0
Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.100 1.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe [5224:6984] 00007ffaf94e91e0
Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.100 1.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe [5224:7416] 00007ffafa687580
Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.100 1.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe [5224:7408] 00007ffb0d81a1c0
Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.100 1.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe [5224:7520] 00007ffb0ccb6d50
Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.100 1.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe [5224:7708] 00007ffb0c5b4360
Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.100 1.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe [5224:7972] 00007ffb0a6fbc80
Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.100 1.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe [5224:2004] 00007ffafb280ce0
Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.100 1.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe [5224:7088] 00007ffafa4897d0
Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.100 1.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe [5224:8672] 00007ffb0702c760
Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.100 1.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe [5224:4904] 00007ffaee9d1280
Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.100 1.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe [5224:6000] 00007ffadf337ed0
Thread C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.100 1.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe [5224:4944] 00007ffaf964a7b0

---- EOF - GMER 2.2 ----
Reply With Quote