GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-05-23 13:13:35 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0002 465,76GB Running: xmgnj1hn.exe; Driver: C:\Users\MI\AppData\Local\Temp\fwdyikob.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\svchost.exe [444:3504] 000001264c350d3c Thread C:\WINDOWS\system32\svchost.exe [444:3532] 000001264c350d3c Thread C:\WINDOWS\system32\svchost.exe [444:3548] 000001264c350d3c Thread C:\WINDOWS\system32\svchost.exe [444:3668] 000001264c3d0d3c Thread C:\WINDOWS\system32\svchost.exe [444:3672] 000001264c3d0d3c Thread C:\WINDOWS\system32\svchost.exe [444:3680] 000001264c3d0d3c Thread C:\WINDOWS\system32\svchost.exe [444:3828] 000001264c347378 Thread C:\WINDOWS\system32\svchost.exe [444:3832] 000001264c347378 Thread C:\WINDOWS\system32\svchost.exe [444:3948] 000001264c3c7378 Thread C:\WINDOWS\system32\svchost.exe [444:3952] 000001264c3c7378 Thread C:\WINDOWS\system32\svchost.exe [444:3980] 000001264ca50c8c Thread C:\WINDOWS\system32\svchost.exe [444:3988] 000001264ca50c8c Thread C:\WINDOWS\system32\svchost.exe [444:3992] 000001264ca10c8c Thread C:\WINDOWS\system32\svchost.exe [444:3996] 000001264ca50c8c Thread C:\WINDOWS\system32\svchost.exe [444:4000] 000001264ca10c8c Thread C:\WINDOWS\system32\svchost.exe [444:4004] 000001264ca10c8c Thread C:\WINDOWS\system32\svchost.exe [444:4016] 000001264c390c8c Thread C:\WINDOWS\system32\svchost.exe [444:4020] 000001264c390c8c Thread C:\WINDOWS\system32\svchost.exe [444:4024] 000001264c390c8c Thread C:\WINDOWS\system32\svchost.exe [444:3040] 000001264ca07378 Thread C:\WINDOWS\system32\svchost.exe [444:4092] 000001264ca47378 Thread C:\WINDOWS\system32\svchost.exe [444:3084] 000001264ca07378 Thread C:\WINDOWS\system32\svchost.exe [444:3188] 000001264ca47378 Thread C:\WINDOWS\system32\svchost.exe [444:3308] 000001264c387378 Thread C:\WINDOWS\system32\svchost.exe [444:2852] 000001264c387378 Thread C:\WINDOWS\system32\svchost.exe [444:7360] 00000126002315cc Thread C:\WINDOWS\system32\svchost.exe [444:9440] 00000126002315cc Thread C:\WINDOWS\system32\svchost.exe [444:9736] 00000126002315cc Thread C:\WINDOWS\system32\svchost.exe [444:5004] 0000012600227378 Thread C:\WINDOWS\system32\svchost.exe [444:3484] 0000012600227378 Thread C:\WINDOWS\system32\svchost.exe [444:8964] 0000012600130d3c Thread C:\WINDOWS\system32\svchost.exe [444:9644] 0000012600130d3c Thread C:\WINDOWS\system32\svchost.exe [444:10236] 0000012600130d3c Thread C:\WINDOWS\system32\svchost.exe [444:436] 0000012600127378 Thread C:\WINDOWS\system32\svchost.exe [444:9836] 0000012600127378 Thread C:\WINDOWS\system32\svchost.exe [444:10260] 0000012600170d3c Thread C:\WINDOWS\system32\svchost.exe [444:1240] 0000012600170d3c Thread C:\WINDOWS\system32\svchost.exe [444:4768] 0000012600170d3c Thread C:\WINDOWS\system32\svchost.exe [444:8176] 0000012600167378 Thread C:\WINDOWS\system32\svchost.exe [444:2716] 0000012600167378 Thread C:\WINDOWS\SysWOW64\svchost.exe [2920:2764] 0000000003942acf Thread C:\WINDOWS\SysWOW64\svchost.exe [2920:2768] 0000000003942acf Thread C:\WINDOWS\SysWOW64\svchost.exe [2920:2784] 0000000003942acf Thread C:\WINDOWS\SysWOW64\svchost.exe [2920:5008] 0000000003942acf Thread C:\WINDOWS\SysWOW64\svchost.exe [2920:3156] 0000000003942acf Thread C:\WINDOWS\SysWOW64\svchost.exe [4308:4948] 000000000335100e Thread C:\WINDOWS\SysWOW64\svchost.exe [4308:4932] 000000000335100e Thread C:\WINDOWS\SysWOW64\svchost.exe [4308:3956] 000000000335100e Thread C:\WINDOWS\SysWOW64\svchost.exe [4308:1568] 000000000335100e Thread C:\WINDOWS\SysWOW64\svchost.exe [4308:1604] 000000000335100e Thread C:\WINDOWS\system32\csrss.exe [1788:4896] ffff8042b8cb6c20 ---- Services - GMER 2.2 ---- Service C:\WINDOWS\System32\qmgr.dll (*** hidden *** ) [AUTO] BITS <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] CDPUserSvc_672c063 <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [MANUAL] MessagingService_672c063 <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] OneSyncSvc_672c063 <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [MANUAL] PimIndexMaintenanceSvc_672c063 <-- ROOTKIT !!! Service C:\WINDOWS\System32\svchost.exe (*** hidden *** ) [MANUAL] UnistoreSvc_672c063 <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [MANUAL] UserDataSvc_672c063 <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [MANUAL] WpnUserService_672c063 <-- ROOTKIT !!! ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\AUO22EC0_01_07D9_C0^4EA9F56D234B0A8BC22D458D6788508F@Timestamp 0x6A 0x6D 0xC6 0x10 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 822404740 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 13014 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalResumeTime 23685 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeBootMgrTime 559 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAppTime 7820 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAppStartTimestamp 13576 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeInitTime 261 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeHiberFileTime 7398 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeRestoreImageStartTimestamp 13993 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeIoTime 4277 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeDecompressTime 2547 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeMapTime 186 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeUnmapTime 5 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeUserInOutTime 332 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAllocateTime 26 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeKernelSwitchTimestamp 21396 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnFromHandlerTimestamp 21440 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@SleeperThreadEndTimestamp 22532 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TimeStampCounterAtSwitchTime 21430 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnSystemPowerState 23506 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberHiberFileTime 8329 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberInitTime 2150 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberSharedBufferTime 11 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalHibernateTime 18258 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@DeviceResumeTime 884 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesWritten 0x2D 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesProcessed 346471 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesWritten 0x66 0x2C 0x02 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberWriteRate 69 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberCompressRate 63 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeDecompressRate 218 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberChecksumTime 313 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberChecksumIoTime 28 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberIoCpuTime 7967 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HybridBootAnimationTime 1130 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeCompleteTimestamp 0x76 0xEA 0xCE 0x17 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@GlassSessionId 4 Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_672c063 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_672c063@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_672c063@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_672c063@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_672c063@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_672c063@DisplayName CDPUserSvc_672c063 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_672c063@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_672c063@Description @%SystemRoot%\system32\cdpusersvc.dll,-101 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_672c063\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_672c063\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_672c063 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_672c063 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_672c063@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_672c063@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_672c063@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_672c063@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_672c063@DisplayName Us?uga wiadomo?ci_672c063 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_672c063@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_672c063@Description @%SystemRoot%\system32\MessagingService.dll,-101 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_672c063\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_672c063\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_672c063\TriggerInfo Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_672c063\TriggerInfo\0 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_672c063\TriggerInfo\0@Type 7 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_672c063\TriggerInfo\0@Action 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_672c063\TriggerInfo\0@Guid 0x16 0x28 0x7A 0x2D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_672c063\TriggerInfo\0@Data0 0x75 0x18 0xBC 0xA3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_672c063\TriggerInfo\0@DataType0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_672c063 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_672c063 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_672c063@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_672c063@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_672c063@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_672c063@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_672c063@DisplayName Synchronizuj hosta_672c063 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_672c063@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_672c063@Description @%SystemRoot%\system32\APHostRes.dll,-10001 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_672c063\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_672c063\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_672c063 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_672c063 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_672c063@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_672c063@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_672c063@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_672c063@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_672c063@DisplayName Dane kontaktowe_672c063 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_672c063@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_672c063@Description @%SystemRoot%\system32\UserDataAccessRes.dll,-15000 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_672c063\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_672c063\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_672c063 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 6545 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 1350 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{716f54c7-54ee-4f94-86f0-c1f8155b43dc}@LeaseObtainedTime 1495533917 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{716f54c7-54ee-4f94-86f0-c1f8155b43dc}@T1 1495535717 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{716f54c7-54ee-4f94-86f0-c1f8155b43dc}@T2 1495537067 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{716f54c7-54ee-4f94-86f0-c1f8155b43dc}@LeaseTerminatesTime 1495537517 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_672c063 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_672c063@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_672c063@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_672c063@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_672c063@ImagePath C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_672c063@DisplayName Magazyn danych u?ytkownika_672c063 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_672c063@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_672c063@Description @%SystemRoot%\system32\UserDataAccessRes.dll,-10002 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_672c063\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_672c063\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_672c063 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_672c063 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_672c063@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_672c063@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_672c063@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_672c063@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_672c063@DisplayName Dost?p do danych u?ytkownika_672c063 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_672c063@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_672c063@Description @%SystemRoot%\system32\UserDataAccessRes.dll,-14000 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_672c063\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_672c063\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_672c063 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0xD8 0x72 0x67 0x75 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0xD8 0xDA 0x2B 0xD7 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0xD8 0x0A 0xA3 0x13 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_672c063 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_672c063@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_672c063@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_672c063@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_672c063@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_672c063@DisplayName Us?uga u?ytkownika powiadomie? WNS_672c063 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_672c063@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_672c063@Description @%SystemRoot%\system32\WpnUserService.dll,-2 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_672c063\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_672c063\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_672c063 Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Subscriptions\280810@LastAccessed 0x69 0x6B 0xD2 0x6E ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Subscriptions\280810@AccelerateCacheRefreshLastDetected 0x1A 0x74 0xC6 0x6D ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Subscriptions\280810@AccelerateCacheRefreshLastHandled 0xB8 0x1D 0xA2 0x6E ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Subscriptions\280811@LastAccessed 0x2C 0xBD 0x9F 0x6E ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Subscriptions\280811@AccelerateCacheRefreshLastDetected 0xE0 0x25 0xB8 0x6D ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Subscriptions\280811@AccelerateCacheRefreshLastHandled 0xDA 0x09 0xAF 0x6E ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest 0x01 0xCD 0x69 0x64 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\WinRoamErrors@LastErrorLevel 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search@JumpListChangedAppIds windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel?{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\notepad.exe? Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel 0xBC 0x48 0xE5 0x23 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\notepad.exe 0xA9 0x16 0x8A 0x75 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{0A92F4C6-1387-49BC-90FF-3B0DEAF4108E}@LastAccessedTime 0xE0 0x5A 0x3D 0x0C ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{0A92F4C6-1387-49BC-90FF-3B0DEAF4108E}@LaunchCount 7 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{6A261C96-97D1-481E-97D5-A4F7BB8FCBEC}@LastAccessedTime 0xF0 0x58 0xE0 0xAB ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{6A261C96-97D1-481E-97D5-A4F7BB8FCBEC}@LaunchCount 3 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{8E344359-CED7-4B97-A9CD-55208C976AB1}@LastAccessedTime 0xF0 0xCF 0xA1 0x09 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{8E344359-CED7-4B97-A9CD-55208C976AB1}@LaunchCount 3 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{B06D61C5-4246-4A82-90E4-3C3522CB6929}@LastAccessedTime 0xE0 0x2A 0xCA 0xDC ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{B06D61C5-4246-4A82-90E4-3C3522CB6929}@LaunchCount 15 Reg HKCU\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_ElanTPCfg64.exe_d95ab2a14f56edcd6e6df081fb3b2760d47e396_cc68533b_084b3ad8 Reg HKCU\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles@CheckingForSolutionDialog 0x34 0x02 0x01 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows Search\ProcessedSearchRoots\0005 Reg HKCU\SOFTWARE\Microsoft\Windows Search\ProcessedSearchRoots\0005@ file:///G:\ Reg HKCU\SOFTWARE\Microsoft\Windows Search\ProcessedSearchRoots\0005@Version 0 Reg HKCU\SOFTWARE\Microsoft\Windows Search\ProcessedSearchRoots\0005@DoNotCreateSearchConnectors 1 ---- EOF - GMER 2.2 ----