GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-01-07 10:01:43 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006f ATA_____ rev.1A01 931,51GB Running: 8zv63q8d.exe; Driver: C:\Users\ALEKSA~1\AppData\Local\Temp\uxldapow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002fb9000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff80002fb902f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[816] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007741ef8d 1 byte [62] .text C:\Windows\system32\services.exe[876] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007741ef8d 1 byte [62] .text C:\Windows\system32\winlogon.exe[992] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007741ef8d 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[432] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007741ef8d 1 byte [62] .text C:\Windows\System32\svchost.exe[532] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007741ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[1072] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007741ef8d 1 byte [62] .text C:\Program Files\IDT\WDM\STacSV64.exe[1116] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007741ef8d 1 byte [62] .text C:\Windows\system32\WLANExt.exe[1588] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007741ef8d 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1684] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007741ef8d 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[1692] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007741ef8d 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1352] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000769ba2fd 1 byte [62] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1288] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000769ba2fd 1 byte [62] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[728] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000769ba2fd 1 byte [62] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1628] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007741ef8d 1 byte [62] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2240] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007741ef8d 1 byte [62] .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2364] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000769ba2fd 1 byte [62] .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075801401 2 bytes JMP 769bb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2364] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075801419 2 bytes JMP 769bb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075801431 2 bytes JMP 76a38ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007580144a 2 bytes CALL 769948ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2364] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758014dd 2 bytes JMP 76a387a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2364] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758014f5 2 bytes JMP 76a38978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2364] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007580150d 2 bytes JMP 76a38698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2364] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075801525 2 bytes JMP 76a38a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007580153d 2 bytes JMP 769afca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2364] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075801555 2 bytes JMP 769b68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2364] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007580156d 2 bytes JMP 76a38f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2364] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075801585 2 bytes JMP 76a38ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2364] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007580159d 2 bytes JMP 76a3865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758015b5 2 bytes JMP 769afd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758015cd 2 bytes JMP 769bb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2364] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758016b2 2 bytes JMP 76a38e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2364] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758016bd 2 bytes JMP 76a385f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2556] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007741ef8d 1 byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[3232] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007741ef8d 1 byte [62] .text C:\Windows\Explorer.EXE[3416] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007741ef8d 1 byte [62] .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3904] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000769ba2fd 1 byte [62] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3396] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000769ba2fd 1 byte [62] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075801401 2 bytes JMP 769bb21b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3396] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075801419 2 bytes JMP 769bb346 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075801431 2 bytes JMP 76a38ea9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007580144a 2 bytes CALL 769948ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3396] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758014dd 2 bytes JMP 76a387a2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758014f5 2 bytes JMP 76a38978 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007580150d 2 bytes JMP 76a38698 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075801525 2 bytes JMP 76a38a62 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007580153d 2 bytes JMP 769afca8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3396] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075801555 2 bytes JMP 769b68ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3396] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007580156d 2 bytes JMP 76a38f61 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3396] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075801585 2 bytes JMP 76a38ac2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007580159d 2 bytes JMP 76a3865c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758015b5 2 bytes JMP 769afd41 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758015cd 2 bytes JMP 769bb2dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758016b2 2 bytes JMP 76a38e24 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758016bd 2 bytes JMP 76a385f1 C:\Windows\syswow64\KERNEL32.dll .text C:\Windows\System32\rundll32.exe[3184] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007741ef8d 1 byte [62] .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3936] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000769ba2fd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4568] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007741ef8d 1 byte [62] .text C:\Program Files\DellTPad\Apoint.exe[4816] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007741ef8d 1 byte [62] .text C:\Program Files\IDT\WDM\sttray64.exe[4864] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007741ef8d 1 byte [62] .text C:\Program Files\Dell\QuickSet\quickset.exe[5096] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007741ef8d 1 byte [62] .text C:\Program Files\DellTPad\ApMsgFwd.exe[4364] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007741ef8d 1 byte [62] .text C:\Program Files\DellTPad\Apntex.exe[4512] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007741ef8d 1 byte [62] .text C:\Windows\system32\conhost.exe[4612] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007741ef8d 1 byte [62] .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[4844] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007741ef8d 1 byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4780] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007741ef8d 1 byte [62] .text C:\Windows\System32\rundll32.exe[4860] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007741ef8d 1 byte [62] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4896] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000769ba2fd 1 byte [62] .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[4660] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000769ba2fd 1 byte [62] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[968] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000769ba2fd 1 byte [62] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[968] C:\Windows\syswow64\USER32.dll!GetMenu + 412 0000000076c251dd 7 bytes JMP 000000011003ac50 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[968] C:\Windows\syswow64\USER32.dll!PeekMessageA + 407 0000000076c2610b 7 bytes JMP 000000011003b000 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[968] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW + 131 0000000076c2c6c1 7 bytes JMP 000000011003abc0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[968] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA + 199 0000000076c6fc98 7 bytes JMP 000000011003af50 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[968] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW + 52 0000000076c6fcd1 7 bytes JMP 000000011003adf0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[968] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 31 0000000076c6fcf5 7 bytes JMP 000000011003af00 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[968] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075801401 2 bytes JMP 769bb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[968] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075801419 2 bytes JMP 769bb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075801431 2 bytes JMP 76a38ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007580144a 2 bytes CALL 769948ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[968] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758014dd 2 bytes JMP 76a387a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[968] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758014f5 2 bytes JMP 76a38978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[968] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007580150d 2 bytes JMP 76a38698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[968] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075801525 2 bytes JMP 76a38a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[968] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007580153d 2 bytes JMP 769afca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[968] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075801555 2 bytes JMP 769b68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[968] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007580156d 2 bytes JMP 76a38f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[968] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075801585 2 bytes JMP 76a38ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[968] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007580159d 2 bytes JMP 76a3865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[968] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758015b5 2 bytes JMP 769afd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[968] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758015cd 2 bytes JMP 769bb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[968] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758016b2 2 bytes JMP 76a38e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[968] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758016bd 2 bytes JMP 76a385f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[1152] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000769ba2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4244] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000769ba2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5128] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000769ba2fd 1 byte [62] .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5196] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000769ba2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[5316] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000769ba2fd 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5700] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000769ba2fd 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5700] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075801401 2 bytes JMP 769bb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5700] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075801419 2 bytes JMP 769bb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075801431 2 bytes JMP 76a38ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007580144a 2 bytes CALL 769948ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5700] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758014dd 2 bytes JMP 76a387a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5700] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758014f5 2 bytes JMP 76a38978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5700] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007580150d 2 bytes JMP 76a38698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5700] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075801525 2 bytes JMP 76a38a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5700] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007580153d 2 bytes JMP 769afca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5700] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075801555 2 bytes JMP 769b68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5700] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007580156d 2 bytes JMP 76a38f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5700] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075801585 2 bytes JMP 76a38ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5700] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007580159d 2 bytes JMP 76a3865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5700] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758015b5 2 bytes JMP 769afd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5700] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758015cd 2 bytes JMP 769bb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5700] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758016b2 2 bytes JMP 76a38e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5700] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758016bd 2 bytes JMP 76a385f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5720] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000769ba2fd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5728] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076998791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5728] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000769ba2fd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5728] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075801401 2 bytes JMP 769bb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5728] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075801419 2 bytes JMP 769bb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075801431 2 bytes JMP 76a38ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007580144a 2 bytes CALL 769948ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5728] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758014dd 2 bytes JMP 76a387a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5728] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758014f5 2 bytes JMP 76a38978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5728] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007580150d 2 bytes JMP 76a38698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5728] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075801525 2 bytes JMP 76a38a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5728] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007580153d 2 bytes JMP 769afca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5728] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075801555 2 bytes JMP 769b68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5728] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007580156d 2 bytes JMP 76a38f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5728] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075801585 2 bytes JMP 76a38ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5728] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007580159d 2 bytes JMP 76a3865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5728] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758015b5 2 bytes JMP 769afd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5728] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758015cd 2 bytes JMP 769bb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5728] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758016b2 2 bytes JMP 76a38e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5728] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758016bd 2 bytes JMP 76a385f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5764] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000769ba2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5764] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075801401 2 bytes JMP 769bb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5764] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075801419 2 bytes JMP 769bb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075801431 2 bytes JMP 76a38ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007580144a 2 bytes CALL 769948ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5764] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758014dd 2 bytes JMP 76a387a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5764] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758014f5 2 bytes JMP 76a38978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5764] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007580150d 2 bytes JMP 76a38698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5764] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075801525 2 bytes JMP 76a38a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5764] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007580153d 2 bytes JMP 769afca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5764] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075801555 2 bytes JMP 769b68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5764] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007580156d 2 bytes JMP 76a38f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5764] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075801585 2 bytes JMP 76a38ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5764] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007580159d 2 bytes JMP 76a3865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5764] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758015b5 2 bytes JMP 769afd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5764] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758015cd 2 bytes JMP 769bb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5764] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758016b2 2 bytes JMP 76a38e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5764] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758016bd 2 bytes JMP 76a385f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6028] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000769ba2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7160] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000769ba2fd 1 byte [62] .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3808] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007741ef8d 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6604] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000769ba2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075801401 2 bytes JMP 769bb21b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6604] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075801419 2 bytes JMP 769bb346 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075801431 2 bytes JMP 76a38ea9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007580144a 2 bytes CALL 769948ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6604] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758014dd 2 bytes JMP 76a387a2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758014f5 2 bytes JMP 76a38978 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007580150d 2 bytes JMP 76a38698 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075801525 2 bytes JMP 76a38a62 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007580153d 2 bytes JMP 769afca8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6604] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075801555 2 bytes JMP 769b68ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6604] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007580156d 2 bytes JMP 76a38f61 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6604] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075801585 2 bytes JMP 76a38ac2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007580159d 2 bytes JMP 76a3865c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758015b5 2 bytes JMP 769afd41 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758015cd 2 bytes JMP 769bb2dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758016b2 2 bytes JMP 76a38e24 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758016bd 2 bytes JMP 76a385f1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6656] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000769ba2fd 1 byte [62] .text C:\Program Files (x86)\Nero\Update\NASvc.exe[5652] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000769ba2fd 1 byte [62] .text C:\Windows\System32\svchost.exe[4940] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007741ef8d 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6944] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000769ba2fd 1 byte [62] .text C:\Users\Aleksandra\Desktop\fixpc\8zv63q8d.exe[7888] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000769ba2fd 1 byte [62] ---- Processes - GMER 2.1 ---- Process \\?\C:\Windows\system32\wbem\WMIADAP.EXE (*** suspicious ***) @ \\?\C:\Windows\system32\wbem\WMIADAP.EXE [7504] (WMI Reverse Performance Adapter Maintenance Utility/Microsoft Corporation)(2009-07-13 23:47:22) 00000000ff940000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{71EB7F5A-0770-4630-9063-02A3EFC8C4A9}\Connection@Name Po??czenie lokalne* 16 Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{BC6A22E7-704E-4FB2-BCE6-1B307D81EBC8}\Connection@Name isatap.{FBAC8A94-664E-418A-8D65-4B48DB406BB0} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{EC8EF304-4A8C-4784-884C-E9F7EF546779}?\Device\{D24BED80-DD9D-4901-8AD0-7EF7A888DF4D}?\Device\{71EB7F5A-0770-4630-9063-02A3EFC8C4A9}?\Device\{BC6A22E7-704E-4FB2-BCE6-1B307D81EBC8}?\Device\{C78D9CE1-DD43-4642-826C-811BEB76F0E7}?\Device\{0DE1D7A0-171A-4318-A0CD-94C12B232E32}?\Device\{536FE1E5-67B6-4274-B9B4-ECE942364199}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{EC8EF304-4A8C-4784-884C-E9F7EF546779}"?"{D24BED80-DD9D-4901-8AD0-7EF7A888DF4D}"?"{71EB7F5A-0770-4630-9063-02A3EFC8C4A9}"?"{BC6A22E7-704E-4FB2-BCE6-1B307D81EBC8}"?"{C78D9CE1-DD43-4642-826C-811BEB76F0E7}"?"{0DE1D7A0-171A-4318-A0CD-94C12B232E32}"?"{536FE1E5-67B6-4274-B9B4-ECE942364199}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{EC8EF304-4A8C-4784-884C-E9F7EF546779}?\Device\TCPIP6TUNNEL_{D24BED80-DD9D-4901-8AD0-7EF7A888DF4D}?\Device\TCPIP6TUNNEL_{71EB7F5A-0770-4630-9063-02A3EFC8C4A9}?\Device\TCPIP6TUNNEL_{BC6A22E7-704E-4FB2-BCE6-1B307D81EBC8}?\Device\TCPIP6TUNNEL_{C78D9CE1-DD43-4642-826C-811BEB76F0E7}?\Device\TCPIP6TUNNEL_{0DE1D7A0-171A-4318-A0CD-94C12B232E32}?\Device\TCPIP6TUNNEL_{536FE1E5-67B6-4274-B9B4-ECE942364199}? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\606c66c9afda Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{71EB7F5A-0770-4630-9063-02A3EFC8C4A9}@InterfaceName isatap.{C6EE8801-2D77-4408-8F5C-527A08857C68} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{71EB7F5A-0770-4630-9063-02A3EFC8C4A9}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{BC6A22E7-704E-4FB2-BCE6-1B307D81EBC8}@InterfaceName isatap.{FBAC8A94-664E-418A-8D65-4B48DB406BB0} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{BC6A22E7-704E-4FB2-BCE6-1B307D81EBC8}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{968C1607-2D50-4A62-B185-34FBE42EE9DE}@LeaseObtainedTime 1420620798 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{968C1607-2D50-4A62-B185-34FBE42EE9DE}@T1 1420621073 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{968C1607-2D50-4A62-B185-34FBE42EE9DE}@T2 1420621298 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{968C1607-2D50-4A62-B185-34FBE42EE9DE}@LeaseTerminatesTime 1420621398 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\606c66c9afda (not active ControlSet) ---- EOF - GMER 2.1 ----