GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-12-04 16:25:14 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD7500BPKT-00PK4T0 rev.01.01A01 698,64GB Running: wy9h0bs6.exe; Driver: C:\Users\ELA&MA~1\AppData\Local\Temp\fxldrpob.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3136] C:\Windows\system32\kernel32.dll!LoadLibraryW 00000000777664a0 5 bytes JMP 000000017124f1b0 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3136] C:\Windows\system32\kernel32.dll!LoadLibraryA 0000000077766590 5 bytes JMP 000000017124f090 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b21401 2 bytes JMP 75a5b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4476] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b21419 2 bytes JMP 75a5b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b21431 2 bytes JMP 75ad8fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b2144a 2 bytes CALL 75a3489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4476] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b214dd 2 bytes JMP 75ad88c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b214f5 2 bytes JMP 75ad8aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4476] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b2150d 2 bytes JMP 75ad87ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b21525 2 bytes JMP 75ad8b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b2153d 2 bytes JMP 75a4fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4476] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b21555 2 bytes JMP 75a568ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b2156d 2 bytes JMP 75ad9089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b21585 2 bytes JMP 75ad8bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4476] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b2159d 2 bytes JMP 75ad877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b215b5 2 bytes JMP 75a4fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b215cd 2 bytes JMP 75a5b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b216b2 2 bytes JMP 75ad8f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b216bd 2 bytes JMP 75ad8713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4696] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b21401 2 bytes JMP 75a5b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4696] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b21419 2 bytes JMP 75a5b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b21431 2 bytes JMP 75ad8fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b2144a 2 bytes CALL 75a3489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4696] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b214dd 2 bytes JMP 75ad88c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4696] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b214f5 2 bytes JMP 75ad8aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4696] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b2150d 2 bytes JMP 75ad87ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4696] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b21525 2 bytes JMP 75ad8b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4696] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b2153d 2 bytes JMP 75a4fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4696] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b21555 2 bytes JMP 75a568ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4696] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b2156d 2 bytes JMP 75ad9089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4696] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b21585 2 bytes JMP 75ad8bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4696] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b2159d 2 bytes JMP 75ad877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4696] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b215b5 2 bytes JMP 75a4fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4696] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b215cd 2 bytes JMP 75a5b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4696] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b216b2 2 bytes JMP 75ad8f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4696] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b216bd 2 bytes JMP 75ad8713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b21401 2 bytes JMP 75a5b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4812] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b21419 2 bytes JMP 75a5b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b21431 2 bytes JMP 75ad8fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b2144a 2 bytes CALL 75a3489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4812] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b214dd 2 bytes JMP 75ad88c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b214f5 2 bytes JMP 75ad8aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4812] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b2150d 2 bytes JMP 75ad87ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b21525 2 bytes JMP 75ad8b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b2153d 2 bytes JMP 75a4fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4812] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b21555 2 bytes JMP 75a568ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b2156d 2 bytes JMP 75ad9089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b21585 2 bytes JMP 75ad8bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4812] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b2159d 2 bytes JMP 75ad877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b215b5 2 bytes JMP 75a4fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b215cd 2 bytes JMP 75a5b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b216b2 2 bytes JMP 75ad8f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b216bd 2 bytes JMP 75ad8713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b21401 2 bytes JMP 75a5b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe[1100] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b21419 2 bytes JMP 75a5b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b21431 2 bytes JMP 75ad8fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b2144a 2 bytes CALL 75a3489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe[1100] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b214dd 2 bytes JMP 75ad88c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b214f5 2 bytes JMP 75ad8aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe[1100] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b2150d 2 bytes JMP 75ad87ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b21525 2 bytes JMP 75ad8b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b2153d 2 bytes JMP 75a4fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe[1100] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b21555 2 bytes JMP 75a568ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b2156d 2 bytes JMP 75ad9089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b21585 2 bytes JMP 75ad8bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe[1100] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b2159d 2 bytes JMP 75ad877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b215b5 2 bytes JMP 75a4fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b215cd 2 bytes JMP 75a5b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b216b2 2 bytes JMP 75ad8f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b216bd 2 bytes JMP 75ad8713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Microsoft Office\Office14\WINWORD.EXE[296] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter + 1 00000000777690a1 11 bytes {MOV EAX, 0xffffffffe4806e48; INC BYTE [RDI]; ADD [RAX], AL; JMP RAX} .text C:\Program Files\Microsoft Office\Office14\WINWORD.EXE[296] C:\Windows\system32\ole32.dll!OleLoadFromStream 000007feff867790 5 bytes JMP 000007ffff7000d8 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[5560] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter + 1 00000000777690a1 11 bytes {MOV EAX, 0xffffffffe4806e48; INC BYTE [RDI]; ADD [RAX], AL; JMP RAX} .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[5560] C:\Windows\system32\ole32.dll!OleLoadFromStream 000007feff867790 5 bytes JMP 000007ffff7000d8 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[5560] C:\Windows\system32\OLEAUT32.dll!VariantClear 000007feff211180 5 bytes JMP 000007feff7001b8 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[5560] C:\Windows\system32\OLEAUT32.dll!SysFreeString 000007feff211320 7 bytes JMP 000007feff700148 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[5560] C:\Windows\system32\OLEAUT32.dll!SysAllocStringByteLen 000007feff214470 6 bytes JMP 000007feff700110 .text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[5560] C:\Windows\system32\OLEAUT32.dll!VariantChangeType 000007feff216720 10 bytes JMP 000007feff700180 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\mfevtps.exe[2060] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!LoadLibraryA] [13f671ae0] C:\Windows\system32\mfevtps.exe ---- Processes - GMER 2.1 ---- Library C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F98C46DF-6DB0-4D8E-8885-28E375629C46}\offreg.5252.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [5252](2015-12-04 12:34:58) 000007fefc130000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\b482fed8104a (not active ControlSet) Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{FCD4741A-998C-4569-AB71-92217959B521}\Connection@Name isatap.{842BECFC-D9F5-424D-BD30-CE4147C18EBF} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{B0902847-43AF-4FBD-8425-E8EE3317143A}?\Device\{FCD4741A-998C-4569-AB71-92217959B521}?\Device\{C1221F19-06D9-4552-83FB-B8F3BC96F75B}?\Device\{B8330388-B4B7-4751-91C1-D0D820E744B1}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{B0902847-43AF-4FBD-8425-E8EE3317143A}"?"{FCD4741A-998C-4569-AB71-92217959B521}"?"{C1221F19-06D9-4552-83FB-B8F3BC96F75B}"?"{B8330388-B4B7-4751-91C1-D0D820E744B1}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{B0902847-43AF-4FBD-8425-E8EE3317143A}?\Device\TCPIP6TUNNEL_{FCD4741A-998C-4569-AB71-92217959B521}?\Device\TCPIP6TUNNEL_{C1221F19-06D9-4552-83FB-B8F3BC96F75B}?\Device\TCPIP6TUNNEL_{B8330388-B4B7-4751-91C1-D0D820E744B1}? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b482fed8104a Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{FCD4741A-998C-4569-AB71-92217959B521}@InterfaceName isatap.{842BECFC-D9F5-424D-BD30-CE4147C18EBF} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{FCD4741A-998C-4569-AB71-92217959B521}@ReusableType 0 Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\b482fed8104a (not active ControlSet) ---- Files - GMER 2.1 ---- File C:\Users\Ela&Mariusz\AppData\Local\Mozilla\Firefox\Profiles\iu52od6c.default-1402683697466\cache2\entries\09B760A3A5219D45E8D0459F22B89871DA51019A 3510 bytes File C:\Users\Ela&Mariusz\AppData\Local\Mozilla\Firefox\Profiles\iu52od6c.default-1402683697466\cache2\entries\65C4B97B60477398D24119A3E05033637E66A968 3510 bytes File C:\Users\Ela&Mariusz\AppData\Local\Mozilla\Firefox\Profiles\iu52od6c.default-1402683697466\cache2\entries\BFE389340B5C1307F6EEF7A171EF0E48FCBB0E55 3510 bytes File C:\Users\Ela&Mariusz\AppData\Local\Mozilla\Firefox\Profiles\iu52od6c.default-1402683697466\cache2\entries\4FA78A24A7077DF1E8E97CA160731AA4A9E9A2C7 3510 bytes File C:\Users\Ela&Mariusz\AppData\Local\Mozilla\Firefox\Profiles\iu52od6c.default-1402683697466\cache2\entries\B07176CB78C4532B0142C99041A212E1C6A4BEC7 3510 bytes File C:\Users\Ela&Mariusz\AppData\Local\Mozilla\Firefox\Profiles\iu52od6c.default-1402683697466\cache2\entries\78460C2F11049F9A57046AC4ADAAE9B30D9C39A1 3510 bytes File C:\Users\Ela&Mariusz\AppData\Local\Mozilla\Firefox\Profiles\iu52od6c.default-1402683697466\cache2\entries\D3B5633DCCD8DD50447EAFFC132A27BBA755755F 3510 bytes File C:\Users\Ela&Mariusz\AppData\Local\Mozilla\Firefox\Profiles\iu52od6c.default-1402683697466\cache2\entries\2E13E100784CD4F961A72571B2F97E5B150E5DE9 3511 bytes File C:\Users\Ela&Mariusz\AppData\Local\Mozilla\Firefox\Profiles\iu52od6c.default-1402683697466\cache2\entries\2612C2CAE4EDF6A527ACA9F142B82D637BD6B449 3510 bytes File C:\Users\Ela&Mariusz\AppData\Local\Mozilla\Firefox\Profiles\iu52od6c.default-1402683697466\cache2\entries\3BBD03710FD1CE98C15C6344773C51C546E13771 3509 bytes ---- EOF - GMER 2.1 ----