GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2014-05-01 17:53:05 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.D005 465,76GB Running: m57g1hli.exe; Driver: C:\Users\Wiesia\AppData\Local\Temp\pwrdqpod.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800031ee000 65 bytes [00, 00, 15, 02, 46, 69, 6C, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 594 fffff800031ee042 4 bytes [00, 00, 00, 00] .text C:\Windows\System32\win32k.sys!EngSetLastError + 608 fffff96000144cb4 8 bytes [44, 64, 12, 04, 80, F8, FF, ...] .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000173f00 7 bytes [00, 98, F3, FF, 01, A6, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000173f08 3 bytes [C0, 06, 02] .text ... * 109 .text C:\Windows\System32\win32k.sys!EngGetProcessHandle + 404 fffff96000232a98 6 bytes {JMP QWORD [RIP+0x663fe]} ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\services.exe[704] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076a3ef8d 1 byte [62] .text C:\Windows\system32\winlogon.exe[820] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076a3ef8d 1 byte [62] .text C:\Windows\System32\svchost.exe[532] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076a3ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[648] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076a3ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[1152] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076a3ef8d 1 byte [62] .text C:\Windows\system32\WLANExt.exe[1468] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076a3ef8d 1 byte [62] .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1764] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a1a2fd 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a1a2fd 1 byte [62] .text C:\Windows\SysWOW64\ntdll.dll[1856] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a1a2fd 1 byte [62] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1976] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076a3ef8d 1 byte [62] .text C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[2292] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a1a2fd 1 byte [62] .text C:\Windows\SysWOW64\ntdll.dll[2396] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a1a2fd 1 byte [62] .text C:\Windows\SysWOW64\ntdll.dll[2396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074ba1465 2 bytes [BA, 74] .text C:\Windows\SysWOW64\ntdll.dll[2396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074ba14bb 2 bytes [BA, 74] .text ... * 2 .text C:\Windows\Explorer.EXE[1412] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076a3ef8d 1 byte [62] .text C:\Windows\SysWOW64\ntdll.dll[2208] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a1a2fd 1 byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3164] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076a3ef8d 1 byte [62] .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[3204] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a1a2fd 1 byte [62] .text C:\Program Files\Dell\QuickSet\quickset.exe[3268] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076a3ef8d 1 byte [62] .text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[3484] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a1a2fd 1 byte [62] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[3644] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a1a2fd 1 byte [62] .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3788] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a1a2fd 1 byte [62] .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3796] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a1a2fd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3832] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000749f8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3832] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a1a2fd 1 byte [62] .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3872] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a1a2fd 1 byte [62] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[4088] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a1a2fd 1 byte [62] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[4088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074ba1465 2 bytes [BA, 74] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[4088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074ba14bb 2 bytes [BA, 74] .text ... * 2 .text C:\Program Files\Conexant\SA3\SmartAudio3.exe[1044] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076a3ef8d 1 byte [62] .text C:\Windows\SysWOW64\ntdll.dll[1420] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a1a2fd 1 byte [62] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[504] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a1a2fd 1 byte [62] .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3460] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a1a2fd 1 byte [62] .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3460] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000074ba1465 2 bytes [BA, 74] .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3460] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000074ba14bb 2 bytes [BA, 74] .text ... * 2 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3316] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074a1a2fd 1 byte [62] .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3756] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074a1a2fd 1 byte [62] .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[712] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a1a2fd 1 byte [62] .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[4336] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076a3ef8d 1 byte [62] .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[4400] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a1a2fd 1 byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[4548] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076a3ef8d 1 byte [62] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[4896] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a1a2fd 1 byte [62] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4804] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a1a2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5248] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a1a2fd 1 byte [62] .text C:\Program Files\Conexant\SA3\CxUtilSvc.exe[5864] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a1a2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4932] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a1a2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4076] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a1a2fd 1 byte [62] .text C:\totalcmd\TOTALCMD64.EXE[876] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076a3ef8d 1 byte [62] .text D:\Inne\gamer\m57g1hli.exe[5084] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a1a2fd 1 byte [62] ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs fffffa8003ca02c0 Device \FileSystem\fastfat \Fat fffffa800a8f02c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa80069d22c0 Device \Driver\cdrom \Device\CdRom0 fffffa8004c512c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{FCB93D1D-A324-4EA2-82BE-D22F96176D58} fffffa800690c2c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa80069d22c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{A72FC633-2453-48CD-A25C-ACEC2B4ACB89} fffffa800690c2c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa80069d22c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{2D3FD273-6936-45AD-9B12-48C6B4D034B8} fffffa800690c2c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa800690c2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{FB3476A1-B436-4C51-AB01-9F6D45A9B8EF} fffffa800690c2c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa80069d22c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{A87C83D2-780F-4AA5-9EAF-6A738ACAE91D} fffffa800690c2c0 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [532:5296] 000007fef76e20c0 Thread C:\Windows\System32\svchost.exe [532:5308] 000007fef76e26a8 Thread C:\Windows\System32\svchost.exe [532:5312] 000007fef76e29dc Thread C:\Windows\System32\svchost.exe [532:3888] 000007fef02c44e0 Thread C:\Windows\System32\svchost.exe [532:4456] 000007feea2288f8 Thread [1112:1124] 00000000770daef0 Thread [1112:1360] 000007fefb068274 Thread [1112:2940] 000007fefb068274 Thread [1112:5152] 00000000770dfbf0 Thread C:\Windows\system32\svchost.exe [1152:5328] 000007fee8540ea8 Thread C:\Windows\system32\svchost.exe [1152:5364] 000007fee8539db0 Thread C:\Windows\system32\svchost.exe [1152:5388] 000007fee8541c94 Thread C:\Windows\system32\svchost.exe [1152:5452] 000007fee853aa10 Thread C:\Windows\system32\svchost.exe [1152:2488] 000007fefab36ed4 Thread C:\Windows\system32\svchost.exe [1152:3064] 000007fefab36b8c Thread C:\Windows\system32\svchost.exe [1152:5760] 000007fef795d3c8 Thread C:\Windows\system32\svchost.exe [1152:920] 000007fef795d3c8 Thread C:\Windows\system32\svchost.exe [1152:6140] 000007fef795d3c8 Thread C:\Windows\system32\svchost.exe [1152:6032] 000007fef795d3c8 Thread C:\Windows\system32\svchost.exe [1240:2416] 000007fef88ebd88 Thread C:\Windows\system32\svchost.exe [1240:5716] 000007fef8885124 Thread C:\Windows\system32\svchost.exe [1240:5356] 000007fee6aa5170 Thread [1460:1552] 00000000772f2e65 Thread [1460:1564] 00000000772f3e85 Thread [1460:1568] 00000000728cf28e Thread [1460:1580] 00000000769c7587 Thread [1460:1588] 0000000072153da0 Thread [1460:1592] 00000000722301a0 Thread [1460:1604] 0000000071dcff60 Thread [1460:1608] 0000000071dcf630 Thread [1460:1796] 00000000728cf28e Thread [1460:1532] 00000000728cf28e Thread [1460:1340] 0000000071dc2970 Thread [1460:1212] 0000000071dc2970 Thread [1460:1196] 0000000071dc2970 Thread [1460:1284] 0000000071dc38b0 Thread [1460:1220] 0000000071dc3020 Thread [1460:1748] 0000000071e0c0d0 Thread [1460:1752] 0000000071e0aec0 Thread [1460:2052] 0000000071e0b340 Thread [1460:2056] 0000000071dc5160 Thread [1460:2060] 0000000071dc5160 Thread [1460:2064] 0000000071dc5160 Thread [1460:2068] 0000000071021080 Thread [1460:2076] 0000000070fd14b0 Thread [1460:2080] 0000000071dd0c50 Thread [1460:2084] 0000000071dc4a30 Thread [1460:3156] 00000000728cf28e Thread [1460:3344] 00000000703f52c9 Thread [1460:3348] 0000000071e38da0 Thread [1460:3352] 0000000071d176c0 Thread [1460:3532] 00000000710216d0 Thread [1460:3548] 000000006fe89ae0 Thread [1460:3960] 00000000728cf28e Thread [1460:3964] 00000000728cf28e Thread [1460:3968] 00000000728cf28e Thread [1460:3972] 00000000728cf28e Thread [1460:4912] 00000000733c0880 Thread [1460:5076] 00000000733c0880 Thread [1460:4864] 00000000733c0880 Thread [1460:2428] 00000000733c0880 Thread [1460:2464] 00000000733c0880 Thread [1460:4908] 00000000772f3e85 Thread [1460:4868] 00000000728cf28e Thread [1460:4812] 0000000072234440 Thread [1460:4728] 0000000072237540 Thread [1460:4816] 00000000728cf28e Thread [1460:3220] 00000000728cf28e Thread [1460:4544] 0000000071dd8880 Thread [1460:3916] 00000000728cf28e Thread [1460:5240] 00000000772f3e85 Thread [1460:5560] 00000000728cf28e Thread [1460:5824] 0000000074e6d864 Thread [1460:3936] 00000000772f3e85 Thread [1460:3100] 00000000772f3e85 Thread [1460:4112] 00000000772f3e85 Thread [1460:5572] 00000000772f3e85 Thread [1460:2184] 00000000772f3e85 Thread C:\Windows\system32\WLANExt.exe [1468:1500] 0000000072c71dbc Thread C:\Windows\system32\WLANExt.exe [1468:1504] 000007fefa2edcd0 Thread C:\Windows\system32\WLANExt.exe [1468:1512] 0000000072c71dbc Thread C:\Windows\system32\WLANExt.exe [1468:1788] 000007fefa0e2f9c Thread C:\Windows\system32\WLANExt.exe [1468:2120] 000007fef9ff46e4 Thread C:\Windows\system32\WLANExt.exe [1468:2124] 000007fef9ff4700 Thread C:\Windows\system32\WLANExt.exe [1468:2128] 000007fef9ff46c8 Thread C:\Windows\system32\WLANExt.exe [1468:2132] 000007fefa0e2f9c Thread [1640:1656] 000007fefedca808 Thread [1640:1660] 00000000770daef0 Thread [1640:2144] 000007fef7f010c8 Thread [1640:1416] 000007fef7ec6144 Thread [1640:2244] 000007fef6e75fd0 Thread [1640:2252] 000007fef6e63438 Thread [1640:2248] 000007fef6e763ec Thread [1640:1260] 000007fef8445e5c Thread [1640:1348] 000007fef86b5074 Thread [1640:2364] 000007fefede6e60 Thread [1640:1248] 000007fefede6e60 Thread [1640:2764] 000007fefede6e60 Thread [1640:2256] 000007fef7f58760 Thread [1640:2756] 000007fefede6e60 Thread [1640:2484] 00000000770dfbf0 Thread [1640:4872] 00000000770dfbf0 Thread [1640:4504] 00000000770dfbf0 Thread C:\Windows\system32\svchost.exe [1668:1984] 000007fef92e35c0 Thread C:\Windows\system32\svchost.exe [1668:1168] 000007fef92e5600 Thread C:\Windows\system32\svchost.exe [1668:5360] 000007fee8a22940 Thread C:\Windows\system32\svchost.exe [1668:5408] 000007fee8112888 Thread C:\Windows\SysWOW64\ntdll.dll [1856:1860] 000000000044100c Thread C:\Windows\SysWOW64\ntdll.dll [1856:1932] 00000000004127c0 Thread C:\Windows\SysWOW64\ntdll.dll [1856:1936] 00000000004127c0 Thread C:\Windows\SysWOW64\ntdll.dll [1856:1944] 00000000004127c0 Thread C:\Windows\SysWOW64\ntdll.dll [2396:2400] 00000000002e4637 Thread C:\Windows\SysWOW64\ntdll.dll [2396:2448] 00000000002e1890 Thread C:\Windows\SysWOW64\ntdll.dll [2396:2452] 00000000002e1080 Thread C:\Windows\SysWOW64\ntdll.dll [2208:2212] 000000000041677b Thread C:\Windows\SysWOW64\ntdll.dll [1420:3760] 00000000012f47ae Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [4896:5044] 000000007187345e Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [4896:5048] 000000006c5fecd5 Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [4896:5052] 000000007187345e Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [4896:5056] 000000006c3768d8 Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [4896:4844] 000000006c3768d8 Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [4896:4808] 000000006c36ce79 Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [4896:4788] 000000007187345e Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [4896:4820] 000000006c5ac26f Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [4896:2380] 000000007187345e Thread C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [4804:4940] 000000006a974504 Thread C:\Windows\system32\svchost.exe [5620:5976] 000007fef6e75fd0 Thread C:\Windows\system32\svchost.exe [5620:6056] 000007fef6e763ec Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5892:3336] 000007fefbc12a7c Thread C:\Windows\System32\svchost.exe [1940:1648] 000007fee4429688 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4ceb4269241c Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4ceb4269241c@2013e0a3b49c 0x0D 0x1C 0x69 0x44 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4ceb4269241c@b8f9344b0ec8 0xDD 0xBD 0x54 0xB6 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4ceb4269241c@0026ccc9d402 0x0F 0x89 0xA7 0xAD ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4ceb4269241c@a4e731d2a1d2 0x81 0xE6 0xA7 0x1E ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4ceb4269241c@bccfcc17f2ac 0x57 0xA0 0xCD 0x09 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4ceb4269241c@00266959563c 0x08 0xB8 0x9E 0xD3 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4ceb4269241c@001986002b48 0x18 0x1D 0xBE 0xB2 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4ceb4269241c@7c6193775e5e 0xC9 0xB3 0xA7 0x25 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4ceb4269241c@34c80339b505 0x2D 0x9F 0x72 0xF5 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4ceb4269241c@502e5c1f5854 0x4F 0xD3 0x5F 0x6B ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4ceb4269241c@3c8bfeb376ad 0x88 0xF9 0xCB 0x18 ... Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{FCB93D1D-A324-4EA2-82BE-D22F96176D58}@LeaseObtainedTime 1398956533 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{FCB93D1D-A324-4EA2-82BE-D22F96176D58}@T1 1398958333 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{FCB93D1D-A324-4EA2-82BE-D22F96176D58}@T2 1398959683 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{FCB93D1D-A324-4EA2-82BE-D22F96176D58}@LeaseTerminatesTime 1398960133 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4ceb4269241c (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4ceb4269241c@2013e0a3b49c 0x0D 0x1C 0x69 0x44 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4ceb4269241c@b8f9344b0ec8 0xDD 0xBD 0x54 0xB6 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4ceb4269241c@0026ccc9d402 0x0F 0x89 0xA7 0xAD ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4ceb4269241c@a4e731d2a1d2 0x81 0xE6 0xA7 0x1E ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4ceb4269241c@bccfcc17f2ac 0x57 0xA0 0xCD 0x09 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4ceb4269241c@00266959563c 0x08 0xB8 0x9E 0xD3 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4ceb4269241c@001986002b48 0x18 0x1D 0xBE 0xB2 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4ceb4269241c@7c6193775e5e 0xC9 0xB3 0xA7 0x25 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4ceb4269241c@34c80339b505 0x2D 0x9F 0x72 0xF5 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4ceb4269241c@502e5c1f5854 0x4F 0xD3 0x5F 0x6B ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4ceb4269241c@3c8bfeb376ad 0x88 0xF9 0xCB 0x18 ... ---- EOF - GMER 2.1 ----