GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-22 23:49:50 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1 465,76GB Running: t27xsst3.exe; Driver: c:\Temp\pxldypow.sys ---- System - GMER 2.1 ---- SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwAllocateVirtualMemory [0x92B8D0BE] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwAlpcConnectPort [0x92B90566] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwAlpcSendWaitReceivePort [0x92B9009C] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwAssignProcessToJobObject [0x92B8DC88] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwClose [0x92B90B8C] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwConnectPort [0x92B8F418] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwCreateFile [0x92B8E95C] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwCreateKey [0x92B8FB10] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwCreateProcess [0x92B8DEDE] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwCreateProcessEx [0x92B8DF94] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwCreateSection [0x92B8E27E] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwCreateThread [0x92B8CA2E] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwCreateThreadEx [0x92B90DA8] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwDeviceIoControlFile [0x92B8FC80] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwDuplicateObject [0x92B9411A] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwFsControlFile [0x92B8FF38] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwLoadDriver [0x92B8D594] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwMakeTemporaryObject [0x92B90934] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwOpenFile [0x92B8E74E] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwOpenProcess [0x92B93B72] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwOpenSection [0x92B8E04E] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwOpenThread [0x92B93E22] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwProtectVirtualMemory [0x92B8CF42] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwQueueApcThread [0x92B8DDB0] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwReplaceKey [0x92B90782] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwRequestPort [0x92B8F586] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwRequestWaitReplyPort [0x92B8EF1A] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwRestoreKey [0x92B9080C] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwSecureConnectPort [0x92B8F9A0] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwSetContextThread [0x92B8CB9E] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwSetSecurityObject [0x92B906DC] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwSetSystemInformation [0x92B8D78E] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwShutdownSystem [0x92B9089E] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwSuspendProcess [0x92B8CE1A] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwSuspendThread [0x92B8CCF4] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwSystemDebugControl [0x92B8DBBA] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwTerminateProcess [0x92B93A6A] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwTerminateThread [0x92B9430C] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwUnloadDriver [0x92B909CA] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwWriteVirtualMemory [0x92B8C8B2] SYSENTER \SystemRoot\system32\DRIVERS\avc3.sys 8CEF1000 ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRequestWaitReplyPort + 1495 844449E5 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8447E312 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 84485578 4 Bytes [BE, D0, B8, 92] .text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 84485584 4 Bytes [66, 05, B9, 92] {ADD AX, 0x92b9} .text ntkrnlpa.exe!KeRemoveQueueEx + 1143 844855C8 4 Bytes [9C, 00, B9, 92] .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 844855D8 4 Bytes [88, DC, B8, 92] .text ntkrnlpa.exe!KeRemoveQueueEx + 116F 844855F4 4 Bytes [8C, 0B, B9, 92] .text ... ---- User code sections - GMER 2.1 ---- .text C:\windows\System32\spoolsv.exe[404] WS2_32.dll!connect 757B6BDD 1 Byte [E9] .text C:\Users\dom\Desktop\przegladarki\Palemoon_download\t27xsst3.exe[564] ntdll.dll!NtReadFile + 8 77046300 2 Bytes [2B, FC] {SUB EDI, ESP} .text C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe[908] ntdll.dll!NtTerminateProcess 77046908 5 Bytes JMP 016507D0 .text C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe[908] kernel32.dll!UnhandledExceptionFilter 75CD0709 5 Bytes JMP 018307D0 .text C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[924] ntdll.dll!NtTerminateProcess 77046908 5 Bytes JMP 017507D0 .text C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[924] kernel32.dll!UnhandledExceptionFilter 75CD0709 5 Bytes JMP 018E07D0 .text C:\Users\dom\AppData\Local\FluxSoftware\Flux\flux.exe[960] ntdll.dll!NtReadFile + 8 77046300 2 Bytes [2B, FC] {SUB EDI, ESP} .text C:\Users\dom\AppData\Local\FluxSoftware\Flux\flux.exe[960] WS2_32.dll!connect 757B6BDD 1 Byte [E9] .text C:\windows\system32\svchost.exe[1696] WS2_32.dll!connect 757B6BDD 1 Byte [E9] .text C:\windows\system32\svchost.exe[1856] SHELL32.dll!SHRestricted + 2521 760A1554 2 Bytes [25, FD] .text C:\windows\system32\svchost.exe[1856] WS2_32.dll!connect 757B6BDD 1 Byte [E9] .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2052] WS2_32.dll!connect 757B6BDD 1 Byte [E9] .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[2112] WS2_32.dll!connect 757B6BDD 1 Byte [E9] .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2216] WS2_32.dll!connect 757B6BDD 1 Byte [E9] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2324] WS2_32.dll!connect 757B6BDD 1 Byte [E9] .text ... .text C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe[2416] ntdll.dll!NtTerminateProcess 77046908 5 Bytes JMP 026807D0 .text C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe[2416] kernel32.dll!UnhandledExceptionFilter 75CD0709 5 Bytes JMP 027707D0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2548] WS2_32.dll!connect 757B6BDD 1 Byte [E9] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2628] WS2_32.dll!connect 757B6BDD 1 Byte [E9] .text C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe[2636] ntdll.dll!NtTerminateProcess 77046908 5 Bytes JMP 00BB07D0 .text C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe[2636] kernel32.dll!UnhandledExceptionFilter 75CD0709 5 Bytes JMP 014407D0 .text C:\windows\Explorer.EXE[2908] WS2_32.dll!WahWriteLSPEvent 757B145D 1 Byte [E9] .text C:\Program Files\Pale Moon\palemoon.exe[3464] ntdll.dll!LdrGetProcedureAddress + 26 770622A9 7 Bytes JMP 5FA66E40 C:\Program Files\Pale Moon\xul.dll .text C:\Program Files\Pale Moon\palemoon.exe[3464] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 75CB94E6 7 Bytes JMP 60882CA0 C:\Program Files\Pale Moon\xul.dll .text C:\Program Files\Pale Moon\palemoon.exe[3464] kernel32.dll!QueryPerformanceCounter + 13 75CBC4E5 7 Bytes JMP 60882C50 C:\Program Files\Pale Moon\xul.dll .text C:\Program Files\Pale Moon\palemoon.exe[3464] GDI32.dll!GetViewportOrgEx + 26C 771E884B 7 Bytes JMP 60882CD0 C:\Program Files\Pale Moon\xul.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3528] WS2_32.dll!connect 757B6BDD 1 Byte [E9] .text C:\windows\system32\svchost.exe[3628] WS2_32.dll!connect 757B6BDD 1 Byte [E9] .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3844] WS2_32.dll!connect 757B6BDD 1 Byte [E9] .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[3972] WS2_32.dll!connect 757B6BDD 1 Byte [E9] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4344] WS2_32.dll!connect 757B6BDD 1 Byte [E9] .text ... .text C:\windows\System32\svchost.exe[5112] WS2_32.dll!WahWriteLSPEvent 757B1460 2 Bytes [B4, FD] {MOV AH, 0xfd} .text C:\windows\System32\svchost.exe[5112] WS2_32.dll!connect 757B6BDD 1 Byte [E9] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\windows\Explorer.EXE[2908] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [003D249F] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\windows\Explorer.EXE[2908] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [003B5652] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\windows\Explorer.EXE[2908] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [003B5710] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\windows\Explorer.EXE[2908] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipFree] [003D251A] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\windows\Explorer.EXE[2908] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [003C857E] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\windows\Explorer.EXE[2908] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [003C4D32] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\windows\Explorer.EXE[2908] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [003C50D9] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\windows\Explorer.EXE[2908] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [003C51AE] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\windows\Explorer.EXE[2908] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [003C66DB] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\windows\Explorer.EXE[2908] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [003C82D5] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\windows\Explorer.EXE[2908] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [003C8824] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\windows\Explorer.EXE[2908] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [003C9085] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\windows\Explorer.EXE[2908] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [003CE228] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\windows\Explorer.EXE[2908] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [003C4C64] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654edff Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654f493 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654f652 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b6558b40 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b6558b40@943af009bb85 0x30 0x7A 0x2A 0x2B ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b6558b40@30d6c9527ead 0x45 0x13 0xC0 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b6558b40@a8922cb3967e 0x81 0x52 0xD9 0xDD ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b6558b40@4859297d7583 0xE0 0xC6 0x5D 0xF7 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654edff (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654f493 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654f652 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b6558b40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b6558b40@943af009bb85 0x30 0x7A 0x2A 0x2B ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b6558b40@30d6c9527ead 0x45 0x13 0xC0 0x80 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b6558b40@a8922cb3967e 0x81 0x52 0xD9 0xDD ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b6558b40@4859297d7583 0xE0 0xC6 0x5D 0xF7 ... ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.1 ---- File C:\Windows\winsxs\x86_microsoft-windows-i..tional-chinese-core_31bf3856ad364e35_6.1.7601.17514_none_5b8b67785f3a2616\IMTCCFG.DLL (size mismatch) 171520/172032 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-o..achine-ui.resources_31bf3856ad364e35_6.1.7601.17514_pl-pl_9ba6407eac326189\msoobeui.dll.mui (size mismatch) 23552/24064 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-oobe-machine_31bf3856ad364e35_6.1.7601.17514_none_0f85b4206173c24c\msoobe.exe (size mismatch) 67072/67584 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-rasserver_31bf3856ad364e35_6.1.7601.17514_none_adb0a342c60efa1a\RasMigPlugin.dll (size mismatch) 116736/172544 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-rasapi_31bf3856ad364e35_6.1.7601.17514_none_6f3ee955adc74b87\pbkmigr.dll (size mismatch) 47104/67584 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-setup-component_31bf3856ad364e35_6.1.7601.17514_none_3433e83a0b8461a2\Setup.exe (size mismatch) 244224/245248 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-setup-component_31bf3856ad364e35_6.1.7601.17514_none_3433e83a0b8461a2\spprgrss.dll (size mismatch) 53760/54272 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-setup-component_31bf3856ad364e35_6.1.7601.17514_none_3433e83a0b8461a2\wdsutil.dll (size mismatch) 50688/51200 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-setup-component_31bf3856ad364e35_6.1.7601.17514_none_3433e83a0b8461a2\windeploy.exe (size mismatch) 96256/96768 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-setup-component_31bf3856ad364e35_6.1.7601.17514_none_3433e83a0b8461a2\WinLGDep.dll (size mismatch) 52736/53248 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-setup-component_31bf3856ad364e35_6.1.7601.17514_none_3433e83a0b8461a2\winsetup.dll (size mismatch) 1794048/1795584 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-w..-installer-provider_31bf3856ad364e35_6.1.7601.17514_none_2c90813538733827\msiprov.dll (size mismatch) 311808/311296 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.1.7601.17514_none_fd50bd45d7febcf3\fastprox.dll (size mismatch) 605696/606208 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.1.7601.17514_none_126a2876e9a722d2\WmiPrvSD.dll (size mismatch) 515584/517120 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.1.7601.17514_none_126a2876e9a722d2\WmiPrvSE.exe (size mismatch) 254976/257536 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-wmi-ds-provider_31bf3856ad364e35_6.1.7601.17514_none_8af0a42f3093a384\dsprov.dll (size mismatch) 130560/130048 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-wmi-ntevent-provider_31bf3856ad364e35_6.1.7601.17514_none_f2610a3c0b1c7d97\ntevt.dll (size mismatch) 175616/175104 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-w..ovider-cimwin32-dll_31bf3856ad364e35_6.1.7601.17514_none_d1b25b1c6451e490\cimwin32.dll (size mismatch) 1340416/1341952 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-oobe-machine-ui_31bf3856ad364e35_6.1.7601.17514_none_646298193ff2d1d5\msoobeui.dll (size mismatch) 1111040/1115136 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-wmi-core-wbemcore-dll_31bf3856ad364e35_6.1.7601.17514_none_e3c71ccf3513c780\wbemcore.dll (size mismatch) 776192/780288 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-aero_31bf3856ad364e35_6.1.7601.17514_none_adea7b7677abaf54\aero.msstyles (size mismatch) 1187984/1171088 bytes executable File C:\TEMP\~bd55F9.tmp 0 bytes ---- EOF - GMER 2.1 ----