GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-11-08 21:54:59 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GT00 596,17GB Running: z4cfbo9b.exe; Driver: C:\Users\Sigon\AppData\Local\Temp\awddykod.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800033f0000 40 bytes [C7, 83, 08, 20, 00, 00, FC, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 569 fffff800033f0029 41 bytes [83, C4, 30, 41, 5F, 41, 5E, ...] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\Dwm.exe[1972] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff1589e0 8 bytes JMP 000007fffd7c01f0 .text C:\Windows\system32\Dwm.exe[1972] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff15be40 8 bytes JMP 000007fffd7c01b8 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075971465 2 bytes [97, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759714bb 2 bytes [97, 75] .text ... * 2 .text C:\Windows\SysWOW64\PnkBstrA.exe[2596] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000070ec1a22 2 bytes [EC, 70] .text C:\Windows\SysWOW64\PnkBstrA.exe[2596] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000070ec1ad0 2 bytes [EC, 70] .text C:\Windows\SysWOW64\PnkBstrA.exe[2596] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000070ec1b08 2 bytes [EC, 70] .text C:\Windows\SysWOW64\PnkBstrA.exe[2596] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000070ec1bba 2 bytes [EC, 70] .text C:\Windows\SysWOW64\PnkBstrA.exe[2596] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000070ec1bda 2 bytes [EC, 70] .text C:\Program Files\DellTPad\Apoint.exe[2780] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007753a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\DellTPad\Apoint.exe[2780] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077543f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\DellTPad\Apoint.exe[2780] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007755ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\DellTPad\Apoint.exe[2780] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007756f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\DellTPad\Apoint.exe[2780] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077599a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\DellTPad\Apoint.exe[2780] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775a94c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\DellTPad\Apoint.exe[2780] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000775c87e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2824] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007753a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2824] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077543f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2824] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007755ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2824] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007756f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2824] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077599a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2824] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775a94c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2824] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000775c87e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2856] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007753a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2856] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077543f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2856] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007755ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2856] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007756f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2856] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077599a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2856] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775a94c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2856] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000775c87e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2856] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd7d2db0 5 bytes JMP 000007fffd7c0180 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2856] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7d37d0 7 bytes JMP 000007fffd7c00d8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2856] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd7d8ef0 6 bytes JMP 000007fffd7c0148 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2856] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd7eaf60 5 bytes JMP 000007fffd7c0110 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2856] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff1589e0 8 bytes JMP 000007fffd7c01f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2856] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff15be40 8 bytes JMP 000007fffd7c01b8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2856] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefef67490 11 bytes JMP 000007fffd7c0228 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2856] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefef7bf00 7 bytes JMP 000007fffd7c0260 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2956] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000754f1f0e 7 bytes JMP 0000000170e94b10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2956] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000754f5bad 7 bytes JMP 0000000170e954b0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2956] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075501409 7 bytes JMP 0000000170e94e50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2956] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007550ea45 7 bytes JMP 0000000170e94b00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2956] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075598e24 7 bytes JMP 0000000170e945c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2956] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075598ea9 5 bytes JMP 0000000170e94670 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2956] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000755991ff 5 bytes JMP 0000000170e945d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2956] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000773f1d29 5 bytes JMP 0000000170e94580 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2956] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000773f1dd7 5 bytes JMP 0000000170e94540 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2956] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000773f2ab1 5 bytes JMP 0000000100a52dcc .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2956] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000773f2d17 5 bytes JMP 0000000170e94360 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2956] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075d88a29 5 bytes JMP 0000000170e93a40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2956] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075d94572 5 bytes JMP 0000000170e942e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2956] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075dae567 5 bytes JMP 0000000170e94350 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2956] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075dd07d7 5 bytes JMP 0000000170e93850 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2956] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075de7a5c 5 bytes JMP 0000000170e942d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2956] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000758ce96b 5 bytes JMP 0000000170e93b60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2956] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000758ceba5 5 bytes JMP 0000000170e93b80 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2956] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000771e5ea5 5 bytes JMP 0000000170e93a00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2956] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077219d0b 5 bytes JMP 0000000170e93990 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075971465 2 bytes [97, 75] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759714bb 2 bytes [97, 75] .text ... * 2 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3808] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007753a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3808] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077543f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3808] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007755ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3808] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007756f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3808] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077599a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3808] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775a94c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3808] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000775c87e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3808] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd7d2db0 5 bytes JMP 000007fffd7c0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3808] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7d37d0 7 bytes JMP 000007fffd7c00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3808] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd7d8ef0 6 bytes JMP 000007fffd7c0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3808] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd7eaf60 5 bytes JMP 000007fffd7c0110 .text C:\Windows\system32\wuauclt.exe[4340] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd7d2db0 5 bytes JMP 000007fffd7c0180 .text C:\Windows\system32\wuauclt.exe[4340] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7d37d0 7 bytes JMP 000007fffd7c00d8 .text C:\Windows\system32\wuauclt.exe[4340] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd7d8ef0 6 bytes JMP 000007fffd7c0148 .text C:\Windows\system32\wuauclt.exe[4340] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd7eaf60 5 bytes JMP 000007fffd7c0110 .text C:\Windows\system32\wuauclt.exe[4340] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefef67490 11 bytes JMP 000007fffd7c0228 .text C:\Windows\system32\wuauclt.exe[4340] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefef7bf00 7 bytes JMP 000007fffd7c0260 .text C:\Windows\system32\wuauclt.exe[4340] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff1589e0 8 bytes JMP 000007fffd7c01f0 .text C:\Windows\system32\wuauclt.exe[4340] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff15be40 8 bytes JMP 000007fffd7c01b8 .text C:\Users\Sigon\Downloads\z4cfbo9b.exe[3568] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000754f1f0e 7 bytes JMP 0000000170e94b10 .text C:\Users\Sigon\Downloads\z4cfbo9b.exe[3568] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000754f5bad 7 bytes JMP 0000000170e954b0 .text C:\Users\Sigon\Downloads\z4cfbo9b.exe[3568] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075501409 7 bytes JMP 0000000170e94e50 .text C:\Users\Sigon\Downloads\z4cfbo9b.exe[3568] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007550ea45 7 bytes JMP 0000000170e94b00 .text C:\Users\Sigon\Downloads\z4cfbo9b.exe[3568] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075598e24 7 bytes JMP 0000000170e945c0 .text C:\Users\Sigon\Downloads\z4cfbo9b.exe[3568] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075598ea9 5 bytes JMP 0000000170e94670 .text C:\Users\Sigon\Downloads\z4cfbo9b.exe[3568] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000755991ff 5 bytes JMP 0000000170e945d0 .text C:\Users\Sigon\Downloads\z4cfbo9b.exe[3568] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000773f1d29 5 bytes JMP 0000000170e94580 .text C:\Users\Sigon\Downloads\z4cfbo9b.exe[3568] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000773f1dd7 5 bytes JMP 0000000170e94540 .text C:\Users\Sigon\Downloads\z4cfbo9b.exe[3568] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000773f2ab1 5 bytes JMP 0000000170e94680 .text C:\Users\Sigon\Downloads\z4cfbo9b.exe[3568] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000773f2d17 5 bytes JMP 0000000170e94360 .text C:\Users\Sigon\Downloads\z4cfbo9b.exe[3568] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000758ce96b 5 bytes JMP 0000000170e93b60 .text C:\Users\Sigon\Downloads\z4cfbo9b.exe[3568] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000758ceba5 5 bytes JMP 0000000170e93b80 .text C:\Users\Sigon\Downloads\z4cfbo9b.exe[3568] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075d88a29 5 bytes JMP 0000000170e93a40 .text C:\Users\Sigon\Downloads\z4cfbo9b.exe[3568] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075d94572 5 bytes JMP 0000000170e942e0 .text C:\Users\Sigon\Downloads\z4cfbo9b.exe[3568] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075dae567 5 bytes JMP 0000000170e94350 .text C:\Users\Sigon\Downloads\z4cfbo9b.exe[3568] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075dd07d7 5 bytes JMP 0000000170e93850 .text C:\Users\Sigon\Downloads\z4cfbo9b.exe[3568] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075de7a5c 5 bytes JMP 0000000170e942d0 ---- Processes - GMER 2.1 ---- Process C:\Users\Sigon\AppData\Roaming\Annoyed History\Annoyed History.exe (*** suspicious ***) @ C:\Users\Sigon\AppData\Roaming\Annoyed History\Annoyed History.exe [1920](2015-06-26 11:59:04) 0000000000f40000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{50B3CB18-B0F0-4C78-A203-91C0FFD860F7}\Connection@Name isatap.{AA4BB80C-14FC-41CD-AA8A-BD37554B0FF5} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{EE176F60-3274-4142-9235-17BDD7FE7872}\Connection@Name isatap.{A04F260A-7B16-4E79-A23F-70A6E1658CF2} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{EE176F60-3274-4142-9235-17BDD7FE7872}?\Device\{50B3CB18-B0F0-4C78-A203-91C0FFD860F7}?\Device\{ADBF954A-4C03-42EB-A12C-1C8699A6AAF1}?\Device\{F7EBAEFB-25BF-47BD-A0BE-AAFC6F2F18CA}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{EE176F60-3274-4142-9235-17BDD7FE7872}"?"{50B3CB18-B0F0-4C78-A203-91C0FFD860F7}"?"{ADBF954A-4C03-42EB-A12C-1C8699A6AAF1}"?"{F7EBAEFB-25BF-47BD-A0BE-AAFC6F2F18CA}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{EE176F60-3274-4142-9235-17BDD7FE7872}?\Device\TCPIP6TUNNEL_{50B3CB18-B0F0-4C78-A203-91C0FFD860F7}?\Device\TCPIP6TUNNEL_{ADBF954A-4C03-42EB-A12C-1C8699A6AAF1}?\Device\TCPIP6TUNNEL_{F7EBAEFB-25BF-47BD-A0BE-AAFC6F2F18CA}? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ac72894a9713 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ac72894a9713@c0cb38daa700 0x2D 0x91 0x11 0x48 ... Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{50B3CB18-B0F0-4C78-A203-91C0FFD860F7}@InterfaceName isatap.{AA4BB80C-14FC-41CD-AA8A-BD37554B0FF5} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{50B3CB18-B0F0-4C78-A203-91C0FFD860F7}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{EE176F60-3274-4142-9235-17BDD7FE7872}@InterfaceName isatap.{A04F260A-7B16-4E79-A23F-70A6E1658CF2} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{EE176F60-3274-4142-9235-17BDD7FE7872}@ReusableType 0 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ac72894a9713 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ac72894a9713@c0cb38daa700 0x2D 0x91 0x11 0x48 ... ---- Files - GMER 2.1 ---- File C:\Users\Sigon\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006aa0 263553 bytes File C:\Users\Sigon\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006aa1 93873 bytes ---- EOF - GMER 2.1 ----