GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-10-25 13:35:48 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000033 WDC_WD5000LPVX-80V0TT0 rev.01.01A01 465,76GB Running: u5j51to5.exe; Driver: C:\Users\Piter\AppData\Local\Temp\kxrdapow.sys ---- User code sections - GMER 2.2 ---- ? C:\WINDOWS\SYSTEM32\NTASN1.dll [2452] entry point in ".rdata" section 000000006ae9a020 ? C:\WINDOWS\system32\ncryptsslp.dll [2452] entry point in ".rdata" section 000000006c1a04f0 ? C:\WINDOWS\system32\apphelp.dll [3996] entry point in ".rdata" section 0000000073a4f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [3996] entry point in ".rdata" section 0000000073161310 ? C:\WINDOWS\SYSTEM32\atlthunk.dll [3996] entry point in ".data" section 000000006f3f4290 ? C:\WINDOWS\system32\apphelp.dll [5152] entry point in ".rdata" section 0000000073a4f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [5152] entry point in ".rdata" section 0000000073161310 ? C:\WINDOWS\system32\apphelp.dll [436] entry point in ".rdata" section 0000000073a4f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [436] entry point in ".rdata" section 0000000073161310 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [436] entry point in ".rdata" section 000000006ae9a020 ? C:\WINDOWS\system32\apphelp.dll [4992] entry point in ".rdata" section 0000000073a4f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [4992] entry point in ".rdata" section 0000000073161310 ? C:\WINDOWS\system32\apphelp.dll [5588] entry point in ".rdata" section 0000000073a4f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [5588] entry point in ".rdata" section 0000000073161310 ? C:\WINDOWS\system32\apphelp.dll [5964] entry point in ".rdata" section 0000000073a4f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [5964] entry point in ".rdata" section 0000000073161310 ? C:\WINDOWS\system32\apphelp.dll [6816] entry point in ".rdata" section 0000000073a4f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [6816] entry point in ".rdata" section 0000000073161310 ? C:\WINDOWS\system32\apphelp.dll [6968] entry point in ".rdata" section 0000000073a4f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [6968] entry point in ".rdata" section 0000000073161310 ? C:\WINDOWS\system32\apphelp.dll [7008] entry point in ".rdata" section 0000000073a4f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [7008] entry point in ".rdata" section 0000000073161310 ? C:\WINDOWS\system32\apphelp.dll [7052] entry point in ".rdata" section 0000000073a4f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [7052] entry point in ".rdata" section 0000000073161310 ? C:\WINDOWS\system32\apphelp.dll [7120] entry point in ".rdata" section 0000000073a4f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [7120] entry point in ".rdata" section 0000000073161310 ? C:\WINDOWS\system32\apphelp.dll [6208] entry point in ".rdata" section 0000000073a4f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [6208] entry point in ".rdata" section 0000000073161310 ? C:\WINDOWS\system32\apphelp.dll [6232] entry point in ".rdata" section 0000000073a4f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [6232] entry point in ".rdata" section 0000000073161310 ? C:\WINDOWS\system32\apphelp.dll [5696] entry point in ".rdata" section 0000000073a4f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [5696] entry point in ".rdata" section 0000000073161310 ? C:\WINDOWS\system32\apphelp.dll [4060] entry point in ".rdata" section 0000000073a4f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [4060] entry point in ".rdata" section 0000000073161310 ? C:\WINDOWS\system32\apphelp.dll [3912] entry point in ".rdata" section 0000000073a4f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [3912] entry point in ".rdata" section 0000000073161310 ? C:\WINDOWS\system32\apphelp.dll [6136] entry point in ".rdata" section 0000000073a4f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [6136] entry point in ".rdata" section 0000000073161310 ? C:\WINDOWS\system32\apphelp.dll [5708] entry point in ".rdata" section 0000000073a4f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [5708] entry point in ".rdata" section 0000000073161310 ? C:\WINDOWS\system32\apphelp.dll [6748] entry point in ".rdata" section 0000000073a4f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [6748] entry point in ".rdata" section 0000000073161310 ? C:\WINDOWS\system32\apphelp.dll [6812] entry point in ".rdata" section 0000000073a4f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [6812] entry point in ".rdata" section 0000000073161310 ? C:\WINDOWS\system32\apphelp.dll [6464] entry point in ".rdata" section 0000000073a4f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [6464] entry point in ".rdata" section 0000000073161310 ? C:\WINDOWS\system32\apphelp.dll [544] entry point in ".rdata" section 0000000073a4f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [544] entry point in ".rdata" section 0000000073161310 ? C:\WINDOWS\system32\apphelp.dll [4572] entry point in ".rdata" section 0000000073a4f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [4572] entry point in ".rdata" section 0000000073161310 ? C:\WINDOWS\system32\apphelp.dll [9172] entry point in ".rdata" section 0000000073a4f7c0 ? C:\WINDOWS\system32\mssprxy.dll [9172] entry point in ".rdata" section 000000006c16a650 ? C:\WINDOWS\SYSTEM32\iertutil.dll [9172] entry point in ".rdata" section 0000000073161310 ? C:\WINDOWS\system32\apphelp.dll [7232] entry point in ".rdata" section 0000000073a4f7c0 ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [664:876] ffffc29023da6c20 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0xAC 0xBF 0xA0 0x31 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0x85 0x04 0xC1 0xE9 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0x73 0xAB 0xAC 0x31 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime 0x38 0xC9 0xC5 0xE9 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 4 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\AUO47EC0_00_07DD_D5^9B8B4178B5361CADACB31D4C6C44189A@Timestamp 0x51 0x8B 0xCF 0x32 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 784 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 885822159 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 9e0cadaa-530e-4ed1-9570-871c00c Reg HKLM\SYSTEM\CurrentControlSet\Control\WDI\Config@ServerName \BaseNamedObjects\WDI_{ff6a06a3-d82e-4d9e-90da-45f764c90b2a} Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\485ab6032984 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_60071 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_60071@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_60071@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_60071@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_60071@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_60071@DisplayName CDPUserSvc_60071 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_60071@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_60071@Description @%SystemRoot%\system32\cdpusersvc.dll,-101 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_60071\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_60071\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_60071 Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{ecf9ed9c-6c49-42fa-baeb-0bcb1d8ead3b}@LastProbeTime 1477394969 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{6BC94319-CCF5-4538-B972-72388185C69C}@DefunctTimestamp 0xA2 0x25 0x0F 0x58 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\c8-3a-35-37-09-b8@AddressCreationTimestamp 0x6C 0xB7 0x1F 0x0E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\c8-3a-35-37-09-b8@NatDetectionTimestamp 0x6C 0xB7 0x1F 0x0E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\c8-3a-35-37-09-b8@UPnPExternalPort 60555 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\c8-3a-35-37-09-b8@TeredoAddress 2001:0:9d38:6ab8:2002:d65:4f22:8513 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\c8-3a-35-37-09-b8@ClientLocalPort 60555 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_60071 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_60071@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_60071@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_60071@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_60071@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_60071@DisplayName Us?uga wiadomo?ci_60071 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_60071@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_60071@Description @%SystemRoot%\system32\MessagingService.dll,-101 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_60071\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_60071\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_60071\TriggerInfo Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_60071\TriggerInfo\0 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_60071\TriggerInfo\0@Type 7 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_60071\TriggerInfo\0@Action 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_60071\TriggerInfo\0@Guid 0x16 0x28 0x7A 0x2D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_60071\TriggerInfo\0@Data0 0x75 0x18 0xBC 0xA3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_60071\TriggerInfo\0@DataType0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_60071 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_60071 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_60071@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_60071@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_60071@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_60071@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_60071@DisplayName Synchronizuj hosta_60071 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_60071@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_60071@Description @%SystemRoot%\system32\APHostRes.dll,-10001 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_60071\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_60071\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_60071 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_60071 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_60071@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_60071@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_60071@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_60071@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_60071@DisplayName Dane kontaktowe_60071 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_60071@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_60071@Description @%SystemRoot%\system32\UserDataAccessRes.dll,-15000 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_60071\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_60071\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_60071 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Diagnostics@ReadyBootTrainingCountSinceLastServicing 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@ReadyBootPlanAge 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ?wt.?, ?pa? ?25 ?16, 11:34:00?????????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@EffectivePends 384 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 1039 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 52 Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{fd21219f-2cd0-4656-90f4-a3837ad17dcf}@LeaseObtainedTime 1477387769 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{fd21219f-2cd0-4656-90f4-a3837ad17dcf}@T1 1477430969 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{fd21219f-2cd0-4656-90f4-a3837ad17dcf}@T2 1477463369 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{fd21219f-2cd0-4656-90f4-a3837ad17dcf}@LeaseTerminatesTime 1477474169 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_60071 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_60071@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_60071@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_60071@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_60071@ImagePath C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_60071@DisplayName Magazyn danych u?ytkownika_60071 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_60071@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_60071@Description @%SystemRoot%\system32\UserDataAccessRes.dll,-10002 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_60071\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_60071\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_60071 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_60071 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_60071@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_60071@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_60071@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_60071@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_60071@DisplayName Dost?p do danych u?ytkownika_60071 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_60071@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_60071@Description @%SystemRoot%\system32\UserDataAccessRes.dll,-14000 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_60071\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_60071\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_60071 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0xF7 0x68 0xB0 0x2C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0xF7 0xD0 0x74 0x8E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0xF7 0x00 0xEC 0xCA ... Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Object List 9666 9672 9684 9718 9760 9786 9832 9842 9852 9872 9916 9926 9964 9970 9986 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Counter 9992 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Help 9993 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Counter 9666 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Help 9667 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_60071 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_60071@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_60071@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_60071@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_60071@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_60071@DisplayName Us?uga u?ytkownika powiadomie? WNS_60071 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_60071@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_60071@Description @%SystemRoot%\system32\WpnUserService.dll,-2 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_60071\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_60071\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_60071 Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\2@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\2@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\3@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\3@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\4@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\4@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@Chrome 0x66 0x63 0x4E 0xB2 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{6038220E-3A27-4C9E-B07A-C5A0B11514B8}@LastAccessedTime 0x30 0xEE 0x9E 0xA2 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{6038220E-3A27-4C9E-B07A-C5A0B11514B8}@LaunchCount 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Security and Maintenance@MessageTime 0xDB 0xBC 0x3A 0xB7 ... ---- EOF - GMER 2.2 ----