GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-12-17 15:11:40 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST1000LM024_HN-M101MBB rev.2AR20002 931,51GB Running: 975g1inx.exe; Driver: C:\Users\Lenovo\AppData\Local\Temp\kfrdapow.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000773aa3e0 7 bytes JMP 000000006fff0260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000773b3ef0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773cfff0 5 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773df3e0 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077409c70 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077419700 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077419870 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077438aa0 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefeff6d10 11 bytes JMP 000007fefd210228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1180] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff00b4f0 7 bytes JMP 000007fefd210260 .text C:\Windows\system32\Dwm.exe[1316] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2232f0 7 bytes JMP 000007fefd2100d8 .text C:\Windows\system32\Dwm.exe[1316] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd22aa60 5 bytes JMP 000007fefd210180 .text C:\Windows\system32\Dwm.exe[1316] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd22ac00 5 bytes JMP 000007fefd210110 .text C:\Windows\system32\Dwm.exe[1316] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd239ac0 5 bytes JMP 000007fefd210148 .text C:\Windows\system32\Dwm.exe[1316] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff5d8830 8 bytes JMP 000007fefd2101f0 .text C:\Windows\system32\Dwm.exe[1316] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff5db9e0 8 bytes JMP 000007fefd2101b8 .text C:\Windows\system32\Dwm.exe[1316] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef901dc88 5 bytes JMP 000007fef8e100d8 .text C:\Windows\system32\Dwm.exe[1316] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef901de10 5 bytes JMP 000007fef8e10110 .text C:\Program Files\iTunes\iTunesHelper.exe[2008] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefeff6d10 11 bytes JMP 000007fefd210228 .text C:\Program Files\iTunes\iTunesHelper.exe[2008] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff00b4f0 7 bytes JMP 000007fefd210260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1416] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000773aa3e0 7 bytes JMP 000000006fff0260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1416] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000773b3ef0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1416] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773cfff0 5 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1416] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773df3e0 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1416] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077409c70 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1416] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077419700 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1416] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077419870 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1416] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077438aa0 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1416] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff5d8830 8 bytes JMP 000007fefd2001f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1416] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff5db9e0 8 bytes JMP 000007fefd2001b8 .text C:\Program Files\HP\HP DeskJet 4530 series\Bin\ScanToPCActivationApp.exe[2060] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2232f0 7 bytes JMP 000007fefd2100d8 .text C:\Program Files\HP\HP DeskJet 4530 series\Bin\ScanToPCActivationApp.exe[2060] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd22aa60 5 bytes JMP 000007fefd210180 .text C:\Program Files\HP\HP DeskJet 4530 series\Bin\ScanToPCActivationApp.exe[2060] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd22ac00 5 bytes JMP 000007fefd210110 .text C:\Program Files\HP\HP DeskJet 4530 series\Bin\ScanToPCActivationApp.exe[2060] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd239ac0 5 bytes JMP 000007fefd210148 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2840] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076a61f0e 7 bytes JMP 0000000074541695 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2840] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076a65bad 7 bytes JMP 00000000745411a9 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2840] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a71431 7 bytes JMP 000000007454128a .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2840] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076a7ea85 7 bytes JMP 0000000074541244 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2840] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076a8b263 5 bytes JMP 00000000745415aa .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2840] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b0906c 7 bytes JMP 0000000074541339 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2840] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b090f1 5 bytes JMP 00000000745416d6 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2840] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b09447 5 bytes JMP 000000007454170d .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2840] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000769c1e4c 5 bytes JMP 00000000745411c2 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2840] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000769c1efa 5 bytes JMP 0000000074541014 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2840] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000769c2bdc 5 bytes JMP 0000000074541555 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2840] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000769c2e7e 5 bytes JMP 0000000074541271 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4016] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076a61f0e 7 bytes JMP 0000000074541695 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4016] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076a65bad 7 bytes JMP 00000000745411a9 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4016] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a71431 7 bytes JMP 000000007454128a .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4016] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076a7ea85 7 bytes JMP 0000000074541244 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4016] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076a8b263 5 bytes JMP 00000000745415aa .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4016] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b0906c 7 bytes JMP 0000000074541339 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4016] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b090f1 5 bytes JMP 00000000745416d6 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4016] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b09447 5 bytes JMP 000000007454170d .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[3868] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076a61f0e 7 bytes JMP 0000000074541695 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[3868] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076a65bad 7 bytes JMP 00000000745411a9 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[3868] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a71431 7 bytes JMP 000000007454128a .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[3868] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076a7ea85 7 bytes JMP 0000000074541244 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[3868] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076a8b263 5 bytes JMP 00000000745415aa .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[3868] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b0906c 7 bytes JMP 0000000074541339 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[3868] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b090f1 5 bytes JMP 00000000745416d6 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[3868] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b09447 5 bytes JMP 000000007454170d .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[2148] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076a61f0e 7 bytes JMP 0000000074541695 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[2148] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076a65bad 7 bytes JMP 00000000745411a9 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[2148] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a71431 7 bytes JMP 000000007454128a .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[2148] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076a7ea85 7 bytes JMP 0000000074541244 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[2148] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076a8b263 5 bytes JMP 00000000745415aa .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[2148] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b0906c 7 bytes JMP 0000000074541339 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[2148] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b090f1 5 bytes JMP 00000000745416d6 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[2148] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b09447 5 bytes JMP 000000007454170d .text C:\Program Files\HP\HPDESK~1\Bin\HPNETW~1.EXE[2556] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2232f0 7 bytes JMP 000007fefd1f00d8 .text C:\Program Files\HP\HPDESK~1\Bin\HPNETW~1.EXE[2556] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd22aa60 5 bytes JMP 000007fefd1f0180 .text C:\Program Files\HP\HPDESK~1\Bin\HPNETW~1.EXE[2556] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd22ac00 5 bytes JMP 000007fefd1f0110 .text C:\Program Files\HP\HPDESK~1\Bin\HPNETW~1.EXE[2556] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd239ac0 5 bytes JMP 000007fefd1f0148 .text C:\Program Files\HP\HPDESK~1\Bin\HPNETW~1.EXE[2556] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefeff6d10 11 bytes JMP 000007fefd1f0228 .text C:\Program Files\HP\HPDESK~1\Bin\HPNETW~1.EXE[2556] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff00b4f0 7 bytes JMP 000007fefd1f0260 .text C:\Users\Lenovo\Desktop\picasso\975g1inx.exe[5316] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076a61f0e 7 bytes JMP 0000000074541695 .text C:\Users\Lenovo\Desktop\picasso\975g1inx.exe[5316] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076a65bad 7 bytes JMP 00000000745411a9 .text C:\Users\Lenovo\Desktop\picasso\975g1inx.exe[5316] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a71431 7 bytes JMP 000000007454128a .text C:\Users\Lenovo\Desktop\picasso\975g1inx.exe[5316] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076a7ea85 7 bytes JMP 0000000074541244 .text C:\Users\Lenovo\Desktop\picasso\975g1inx.exe[5316] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076a8b263 5 bytes JMP 00000000745415aa .text C:\Users\Lenovo\Desktop\picasso\975g1inx.exe[5316] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b0906c 7 bytes JMP 0000000074541339 .text C:\Users\Lenovo\Desktop\picasso\975g1inx.exe[5316] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b090f1 5 bytes JMP 00000000745416d6 .text C:\Users\Lenovo\Desktop\picasso\975g1inx.exe[5316] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b09447 5 bytes JMP 000000007454170d .text C:\Users\Lenovo\Desktop\picasso\975g1inx.exe[5316] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000769c1e4c 5 bytes JMP 00000000745411c2 .text C:\Users\Lenovo\Desktop\picasso\975g1inx.exe[5316] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000769c1efa 5 bytes JMP 0000000074541014 .text C:\Users\Lenovo\Desktop\picasso\975g1inx.exe[5316] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000769c2bdc 5 bytes JMP 0000000074541555 .text C:\Users\Lenovo\Desktop\picasso\975g1inx.exe[5316] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000769c2e7e 5 bytes JMP 0000000074541271 .text C:\Users\Lenovo\Desktop\picasso\975g1inx.exe[5316] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007587e74f 1 byte JMP 00000000745415c3 .text C:\Users\Lenovo\Desktop\picasso\975g1inx.exe[5316] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList + 2 000000007587e751 3 bytes {JMP 0xfffffffffecc2e74} .text C:\Users\Lenovo\Desktop\picasso\975g1inx.exe[5316] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007587e989 5 bytes JMP 0000000074541186 .text C:\Users\Lenovo\Desktop\picasso\975g1inx.exe[5316] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075768a39 5 bytes JMP 0000000074541726 .text C:\Users\Lenovo\Desktop\picasso\975g1inx.exe[5316] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075774582 5 bytes JMP 00000000745410a0 .text C:\Users\Lenovo\Desktop\picasso\975g1inx.exe[5316] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007578e587 5 bytes JMP 0000000074541415 .text C:\Users\Lenovo\Desktop\picasso\975g1inx.exe[5316] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000757c7b24 5 bytes JMP 00000000745415d2 .text C:\Users\Lenovo\Desktop\picasso\975g1inx.exe[5316] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076ed5e75 5 bytes JMP 00000000745415fa .text C:\Users\Lenovo\Desktop\picasso\975g1inx.exe[5316] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076f09cbb 5 bytes JMP 000000007454121c ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegCreateKeyExW] [7fefa22b74c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegDeleteValueW] [7fefa22be20] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegOpenKeyExW] [7fefa22b928] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegSetValueExW] [7fefa22bd00] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\msiexec.exe[KERNEL32.dll!GetProcAddress] [7fefd014230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!CopyFileW] [7fefa22a3dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!GetProcAddress] [7fefd014230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!CreateFileW] [7fefa22a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!DeleteFileW] [7fefa22a83c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegOpenKeyExW] [7fefa22b928] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegCreateKeyExW] [7fefa22b74c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegSetValueExW] [7fefa22bd00] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!GetProcAddress] [7fefd014230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!CreateFileW] [7fefa22a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!CopyFileW] [7fefa22a3dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!DeleteFileW] [7fefa22a83c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!CreateFileW] [7fefa22a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!GetProcAddress] [7fefd014230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!SetFileSecurityW] [7fefa22bf08] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegCreateKeyExW] [7fefa22b74c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegSetValueExA] [7fefa22bc64] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegOpenKeyExW] [7fefa22b928] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegDeleteValueW] [7fefa22be20] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegDeleteKeyW] [7fefa22d12c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegSetValueExW] [7fefa22bd00] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\msi.dll[KERNEL32.dll!MoveFileExW] [7fefa22aa5c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\msi.dll[KERNEL32.dll!SetFileAttributesW] [7fefa22ae38] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\msi.dll[KERNEL32.dll!MoveFileW] [7fefa22a938] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\msi.dll[KERNEL32.dll!DeleteFileW] [7fefa22a83c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\msi.dll[KERNEL32.dll!CreateFileW] [7fefa22a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\msi.dll[KERNEL32.dll!GetProcAddress] [7fefd014230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!CopyFileW] [7fefa22a3dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!MoveFileExW] [7fefa22aa5c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!MoveFileW] [7fefa22a938] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!DeleteFileW] [7fefa22a83c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateFileW] [7fefa22a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!SetFileAttributesW] [7fefa22ae38] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!SetFileAttributesA] [7fefa22add4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!GetProcAddress] [7fefd014230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateFileA] [7fefa22a530] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!DeleteFileW] [7fefa22a83c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!MoveFileExW] [7fefa22aa5c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!SetFileAttributesW] [7fefa22ae38] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!CopyFileW] [7fefa22a3dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!CreateFileW] [7fefa22a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!GetProcAddress] [7fefd014230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\MPR.dll[KERNEL32.dll!GetProcAddress] [7fefd014230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\sfc_os.DLL[KERNEL32.dll!GetProcAddress] [7fefd014230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\USERENV.dll[KERNEL32.dll!PrivCopyFileExW] [7fefa22ad5c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\USERENV.dll[KERNEL32.dll!MoveFileExW] [7fefa22aa5c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!GetProcAddress] [7fefd014230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!OpenFile] [7fefa22aae8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!CreateFileW] [7fefa22a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!GetProcAddress] [7fefd014230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!GetProcAddress] [7fefd014230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\COMCTL32.DLL[KERNEL32.dll!CreateFileW] [7fefa22a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\COMCTL32.DLL[KERNEL32.dll!GetProcAddress] [7fefd014230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegDeleteValueW] [7fefa22be20] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegCreateKeyExW] [7fefa22b74c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegSetValueExW] [7fefa22bd00] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegOpenKeyExW] [7fefa22b928] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!MoveFileExW] [7fefa22aa5c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!CreateFileW] [7fefa22a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!SetFileAttributesW] [7fefa22ae38] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!MoveFileW] [7fefa22a938] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!DeleteFileW] [7fefa22a83c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!GetProcAddress] [7fefd014230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!GetProcAddress] [7fefd014230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!_lwrite] [7fefa22ac74] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!CreateFileW] [7fefa22a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!CreateFileA] [7fefa22a530] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!DeleteFileW] [7fefa22a83c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!CreateFileW] [7fefa22a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!RegCreateKeyExA] [7fefa22b634] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!GetProcAddress] [7fefd014230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!MoveFileExW] [7fefa22aa5c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!RegSetValueExA] [7fefa22bc64] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\srvcli.dll[KERNEL32.dll!GetProcAddress] [7fefd014230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\wkscli.dll[KERNEL32.dll!GetProcAddress] [7fefd014230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\ncrypt.dll[KERNEL32.dll!DeleteFileW] [7fefa22a83c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\ncrypt.dll[KERNEL32.dll!CreateFileW] [7fefa22a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\ncrypt.dll[KERNEL32.dll!MoveFileExW] [7fefa22aa5c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\bcrypt.dll[KERNEL32.dll!GetProcAddress] [7fefd014230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!MoveFileExW] [7fefa22aa5c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!CopyFileW] [7fefa22a3dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!CreateFileA] [7fefa22a530] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!RegSetValueExW] [7fefa22bd00] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!RegDeleteValueW] [7fefa22be20] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!RegCreateKeyExW] [7fefa22b74c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!RegOpenKeyExW] [7fefa22b928] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!GetProcAddress] [7fefd014230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!MoveFileW] [7fefa22a938] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!DeleteFileW] [7fefa22a83c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!SetFileAttributesW] [7fefa22ae38] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!CreateFileW] [7fefa22a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegCreateKeyExW] [7fefa22b74c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegOpenKeyExW] [7fefa22b928] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegSetValueExW] [7fefa22bd00] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegDeleteValueW] [7fefa22be20] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\CFGMGR32.dll[KERNEL32.dll!GetProcAddress] [7fefd014230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\DEVRTL.dll[KERNEL32.dll!MoveFileW] [7fefa22a938] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[3060] @ C:\Windows\system32\DEVRTL.dll[KERNEL32.dll!MoveFileExW] [7fefa22aa5c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{A359D12E-21D2-411B-87CB-F60AF792CA23}\Connection@Name isatap.{E6C9367B-21F0-4E5E-969C-B9B3A10D3CC6} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{EE51EEDC-C213-42A1-9C1A-F179DD410ABC}?\Device\{0F258B2A-A957-4EDE-BB4C-A26C22836FD7}?\Device\{A359D12E-21D2-411B-87CB-F60AF792CA23}?\Device\{5B4E5D64-C44F-448D-9E49-B43237167FA3}?\Device\{17B320D0-1FCA-46B7-AE15-F0E9DC729F5F}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{EE51EEDC-C213-42A1-9C1A-F179DD410ABC}"?"{0F258B2A-A957-4EDE-BB4C-A26C22836FD7}"?"{A359D12E-21D2-411B-87CB-F60AF792CA23}"?"{5B4E5D64-C44F-448D-9E49-B43237167FA3}"?"{17B320D0-1FCA-46B7-AE15-F0E9DC729F5F}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{EE51EEDC-C213-42A1-9C1A-F179DD410ABC}?\Device\TCPIP6TUNNEL_{0F258B2A-A957-4EDE-BB4C-A26C22836FD7}?\Device\TCPIP6TUNNEL_{A359D12E-21D2-411B-87CB-F60AF792CA23}?\Device\TCPIP6TUNNEL_{5B4E5D64-C44F-448D-9E49-B43237167FA3}?\Device\TCPIP6TUNNEL_{17B320D0-1FCA-46B7-AE15-F0E9DC729F5F}? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0cd29264bb84 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{A359D12E-21D2-411B-87CB-F60AF792CA23}@InterfaceName isatap.{E6C9367B-21F0-4E5E-969C-B9B3A10D3CC6} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{A359D12E-21D2-411B-87CB-F60AF792CA23}@ReusableType 0 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0cd29264bb84 (not active ControlSet) Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Lenovo\Downloads\Windows\x00a010 - instalator.exe 1 ---- Files - GMER 2.2 ---- File C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\mpam-89ba9b96.exe (size mismatch) 2621440/0 bytes executable ---- EOF - GMER 2.2 ----