GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-01-26 17:54:15 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002f HGST_HTS545050A7E680 rev.GG2OAH10 465,76GB Running: lu63csp1.exe; Driver: C:\Users\Gracjan\AppData\Local\Temp\kwgdypoc.sys ---- User code sections - GMER 2.2 ---- ? C:\WINDOWS\SYSTEM32\iertutil.dll [5812] entry point in ".rdata" section 0000000072ad1590 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [5812] entry point in ".rdata" section 000000007015a020 ? C:\WINDOWS\SYSTEM32\dbgcore.DLL [5812] entry point in ".rdata" section 00000000739ac940 ? C:\WINDOWS\SYSTEM32\wship6.dll [5812] entry point in ".rdata" section 0000000072822470 ? C:\Windows\System32\OneCoreUAPCommonProxyStub.dll [5812] entry point in ".rdata" section 0000000066fe7ec0 ? C:\WINDOWS\SYSTEM32\wship6.dll [2788] entry point in ".rdata" section 0000000072822470 ? C:\WINDOWS\SYSTEM32\iertutil.dll [2788] entry point in ".rdata" section 0000000072ad1590 ? C:\WINDOWS\SYSTEM32\iertutil.dll [2340] entry point in ".rdata" section 0000000072ad1590 ? C:\WINDOWS\SYSTEM32\wship6.dll [2340] entry point in ".rdata" section 0000000072822470 ? C:\WINDOWS\system32\wbem\wbemsvc.dll [2340] entry point in ".rdata" section 0000000067348fc0 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [2340] entry point in ".rdata" section 000000007015a020 ? C:\WINDOWS\system32\ncryptsslp.dll [2340] entry point in ".rdata" section 0000000066b304f0 ? C:\Windows\System32\iertutil.dll [6064] entry point in ".rdata" section 0000000072ad1590 ? C:\WINDOWS\SYSTEM32\wship6.dll [6064] entry point in ".rdata" section 0000000072822470 ? C:\Windows\System32\iertutil.dll [3608] entry point in ".rdata" section 0000000072ad1590 ? C:\WINDOWS\SYSTEM32\iertutil.dll [3200] entry point in ".rdata" section 0000000072ad1590 ? C:\WINDOWS\SYSTEM32\MPRAPI.dll [5560] entry point in ".rdata" section 0000000066cff5e0 ? C:\WINDOWS\system32\apphelp.dll [2568] entry point in ".rdata" section 000000006762f7c0 ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1840:1844] 000000000039ad60 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1840:4488] 0000000071ad20c0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1840:4496] 0000000071ad78d0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1840:4500] 0000000071ad78d0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1840:4656] 0000000071937fd0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1840:4660] 0000000071937fd0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1840:4664] 0000000071937fd0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1840:4668] 0000000071937fd0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1840:4672] 0000000071937fd0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1840:4676] 0000000071937fd0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1840:684] 0000000072888420 Thread C:\WINDOWS\system32\csrss.exe [5248:5972] ffffc42c32266c20 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0x23 0x7A 0xC0 0x37 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0xEC 0x53 0xD0 0x41 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0x23 0x7A 0xC0 0x37 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime 0xEC 0x53 0xD0 0x41 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 160 Reg HKLM\SYSTEM\CurrentControlSet\Control\Diagnostics\Performance@ActiveShutdownDCL C:\WINDOWS\System32\WDI\LogFiles\WdiContextLog.etl.002 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\LGD03D90_00_07DC_0B^6CC07113133E3F151E897F51B8772A87@Timestamp 0x28 0xAC 0x65 0x5D ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 768 Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{B1129366-3889-42D1-9A0E-C766F460FFD0}\Connection@Name Reusable ISATAP Interface {B1129366-3889-42D1-9A0E-C766F460FFD0} Reg HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c\7516b95f-f776-4464-8c53-06167f40cc99\aded5e82-b909-4619-9949-f5d71dac0bcb@ACSettingIndex 50 Reg HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c\7516b95f-f776-4464-8c53-06167f40cc99\aded5e82-b909-4619-9949-f5d71dac0bcb@DCSettingIndex 70 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations \??\C:\WINDOWS\Installer\SandboxieInstall64.exe??\??\C:\Users\Gracjan\AppData\Local\Temp\_iu14D2N.tmp??\??\C:\Program Files\DeepSea Obfuscator 4\DeepSea.Shell.dll??\??\C:\Program Files\DeepSea Obfuscator 4??\??\C:\Program Files\DeepSea Obfuscator 4\DeepSea.Shell.dll??\??\C:\Program Files\DeepSea Obfuscator 4??\??\C:\Users\Gracjan\AppData\Local\Temp\~nsu.tmp\Au_.exe??\??\C:\Users\Gracjan\AppData\Local\Temp\~nsu.tmp?? Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 2710793 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -1451898481 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 161 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 495165429 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 2759 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime 2711 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalResumeTime 11383 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeBootMgrTime 783 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAppTime 979 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAppStartTimestamp 3554 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeHiberFileTime 393 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeRestoreImageStartTimestamp 4111 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeIoTime 247 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeDecompressTime 188 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeMapTime 15 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeKernelSwitchTimestamp 4533 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnFromHandlerTimestamp 4572 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@SleeperThreadEndTimestamp 10531 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TimeStampCounterAtSwitchTime 4557 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnSystemPowerState 11373 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberHiberFileTime 4424 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberInitTime 86 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberSharedBufferTime 2 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalHibernateTime 14726 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeHiberFileTime 4102 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeInitTime 60 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeSharedBufferTime 6 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@DeviceResumeTime 512 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelAnimationTime 84 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesProcessed 281159 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesWritten 0xEE 0x9A 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesProcessed 18589 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesWritten 0x26 0x24 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberWriteRate 103 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeReadRate 104 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeDecompressRate 59 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberChecksumTime 102 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberChecksumIoTime 17 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelChecksumTime 93 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelChecksumIoTime 25 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeIoCpuTime 752 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberIoCpuTime 225 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HybridBootAnimationTime 5980 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeCompleteTimestamp 0x39 0x1F 0xF0 0x03 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 7c9bb296-ad4e-4c28-af1d-142d8c4 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@GlassSessionId 4 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@BootCounter 127 Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS\Performance@PerfMMFileName Global\MMF_BITSa8f4e7d1-fb77-4dc8-94f7-23c1e14b2e93 Reg HKLM\SYSTEM\CurrentControlSet\Services\BthLEEnum\Parameters\Wdf@TimeOfLastTelemetryLog 0x6C 0x74 0x42 0x56 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\9cad97848958 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\9cad97848958@5cb524f9271d 0xAB 0xCF 0x28 0xBB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\bthserv\Parameters\BluetoothControlPanelTasks@State 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\cdrom\Parameters\Wdf@TimeOfLastTelemetryLog 0x48 0x74 0x70 0x55 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\CompositeBus\Parameters\Wdf@TimeOfLastTelemetryLog 0xAE 0xDF 0x37 0x55 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\HDAudBus\Parameters\Wdf@TimeOfLastTelemetryLog 0xC4 0x05 0x5E 0x55 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\huawei_enumerator\Parameters\Wdf@TimeOfLastTelemetryLog 0xE5 0xCE 0x8F 0x55 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\intelppm\Parameters\Wdf@TimeOfLastTelemetryLog 0x23 0x99 0x76 0x55 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{0DD79421-0E54-41AA-A3D1-99ED8271C174} Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{0DD79421-0E54-41AA-A3D1-99ED8271C174}@InterfaceName Reusable ISATAP Interface {0DD79421-0E54-41AA-A3D1-99ED8271C174} Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{0DD79421-0E54-41AA-A3D1-99ED8271C174}@ReusableType 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{0DD79421-0E54-41AA-A3D1-99ED8271C174}@DeviceInstancePath SWD\IP_TUNNEL_VBUS\ISATAP_1 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{0DD79421-0E54-41AA-A3D1-99ED8271C174}@DefunctTimestamp 0xDE 0xF4 0x89 0x58 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{B1129366-3889-42D1-9A0E-C766F460FFD0}@InterfaceName Reusable ISATAP Interface {B1129366-3889-42D1-9A0E-C766F460FFD0} Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{B1129366-3889-42D1-9A0E-C766F460FFD0}@ReusableType 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{B1129366-3889-42D1-9A0E-C766F460FFD0}@DefunctTimestamp 0x88 0xFC 0x89 0x58 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\00-00-00-00-00-00@AddressCreationTimestamp 0x5F 0x2E 0x99 0x0E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\00-00-00-00-00-00@NatDetectionTimestamp 0x5F 0x2E 0x99 0x0E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\00-00-00-00-00-00@TeredoAddress 2001:0:5ef5:79fd:1c04:47af:436d:6097 Reg HKLM\SYSTEM\CurrentControlSet\Services\iwdbus\Parameters\Wdf@TimeOfLastTelemetryLog 0xE5 0xCE 0x8F 0x55 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MEIx64\Parameters\Wdf@TimeOfLastTelemetryLog 0x93 0xCB 0x43 0x55 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\monitor\Parameters\Wdf@TimeOfLastTelemetryLog 0x7A 0xA0 0xCD 0x57 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\msisadrv\Parameters\Wdf@TimeOfLastTelemetryLog 0xC5 0x28 0xAE 0x4B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\NdisVirtualBus\Parameters\Wdf@TimeOfLastTelemetryLog 0xE5 0xCE 0x8F 0x55 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Diagnostics@ReadyBootTrainingCountSinceLastServicing 16 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ?czw.?, ?sty ?26 ?17, 02:10:45 PM?????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 5904 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 4342 Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 159 Reg HKLM\SYSTEM\CurrentControlSet\Services\SynTP\Parameters@DetectTimeMS 617 Reg HKLM\SYSTEM\CurrentControlSet\Services\SynTP\Parameters\Wdf@TimeOfLastTelemetryLog 0x89 0xCA 0x62 0x55 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage@Bind \Device\{8858FFA7-E8CA-4D42-8B88-839825A09A1C}?\Device\{322CE5F7-F93C-4C63-AB27-528BA014E18A}?\Device\{7B801274-9ECB-407A-A870-1016A1285B72}?\Device\{26B11A49-585F-4B43-A90C-9AF3C3D7B25B}?\Device\{5CD3D293-0891-447C-A93B-BC9FEB8F40D9}?\Device\{880C5684-067E-4FB5-8A08-8B145475F5FB}?\Device\{2CFEF921-5714-4E56-BE5C-FF4106B11DBF}?\Device\{3BBB0645-80DE-43B7-9251-8D32C1C675B0}? Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@DhcpNameServer 192.168.43.1 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{322ce5f7-f93c-4c63-ab27-528ba014e18a}@DhcpIPAddress 192.168.43.244 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{322ce5f7-f93c-4c63-ab27-528ba014e18a}@DhcpSubnetMask 255.255.255.0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{322ce5f7-f93c-4c63-ab27-528ba014e18a}@DhcpServer 192.168.43.1 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{322ce5f7-f93c-4c63-ab27-528ba014e18a}@Lease 3600 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{322ce5f7-f93c-4c63-ab27-528ba014e18a}@LeaseObtainedTime 1485436853 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{322ce5f7-f93c-4c63-ab27-528ba014e18a}@T1 1485438499 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{322ce5f7-f93c-4c63-ab27-528ba014e18a}@T2 1485439849 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{322ce5f7-f93c-4c63-ab27-528ba014e18a}@LeaseTerminatesTime 1485440453 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{322ce5f7-f93c-4c63-ab27-528ba014e18a}@DhcpNameServer 192.168.43.1 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{322ce5f7-f93c-4c63-ab27-528ba014e18a}@DhcpDefaultGateway 192.168.43.1? Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{322ce5f7-f93c-4c63-ab27-528ba014e18a}@DhcpSubnetMaskOpt 255.255.255.0? Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CDDBB946-4987-4723-B627-3EFB8BD98DEC}@DhcpIPAddress 0.0.0.0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CDDBB946-4987-4723-B627-3EFB8BD98DEC}@DhcpSubnetMask 0.0.0.0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{322ce5f7-f93c-4c63-ab27-528ba014e18a}@Dhcpv6State 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{322ce5f7-f93c-4c63-ab27-528ba014e18a}@Dhcpv6MaxLeaseExpireTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{322ce5f7-f93c-4c63-ab27-528ba014e18a}@Dhcpv6ServerPreference 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{322ce5f7-f93c-4c63-ab27-528ba014e18a}@Dhcpv6IsUnicastEnabled 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{322ce5f7-f93c-4c63-ab27-528ba014e18a}@Dhcpv6LeaseObtainedTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\umbus\Parameters\Wdf@TimeOfLastTelemetryLog 0xAE 0xDF 0x37 0x55 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\USBHUB3\Parameters\Wdf@TimeOfLastTelemetryLog 0x57 0x84 0xFC 0x55 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\USBXHCI\Parameters\Wdf@TimeOfLastTelemetryLog 0xEF 0x2D 0x46 0x55 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrvroot\Parameters\Wdf@TimeOfLastTelemetryLog 0x14 0xF6 0xCB 0x4B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\vwifibus\Parameters\Wdf@TimeOfLastTelemetryLog 0x00 0x41 0x59 0x55 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x38 0x26 0xF3 0xEC ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x38 0x8E 0xB7 0x4E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x38 0xBE 0x2E 0x8B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpdUpFltr\Parameters\Wdf@TimeOfLastTelemetryLog 0x63 0x97 0x4C 0x43 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithList@MRUList cab Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search@JumpListChangedAppIds Slimjet64? Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{D49AB694-10EA-4C03-8F1A-264990FC1A23}@LastAccessedTime 0xB0 0x23 0x30 0x09 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{D49AB694-10EA-4C03-8F1A-264990FC1A23}@LaunchCount 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F2169F93-A5DE-4F48-A8FE-3898E35A3306}@LastAccessedTime 0x60 0x02 0xC8 0x6D ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F2169F93-A5DE-4F48-A8FE-3898E35A3306}@LaunchCount 2 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\CachedSizes\{20202020-2020-4D54-645F-AD8511DF4BAC}@01 0x00 0x30 0x30 0xC8 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\CachedSizes\{20202020-2020-4D54-645F-AD8511DF4BAC}@07 0x00 0x50 0xAD 0x63 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\CachedSizes\{20202020-2020-4D54-645F-AD8511DF4BAC}@10 0x00 0x40 0x05 0x04 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\CachedSizes\{20202020-2020-4D54-645F-AD8511DF4BAC}@16 0x00 0x50 0x00 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\CachedSizes\{20202020-2020-4D54-645F-AD8511DF4BAC}@18 0x00 0xF0 0x91 0xCE ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\CachedSizes\{20202020-2020-4D54-645F-AD8511DF4BAC}@29 0x00 0x30 0xB0 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\CachedSizes\{20202020-2020-4D54-645F-AD8511DF4BAC}@00 0x00 0x80 0xB0 0x01 ... ---- EOF - GMER 2.2 ----