GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-02-09 22:26:30 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 OCZ-AGIL rev.2.15 111,79GB Running: q1mdefek.exe; Driver: D:\SYSTEM~2\TEMP\kgtiqpog.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2372] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075ed8769 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2372] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075a21465 2 bytes [A2, 75] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2372] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075a214bb 2 bytes [A2, 75] .text ... * 2 .text c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe[2528] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a21465 2 bytes [A2, 75] .text c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe[2528] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a214bb 2 bytes [A2, 75] .text ... * 2 .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2764] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075a21465 2 bytes [A2, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2764] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075a214bb 2 bytes [A2, 75] .text ... * 2 .text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2220] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 00000000700911a8 2 bytes [09, 70] .text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2220] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 00000000700913a8 2 bytes [09, 70] .text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2220] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000070091422 2 bytes [09, 70] .text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2220] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000070091498 2 bytes [09, 70] .text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2220] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195 000000006feb1b41 2 bytes {JMP 0x71} .text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2220] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362 000000006feb1be8 2 bytes {JMP 0x71} .text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2220] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418 000000006feb1c20 2 bytes {JMP 0x71} .text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2220] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596 000000006feb1cd2 2 bytes {JMP 0x71} .text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[2220] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628 000000006feb1cf2 2 bytes {JMP 0x71} .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4740] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a21465 2 bytes [A2, 75] .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4740] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a214bb 2 bytes [A2, 75] .text ... * 2 .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4796] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a21465 2 bytes [A2, 75] .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[4796] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a214bb 2 bytes [A2, 75] .text ... * 2 .text c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe[4848] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075a21465 2 bytes [A2, 75] .text c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe[4848] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075a214bb 2 bytes [A2, 75] .text ... * 2 .text C:\ProgramData\DatacardService\DCSHelper.exe[4208] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a21465 2 bytes [A2, 75] .text C:\ProgramData\DatacardService\DCSHelper.exe[4208] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a214bb 2 bytes [A2, 75] .text ... * 2 .text C:\windows\SysWOW64\rundll32.exe[4996] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a21465 2 bytes [A2, 75] .text C:\windows\SysWOW64\rundll32.exe[4996] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a214bb 2 bytes [A2, 75] .text ... * 2 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5056] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a21465 2 bytes [A2, 75] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5056] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a214bb 2 bytes [A2, 75] .text ... * 2 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3760] C:\windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000770df8ea 1 byte [C3] .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3760] C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll!getJit + 32 0000000067f99380 4 bytes [C8, 10, 01, 10] .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3760] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a21465 2 bytes [A2, 75] .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3760] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a214bb 2 bytes [A2, 75] .text ... * 2 .text C:\Users\8760w\AppData\Local\Akamai\netsession_win.exe[4496] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a21465 2 bytes [A2, 75] .text C:\Users\8760w\AppData\Local\Akamai\netsession_win.exe[4496] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a214bb 2 bytes [A2, 75] .text ... * 2 .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5172] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a21465 2 bytes [A2, 75] .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5172] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a214bb 2 bytes [A2, 75] .text ... * 2 .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5188] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a21465 2 bytes [A2, 75] .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5188] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a214bb 2 bytes [A2, 75] .text ... * 2 .text C:\Users\8760w\AppData\Local\Akamai\netsession_win.exe[5196] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a21465 2 bytes [A2, 75] .text C:\Users\8760w\AppData\Local\Akamai\netsession_win.exe[5196] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a214bb 2 bytes [A2, 75] .text ... * 2 .text C:\Users\8760w\AppData\Local\Viber\Viber.exe[5376] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a21465 2 bytes [A2, 75] .text C:\Users\8760w\AppData\Local\Viber\Viber.exe[5376] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a214bb 2 bytes [A2, 75] .text ... * 2 ? C:\windows\system32\mssprxy.dll [5376] entry point in ".rdata" section 00000000609071e6 .text C:\Users\8760w\AppData\Roaming\Dropbox\bin\Dropbox.exe[5668] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075a21465 2 bytes [A2, 75] .text C:\Users\8760w\AppData\Roaming\Dropbox\bin\Dropbox.exe[5668] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000075a214bb 2 bytes [A2, 75] .text ... * 2 .text C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe[5688] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a21465 2 bytes [A2, 75] .text C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe[5688] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a214bb 2 bytes [A2, 75] .text ... * 2 .text C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe[5744] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a21465 2 bytes [A2, 75] .text C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe[5744] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a214bb 2 bytes [A2, 75] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5844] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a21465 2 bytes [A2, 75] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5844] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a214bb 2 bytes [A2, 75] .text ... * 2 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[5916] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a21465 2 bytes [A2, 75] .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[5916] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a214bb 2 bytes [A2, 75] .text ... * 2 .text C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe[5936] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a21465 2 bytes [A2, 75] .text C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe[5936] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a214bb 2 bytes [A2, 75] .text ... * 2 .text C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe[5936] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 00000000700911a8 2 bytes [09, 70] .text C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe[5936] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 00000000700913a8 2 bytes [09, 70] .text C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe[5936] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000070091422 2 bytes [09, 70] .text C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe[5936] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000070091498 2 bytes [09, 70] .text C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe[5936] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195 000000006feb1b41 2 bytes {JMP 0x71} .text C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe[5936] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362 000000006feb1be8 2 bytes {JMP 0x71} .text C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe[5936] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418 000000006feb1c20 2 bytes {JMP 0x71} .text C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe[5936] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596 000000006feb1cd2 2 bytes {JMP 0x71} .text C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe[5936] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628 000000006feb1cf2 2 bytes {JMP 0x71} .text C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe[6028] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a21465 2 bytes [A2, 75] .text C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe[6028] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a214bb 2 bytes [A2, 75] .text ... * 2 .text C:\windows\SysWOW64\RunDll32.exe[1544] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a21465 2 bytes [A2, 75] .text C:\windows\SysWOW64\RunDll32.exe[1544] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a214bb 2 bytes [A2, 75] .text ... * 2 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5784] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a21465 2 bytes [A2, 75] .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5784] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a214bb 2 bytes [A2, 75] .text ... * 2 .text C:\Program Files\Hewlett-Packard\HP ePrintAndShare\ProxyUploader\HPrintWebAPIShell.exe[6160] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a21465 2 bytes [A2, 75] .text C:\Program Files\Hewlett-Packard\HP ePrintAndShare\ProxyUploader\HPrintWebAPIShell.exe[6160] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a214bb 2 bytes [A2, 75] .text ... * 2 .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[7064] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a21465 2 bytes [A2, 75] .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[7064] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a214bb 2 bytes [A2, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6340] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a21465 2 bytes [A2, 75] .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6340] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a214bb 2 bytes [A2, 75] .text ... * 2 .text C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[7220] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a21465 2 bytes [A2, 75] .text C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[7220] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a214bb 2 bytes [A2, 75] .text ... * 2 .text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[7748] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a21465 2 bytes [A2, 75] .text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[7748] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a214bb 2 bytes [A2, 75] .text ... * 2 .text c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe[8360] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a21465 2 bytes [A2, 75] .text c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe[8360] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a214bb 2 bytes [A2, 75] .text ... * 2 .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe[10440] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a21465 2 bytes [A2, 75] .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe[10440] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a214bb 2 bytes [A2, 75] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9532] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a21465 2 bytes [A2, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9532] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a214bb 2 bytes [A2, 75] .text ... * 2 .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[9596] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a21465 2 bytes [A2, 75] .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[9596] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a214bb 2 bytes [A2, 75] .text ... * 2 .text C:\Windows\SysWOW64\prevhost.exe[51604] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a21465 2 bytes [A2, 75] .text C:\Windows\SysWOW64\prevhost.exe[51604] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a214bb 2 bytes [A2, 75] .text ... * 2 .text C:\Program Files\Autodesk\AutoCAD 2011\acad.exe[50196] C:\windows\system32\kernel32.dll!SetUnhandledExceptionFilter 0000000076d59b80 5 bytes [90, 33, C0, 90, C3] .text D:\Downloads\czyszczenie\czyszczenie\q1mdefek.exe[52800] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a21465 2 bytes [A2, 75] .text D:\Downloads\czyszczenie\czyszczenie\q1mdefek.exe[52800] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a214bb 2 bytes [A2, 75] .text ... * 2 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2620] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef7cf741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2620] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef7cf5f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2620] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef7cf5674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2620] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef7cf5e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2620] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef7cf7f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2620] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef7cf6a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2620] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef7cf6ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2620] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef7cf7b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2620] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef7cf7ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2620] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef7cf78b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2620] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef7cf4fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2620] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef7cf5d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2620] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef7cf7584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll ---- Processes - GMER 2.1 ---- Process C:\ProgramData\DatacardService\DCService.exe (*** suspicious ***) @ C:\ProgramData\DatacardService\DCService.exe [2288](2010-08-19 08:52:04) 0000000000400000 Process C:\ProgramData\DatacardService\DCSHelper.exe (*** suspicious ***) @ C:\ProgramData\DatacardService\DCSHelper.exe [4208] (DataCardMonitor MFC Application/Huawei Technologies Co., Ltd.)(2010-08-19 08:52:14) 0000000000400000 Process C:\Users\8760w\AppData\Roaming\blueconnect\ouc.exe (*** suspicious ***) @ C:\Users\8760w\AppData\Roaming\blueconnect\ouc.exe [5040] (Online Update Clinet/Huawei Technologies Co., Ltd.)(2012-02-21 19:24:33) 0000000000400000 Library D:\SYSTEMOWE\TMP\c25e8b3d-33a7-42bf-85e6-6880c6753136\CliSecureRT.dll (*** suspicious ***) @ C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [3760](1979-12-31 23:25:59) 0000000010000000 Library C:\Users\8760w\AppData\Local\Viber\4.0.2.30\libViber.dll (*** suspicious ***) @ C:\Users\8760w\AppData\Local\Viber\Viber.exe [5376](2014-01-27 16:17:37) 0000000063a40000 Library C:\Users\8760w\AppData\Local\Viber\4.0.2.30\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\8760w\AppData\Local\Viber\Viber.exe [5376] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-01-27 16:17:47) 00000000721b0000 Library C:\Users\8760w\AppData\Local\Viber\4.0.2.30\Qt5Gui.dll (*** suspicious ***) @ C:\Users\8760w\AppData\Local\Viber\Viber.exe [5376] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-01-27 16:17:41) 00000000635d0000 Library C:\Users\8760w\AppData\Local\Viber\4.0.2.30\libGLESv2.dll (*** suspicious ***) @ C:\Users\8760w\AppData\Local\Viber\Viber.exe [5376](2014-01-27 16:17:37) 0000000063510000 Library C:\Users\8760w\AppData\Local\Viber\4.0.2.30\Qt5Core.dll (*** suspicious ***) @ C:\Users\8760w\AppData\Local\Viber\Viber.exe [5376] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-01-27 16:17:40) 0000000063110000 Library C:\Users\8760w\AppData\Local\Viber\4.0.2.30\icuin51.dll (*** suspicious ***) @ C:\Users\8760w\AppData\Local\Viber\Viber.exe [5376] (ICU I18N DLL/The ICU Project)(2014-01-27 16:17:36) 000000004a900000 Library C:\Users\8760w\AppData\Local\Viber\4.0.2.30\icuuc51.dll (*** suspicious ***) @ C:\Users\8760w\AppData\Local\Viber\Viber.exe [5376] (ICU Common DLL/The ICU Project)(2014-01-27 16:17:36) 0000000000a00000 Library C:\Users\8760w\AppData\Local\Viber\4.0.2.30\icudt51.dll (*** suspicious ***) @ C:\Users\8760w\AppData\Local\Viber\Viber.exe [5376] (ICU Data DLL/The ICU Project)(2014-01-27 16:17:33) 0000000060a70000 Library C:\Users\8760w\AppData\Local\Viber\4.0.2.30\Qt5Network.dll (*** suspicious ***) @ C:\Users\8760w\AppData\Local\Viber\Viber.exe [5376] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-01-27 16:17:42) 00000000606c0000 Library C:\Users\8760w\AppData\Local\Viber\4.0.2.30\Qt5Sql.dll (*** suspicious ***) @ C:\Users\8760w\AppData\Local\Viber\Viber.exe [5376] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-01-27 16:17:43) 000000005fb70000 Library C:\Users\8760w\AppData\Local\Viber\4.0.2.30\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\8760w\AppData\Local\Viber\Viber.exe [5376] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-01-27 16:17:44) 000000005da60000 Library C:\Users\8760w\AppData\Local\Viber\4.0.2.30\Qt5Quick.dll (*** suspicious ***) @ C:\Users\8760w\AppData\Local\Viber\Viber.exe [5376] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-01-27 16:17:43) 000000005d880000 Library C:\Users\8760w\AppData\Local\Viber\4.0.2.30\Qt5Qml.dll (*** suspicious ***) @ C:\Users\8760w\AppData\Local\Viber\Viber.exe [5376] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-01-27 16:17:43) 000000005d600000 Library C:\Users\8760w\AppData\Local\Viber\4.0.2.30\Qt5V8.dll (*** suspicious ***) @ C:\Users\8760w\AppData\Local\Viber\Viber.exe [5376] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-01-27 16:17:44) 000000005ce30000 Library C:\Users\8760w\AppData\Local\Viber\4.0.2.30\Qt5Multimedia.dll (*** suspicious ***) @ C:\Users\8760w\AppData\Local\Viber\Viber.exe [5376] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-01-27 16:17:42) 000000005fbf0000 Library C:\Users\8760w\AppData\Local\Viber\4.0.2.30\Qt5Sensors.dll (*** suspicious ***) @ C:\Users\8760w\AppData\Local\Viber\Viber.exe [5376] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-01-27 16:17:43) 000000005ce00000 Library C:\Users\8760w\AppData\Local\Viber\4.0.2.30\libEGL.dll (*** suspicious ***) @ C:\Users\8760w\AppData\Local\Viber\Viber.exe [5376](2 000000005cce0000 Library C:\Users\8760w\AppData\Local\Viber\4.0.2.30\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\8760w\AppData\Local\Viber\Viber.exe [5376] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-01-27 16:17:47) 000000005cca0000 Library C:\Users\8760w\AppData\Local\Viber\4.0.2.30\Qt5MultimediaWidgets.dll (*** suspicious ***) @ C:\Users\8760w\AppData\Local\Viber\Viber.exe [5376] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-01-27 16:17:42) 000000005cc50000 Library C:\Users\8760w\AppData\Local\Viber\4.0.2.30\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\8760w\AppData\Local\Viber\Viber.exe [5376] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-01-27 16:17:42) 000000005cc10000 Library C:\Users\8760w\AppData\Local\Viber\4.0.2.30\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\8760w\AppData\Local\Viber\Viber.exe [5376] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-01-27 16:17:42) 000000005cbd0000 Library C:\Users\8760w\AppData\Local\Viber\4.0.2.30\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\8760w\AppData\Local\Viber\Viber.exe [5376](2014-01-27 16:17:48) 000000005c830000 Library C:\Users\8760w\AppData\Local\Viber\4.0.2.30\imageformats\qgif.dll (*** suspicious ***) @ C:\Users\8760w\AppData\Local\Viber\Viber.exe [5376](2014-01-27 16:17:39) 000000005c9e0000 Library C:\Users\8760w\AppData\Local\Viber\4.0.2.30\imageformats\qico.dll (*** suspicious ***) @ C:\Users\8760w\AppData\Local\Viber\Viber.exe [5376](2014-01-27 16:17:40) 000000005c930000 Library C:\Users\8760w\AppData\Local\Viber\4.0.2.30\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\8760w\AppData\Local\Viber\Viber.exe [5376](2014-01-27 16:17:40) 000000005c7f0000 Library C:\Users\8760w\AppData\Local\Viber\4.0.2.30\imageformats\qmng.dll (*** suspicious ***) @ C:\Users\8760w\AppData\Local\Viber\Viber.exe [5376](2014-01-27 16:17:40) 000000005c7b0000 Library C:\Users\8760w\AppData\Local\Viber\4.0.2.30\imageformats\qsvg.dll (*** suspicious ***) @ C:\Users\8760w\AppData\Local\Viber\Viber.exe [5376](2014-01-27 16:17:40) 000000005c920000 Library C:\Users\8760w\AppData\Local\Viber\4.0.2.30\Qt5Svg.dll (*** suspicious ***) @ C:\Users\8760w\AppData\Local\Viber\Viber.exe [5376] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-01-27 16:17:44) 000000005c770000 Library C:\Users\8760w\AppData\Local\Viber\4.0.2.30\imageformats\qtga.dll (*** suspicious ***) @ C:\Users\8760w\AppData\Local\Viber\Viber.exe [5376](2014-01-27 16:17:48) 000000005c910000 Library C:\Users\8760w\AppData\Local\Viber\4.0.2.30\imageformats\qtiff.dll (*** suspicious ***) @ C:\Users\8760w\AppData\Local\Viber\Viber.exe [5376](2014-01-27 16:17:48) 000000005c720000 Library C:\Users\8760w\AppData\Local\Viber\4.0.2.30\imageformats\qwbmp.dll (*** suspicious ***) @ C:\Users\8760w\AppData\Local\Viber\Viber.exe [5376](2014-01-27 16:17:48) 000000005c900000 Library C:\Users\8760w\AppData\Local\Viber\4.0.2.30\sqldrivers\qsqlite.dll (*** suspicious ***) @ C:\Users\8760w\AppData\Local\Viber\Viber.exe [5376](2014-01-27 16:17:40) 000000005c5e0000 Library C:\Users\8760w\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\8760w\AppData\Roaming\Dropbox\bin\Dropbox.exe [5668](2014-01-03 00:45:04) 0000000003f10000 Library C:\Users\8760w\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\8760w\AppData\Roaming\Dropbox\bin\Dropbox.exe [5668](2013-10-18 23:55:02) 0000000059550000 Library C:\Users\8760w\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\8760w\AppData\Roaming\Dropbox\bin\Dropbox.exe [5668] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00) 0000000058bc0000 Library D:\SYSTEM~2\TMP\_MEI44322\python27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6340] (Python Core/Python Software Foundation)(2014-02-09 11:49:15) 000000001e000000 Library D:\SYSTEM~2\TMP\_MEI44322\win32api.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6340](2014-02-09 000000001e8c0000 Library D:\SYSTEM~2\TMP\_MEI44322\pywintypes27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6340](201 000000001e7a0000 Library D:\SYSTEM~2\TMP\_MEI44322\pythoncom27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6340](2014- 0000000000360000 Library D:\SYSTEM~2\TMP\_MEI44322\_socket.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6340](2014-02-09 11 0000000000300000 Library D:\SYSTEM~2\TMP\_MEI44322\_ssl.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6340](2014-02-09 11:49:14 0000000002cb0000 Library D:\SYSTEM~2\TMP\_MEI44322\win32com.shell.shell.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6340](2014-02-09 11:49:13) 000000001e800000 Library D:\SYSTEM~2\TMP\_MEI44322\_hashlib.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6340](2014-02-09 00000000031d0000 Library D:\SYSTEM~2\TMP\_MEI44322\wx._core_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6340](2014-02-0 0000000003290000 Library D:\SYSTEM~2\TMP\_MEI44322\wxbase294u_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6340] (wxWidgets for MSW/wxWidgets development team)(2014-02-09 11:49:15) 00000000033c0000 Library D:\SYSTEM~2\TMP\_MEI44322\wxbase294u_net_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6340] (wxWidgets for MSW/wxWidgets development team)(2014-02-09 11:49:16) 00000000007a0000 Library D:\SYSTEM~2\TMP\_MEI44322\wxmsw294u_core_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6340] (wxWidgets for MSW/wxWidgets development team)(2014-02-09 11:49:15) 00000000035b0000 Library D:\SYSTEM~2\TMP\_MEI44322\wxmsw294u_adv_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6340] (wxWidgets for MSW/wxWidgets development team)(2014-02-09 11:49:15) 0000000003a50000 Library D:\SYSTEM~2\TMP\_MEI44322\wx._gdi_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6340](2014-02-09 0000000003c90000 Library D:\SYSTEM~2\TMP\_MEI44322\wx._windows_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6340](201 00000000045e0000 Library D:\SYSTEM~2\TMP\_MEI44322\wxmsw294u_html_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6340] (wxWidgets for MSW/wxWidgets development team)(2014-02-09 11:49:16) 00000000046b0000 Library D:\SYSTEM~2\TMP\_MEI44322\wx._controls_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6340](2 0000000004970000 Library D:\SYSTEM~2\TMP\_MEI44322\wx._misc_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6340](2014-02-0 0000000004a80000 Library D:\SYSTEM~2\TMP\_MEI44322\_elementtree.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6340](201 000000001d100000 Library D:\SYSTEM~2\TMP\_MEI44322\pyexpat.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6340](2014-02-09 11 0000000003d70000 Library D:\SYSTEM~2\TMP\_MEI44322\pysqlite2._sqlite.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6340](2014-02-09 11:49:13) 0000000004750000 Library D:\SYSTEM~2\TMP\_MEI44322\_ctypes.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6340](2014-02-09 11 000000001d1a0000 Library D:\SYSTEM~2\TMP\_MEI44322\win32file.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6340](2014-02-0 000000001ea10000 Library D:\SYSTEM~2\TMP\_MEI44322\win32security.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6340](2 000000001ec80000 Library D:\SYSTEM~2\TMP\_MEI44322\win32event.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6340](2014-02 000000001e9b0000 Library D:\SYSTEM~2\TMP\_MEI44322\win32inet.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6340](2014-02-0 000000001eaa0000 Library D:\SYSTEM~2\TMP\_MEI44322\wx._wizard.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6340](2014-02 0000000005b10000 Library D:\SYSTEM~2\TMP\_MEI44322\_multiprocessing.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6340](2014-02-09 11:49:15) 0000000003dc0000 Library D:\SYSTEM~2\TMP\_MEI44322\wx._html2.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6340](2014-02-0 0000000005b40000 Library D:\SYSTEM~2\TMP\_MEI44322\wxmsw294u_webview_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6340] (wxWidgets for MSW/wxWidgets development team)(2014-02-09 11:49:16) 0000000005b70000 Library D:\SYSTEM~2\TMP\_MEI44322\select.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6340](2014-02-09 11:4 0000000005b90000 Library D:\SYSTEM~2\TMP\_MEI44322\unicodedata.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6340](2014- 0000000005ba0000 Library D:\SYSTEM~2\TMP\_MEI44322\win32pdh.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6340](2014-02-09 000000001eb60000 Library D:\SYSTEM~2\TMP\_MEI44322\win32crypt.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6340](2014-02 000000001e980000 Library D:\SYSTEM~2\TMP\_MEI44322\win32pipe.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6340](2014-02-0 000000001eb90000 Library D:\SYSTEM~2\TMP\_MEI44322\win32process.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6340](201 000000001ebf0000 Library D:\SYSTEM~2\TMP\_MEI44322\win32profile.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6340](201 000000001ec20000 Library D:\SYSTEM~2\TMP\_MEI44322\win32ts.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6340](2014-02-09 11 000000001ed40000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\402cf487c79d Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\402cf487c79d@6c8336f06745 0xC0 0x2A 0x8B 0x17 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\402cf487c79d@d82a7e65cb67 0x53 0x71 0x9A 0xAE ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\402cf487c79d@c8e0eb7e2d5a 0x9E 0xC1 0xD1 0x5A ... Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters@DhcpNameServer 82.139.8.40 95.160.170.92 88.156.222.92 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\402cf487c79d (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\402cf487c79d@6c8336f06745 0xC0 0x2A 0x8B 0x17 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\402cf487c79d@d82a7e65cb67 0x53 0x71 0x9A 0xAE ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\402cf487c79d@c8e0eb7e2d5a 0x9E 0xC1 0xD1 0x5A ... ---- EOF - GMER 2.1 ----