GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-12-10 21:51:12 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE3O 465,76GB Running: mrwxr5jm.exe; Driver: C:\Users\asus\AppData\Local\Temp\kftcqaoc.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80003408000 45 bytes [00, 00, 09, 02, 4B, 4C, 73, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff8000340802f 16 bytes [00, 00, 3D, 8C, 04, 80, FA, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2012] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076b0a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2012] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076b13f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2012] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076b2ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2012] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076b3f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2012] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076b69a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2012] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076b794c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2012] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076b987e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2012] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefcec7490 11 bytes JMP 000007fffcaf0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2012] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefcedbf00 7 bytes JMP 000007fffcaf0260 .text C:\Windows\system32\Dwm.exe[2208] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe5089f0 8 bytes JMP 000007fffcaf01f0 .text C:\Windows\system32\Dwm.exe[2208] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe50be50 8 bytes JMP 000007fffcaf01b8 .text C:\Windows\system32\taskeng.exe[2312] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefcec7490 11 bytes JMP 000007fffcaf0228 .text C:\Windows\system32\taskeng.exe[2312] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefcedbf00 7 bytes JMP 000007fffcaf0260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2844] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076b0a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2844] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076b13f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2844] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076b2ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2844] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076b3f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2844] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076b69a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2844] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076b794c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2844] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076b987e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Elantech\ETDCtrl.exe[2856] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefcec7490 11 bytes JMP 000007fffcaf0228 .text C:\Program Files\Elantech\ETDCtrl.exe[2856] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefcedbf00 7 bytes JMP 000007fffcaf0260 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2868] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076b0a400 7 bytes JMP 000000016fff0228 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2868] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076b13f20 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2868] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076b2ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2868] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076b3f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2868] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076b69a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2868] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076b794c0 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2868] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076b987e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2880] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076b0a400 7 bytes JMP 000000016fff0228 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2880] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076b13f20 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2880] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076b2ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2880] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076b3f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2880] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076b69a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2880] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076b794c0 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2880] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076b987e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2948] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000074ce1f0e 7 bytes JMP 0000000174674b10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2948] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000074ce5bad 7 bytes JMP 00000001746754b0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2948] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074cf1409 7 bytes JMP 0000000174674e50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2948] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000074cfea45 7 bytes JMP 0000000174674b00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2948] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000074d88e24 7 bytes JMP 00000001746745c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2948] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074d88ea9 5 bytes JMP 0000000174674670 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2948] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000074d891ff 5 bytes JMP 00000001746745d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2948] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074a51d29 5 bytes JMP 0000000174674580 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2948] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074a51dd7 5 bytes JMP 0000000174674540 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2948] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074a52ab1 5 bytes JMP 0000000174674680 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2948] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074a52d17 5 bytes JMP 0000000174674360 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2948] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076a18a29 5 bytes JMP 0000000174673a40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2948] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076a24572 5 bytes JMP 00000001746742e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2948] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076a3e567 5 bytes JMP 0000000174674350 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2948] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076a607d7 5 bytes JMP 0000000174673850 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2948] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076a77a5c 5 bytes JMP 00000001746742d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2948] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000754ee96b 5 bytes JMP 0000000174673b60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2948] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000754eeba5 5 bytes JMP 0000000174673b80 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2948] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000074df5ea5 5 bytes JMP 0000000174673a00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2948] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074e29d0b 5 bytes JMP 0000000174673990 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[1696] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074a51d29 5 bytes JMP 0000000174674580 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[1696] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074a51dd7 5 bytes JMP 0000000174674540 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[1696] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074a52ab1 5 bytes JMP 0000000174674680 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[1696] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074a52d17 5 bytes JMP 0000000174674360 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3548] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076b0a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3548] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076b13f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3548] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076b2ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3548] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076b3f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3548] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076b69a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3548] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076b794c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3548] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076b987e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3548] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcb42db0 5 bytes JMP 000007fffcae0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3548] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcb437d0 7 bytes JMP 000007fffcae00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3548] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcb48ef0 6 bytes JMP 000007fffcae0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3548] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcb5af60 5 bytes JMP 000007fffcae0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3548] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe5089f0 8 bytes JMP 000007fffcae01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3548] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe50be50 8 bytes JMP 000007fffcae01b8 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ed1465 2 bytes [ED, 76] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ed14bb 2 bytes [ED, 76] .text ... * 2 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4592] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe5089f0 8 bytes JMP 000007fffcaf01f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4592] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe50be50 8 bytes JMP 000007fffcaf01b8 .text C:\Windows\system32\wuauclt.exe[4148] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcb42db0 5 bytes JMP 000007fffcaf0180 .text C:\Windows\system32\wuauclt.exe[4148] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcb437d0 7 bytes JMP 000007fffcaf00d8 .text C:\Windows\system32\wuauclt.exe[4148] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcb48ef0 6 bytes JMP 000007fffcaf0148 .text C:\Windows\system32\wuauclt.exe[4148] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcb5af60 5 bytes JMP 000007fffcaf0110 .text C:\Windows\system32\wuauclt.exe[4148] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefcec7490 11 bytes JMP 000007fffcaf0228 .text C:\Windows\system32\wuauclt.exe[4148] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefcedbf00 7 bytes JMP 000007fffcaf0260 .text C:\Windows\system32\wuauclt.exe[4148] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe5089f0 8 bytes JMP 000007fffcaf01f0 .text C:\Windows\system32\wuauclt.exe[4148] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe50be50 8 bytes JMP 000007fffcaf01b8 .text C:\Users\asus\Desktop\procesy wmenadzerze\mrwxr5jm.exe[884] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000074ce1f0e 7 bytes JMP 0000000174674b10 .text C:\Users\asus\Desktop\procesy wmenadzerze\mrwxr5jm.exe[884] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000074ce5bad 7 bytes JMP 00000001746754b0 .text C:\Users\asus\Desktop\procesy wmenadzerze\mrwxr5jm.exe[884] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074cf1409 7 bytes JMP 0000000174674e50 .text C:\Users\asus\Desktop\procesy wmenadzerze\mrwxr5jm.exe[884] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000074cfea45 7 bytes JMP 0000000174674b00 .text C:\Users\asus\Desktop\procesy wmenadzerze\mrwxr5jm.exe[884] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000074d88e24 7 bytes JMP 00000001746745c0 .text C:\Users\asus\Desktop\procesy wmenadzerze\mrwxr5jm.exe[884] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074d88ea9 5 bytes JMP 0000000174674670 .text C:\Users\asus\Desktop\procesy wmenadzerze\mrwxr5jm.exe[884] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000074d891ff 5 bytes JMP 00000001746745d0 .text C:\Users\asus\Desktop\procesy wmenadzerze\mrwxr5jm.exe[884] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074a51d29 5 bytes JMP 0000000174674580 .text C:\Users\asus\Desktop\procesy wmenadzerze\mrwxr5jm.exe[884] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074a51dd7 5 bytes JMP 0000000174674540 .text C:\Users\asus\Desktop\procesy wmenadzerze\mrwxr5jm.exe[884] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074a52ab1 5 bytes JMP 0000000174674680 .text C:\Users\asus\Desktop\procesy wmenadzerze\mrwxr5jm.exe[884] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074a52d17 5 bytes JMP 0000000174674360 .text C:\Users\asus\Desktop\procesy wmenadzerze\mrwxr5jm.exe[884] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000754ee96b 5 bytes JMP 0000000174673b60 .text C:\Users\asus\Desktop\procesy wmenadzerze\mrwxr5jm.exe[884] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000754eeba5 5 bytes JMP 0000000174673b80 .text C:\Users\asus\Desktop\procesy wmenadzerze\mrwxr5jm.exe[884] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076a18a29 5 bytes JMP 0000000174673a40 .text C:\Users\asus\Desktop\procesy wmenadzerze\mrwxr5jm.exe[884] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076a24572 5 bytes JMP 00000001746742e0 .text C:\Users\asus\Desktop\procesy wmenadzerze\mrwxr5jm.exe[884] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076a3e567 5 bytes JMP 0000000174674350 .text C:\Users\asus\Desktop\procesy wmenadzerze\mrwxr5jm.exe[884] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076a607d7 5 bytes JMP 0000000174673850 .text C:\Users\asus\Desktop\procesy wmenadzerze\mrwxr5jm.exe[884] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076a77a5c 5 bytes JMP 00000001746742d0 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff880048f5fb0] \SystemRoot\system32\DRIVERS\klif.sys [PAGE] ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4696:6004] 000007fefb2a2bf8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68af6edb Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68af6edb@183f471dd416 0xD1 0x12 0xB3 0x17 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68af6edb@a806008a283d 0xC8 0xFF 0x3D 0xA7 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68af6edb@402ba1d9412d 0x42 0xE5 0x83 0x90 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68af6edb@380a949de17e 0xAF 0xDC 0xA4 0x03 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68af6edb@e66846dc89a1 0x28 0xD9 0x8B 0x29 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68af6edb@e668465f4b3d 0xE5 0x6D 0x85 0x2C ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68af6edb (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68af6edb@183f471dd416 0xD1 0x12 0xB3 0x17 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68af6edb@a806008a283d 0xC8 0xFF 0x3D 0xA7 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68af6edb@402ba1d9412d 0x42 0xE5 0x83 0x90 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68af6edb@380a949de17e 0xAF 0xDC 0xA4 0x03 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68af6edb@e66846dc89a1 0x28 0xD9 0x8B 0x29 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68af6edb@e668465f4b3d 0xE5 0x6D 0x85 0x2C ... ---- EOF - GMER 2.1 ----