GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-04 17:10:15 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9500325AS rev.0011LVM1 465,76GB Running: gmer.exe; Driver: C:\Users\Lenovo\AppData\Local\Temp\kfrdapow.sys ---- User code sections - GMER 2.1 ---- .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1108] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759d1465 2 bytes [9D, 75] .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1108] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759d14bb 2 bytes [9D, 75] .text ... * 2 .text C:\Program Files (x86)\XTab\ProtectService.exe[1684] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759d1465 2 bytes [9D, 75] .text C:\Program Files (x86)\XTab\ProtectService.exe[1684] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759d14bb 2 bytes [9D, 75] .text ... * 2 .text C:\windows\system32\taskhost.exe[2088] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000076ee6f80 5 bytes JMP 0000000169ff0038 .text C:\windows\system32\taskhost.exe[2088] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce68ef0 5 bytes JMP 000007fffce400b8 .text C:\windows\system32\taskhost.exe[2088] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefce6bfd0 5 bytes JMP 000007fffce40038 .text C:\windows\system32\taskhost.exe[2088] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefec17490 5 bytes JMP 000007fffce40138 .text C:\windows\system32\taskhost.exe[2088] C:\windows\system32\WINMM.dll!waveOutReset 000007fef886a38c 5 bytes JMP 000007fefce402b8 .text C:\windows\system32\taskhost.exe[2088] C:\windows\system32\WINMM.dll!waveOutPause 000007fef8884b60 5 bytes JMP 000007fefce40238 .text C:\windows\system32\taskhost.exe[2088] C:\windows\system32\WINMM.dll!waveOutRestart 000007fef8884ba0 5 bytes JMP 000007fefce401b8 .text C:\windows\system32\Dwm.exe[2204] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000076ee6f80 5 bytes JMP 0000000169ff0038 .text C:\windows\system32\Dwm.exe[2204] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce68ef0 5 bytes JMP 000007fffce500b8 .text C:\windows\system32\Dwm.exe[2204] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefce6bfd0 5 bytes JMP 000007fffce50038 .text C:\ProgramData\DatacardService\DCSHelper.exe[2604] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 0000000076bf48b3 5 bytes JMP 00000001100027c0 .text C:\ProgramData\DatacardService\DCSHelper.exe[2604] C:\windows\syswow64\kernel32.dll!LoadLibraryW 0000000076bf48cb 5 bytes JMP 00000001100028a0 .text C:\ProgramData\DatacardService\DCSHelper.exe[2604] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076bf48fd 5 bytes JMP 0000000110002830 .text C:\ProgramData\DatacardService\DCSHelper.exe[2604] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000075a39d0b 5 bytes JMP 0000000110002900 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3040] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000076ee6f80 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3040] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce68ef0 5 bytes JMP 000007fffce500b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3040] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefce6bfd0 5 bytes JMP 000007fffce50038 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3040] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefec17490 5 bytes JMP 000007fffce50138 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3040] C:\windows\system32\WINMM.dll!waveOutReset 000007fef886a38c 5 bytes JMP 000007fefce502b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3040] C:\windows\system32\WINMM.dll!waveOutPause 000007fef8884b60 5 bytes JMP 000007fefce50238 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3040] C:\windows\system32\WINMM.dll!waveOutRestart 000007fef8884ba0 5 bytes JMP 000007fefce501b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3040] C:\windows\system32\DSOUND.dll!DirectSoundCreate8 000007fef6416944 5 bytes JMP 000007fefce503b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3040] C:\windows\system32\DSOUND.dll!DirectSoundCreate 000007fef6435a84 5 bytes JMP 000007fefce50338 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3040] C:\windows\system32\DDRAW.dll!DirectDrawCreate 000007fef612815c 5 bytes JMP 000007fefce50438 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3040] C:\windows\system32\DDRAW.dll!DirectDrawCreateEx 000007fef6128968 5 bytes JMP 000007fefce504b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2800] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000076ee6f80 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2800] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce68ef0 5 bytes JMP 000007fffce400b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2800] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefce6bfd0 5 bytes JMP 000007fffce40038 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2800] C:\windows\system32\WINMM.dll!waveOutReset 000007fef886a38c 5 bytes JMP 000007fefce402b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2800] C:\windows\system32\WINMM.dll!waveOutPause 000007fef8884b60 5 bytes JMP 000007fefce40238 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2800] C:\windows\system32\WINMM.dll!waveOutRestart 000007fef8884ba0 5 bytes JMP 000007fefce401b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2800] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefec17490 5 bytes JMP 000007fffce40138 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2696] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000076ee6f80 5 bytes JMP 0000000169ff0038 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2696] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce68ef0 5 bytes JMP 000007fffce500b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2696] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefce6bfd0 5 bytes JMP 000007fffce50038 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2696] C:\windows\system32\WINMM.dll!waveOutReset 000007fef886a38c 5 bytes JMP 000007fefce502b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2696] C:\windows\system32\WINMM.dll!waveOutPause 000007fef8884b60 5 bytes JMP 000007fefce50238 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2696] C:\windows\system32\WINMM.dll!waveOutRestart 000007fef8884ba0 5 bytes JMP 000007fefce501b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2696] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefec17490 5 bytes JMP 000007fffce50138 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2400] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000076ee6f80 5 bytes JMP 0000000169ff0038 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2400] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce68ef0 5 bytes JMP 000007fffce500b8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2400] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefce6bfd0 5 bytes JMP 000007fffce50038 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3076] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000076ee6f80 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3076] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce68ef0 5 bytes JMP 000007fffce500b8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3076] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefce6bfd0 5 bytes JMP 000007fffce50038 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3076] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefec17490 5 bytes JMP 000007fffce50138 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3076] C:\windows\system32\WINMM.dll!waveOutReset 000007fef886a38c 5 bytes JMP 000007fefce502b8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3076] C:\windows\system32\WINMM.dll!waveOutPause 000007fef8884b60 5 bytes JMP 000007fefce50238 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3076] C:\windows\system32\WINMM.dll!waveOutRestart 000007fef8884ba0 5 bytes JMP 000007fefce501b8 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3116] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759d1465 2 bytes [9D, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3116] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759d14bb 2 bytes [9D, 75] .text ... * 2 .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[3364] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 0000000076bf48b3 5 bytes JMP 00000001100027c0 .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[3364] C:\windows\syswow64\kernel32.dll!LoadLibraryW 0000000076bf48cb 5 bytes JMP 00000001100028a0 .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[3364] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076bf48fd 5 bytes JMP 0000000110002830 .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[3364] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000075a39d0b 5 bytes JMP 0000000110002900 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[3372] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 0000000076bf48b3 5 bytes JMP 00000001007e27c0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[3372] C:\windows\syswow64\kernel32.dll!LoadLibraryW 0000000076bf48cb 5 bytes JMP 00000001007e28a0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[3372] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076bf48fd 5 bytes JMP 00000001007e2830 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[3372] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759d1465 2 bytes [9D, 75] .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[3372] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759d14bb 2 bytes [9D, 75] .text ... * 2 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[3372] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000075a39d0b 5 bytes JMP 00000001007e2900 .text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[3492] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 0000000076bf48b3 5 bytes JMP 00000001100027c0 .text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[3492] C:\windows\syswow64\kernel32.dll!LoadLibraryW 0000000076bf48cb 5 bytes JMP 00000001100028a0 .text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[3492] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076bf48fd 5 bytes JMP 0000000110002830 .text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[3492] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000075a39d0b 5 bytes JMP 0000000110002900 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3680] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 0000000076bf48b3 5 bytes JMP 00000001100027c0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3680] C:\windows\syswow64\kernel32.dll!LoadLibraryW 0000000076bf48cb 5 bytes JMP 00000001100028a0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3680] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076bf48fd 5 bytes JMP 0000000110002830 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3680] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000075a39d0b 5 bytes JMP 0000000110002900 .text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[3816] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 0000000076bf48b3 5 bytes JMP 00000001100027c0 .text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[3816] C:\windows\syswow64\kernel32.dll!LoadLibraryW 0000000076bf48cb 5 bytes JMP 00000001100028a0 .text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[3816] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076bf48fd 5 bytes JMP 0000000110002830 .text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[3816] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000075a39d0b 5 bytes JMP 0000000110002900 .text C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe[3824] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 0000000076bf48b3 5 bytes JMP 00000001100027c0 .text C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe[3824] C:\windows\syswow64\kernel32.dll!LoadLibraryW 0000000076bf48cb 5 bytes JMP 00000001100028a0 .text C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe[3824] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076bf48fd 5 bytes JMP 0000000110002830 .text C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe[3824] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000075a39d0b 5 bytes JMP 0000000110002900 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3880] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000076ee6f80 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3880] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce68ef0 5 bytes JMP 000007fffce500b8 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3880] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefce6bfd0 5 bytes JMP 000007fffce50038 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3880] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefec17490 5 bytes JMP 000007fffce50138 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3880] C:\windows\system32\WINMM.dll!waveOutReset 000007fef886a38c 5 bytes JMP 000007fefce502b8 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3880] C:\windows\system32\WINMM.dll!waveOutPause 000007fef8884b60 5 bytes JMP 000007fefce50238 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3880] C:\windows\system32\WINMM.dll!waveOutRestart 000007fef8884ba0 5 bytes JMP 000007fefce501b8 .text C:\Program Files (x86)\XTab\HPNotify.exe[3288] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759d1465 2 bytes [9D, 75] .text C:\Program Files (x86)\XTab\HPNotify.exe[3288] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759d14bb 2 bytes [9D, 75] .text ... * 2 .text C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe[1504] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 0000000076bf48b3 5 bytes JMP 00000001100027c0 .text C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe[1504] C:\windows\syswow64\kernel32.dll!LoadLibraryW 0000000076bf48cb 5 bytes JMP 00000001100028a0 .text C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe[1504] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076bf48fd 5 bytes JMP 0000000110002830 .text C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe[1504] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000075a39d0b 5 bytes JMP 0000000110002900 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3716] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefec17490 5 bytes JMP 000007fffce50138 .text C:\windows\system32\conhost.exe[3280] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000076ee6f80 5 bytes JMP 0000000169ff0038 .text C:\windows\system32\conhost.exe[3280] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce68ef0 5 bytes JMP 000007fffce500b8 .text C:\windows\system32\conhost.exe[3280] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefce6bfd0 5 bytes JMP 000007fffce50038 .text C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe[3308] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 0000000076bf48b3 5 bytes JMP 00000001100027c0 .text C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe[3308] C:\windows\syswow64\kernel32.dll!LoadLibraryW 0000000076bf48cb 5 bytes JMP 00000001100028a0 .text C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe[3308] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076bf48fd 5 bytes JMP 0000000110002830 .text C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe[3308] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000075a39d0b 5 bytes JMP 0000000110002900 .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[4320] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 0000000076bf48b3 5 bytes JMP 00000001100027c0 .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[4320] C:\windows\syswow64\kernel32.dll!LoadLibraryW 0000000076bf48cb 5 bytes JMP 00000001100028a0 .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[4320] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076bf48fd 5 bytes JMP 0000000110002830 .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[4320] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759d1465 2 bytes [9D, 75] .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[4320] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759d14bb 2 bytes [9D, 75] .text ... * 2 .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[4320] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000075a39d0b 5 bytes JMP 0000000110002900 ---- Processes - GMER 2.1 ---- Process C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (*** suspicious ***) @ C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [1108] (Windows SysTool Service/SysTool PasSame LIMITED)(2015-01-26 16:50:47) 0000000000260000 Process C:\ProgramData\DatacardService\DCService.exe (*** suspicious ***) @ C:\ProgramData\DatacardService\DCService.exe [1572](2010-05-08 11:48:36) 0000000000400000 Process C:\ProgramData\DatacardService\DCSHelper.exe (*** suspicious ***) @ C:\ProgramData\DatacardService\DCSHelper.exe [2604] (DataCardMonitor MFC Application/Huawei Technologies Co., Ltd.)(2010-05-08 11:48:26) 0000000000400000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ec2d88 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c44619bd8614 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbc676c9 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ec2d88 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c44619bd8614 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbc676c9 (not active ControlSet) ---- EOF - GMER 2.1 ----