GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-16 17:27:36 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932032 rev.0002 298,09GB Running: 2jpzbxu8.exe; Driver: C:\Users\Bogdan\AppData\Local\Temp\awrdipog.sys ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!free] [10000000000] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!??_U@YAPEAX_K@Z] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!??_V@YAXPEAX@Z] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_XcptFilter] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!malloc] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_initterm] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!realloc] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_unlock] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!__dllonexit] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!memcpy] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!memset] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_ultow_s] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_vsnwprintf] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_amsg_exit] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!memcmp] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_lock] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_onexit] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_ui64tow_s] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlLookupFunctionEntry] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlCaptureContext] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlInitUnicodeString] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlMapGenericMask] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlCreateAcl] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlAddAccessAllowedAce] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlCreateSecurityDescriptor] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlSetDaclSecurityDescriptor] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!NtQueryInformationFile] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlVirtualUnwind] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!LsaOpenPolicy] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!CopySid] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!LsaLookupNames2] [49fe76963ce9] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!LsaClose] [ffffb6018969c316] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!GetTokenInformation] [7fefaaa5ec0] C:\Windows\system32\thumbcache.dll IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!GetAclInformation] [7fefaa92ed0] C:\Windows\system32\thumbcache.dll IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!GetAce] [7fefaa945e0] C:\Windows\system32\thumbcache.dll IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!OpenProcessToken] [7fefaaa0ce8] C:\Windows\system32\thumbcache.dll IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!RegOpenKeyExW] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!RegCloseKey] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!RegQueryValueExW] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!GetNamedSecurityInfoW] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!GetSecurityDescriptorControl] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!IsValidSid] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!EqualSid] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!GetLengthSid] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!LsaFreeMemory] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[USER32.dll!CopyImage] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[USER32.dll!LoadStringW] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[USER32.dll!ReleaseDC] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[USER32.dll!GetDC] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!CreateDIBSection] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!DeleteDC] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!GetBitmapBits] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!CreateCompatibleDC] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!SelectObject] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!BitBlt] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!GetObjectW] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!DeleteObject] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[SHELL32.dll!SHGetTemporaryPropertyForItem] [7fefaa945b0] C:\Windows\system32\thumbcache.dll IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[SHELL32.dll!SHGetFolderPathAndSubDirW] [7fefaaa0d3c] C:\Windows\system32\thumbcache.dll IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[SHELL32.dll!SHChangeNotify] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!StrCmpNIW] [7fefaa945f0] C:\Windows\system32\thumbcache.dll IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathFindExtensionW] [7fefaaa0d18] C:\Windows\system32\thumbcache.dll IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!SHRegGetValueW] [7fefaa93360] C:\Windows\system32\thumbcache.dll IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!SHCreateStreamOnFileW] [7fefaaa0ce8] C:\Windows\system32\thumbcache.dll IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathCombineW] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathRemoveFileSpecW] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathIsNetworkPathW] [7fefaa93650] C:\Windows\system32\thumbcache.dll IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathStripToRootW] [7fefaa945a0] C:\Windows\system32\thumbcache.dll IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathSkipRootW] [7fefaaa0ce8] C:\Windows\system32\thumbcache.dll IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathAppendW] [7fefaaa0d18] C:\Windows\system32\thumbcache.dll IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!SHGetValueW] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathIsRootW] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathIsUNCW] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!SHStrDupW] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetProcessHeap] [7fefaaa0d3c] C:\Windows\system32\thumbcache.dll IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!HeapFree] [7fefaaa0d18] C:\Windows\system32\thumbcache.dll IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!DisableThreadLibraryCalls] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!LoadLibraryW] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetProcAddress] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!FreeLibrary] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetLastError] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!LoadLibraryExA] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!DelayLoadFailureHook] [ffffffffffffffff] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!CloseHandle] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!lstrlenW] [7fefaa957f8] C:\Windows\system32\thumbcache.dll IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!LCMapStringW] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetCurrentThreadId] [7fefaa956d8] C:\Windows\system32\thumbcache.dll IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetFileAttributesW] [7fefaa956a8] C:\Windows\system32\thumbcache.dll IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!CreateDirectoryW] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!FindFirstFileW] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!DeleteFileW] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!FindNextFileW] [7fefaa956d8] C:\Windows\system32\thumbcache.dll IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!FindClose] [7fefaa95690] C:\Windows\system32\thumbcache.dll IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!RemoveDirectoryW] [1] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetDiskFreeSpaceExW] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetTempFileNameW] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!MoveFileExW] [7fefaa95680] C:\Windows\system32\thumbcache.dll IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetVolumeInformationW] [7fefaa95660] C:\Windows\system32\thumbcache.dll IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetDriveTypeW] [2] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!MulDiv] [1] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!CreateFileW] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetFileSize] [7fefaa95680] C:\Windows\system32\thumbcache.dll IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!RaiseException] [7fefaa95630] C:\Windows\system32\thumbcache.dll IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SetFilePointer] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!WriteFile] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SetEndOfFile] [7fefaa956d8] C:\Windows\system32\thumbcache.dll IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetTickCount] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SetFileAttributesW] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!UnmapViewOfFile] [7fefaa956d8] C:\Windows\system32\thumbcache.dll IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!Sleep] [7fefaa955f0] C:\Windows\system32\thumbcache.dll IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!QueryPerformanceCounter] [7] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetCurrentProcessId] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetSystemTimeAsFileTime] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!TerminateProcess] [7fefaa956d8] C:\Windows\system32\thumbcache.dll IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetCurrentProcess] [7fefaa955c8] C:\Windows\system32\thumbcache.dll IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!UnhandledExceptionFilter] [8] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [1] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!LocalAlloc] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!DuplicateHandle] [7fefaa956d8] C:\Windows\system32\thumbcache.dll IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!LocalFree] [7fefaa955a8] C:\Windows\system32\thumbcache.dll IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetModuleHandleW] [9] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SystemTimeToFileTime] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!OpenProcess] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetProcessId] [7fefaa956d8] C:\Windows\system32\thumbcache.dll IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!CreateMutexW] [7fefaa95588] C:\Windows\system32\thumbcache.dll IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!CreateEventW] [a] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!ReleaseMutex] [32] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SetEvent] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!ResetEvent] [7fefaa956d8] C:\Windows\system32\thumbcache.dll IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!CreateFileMappingW] [7fefaa95568] C:\Windows\system32\thumbcache.dll IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!MapViewOfFile] [b] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetFileInformationByHandleEx] [1f4] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SetFileInformationByHandle] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!WaitForSingleObject] [7fefaa956d8] C:\Windows\system32\thumbcache.dll IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetSystemInfo] [7fefaa95550] C:\Windows\system32\thumbcache.dll IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[PSAPI.DLL!QueryWorkingSetEx] [0] IAT C:\Windows\Explorer.EXE[364] @ C:\Windows\system32\thumbcache.dll[PROPSYS.dll!PropVariantToUInt64] [7fefaa956d8] C:\Windows\system32\thumbcache.dll ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243d48851 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243d48851 (not active ControlSet) ---- Files - GMER 2.1 ---- File C:\ADSM_PData_0150 0 bytes File C:\ADSM_PData_0150\DB 0 bytes File C:\ADSM_PData_0150\DB\SI.db 624 bytes File C:\ADSM_PData_0150\DB\UL.db 16 bytes File C:\ADSM_PData_0150\DB\VL.db 16 bytes File C:\ADSM_PData_0150\DB\WAL.db 2048 bytes File C:\ADSM_PData_0150\DragWait.exe 315392 bytes executable File C:\ADSM_PData_0150\_avt 512 bytes