GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-08-18 22:49:42 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM500JI rev.2AC101C4 465,76GB Running: fex7nyuf.exe; Driver: C:\Users\Igor\AppData\Local\Temp\ugldrpoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1064] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000752e1401 2 bytes JMP 7627b20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1064] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000752e1419 2 bytes JMP 7627b336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000752e1431 2 bytes JMP 762f8f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000752e144a 2 bytes CALL 76254885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1064] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000752e14dd 2 bytes JMP 762f8832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1064] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000752e14f5 2 bytes JMP 762f8a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1064] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000752e150d 2 bytes JMP 762f8728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1064] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000752e1525 2 bytes JMP 762f8af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1064] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000752e153d 2 bytes JMP 7626fc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1064] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000752e1555 2 bytes JMP 762768df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1064] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000752e156d 2 bytes JMP 762f8ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1064] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000752e1585 2 bytes JMP 762f8b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1064] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000752e159d 2 bytes JMP 762f86ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1064] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000752e15b5 2 bytes JMP 7626fd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1064] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000752e15cd 2 bytes JMP 7627b2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1064] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000752e16b2 2 bytes JMP 762f8eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1064] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000752e16bd 2 bytes JMP 762f8681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000752e1401 2 bytes JMP 7627b20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2364] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000752e1419 2 bytes JMP 7627b336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000752e1431 2 bytes JMP 762f8f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000752e144a 2 bytes CALL 76254885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2364] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000752e14dd 2 bytes JMP 762f8832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000752e14f5 2 bytes JMP 762f8a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2364] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000752e150d 2 bytes JMP 762f8728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000752e1525 2 bytes JMP 762f8af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000752e153d 2 bytes JMP 7626fc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2364] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000752e1555 2 bytes JMP 762768df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000752e156d 2 bytes JMP 762f8ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000752e1585 2 bytes JMP 762f8b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2364] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000752e159d 2 bytes JMP 762f86ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000752e15b5 2 bytes JMP 7626fd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000752e15cd 2 bytes JMP 7627b2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000752e16b2 2 bytes JMP 762f8eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000752e16bd 2 bytes JMP 762f8681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000752e1401 2 bytes JMP 7627b20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2500] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000752e1419 2 bytes JMP 7627b336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000752e1431 2 bytes JMP 762f8f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000752e144a 2 bytes CALL 76254885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2500] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000752e14dd 2 bytes JMP 762f8832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000752e14f5 2 bytes JMP 762f8a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2500] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000752e150d 2 bytes JMP 762f8728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000752e1525 2 bytes JMP 762f8af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000752e153d 2 bytes JMP 7626fc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2500] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000752e1555 2 bytes JMP 762768df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000752e156d 2 bytes JMP 762f8ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000752e1585 2 bytes JMP 762f8b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2500] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000752e159d 2 bytes JMP 762f86ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000752e15b5 2 bytes JMP 7626fd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000752e15cd 2 bytes JMP 7627b2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000752e16b2 2 bytes JMP 762f8eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000752e16bd 2 bytes JMP 762f8681 C:\Windows\syswow64\kernel32.dll ? C:\Windows\system32\mssprxy.dll [2500] entry point in ".rdata" section 0000000074c871e6 .text C:\Windows\system32\sppsvc.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000772edc30 5 bytes JMP 0000000077450128 .text C:\Windows\system32\sppsvc.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772edd50 5 bytes JMP 0000000077450018 .text C:\Windows\system32\sppsvc.exe[2652] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007709db10 1 byte JMP 00000000774500a0 .text C:\Windows\system32\sppsvc.exe[2652] C:\Windows\system32\kernel32.dll!CreateProcessInternalW + 2 000000007709db12 3 bytes {JMP 0x3b2590} .text C:\Windows\system32\svchost.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000772edc30 5 bytes JMP 0000000177290128 .text C:\Windows\system32\svchost.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772edd50 5 bytes JMP 0000000177290018 .text C:\Windows\system32\svchost.exe[3200] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007709db10 1 byte JMP 00000000772900a0 .text C:\Windows\system32\svchost.exe[3200] C:\Windows\system32\kernel32.dll!CreateProcessInternalW + 2 000000007709db12 3 bytes {JMP 0x1f2590} .text C:\Windows\System32\rundll32.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000772edc30 5 bytes JMP 0000000077450128 .text C:\Windows\System32\rundll32.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772edd50 5 bytes JMP 0000000077450018 .text C:\Windows\System32\rundll32.exe[3336] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007709db10 1 byte JMP 00000000774500a0 .text C:\Windows\System32\rundll32.exe[3336] C:\Windows\system32\kernel32.dll!CreateProcessInternalW + 2 000000007709db12 3 bytes {JMP 0x3b2590} .text C:\Windows\system32\svchost.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000772edc30 5 bytes JMP 0000000177290128 .text C:\Windows\system32\svchost.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772edd50 5 bytes JMP 0000000177290018 .text C:\Windows\system32\svchost.exe[3344] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007709db10 1 byte JMP 00000000772900a0 .text C:\Windows\system32\svchost.exe[3344] C:\Windows\system32\kernel32.dll!CreateProcessInternalW + 2 000000007709db12 3 bytes {JMP 0x1f2590} .text C:\Windows\system32\Dwm.exe[4000] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000772edc30 5 bytes JMP 0000000077450128 .text C:\Windows\system32\Dwm.exe[4000] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772edd50 5 bytes JMP 0000000077450018 .text C:\Windows\system32\Dwm.exe[4000] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007709db10 1 byte JMP 00000000774500a0 .text C:\Windows\system32\Dwm.exe[4000] C:\Windows\system32\kernel32.dll!CreateProcessInternalW + 2 000000007709db12 3 bytes {JMP 0x3b2590} .text C:\Windows\Explorer.EXE[4028] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000772edc30 5 bytes JMP 0000000077450128 .text C:\Windows\Explorer.EXE[4028] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772edd50 5 bytes JMP 0000000077450018 .text C:\Windows\Explorer.EXE[4028] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007709db10 1 byte JMP 00000000774500a0 .text C:\Windows\Explorer.EXE[4028] C:\Windows\system32\kernel32.dll!CreateProcessInternalW + 2 000000007709db12 3 bytes {JMP 0x3b2590} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3812] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007749fc90 5 bytes JMP 0000000174a819c0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3812] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007749fe54 5 bytes JMP 0000000174a815e0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3812] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076263b93 5 bytes JMP 0000000174a81750 .text C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007749fc90 5 bytes JMP 0000000174a819c0 .text C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007749fe54 5 bytes JMP 0000000174a815e0 .text C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe[4068] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW 0000000076263b93 5 bytes JMP 0000000174a81750 .text C:\Windows\system32\SearchIndexer.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000772edc30 5 bytes JMP 0000000077450128 .text C:\Windows\system32\SearchIndexer.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772edd50 5 bytes JMP 0000000077450018 .text C:\Windows\SysWOW64\ctfmon.exe[4008] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007749fc90 5 bytes JMP 0000000174a819c0 .text C:\Windows\SysWOW64\ctfmon.exe[4008] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007749fe54 5 bytes JMP 0000000174a815e0 .text C:\Windows\SysWOW64\ctfmon.exe[4008] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076263b93 5 bytes JMP 0000000174a81750 .text C:\Windows\System32\svchost.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000772edc30 5 bytes JMP 0000000177290128 .text C:\Windows\System32\svchost.exe[4444] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772edd50 5 bytes JMP 0000000177290018 .text C:\Windows\System32\svchost.exe[4444] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007709db10 1 byte JMP 00000000772900a0 .text C:\Windows\System32\svchost.exe[4444] C:\Windows\system32\kernel32.dll!CreateProcessInternalW + 2 000000007709db12 3 bytes {JMP 0x1f2590} .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1984] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007749fc90 5 bytes JMP 0000000174a819c0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1984] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007749fe54 5 bytes JMP 0000000174a815e0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1984] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076263b93 5 bytes JMP 0000000174a81750 .text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[4388] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007749fc90 5 bytes JMP 00000001719e19c0 .text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[4388] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007749fe54 5 bytes JMP 00000001719e15e0 .text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[4388] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076263b93 5 bytes JMP 00000001719e1750 ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1256:4128] 000007fef7fc2ae8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1256:4136] 000007fef1fd5648 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1256:4160] 000007fef1fd5648 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b6b1753e Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b6b1753e (not active ControlSet) ---- EOF - GMER 2.1 ----