GMER Scan; Page 18:
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075f56c30 6 bytes JMP 7112000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075f57603 6 bytes JMP 7169000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075f57668 6 bytes JMP 713c000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000075f576e0 6 bytes JMP 7142000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075f5781f 6 bytes JMP 714b000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075f5835c 6 bytes JMP 716c000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000075f5c4b6 3 bytes JMP 711e000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000075f5c4ba 2 bytes JMP 711e000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000075f6c112 6 bytes JMP 7139000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000075f6d0f5 6 bytes JMP 7136000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075f6eb96 6 bytes JMP 712a000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000075f6ec68 3 bytes JMP 7130000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000075f6ec6c 2 bytes JMP 7130000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!SendInput 0000000075f6ff4a 3 bytes JMP 7133000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000075f6ff4e 2 bytes JMP 7133000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075f89f1d 6 bytes JMP 7118000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075f91497 6 bytes JMP 7109000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!mouse_event 0000000075fa027b 6 bytes JMP 716f000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075fa02bf 6 bytes JMP 7172000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075fa6cfc 6 bytes JMP 7145000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075fa6d5d 6 bytes JMP 713f000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075fa7dd7 3 bytes JMP 711b000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000075fa7ddb 2 bytes JMP 711b000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075fa88eb 3 bytes JMP 7127000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000075fa88ef 2 bytes JMP 7127000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000765d58b3 6 bytes JMP 7184000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000765d5ea6 6 bytes JMP 717e000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000765d7bcc 6 bytes JMP 718d000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000765db895 6 bytes JMP 7175000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000765dc332 6 bytes JMP 717b000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000765dcbfb 6 bytes JMP 7187000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000765de743 6 bytes JMP 718a000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\GDI32.dll!PlgBlt 000000007660480f 6 bytes JMP 7178000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000776a2642 6 bytes JMP 7196000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW 00000000776a5429 6 bytes JMP 7193000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 00000000755e124e 6 bytes JMP 7181000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075931465 2 bytes [93, 75]
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759314bb 2 bytes [93, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [1376:5868] 000007fef4473e0c
Thread c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [1376:6608] 000007feec8a838c
Thread c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [1376:7644] 000007fef4473e0c
Thread c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [1376:600] 000007fef166c680
Thread c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [1376:8036] 000007fef4473e0c
Thread c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [3796:6128] 000007fef4473e0c
Thread c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [3796:8152] 000007fef4473e0c
Thread c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [3796:8008] 000007fef166c680
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffab2548c
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffab2548c @000dfd36f860 0x2E 0x61 0x3D 0xB1 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffab2548c @0007e00c322f 0x86 0xFB 0xC2 0x27 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffab2548c @00068d005ebb 0x44 0xC7 0x4C 0x1E ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffab2548c @0007e056fd41 0x8D 0x67 0x7B 0xD7 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Configurations@Symboli cLinkValue 0x5C 0x00 0x52 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Data@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Options@SymbolicLinkVa lue 0x5C 0x00 0x52 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 69372
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 13868
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{637AC0A 6-E97F-4DD3-BC08-96932D7654D0}@LeaseObtainedTime 1402183471
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{637AC0A 6-E97F-4DD3-BC08-96932D7654D0}@T1 1402185271
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{637AC0A 6-E97F-4DD3-BC08-96932D7654D0}@T2 1402186621
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{637AC0A 6-E97F-4DD3-BC08-96932D7654D0}@LeaseTerminatesTime 1402187071
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffab2548c (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffab2548c@000 dfd36f860 0x2E 0x61 0x3D 0xB1 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffab2548c@000 7e00c322f 0x86 0xFB 0xC2 0x27 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffab2548c@000 68d005ebb 0x44 0xC7 0x4C 0x1E ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffab2548c@000 7e056fd41 0x8D 0x67 0x7B 0xD7 ...
Reg HKLM\SYSTEM\ControlSet002\services\cmdAgent\Mode\Configurations@SymbolicLin kValue 0x5C 0x00 0x52 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\cmdAgent\Mode\Data@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\cmdAgent\Mode\Options@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ...
Reg HKLM\SYSTEM\Software\COMODO\Cam@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ...
Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{367E135E-2B2E-A077-3E92-18F772EF5DAA}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{367E135E-2B2E-A077-3E92-18F772EF5DAA}@pafkmehmkdelemggbhfhgjapmlnhikgh 0x6A 0x61 0x69 0x63 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{367E135E-2B2E-A077-3E92-18F772EF5DAA}@oaljfaiaepegjnjbecnjoalgpbejho 0x6A 0x61 0x69 0x63 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{74E827C3-21E1-1EAA-EA3C-BF875B2231DD}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{74E827C3-21E1-1EAA-EA3C-BF875B2231DD}@oaldbhnlbajenibdaggbjkedjdfoll 0x6A 0x61 0x67 0x67 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{74E827C3-21E1-1EAA-EA3C-BF875B2231DD}@pajgppcmeiofjeglegmkcdcpdeeadlnn 0x69 0x61 0x65 0x67 ...
---- EOF - GMER 2.1 ----
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075f56c30 6 bytes JMP 7112000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075f57603 6 bytes JMP 7169000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075f57668 6 bytes JMP 713c000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000075f576e0 6 bytes JMP 7142000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075f5781f 6 bytes JMP 714b000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075f5835c 6 bytes JMP 716c000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000075f5c4b6 3 bytes JMP 711e000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000075f5c4ba 2 bytes JMP 711e000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000075f6c112 6 bytes JMP 7139000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000075f6d0f5 6 bytes JMP 7136000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075f6eb96 6 bytes JMP 712a000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000075f6ec68 3 bytes JMP 7130000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000075f6ec6c 2 bytes JMP 7130000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!SendInput 0000000075f6ff4a 3 bytes JMP 7133000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000075f6ff4e 2 bytes JMP 7133000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075f89f1d 6 bytes JMP 7118000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075f91497 6 bytes JMP 7109000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!mouse_event 0000000075fa027b 6 bytes JMP 716f000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075fa02bf 6 bytes JMP 7172000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075fa6cfc 6 bytes JMP 7145000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075fa6d5d 6 bytes JMP 713f000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075fa7dd7 3 bytes JMP 711b000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000075fa7ddb 2 bytes JMP 711b000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075fa88eb 3 bytes JMP 7127000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000075fa88ef 2 bytes JMP 7127000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000765d58b3 6 bytes JMP 7184000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000765d5ea6 6 bytes JMP 717e000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000765d7bcc 6 bytes JMP 718d000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000765db895 6 bytes JMP 7175000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000765dc332 6 bytes JMP 717b000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000765dcbfb 6 bytes JMP 7187000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000765de743 6 bytes JMP 718a000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\GDI32.dll!PlgBlt 000000007660480f 6 bytes JMP 7178000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000776a2642 6 bytes JMP 7196000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW 00000000776a5429 6 bytes JMP 7193000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 00000000755e124e 6 bytes JMP 7181000a
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075931465 2 bytes [93, 75]
.text C:\Users\Carl\Desktop\f6p7s1lr.exe[6096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759314bb 2 bytes [93, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [1376:5868] 000007fef4473e0c
Thread c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [1376:6608] 000007feec8a838c
Thread c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [1376:7644] 000007fef4473e0c
Thread c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [1376:600] 000007fef166c680
Thread c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [1376:8036] 000007fef4473e0c
Thread c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [3796:6128] 000007fef4473e0c
Thread c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [3796:8152] 000007fef4473e0c
Thread c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [3796:8008] 000007fef166c680
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffab2548c
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffab2548c @000dfd36f860 0x2E 0x61 0x3D 0xB1 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffab2548c @0007e00c322f 0x86 0xFB 0xC2 0x27 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffab2548c @00068d005ebb 0x44 0xC7 0x4C 0x1E ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffab2548c @0007e056fd41 0x8D 0x67 0x7B 0xD7 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Configurations@Symboli cLinkValue 0x5C 0x00 0x52 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Data@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Options@SymbolicLinkVa lue 0x5C 0x00 0x52 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 69372
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 13868
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{637AC0A 6-E97F-4DD3-BC08-96932D7654D0}@LeaseObtainedTime 1402183471
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{637AC0A 6-E97F-4DD3-BC08-96932D7654D0}@T1 1402185271
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{637AC0A 6-E97F-4DD3-BC08-96932D7654D0}@T2 1402186621
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{637AC0A 6-E97F-4DD3-BC08-96932D7654D0}@LeaseTerminatesTime 1402187071
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffab2548c (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffab2548c@000 dfd36f860 0x2E 0x61 0x3D 0xB1 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffab2548c@000 7e00c322f 0x86 0xFB 0xC2 0x27 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffab2548c@000 68d005ebb 0x44 0xC7 0x4C 0x1E ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffab2548c@000 7e056fd41 0x8D 0x67 0x7B 0xD7 ...
Reg HKLM\SYSTEM\ControlSet002\services\cmdAgent\Mode\Configurations@SymbolicLin kValue 0x5C 0x00 0x52 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\cmdAgent\Mode\Data@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\cmdAgent\Mode\Options@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ...
Reg HKLM\SYSTEM\Software\COMODO\Cam@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ...
Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{367E135E-2B2E-A077-3E92-18F772EF5DAA}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{367E135E-2B2E-A077-3E92-18F772EF5DAA}@pafkmehmkdelemggbhfhgjapmlnhikgh 0x6A 0x61 0x69 0x63 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{367E135E-2B2E-A077-3E92-18F772EF5DAA}@oaljfaiaepegjnjbecnjoalgpbejho 0x6A 0x61 0x69 0x63 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{74E827C3-21E1-1EAA-EA3C-BF875B2231DD}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{74E827C3-21E1-1EAA-EA3C-BF875B2231DD}@oaldbhnlbajenibdaggbjkedjdfoll 0x6A 0x61 0x67 0x67 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{74E827C3-21E1-1EAA-EA3C-BF875B2231DD}@pajgppcmeiofjeglegmkcdcpdeeadlnn 0x69 0x61 0x65 0x67 ...
---- EOF - GMER 2.1 ----