GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-05-05 15:53:33 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.AX00 465,76GB Running: rg7nwikz.exe; Driver: C:\Users\Evela\AppData\Local\Temp\ugtiapod.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\Windows\system32\drivers\USBPORT.SYS!DllUnload fffff8800f64e30c 12 bytes {MOV RAX, 0xfffffa80086af2a0; JMP RAX} ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe[2444] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076981401 2 bytes JMP 75efb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe[2444] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076981419 2 bytes JMP 75efb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe[2444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076981431 2 bytes JMP 75f79149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe[2444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007698144a 2 bytes CALL 75ed4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe[2444] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769814dd 2 bytes JMP 75f78a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe[2444] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769814f5 2 bytes JMP 75f78c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe[2444] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007698150d 2 bytes JMP 75f78938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe[2444] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076981525 2 bytes JMP 75f78d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe[2444] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007698153d 2 bytes JMP 75eefcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe[2444] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076981555 2 bytes JMP 75ef6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe[2444] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007698156d 2 bytes JMP 75f79201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe[2444] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076981585 2 bytes JMP 75f78d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe[2444] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007698159d 2 bytes JMP 75f788fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe[2444] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769815b5 2 bytes JMP 75eefd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe[2444] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769815cd 2 bytes JMP 75efb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe[2444] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769816b2 2 bytes JMP 75f790c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe[2444] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769816bd 2 bytes JMP 75f78891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076981401 2 bytes JMP 75efb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2592] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076981419 2 bytes JMP 75efb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076981431 2 bytes JMP 75f79149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007698144a 2 bytes CALL 75ed4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2592] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769814dd 2 bytes JMP 75f78a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769814f5 2 bytes JMP 75f78c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2592] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007698150d 2 bytes JMP 75f78938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076981525 2 bytes JMP 75f78d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007698153d 2 bytes JMP 75eefcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2592] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076981555 2 bytes JMP 75ef6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007698156d 2 bytes JMP 75f79201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076981585 2 bytes JMP 75f78d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2592] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007698159d 2 bytes JMP 75f788fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769815b5 2 bytes JMP 75eefd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769815cd 2 bytes JMP 75efb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769816b2 2 bytes JMP 75f790c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769816bd 2 bytes JMP 75f78891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076981401 2 bytes JMP 75efb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3968] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076981419 2 bytes JMP 75efb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076981431 2 bytes JMP 75f79149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007698144a 2 bytes CALL 75ed4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3968] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769814dd 2 bytes JMP 75f78a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769814f5 2 bytes JMP 75f78c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3968] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007698150d 2 bytes JMP 75f78938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076981525 2 bytes JMP 75f78d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007698153d 2 bytes JMP 75eefcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3968] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076981555 2 bytes JMP 75ef6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007698156d 2 bytes JMP 75f79201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076981585 2 bytes JMP 75f78d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3968] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007698159d 2 bytes JMP 75f788fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769815b5 2 bytes JMP 75eefd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769815cd 2 bytes JMP 75efb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769816b2 2 bytes JMP 75f790c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769816bd 2 bytes JMP 75f78891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe[4248] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076981401 2 bytes JMP 75efb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe[4248] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076981419 2 bytes JMP 75efb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe[4248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076981431 2 bytes JMP 75f79149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe[4248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007698144a 2 bytes CALL 75ed4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe[4248] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769814dd 2 bytes JMP 75f78a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe[4248] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769814f5 2 bytes JMP 75f78c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe[4248] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007698150d 2 bytes JMP 75f78938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe[4248] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076981525 2 bytes JMP 75f78d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe[4248] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007698153d 2 bytes JMP 75eefcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe[4248] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076981555 2 bytes JMP 75ef6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe[4248] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007698156d 2 bytes JMP 75f79201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe[4248] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076981585 2 bytes JMP 75f78d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe[4248] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007698159d 2 bytes JMP 75f788fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe[4248] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769815b5 2 bytes JMP 75eefd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe[4248] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769815cd 2 bytes JMP 75efb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe[4248] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769816b2 2 bytes JMP 75f790c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe[4248] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769816bd 2 bytes JMP 75f78891 C:\Windows\syswow64\kernel32.dll ---- Kernel IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\drivers\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [fffff880010ce5b0] \SystemRoot\System32\Drivers\sppf.sys [unknown section] IAT C:\Windows\system32\drivers\pci.sys[ntoskrnl.exe!IoDetachDevice] [fffff880010ce53c] \SystemRoot\System32\Drivers\sppf.sys [unknown section] ---- Devices - GMER 2.2 ---- Device \Driver\a7wg95s9 \Device\Scsi\a7wg95s91 fffffa80090bc2c0 Device \Driver\a7wg95s9 \Device\Scsi\a7wg95s91Port1Path0Target1Lun0 fffffa80090bc2c0 Device \Driver\a7wg95s9 \Device\Scsi\a7wg95s91Port1Path0Target0Lun0 fffffa80090bc2c0 Device \FileSystem\Ntfs \Ntfs fffffa80050822c0 Device \FileSystem\fastfat \Fat fffffa800884e2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{E9F78DA0-6C24-44DF-A93D-0509F2F8C13E} fffffa80052c82c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa80084fd2c0 Device \Driver\cdrom \Device\CdRom0 fffffa800785d2c0 Device \Driver\cdrom \Device\CdRom1 fffffa800785d2c0 Device \Driver\cdrom \Device\CdRom2 fffffa800785d2c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa80084fd2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{F059230F-7911-441A-A0A2-59C8E25E600B} fffffa80052c82c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa80084fd2c0 Device \Driver\volmgr \Device\HarddiskVolume1 fffffa800507a2c0 Device \Driver\volmgr \Device\FtControl fffffa800507a2c0 Device \Driver\volmgr \Device\VolMgrControl fffffa800507a2c0 Device \Driver\volmgr \Device\HarddiskVolume2 fffffa800507a2c0 Device \Driver\volmgr \Device\HarddiskVolume3 fffffa800507a2c0 Device \Driver\volmgr \Device\HarddiskVolume4 fffffa800507a2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{EB8D05C2-1165-4FED-A0FF-3BB8E7296191} fffffa80052c82c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa80052c82c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa80084fd2c0 Device \Driver\a7wg95s9 \Device\ScsiPort1 fffffa80090bc2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{5E8B7CDC-63B8-4CBE-BE4D-16EEEBCC1F07} fffffa80052c82c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{F430803A-E53F-4AAC-B483-18BE5D075E54} fffffa80052c82c0 ---- Modules - GMER 2.2 ---- Module \SystemRoot\System32\Drivers\a7wg95s9.SYS fffff880055b8000-fffff880055fc000 (278528 bytes) ---- Threads - GMER 2.2 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5964:6052] 000007fefa842b1c ---- Processes - GMER 2.2 ---- Library C:\Users\Evela\AppData\Local\Google\Update\1.3.32.7\goopdate.dll (*** suspicious ***) @ C:\Users\Evela\AppData\Local\Google\Update\GoogleUpdate.exe [4116] 0000000062fc0000 Library C:\Users\Evela\AppData\Local\Google\Update\1.3.32.7\psuser.dll (*** suspicious ***) @ C:\Users\Evela\AppData\Local\Google\Update\GoogleUpdate.exe [4116] 00000000632e0000 Library C:\Users\Evela\AppData\Local\Google\Update\1.3.32.7\goopdate.dll (*** suspicious ***) @ C:\Users\Evela\AppData\Local\Google\Update\GoogleUpdate.exe [2824] 0000000062fc0000 Library C:\Users\Evela\AppData\Local\Google\Update\1.3.32.7\psuser.dll (*** suspicious ***) @ C:\Users\Evela\AppData\Local\Google\Update\GoogleUpdate.exe [2824] 00000000632e0000 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\685d43bd5069 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\685d43bd5069@c8aa21a4261b 0x1C 0x2F 0xAB 0x67 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\685d43bd5069@1c69a5c5583b 0x28 0x90 0x73 0xEF ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\685d43bd5069@d0dfc7877cce 0x9F 0x6E 0x1D 0x24 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\685d43bd5069@2c8a7200b721 0x12 0xBE 0xE7 0xBA ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\685d43bd5069@fc58fad316df 0xF2 0x85 0x34 0xB3 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\685d43bd5069@d831cf4052f5 0xB9 0x66 0x44 0x82 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\685d43bd5069@90e7c4749fb7 0xE5 0x90 0x43 0xE2 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\685d43bd5069@00dbdf9bfadb 0x6E 0x9A 0x4A 0x79 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\685d43bd5069@70f3952c37ce 0xE7 0x91 0x9A 0xD6 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5F 0x56 0x16 0xB5 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x44 0x7B 0x30 0xA7 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x52 0x2B 0x4A 0xA0 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xCD 0x75 0x7D 0x15 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\685d43bd5069 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\685d43bd5069@c8aa21a4261b 0x1C 0x2F 0xAB 0x67 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\685d43bd5069@1c69a5c5583b 0x28 0x90 0x73 0xEF ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\685d43bd5069@d0dfc7877cce 0x9F 0x6E 0x1D 0x24 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\685d43bd5069@2c8a7200b721 0x12 0xBE 0xE7 0xBA ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\685d43bd5069@fc58fad316df 0xF2 0x85 0x34 0xB3 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\685d43bd5069@d831cf4052f5 0xB9 0x66 0x44 0x82 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\685d43bd5069@90e7c4749fb7 0xE5 0x90 0x43 0xE2 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\685d43bd5069@00dbdf9bfadb 0x6E 0x9A 0x4A 0x79 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\685d43bd5069@70f3952c37ce 0xE7 0x91 0x9A 0xD6 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5F 0x56 0x16 0xB5 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x44 0x7B 0x30 0xA7 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x52 0x2B 0x4A 0xA0 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xCD 0x75 0x7D 0x15 ... ---- EOF - GMER 2.2 ----