GMER 2.0.18444 - http://www.gmer.net Rootkit scan 2013-01-17 20:18:54 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.01.0 298,09GB Running: 3qk34zwh.exe; Driver: C:\Users\Sony\AppData\Local\Temp\kxliipob.sys ---- Kernel code sections - GMER 2.0 ---- .text C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff88004628d64 12 bytes {MOV RAX, 0xfffffa8006d402a0; JMP RAX} ---- User code sections - GMER 2.0 ---- .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2544] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075a787b1 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2544] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000077501401 2 bytes [50, 77] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2544] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000077501419 2 bytes [50, 77] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2544] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000077501431 2 bytes [50, 77] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2544] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007750144a 2 bytes [50, 77] .text ... * 9 .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2544] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000775014dd 2 bytes [50, 77] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2544] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000775014f5 2 bytes [50, 77] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2544] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007750150d 2 bytes [50, 77] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2544] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077501525 2 bytes [50, 77] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2544] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007750153d 2 bytes [50, 77] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2544] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000077501555 2 bytes [50, 77] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2544] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007750156d 2 bytes [50, 77] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2544] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000077501585 2 bytes [50, 77] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2544] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007750159d 2 bytes [50, 77] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2544] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000775015b5 2 bytes [50, 77] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2544] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000775015cd 2 bytes [50, 77] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2544] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000775016b2 2 bytes [50, 77] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2544] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000775016bd 2 bytes [50, 77] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[2100] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077501401 2 bytes [50, 77] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[2100] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077501419 2 bytes [50, 77] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[2100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077501431 2 bytes [50, 77] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[2100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007750144a 2 bytes [50, 77] .text ... * 9 .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[2100] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000775014dd 2 bytes [50, 77] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[2100] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000775014f5 2 bytes [50, 77] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[2100] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007750150d 2 bytes [50, 77] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[2100] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077501525 2 bytes [50, 77] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[2100] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007750153d 2 bytes [50, 77] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[2100] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077501555 2 bytes [50, 77] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[2100] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007750156d 2 bytes [50, 77] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[2100] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077501585 2 bytes [50, 77] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[2100] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007750159d 2 bytes [50, 77] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[2100] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000775015b5 2 bytes [50, 77] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[2100] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000775015cd 2 bytes [50, 77] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[2100] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000775016b2 2 bytes [50, 77] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[2100] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000775016bd 2 bytes [50, 77] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3432] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077501401 2 bytes [50, 77] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3432] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077501419 2 bytes [50, 77] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077501431 2 bytes [50, 77] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007750144a 2 bytes [50, 77] .text ... * 9 .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3432] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000775014dd 2 bytes [50, 77] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3432] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000775014f5 2 bytes [50, 77] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3432] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007750150d 2 bytes [50, 77] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3432] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077501525 2 bytes [50, 77] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3432] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007750153d 2 bytes [50, 77] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3432] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077501555 2 bytes [50, 77] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3432] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007750156d 2 bytes [50, 77] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3432] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077501585 2 bytes [50, 77] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3432] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007750159d 2 bytes [50, 77] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3432] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000775015b5 2 bytes [50, 77] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3432] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000775015cd 2 bytes [50, 77] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3432] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000775016b2 2 bytes [50, 77] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3432] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000775016bd 2 bytes [50, 77] .text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[1688] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077501401 2 bytes [50, 77] .text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[1688] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077501419 2 bytes [50, 77] .text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[1688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077501431 2 bytes [50, 77] .text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[1688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007750144a 2 bytes [50, 77] .text ... * 9 .text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[1688] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000775014dd 2 bytes [50, 77] .text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[1688] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000775014f5 2 bytes [50, 77] .text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[1688] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007750150d 2 bytes [50, 77] .text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[1688] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077501525 2 bytes [50, 77] .text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[1688] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007750153d 2 bytes [50, 77] .text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[1688] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077501555 2 bytes [50, 77] .text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[1688] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007750156d 2 bytes [50, 77] .text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[1688] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077501585 2 bytes [50, 77] .text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[1688] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007750159d 2 bytes [50, 77] .text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[1688] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000775015b5 2 bytes [50, 77] .text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[1688] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000775015cd 2 bytes [50, 77] .text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[1688] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000775016b2 2 bytes [50, 77] .text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[1688] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000775016bd 2 bytes [50, 77] ---- User IAT/EAT - GMER 2.0 ---- IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3180] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef4a42750] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3180] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef4a42b98] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3180] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef4a47de0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3180] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef4a48130] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3180] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef4a41908] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3180] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef4a41c00] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3180] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef4a481d8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3180] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef4a42878] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3180] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef4a47a5c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3180] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmIncrement] [7fef4a46c48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3180] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef4a477bc] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3180] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef4a47064] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3180] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef4a46544] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3180] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef4a45e30] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll ---- Devices - GMER 2.0 ---- Device \FileSystem\Ntfs \Ntfs Device \Driver\usbehci \Device\USBPDO-1 ws\system32\DRIVERS\kbdclass.sys Device \Driver\cdrom \Device\CdRom0 ws\system32\DRIVERS\kbdclass.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{D740C44F-5569-4E0E-B400-599928CC5BCA} ws\system32\DRIVERS\kbdclass.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{837E39DC-55BF-4D48-84AC-1A3B5CF70AE5} ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbehci \Device\USBFDO-0 ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbehci \Device\USBFDO-1 ws\system32\DRIVERS\kbdclass.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{28F673E5-A297-4D42-BB2A-3C6A7F6D83A9} ws\system32\DRIVERS\kbdclass.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{23AF5001-80D9-4C0F-81D6-A096F87C865B} ws\system32\DRIVERS\kbdclass.sys Device \Driver\NetBT \Device\NetBt_Wins_Export ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbehci \Device\USBPDO-0 ---- Registry - GMER 2.0 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9439e5c4017a Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 6979 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 3946 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE9 0x36 0xAF 0x77 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x80 0xCE 0xAF 0x13 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9439e5c4017a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE9 0x36 0xAF 0x77 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x80 0xCE 0xAF 0x13 ...