GMER 2.0.18454 - http://www.gmer.net Rootkit scan 2013-02-03 22:27:35 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.SB4O 149,05GB Running: gmer.exe; Driver: C:\DOCUME~1\piotrek\USTAWI~1\Temp\kwlyapog.sys ---- System - GMER 2.0 ---- SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwAllocateVirtualMemory [0xAABABB30] SSDT B115413C ZwClose SSDT B11540F6 ZwCreateKey SSDT B1154146 ZwCreateSection SSDT B11540EC ZwCreateThread SSDT B11540FB ZwDeleteKey SSDT B1154105 ZwDeleteValueKey SSDT B1154137 ZwDuplicateObject SSDT B115410A ZwLoadKey SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwMapViewOfSection [0xAABAB470] SSDT B11540D8 ZwOpenProcess SSDT B11540DD ZwOpenThread SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwProtectVirtualMemory [0xAABABC50] SSDT B115415F ZwQueryValueKey SSDT B1154114 ZwReplaceKey SSDT B1154150 ZwRequestWaitReplyPort SSDT B115410F ZwRestoreKey SSDT B115414B ZwSetContextThread SSDT B1154155 ZwSetSecurityObject SSDT B1154100 ZwSetValueKey SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwShutdownSystem [0xAABAB990] SSDT B115415A ZwSystemDebugControl SSDT B11540E7 ZwTerminateProcess SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwWriteVirtualMemory [0xAABABD60] INT 0x62 ? 8A153CC8 INT 0x74 ? 88839F00 INT 0x82 ? 8A153CC8 INT 0x83 ? 88839F00 INT 0x94 ? 88839F00 INT 0xA4 ? 88839F00 INT 0xB4 ? 8A10DCC8 ---- Kernel code sections - GMER 2.0 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2C82 8050457A 2 Bytes [15, B1] .sptd1 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xB7F8D346] .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB5C2B380, 0x2F2807, 0xE8000020] .text USBPORT.SYS!DllUnload B5C0B8AC 5 Bytes JMP 88839410 .text tcpip.sys!IPTransmit + 10FC A7D2FD3A 6 Bytes CALL B7BC3E50 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) .text tcpip.sys!IPTransmit + 2A52 A7D31690 6 Bytes CALL B7BC3E50 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) .text tcpip.sys!IPRegisterProtocol + 930 A7D47454 6 Bytes CALL B7BC3E50 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) .text wanarp.sys B2CAA3FD 7 Bytes CALL B7BC3FA0 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) .text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xA7B77400, 0x87EE2, 0xE8000020] .protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xA7C1B620] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xA7C1B620] .protect˙˙˙˙hardlockunknown last code section [0xA7C1B400, 0x5126, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xA7C1B400, 0x5126, 0xE0000020] ---- User code sections - GMER 2.0 ---- .text C:\Program Files\Internet Explorer\iexplore.exe[440] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 01C6ED8F .text C:\Program Files\Internet Explorer\iexplore.exe[440] USER32.dll!DrawTextExW 7E37B415 5 Bytes JMP 01C7031F .text C:\Program Files\Internet Explorer\iexplore.exe[440] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[440] USER32.dll!DrawTextW 7E37D7E2 5 Bytes JMP 01C7015D .text C:\Program Files\Internet Explorer\iexplore.exe[440] USER32.dll!SetClipboardData 7E380F9E 5 Bytes JMP 01C6FDD3 .text C:\Program Files\Internet Explorer\iexplore.exe[440] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A725F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[440] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A7191 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[440] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A71FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[440] USER32.dll!DrawTextA 7E38C702 5 Bytes JMP 01C70082 .text C:\Program Files\Internet Explorer\iexplore.exe[440] USER32.dll!DrawTextExA 7E38C739 5 Bytes JMP 01C70238 .text C:\Program Files\Internet Explorer\iexplore.exe[440] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A7062 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[440] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A70C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[440] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A72C2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[440] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A7126 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[440] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 01C6FFB6 .text C:\Program Files\Internet Explorer\iexplore.exe[440] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 01C704EA .text C:\Program Files\Internet Explorer\iexplore.exe[440] GDI32.dll!TextOutA 77F1BA4F 5 Bytes JMP 01C6FEEA .text C:\Program Files\Internet Explorer\iexplore.exe[440] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 01C70406 .text C:\Program Files\Internet Explorer\iexplore.exe[440] GDI32.dll!GetGlyphIndicesA 77F3DFE3 5 Bytes JMP 01C708AA .text C:\Program Files\Internet Explorer\iexplore.exe[440] GDI32.dll!GetGlyphIndicesW 77F52604 5 Bytes JMP 01C70977 .text C:\Program Files\Internet Explorer\iexplore.exe[440] WININET.dll!InternetCloseHandle 3FD09098 5 Bytes JMP 01C6EEFD .text C:\Program Files\Internet Explorer\iexplore.exe[440] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 01C7100E .text C:\Program Files\Internet Explorer\iexplore.exe[440] WININET.dll!HttpOpenRequestW 3FD0FC0B 5 Bytes JMP 01C6EE5A .text C:\Program Files\Internet Explorer\iexplore.exe[440] ws2_32.dll!getaddrinfo 71A52A6F 5 Bytes JMP 01C6E8FB .text C:\Program Files\Internet Explorer\iexplore.exe[440] ws2_32.dll!closesocket 71A53E2B 5 Bytes JMP 01C6FD2C .text C:\Program Files\Internet Explorer\iexplore.exe[440] ws2_32.dll!send 71A54C27 5 Bytes JMP 01C6F8A1 .text C:\Program Files\Internet Explorer\iexplore.exe[440] ws2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 01C6FAC8 .text C:\Program Files\Internet Explorer\iexplore.exe[440] ws2_32.dll!gethostbyname 71A55355 5 Bytes JMP 01C6E83A .text C:\Program Files\Internet Explorer\iexplore.exe[440] ws2_32.dll!recv 71A5676F 5 Bytes JMP 01C6F946 .text C:\Program Files\Internet Explorer\iexplore.exe[440] ws2_32.dll!WSASend 71A568FA 5 Bytes JMP 01C6F9F4 .text C:\Program Files\Internet Explorer\iexplore.exe[440] ws2_32.dll!WSAAsyncGetHostByName 71A5E99D 5 Bytes JMP 01C6ECB0 .text C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE[800] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 5 Bytes JMP 326050B8 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation) .text C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE[800] ole32.dll!OleLoadFromStream 7751983B 5 Bytes JMP 330CE11A C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2688] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 025CC5B0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2688] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 029161C7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2688] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 029161A4 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2688] kernel32.dll!ValidateLocale + B1C8 7C8449C8 7 Bytes JMP 025E544E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2688] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 0105ED8F .text C:\Program Files\Mozilla Firefox\firefox.exe[2688] USER32.dll!DrawTextExW 7E37B415 5 Bytes JMP 0106031F .text C:\Program Files\Mozilla Firefox\firefox.exe[2688] USER32.dll!DrawTextW 7E37D7E2 5 Bytes JMP 0106015D .text C:\Program Files\Mozilla Firefox\firefox.exe[2688] USER32.dll!SetClipboardData 7E380F9E 5 Bytes JMP 0105FDD3 .text C:\Program Files\Mozilla Firefox\firefox.exe[2688] USER32.dll!DrawTextA 7E38C702 5 Bytes JMP 01060082 .text C:\Program Files\Mozilla Firefox\firefox.exe[2688] USER32.dll!DrawTextExA 7E38C739 5 Bytes JMP 01060238 .text C:\Program Files\Mozilla Firefox\firefox.exe[2688] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 0105FFB6 .text C:\Program Files\Mozilla Firefox\firefox.exe[2688] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 010604EA .text C:\Program Files\Mozilla Firefox\firefox.exe[2688] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 02916125 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2688] GDI32.dll!TextOutA 77F1BA4F 5 Bytes JMP 0105FEEA .text C:\Program Files\Mozilla Firefox\firefox.exe[2688] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 01060406 .text C:\Program Files\Mozilla Firefox\firefox.exe[2688] GDI32.dll!GetGlyphIndicesA 77F3DFE3 5 Bytes JMP 010608AA .text C:\Program Files\Mozilla Firefox\firefox.exe[2688] GDI32.dll!GetGlyphIndicesW 77F52604 5 Bytes JMP 01060977 .text C:\Program Files\Mozilla Firefox\firefox.exe[2688] WS2_32.dll!getaddrinfo 71A52A6F 5 Bytes JMP 0105E8FB .text C:\Program Files\Mozilla Firefox\firefox.exe[2688] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 0105FD2C .text C:\Program Files\Mozilla Firefox\firefox.exe[2688] WS2_32.dll!send 71A54C27 5 Bytes JMP 0105F8A1 .text C:\Program Files\Mozilla Firefox\firefox.exe[2688] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 0105FAC8 .text C:\Program Files\Mozilla Firefox\firefox.exe[2688] WS2_32.dll!gethostbyname 71A55355 5 Bytes JMP 0105E83A .text C:\Program Files\Mozilla Firefox\firefox.exe[2688] WS2_32.dll!recv 71A5676F 5 Bytes JMP 0105F946 .text C:\Program Files\Mozilla Firefox\firefox.exe[2688] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 0105F9F4 .text C:\Program Files\Mozilla Firefox\firefox.exe[2688] WS2_32.dll!WSAAsyncGetHostByName 71A5E99D 5 Bytes JMP 0105ECB0 .text C:\Program Files\Mozilla Firefox\firefox.exe[2688] WININET.dll!InternetCrackUrlW 3FCF40C0 5 Bytes JMP 01060D86 .text C:\Program Files\Mozilla Firefox\firefox.exe[2688] WININET.dll!InternetCrackUrlA 3FD14938 5 Bytes JMP 01060C3D ---- Kernel IAT/EAT - GMER 2.0 ---- IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [B7E93232] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [B7E92730] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [B7E92F12] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7E92730] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7E92914] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7E92856] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7E930F0] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7E92F12] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EA6F1E] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [B7BC4C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B7BC4BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [B7BC4B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [B7BC48E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B7BC48E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B7BC4BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B7BC4C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B7BC4B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B7BC4B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B7BC48E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B7BC4BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B7BC4C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B7BC48E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B7BC4B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B7BC4C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B7BC4BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B7BC4C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B7BC4BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B7BC48E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B7BC4B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B7BC48E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B7BC4BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B7BC4C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [B7BC4C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [B7BC4BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [B7BC4B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [B7BC48E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B7BC48E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B7BC4B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B7BC4C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B7BC4BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) ---- Registry - GMER 2.0 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f81000830 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f81000830@9c4a7b5867bf 0x54 0x4F 0x4C 0x59 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f81000830@78595ec04c7b 0x67 0xBD 0x62 0xC2 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x55 0xCD 0xAB 0x60 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001f81000830 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001f81000830@9c4a7b5867bf 0x54 0x4F 0x4C 0x59 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001f81000830@78595ec04c7b 0x67 0xBD 0x62 0xC2 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x55 0xCD 0xAB 0x60 ... ---- EOF - GMER 2.0 ----