GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-10-17 17:53:11 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.11.0 232,89GB Running: gmer.exe; Driver: C:\Users\piotrek\AppData\Local\Temp\fxlyrpow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAdjustPrivilegesToken [0x99473990] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcConnectPort [0x994241CE] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcSendWaitReceivePort [0x99424400] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwConnectPort [0x99423FC8] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSection [0x9947655C] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSymbolicLinkObject [0x99437E90] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThread [0x9947598C] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDebugActiveProcess [0x9947551E] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeviceIoControlFile [0x99414640] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDuplicateObject [0x99473AD2] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwLoadDriver [0x994735FE] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwMapViewOfSection [0x99437EB0] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenProcess [0x99475052] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSection [0x9947678C] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenThread [0x9947567E] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwPlugPlayControl [0x99437EA0] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryIntervalProfile [0x99437EE0] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueueApcThread [0x994761C6] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwRequestWaitReplyPort [0x994242D4] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwResumeThread [0x99475EE2] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSecureConnectPort [0x994240C8] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetContextThread [0x99476048] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetInformationToken [0x99414A5A] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetSystemInformation [0x99473936] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendProcess [0x9947525A] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendThread [0x99475D82] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSystemDebugControl [0x99414A6C] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateProcess [0x994753C0] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateThread [0x99475882] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwUnmapViewOfSection [0x99476894] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwWriteVirtualMemory [0x9947661E] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThreadEx [0x99475BD8] INT 0x81 ? 974FD050 INT 0x91 ? 974FD2D0 ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetEvent + 119 8A4C6764 4 Bytes [90, 39, 47, 99] {NOP ; CMP [EDI-0x67], EAX} .text ntkrnlpa.exe!KeSetEvent + 13D 8A4C6788 4 Bytes [CE, 41, 42, 99] {INTO ; INC ECX; INC EDX; CDQ } .text ntkrnlpa.exe!KeSetEvent + 181 8A4C67CC 4 Bytes [00, 44, 42, 99] {ADD [EDX+EAX*2-0x67], AL} .text ntkrnlpa.exe!KeSetEvent + 1C1 8A4C680C 4 Bytes [C8, 3F, 42, 99] {ENTER 0x423f, 0x99} .text ntkrnlpa.exe!KeSetEvent + 215 8A4C6860 4 Bytes [5C, 65, 47, 99] {POP ESP; INC EDI; CDQ } .text ... ---- User code sections - GMER 2.1 ---- ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[632] C:\Windows\system32\ntdll.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[632] ntdll.dll!NtProtectVirtualMemory 777A4BC4 5 Bytes JMP 71DB1ED6 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ushata.dll ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[632] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: syssetup.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[632] USER32.dll!SetScrollInfo + 6A8 766C7880 4 Bytes [0B, 26, DB, 71] .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[632] USER32.dll!SetScrollInfo + 7A8 766C7980 4 Bytes [1B, 2F, DB, 71] ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[632] C:\Windows\system32\ole32.dll time/date stamp mismatch; unknown module: MPR.dllunknown module: msiltcfg.dllunknown module: CLBCatQ.DLLunknown module: OLEAUT32.dllunknown module: imagehlp.dll .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] ntdll.dll!NtAllocateVirtualMemory 777A3FC4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] ntdll.dll!NtAllocateVirtualMemory + 4 777A3FC8 2 Bytes [A7, 71] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] ntdll.dll!NtCreateFile + 6 777A426A 4 Bytes [28, A0, 8C, 00] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] ntdll.dll!NtCreateFile + B 777A426F 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] ntdll.dll!NtMapViewOfSection + 6 777A49BA 4 Bytes [28, A3, 8C, 00] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] ntdll.dll!NtMapViewOfSection + B 777A49BF 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] ntdll.dll!NtOpenFile + 6 777A4A4A 4 Bytes [68, A0, 8C, 00] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] ntdll.dll!NtOpenFile + B 777A4A4F 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] ntdll.dll!NtOpenProcess + 6 777A4ACA 4 Bytes [A8, A1, 8C, 00] {TEST AL, 0xa1; MOV [EAX], ES} .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] ntdll.dll!NtOpenProcess + B 777A4ACF 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] ntdll.dll!NtOpenProcessToken + 6 777A4ADA 4 Bytes CALL 767AD780 C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] ntdll.dll!NtOpenProcessToken + B 777A4ADF 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] ntdll.dll!NtOpenProcessTokenEx + 6 777A4AEA 4 Bytes [A8, A2, 8C, 00] {TEST AL, 0xa2; MOV [EAX], ES} .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] ntdll.dll!NtOpenProcessTokenEx + B 777A4AEF 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] ntdll.dll!NtOpenThread + 6 777A4B3A 4 Bytes [68, A1, 8C, 00] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] ntdll.dll!NtOpenThread + B 777A4B3F 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] ntdll.dll!NtOpenThreadToken + 6 777A4B4A 4 Bytes [68, A2, 8C, 00] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] ntdll.dll!NtOpenThreadToken + B 777A4B4F 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] ntdll.dll!NtOpenThreadTokenEx + 6 777A4B5A 4 Bytes CALL 767AD801 C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] ntdll.dll!NtOpenThreadTokenEx + B 777A4B5F 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] ntdll.dll!NtProtectVirtualMemory 777A4BC4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] ntdll.dll!NtProtectVirtualMemory + 4 777A4BC8 2 Bytes [AE, 71] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] ntdll.dll!NtQueryAttributesFile + 6 777A4BEA 4 Bytes [A8, A0, 8C, 00] {TEST AL, 0xa0; MOV [EAX], ES} .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] ntdll.dll!NtQueryAttributesFile + B 777A4BEF 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] ntdll.dll!NtQueryFullAttributesFile + 6 777A4C9A 4 Bytes CALL 767AD93F C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] ntdll.dll!NtQueryFullAttributesFile + B 777A4C9F 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] ntdll.dll!NtSetInformationFile + 6 777A517A 4 Bytes [28, A1, 8C, 00] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] ntdll.dll!NtSetInformationFile + B 777A517F 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] ntdll.dll!NtSetInformationThread + 6 777A51CA 4 Bytes [28, A2, 8C, 00] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] ntdll.dll!NtSetInformationThread + B 777A51CF 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] ntdll.dll!NtUnmapViewOfSection + 6 777A546A 4 Bytes [68, A3, 8C, 00] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] ntdll.dll!NtUnmapViewOfSection + B 777A546F 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] kernel32.dll!CreateProcessW 765D1BF3 6 Bytes JMP 718A000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] kernel32.dll!CreateProcessA 765D1C28 6 Bytes JMP 7187000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] kernel32.dll!WriteProcessMemory 765D1CB8 6 Bytes JMP 719F000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] kernel32.dll!MoveFileW 765DA2F2 6 Bytes JMP 7142000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] kernel32.dll!CopyFileW 765E02A9 6 Bytes JMP 7148000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] kernel32.dll!CreateProcessInternalW 765F5477 3 Bytes [FF, 25, 1E] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] kernel32.dll!CreateProcessInternalW + 4 765F547B 2 Bytes [8F, 71] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] kernel32.dll!CreateProcessInternalA 765F8D19 3 Bytes [FF, 25, 1E] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] kernel32.dll!CreateProcessInternalA + 4 765F8D1D 2 Bytes [8C, 71] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] kernel32.dll!LoadLibraryExW + 173 765F94E7 4 Bytes JMP 71AC000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] kernel32.dll!HeapCreate 765F9EA3 6 Bytes JMP 7196000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] kernel32.dll!VirtualProtectEx 765FDD42 6 Bytes JMP 71A2000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] kernel32.dll!VirtualAllocEx 7661AFDC 6 Bytes JMP 71A5000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] kernel32.dll!CreateFileW 7661B1AB 6 Bytes JMP 7181000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] kernel32.dll!CreateFileA 7661D13F 6 Bytes JMP 7184000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] kernel32.dll!CopyFileA 7662271B 6 Bytes JMP 714B000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] kernel32.dll!MoveFileA 7665FDF9 6 Bytes JMP 7145000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] kernel32.dll!SetProcessDEPPolicy 766663D8 6 Bytes JMP 7193000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] kernel32.dll!WinExec 766667CA 6 Bytes JMP 713F000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] msvcrt.dll!_wsystem 76357F3F 6 Bytes JMP 7169000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] msvcrt.dll!system 7635805B 6 Bytes JMP 716C000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] USER32.dll!MessageBoxA 7670D681 6 Bytes JMP 7139000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] USER32.dll!MessageBoxW 7670D6CF 6 Bytes JMP 713C000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] WS2_32.dll!WSAStartup 7788A639 6 Bytes JMP 717E000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] WININET.dll!InternetReadFile 769BFA90 6 Bytes JMP 716F000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] WININET.dll!InternetOpenUrlA 769DE376 6 Bytes JMP 7175000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] WININET.dll!HttpOpenRequestA 76A0B921 6 Bytes JMP 7178000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] WININET.dll!HttpOpenRequestW 76A0C1AF 6 Bytes JMP 717B000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] WININET.dll!InternetOpenUrlW 76A3DC3A 6 Bytes JMP 7172000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[2712] SHELL32.dll!ShellExecuteW 76C39725 6 Bytes JMP 7166000A ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe[3292] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: syssetup.dll ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe[3292] C:\Windows\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe[3292] USER32.dll!SetScrollInfo + 6A8 766C7880 4 Bytes [0B, 26, DB, 71] .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe[3292] USER32.dll!SetScrollInfo + 7A8 766C7980 4 Bytes [1B, 2F, DB, 71] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[3348] ntdll.dll!NtAllocateVirtualMemory 777A3FC4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[3348] ntdll.dll!NtAllocateVirtualMemory + 4 777A3FC8 2 Bytes [A7, 71] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[3348] ntdll.dll!NtProtectVirtualMemory 777A4BC4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[3348] ntdll.dll!NtProtectVirtualMemory + 4 777A4BC8 2 Bytes [AE, 71] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[3348] kernel32.dll!CreateProcessW 765D1BF3 6 Bytes JMP 718A000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[3348] kernel32.dll!CreateProcessA 765D1C28 6 Bytes JMP 7187000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[3348] kernel32.dll!WriteProcessMemory 765D1CB8 6 Bytes JMP 719F000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[3348] kernel32.dll!MoveFileW 765DA2F2 6 Bytes JMP 7142000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[3348] kernel32.dll!CopyFileW 765E02A9 6 Bytes JMP 7148000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[3348] kernel32.dll!CreateProcessInternalW 765F5477 3 Bytes [FF, 25, 1E] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[3348] kernel32.dll!CreateProcessInternalW + 4 765F547B 2 Bytes [8F, 71] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[3348] kernel32.dll!CreateProcessInternalA 765F8D19 3 Bytes [FF, 25, 1E] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[3348] kernel32.dll!CreateProcessInternalA + 4 765F8D1D 2 Bytes [8C, 71] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[3348] kernel32.dll!LoadLibraryExW + 173 765F94E7 4 Bytes JMP 71AC000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[3348] kernel32.dll!HeapCreate 765F9EA3 6 Bytes JMP 7196000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[3348] kernel32.dll!VirtualProtectEx 765FDD42 6 Bytes JMP 71A2000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[3348] kernel32.dll!VirtualAllocEx 7661AFDC 6 Bytes JMP 71A5000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[3348] kernel32.dll!CreateFileW 7661B1AB 6 Bytes JMP 7181000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[3348] kernel32.dll!CreateFileA 7661D13F 6 Bytes JMP 7184000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[3348] kernel32.dll!CopyFileA 7662271B 6 Bytes JMP 714B000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[3348] kernel32.dll!MoveFileA 7665FDF9 6 Bytes JMP 7145000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[3348] kernel32.dll!SetProcessDEPPolicy 766663D8 6 Bytes JMP 7193000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[3348] kernel32.dll!WinExec 766667CA 6 Bytes JMP 713F000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[3348] msvcrt.dll!_wsystem 76357F3F 6 Bytes JMP 7169000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[3348] msvcrt.dll!system 7635805B 6 Bytes JMP 716C000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[3348] USER32.dll!MessageBoxA 7670D681 6 Bytes JMP 7139000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[3348] USER32.dll!MessageBoxW 7670D6CF 6 Bytes JMP 713C000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[3348] WS2_32.dll!WSAStartup 7788A639 6 Bytes JMP 717E000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[3348] WININET.dll!InternetReadFile 769BFA90 6 Bytes JMP 716F000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[3348] WININET.dll!InternetOpenUrlA 769DE376 6 Bytes JMP 7175000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[3348] WININET.dll!HttpOpenRequestA 76A0B921 6 Bytes JMP 7178000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[3348] WININET.dll!HttpOpenRequestW 76A0C1AF 6 Bytes JMP 717B000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[3348] WININET.dll!InternetOpenUrlW 76A3DC3A 6 Bytes JMP 7172000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[3348] SHELL32.dll!ShellExecuteW 76C39725 6 Bytes JMP 7166000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] ntdll.dll!NtAllocateVirtualMemory 777A3FC4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] ntdll.dll!NtAllocateVirtualMemory + 4 777A3FC8 2 Bytes [A7, 71] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] ntdll.dll!NtCreateFile + 6 777A426A 4 Bytes [28, A8, C0, 00] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] ntdll.dll!NtCreateFile + B 777A426F 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] ntdll.dll!NtMapViewOfSection + 6 777A49BA 4 Bytes [28, AB, C0, 00] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] ntdll.dll!NtMapViewOfSection + B 777A49BF 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] ntdll.dll!NtOpenFile + 6 777A4A4A 4 Bytes [68, A8, C0, 00] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] ntdll.dll!NtOpenFile + B 777A4A4F 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] ntdll.dll!NtOpenProcess + 6 777A4ACA 4 Bytes [A8, A9, C0, 00] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] ntdll.dll!NtOpenProcess + B 777A4ACF 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] ntdll.dll!NtOpenProcessToken + B 777A4ADF 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] ntdll.dll!NtOpenProcessTokenEx + 6 777A4AEA 4 Bytes [A8, AA, C0, 00] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] ntdll.dll!NtOpenProcessTokenEx + B 777A4AEF 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] ntdll.dll!NtOpenThread + 6 777A4B3A 4 Bytes [68, A9, C0, 00] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] ntdll.dll!NtOpenThread + B 777A4B3F 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] ntdll.dll!NtOpenThreadToken + 6 777A4B4A 4 Bytes [68, AA, C0, 00] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] ntdll.dll!NtOpenThreadToken + B 777A4B4F 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] ntdll.dll!NtOpenThreadTokenEx + B 777A4B5F 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] ntdll.dll!NtProtectVirtualMemory 777A4BC4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] ntdll.dll!NtProtectVirtualMemory + 4 777A4BC8 2 Bytes [AE, 71] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] ntdll.dll!NtQueryAttributesFile + 6 777A4BEA 4 Bytes [A8, A8, C0, 00] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] ntdll.dll!NtQueryAttributesFile + B 777A4BEF 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] ntdll.dll!NtQueryFullAttributesFile + B 777A4C9F 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] ntdll.dll!NtSetInformationFile + 6 777A517A 4 Bytes [28, A9, C0, 00] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] ntdll.dll!NtSetInformationFile + B 777A517F 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] ntdll.dll!NtSetInformationThread + 6 777A51CA 4 Bytes [28, AA, C0, 00] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] ntdll.dll!NtSetInformationThread + B 777A51CF 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] ntdll.dll!NtUnmapViewOfSection + 6 777A546A 4 Bytes [68, AB, C0, 00] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] ntdll.dll!NtUnmapViewOfSection + B 777A546F 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] kernel32.dll!CreateProcessW 765D1BF3 6 Bytes JMP 718A000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] kernel32.dll!CreateProcessA 765D1C28 6 Bytes JMP 7187000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] kernel32.dll!WriteProcessMemory 765D1CB8 6 Bytes JMP 719F000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] kernel32.dll!MoveFileW 765DA2F2 6 Bytes JMP 7142000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] kernel32.dll!CopyFileW 765E02A9 6 Bytes JMP 7148000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] kernel32.dll!CreateProcessInternalW 765F5477 3 Bytes [FF, 25, 1E] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] kernel32.dll!CreateProcessInternalW + 4 765F547B 2 Bytes [8F, 71] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] kernel32.dll!CreateProcessInternalA 765F8D19 3 Bytes [FF, 25, 1E] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] kernel32.dll!CreateProcessInternalA + 4 765F8D1D 2 Bytes [8C, 71] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] kernel32.dll!LoadLibraryExW + 173 765F94E7 4 Bytes JMP 71AC000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] kernel32.dll!HeapCreate 765F9EA3 6 Bytes JMP 7196000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] kernel32.dll!VirtualProtectEx 765FDD42 6 Bytes JMP 71A2000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] kernel32.dll!VirtualAllocEx 7661AFDC 6 Bytes JMP 71A5000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] kernel32.dll!CreateFileW 7661B1AB 6 Bytes JMP 7181000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] kernel32.dll!CreateFileA 7661D13F 6 Bytes JMP 7184000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] kernel32.dll!CopyFileA 7662271B 6 Bytes JMP 714B000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] kernel32.dll!MoveFileA 7665FDF9 6 Bytes JMP 7145000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] kernel32.dll!SetProcessDEPPolicy 766663D8 6 Bytes JMP 7193000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] kernel32.dll!WinExec 766667CA 6 Bytes JMP 713F000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] msvcrt.dll!_wsystem 76357F3F 6 Bytes JMP 7169000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] msvcrt.dll!system 7635805B 6 Bytes JMP 716C000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] USER32.dll!MessageBoxA 7670D681 6 Bytes JMP 7139000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] USER32.dll!MessageBoxW 7670D6CF 6 Bytes JMP 713C000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] WS2_32.dll!WSAStartup 7788A639 6 Bytes JMP 717E000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] WININET.dll!InternetReadFile 769BFA90 6 Bytes JMP 716F000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] WININET.dll!InternetOpenUrlA 769DE376 6 Bytes JMP 7175000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] WININET.dll!HttpOpenRequestA 76A0B921 6 Bytes JMP 7178000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] WININET.dll!HttpOpenRequestW 76A0C1AF 6 Bytes JMP 717B000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] WININET.dll!InternetOpenUrlW 76A3DC3A 6 Bytes JMP 7172000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4164] SHELL32.dll!ShellExecuteW 76C39725 6 Bytes JMP 7166000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] ntdll.dll!NtAllocateVirtualMemory 777A3FC4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] ntdll.dll!NtAllocateVirtualMemory + 4 777A3FC8 2 Bytes [A7, 71] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] ntdll.dll!NtCreateFile + 6 777A426A 4 Bytes [28, 14, C7, 03] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] ntdll.dll!NtCreateFile + B 777A426F 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] ntdll.dll!NtMapViewOfSection + 6 777A49BA 4 Bytes [28, 17, C7, 03] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] ntdll.dll!NtMapViewOfSection + B 777A49BF 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] ntdll.dll!NtOpenFile + 6 777A4A4A 4 Bytes [68, 14, C7, 03] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] ntdll.dll!NtOpenFile + B 777A4A4F 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] ntdll.dll!NtOpenProcess + 6 777A4ACA 4 Bytes [A8, 15, C7, 03] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] ntdll.dll!NtOpenProcess + B 777A4ACF 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] ntdll.dll!NtOpenProcessToken + B 777A4ADF 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] ntdll.dll!NtOpenProcessTokenEx + 6 777A4AEA 4 Bytes [A8, 16, C7, 03] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] ntdll.dll!NtOpenProcessTokenEx + B 777A4AEF 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] ntdll.dll!NtOpenThread + 6 777A4B3A 4 Bytes [68, 15, C7, 03] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] ntdll.dll!NtOpenThread + B 777A4B3F 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] ntdll.dll!NtOpenThreadToken + 6 777A4B4A 4 Bytes [68, 16, C7, 03] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] ntdll.dll!NtOpenThreadToken + B 777A4B4F 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] ntdll.dll!NtOpenThreadTokenEx + B 777A4B5F 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] ntdll.dll!NtProtectVirtualMemory 777A4BC4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] ntdll.dll!NtProtectVirtualMemory + 4 777A4BC8 2 Bytes [AE, 71] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] ntdll.dll!NtQueryAttributesFile + 6 777A4BEA 4 Bytes [A8, 14, C7, 03] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] ntdll.dll!NtQueryAttributesFile + B 777A4BEF 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] ntdll.dll!NtQueryFullAttributesFile + B 777A4C9F 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] ntdll.dll!NtSetInformationFile + 6 777A517A 4 Bytes [28, 15, C7, 03] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] ntdll.dll!NtSetInformationFile + B 777A517F 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] ntdll.dll!NtSetInformationThread + 6 777A51CA 4 Bytes [28, 16, C7, 03] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] ntdll.dll!NtSetInformationThread + B 777A51CF 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] ntdll.dll!NtUnmapViewOfSection + 6 777A546A 4 Bytes [68, 17, C7, 03] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] ntdll.dll!NtUnmapViewOfSection + B 777A546F 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] kernel32.dll!CreateProcessW 765D1BF3 6 Bytes JMP 718A000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] kernel32.dll!CreateProcessA 765D1C28 6 Bytes JMP 7187000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] kernel32.dll!WriteProcessMemory 765D1CB8 6 Bytes JMP 719F000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] kernel32.dll!MoveFileW 765DA2F2 6 Bytes JMP 7142000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] kernel32.dll!CopyFileW 765E02A9 6 Bytes JMP 7148000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] kernel32.dll!CreateProcessInternalW 765F5477 3 Bytes [FF, 25, 1E] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] kernel32.dll!CreateProcessInternalW + 4 765F547B 2 Bytes [8F, 71] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] kernel32.dll!CreateProcessInternalA 765F8D19 3 Bytes [FF, 25, 1E] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] kernel32.dll!CreateProcessInternalA + 4 765F8D1D 2 Bytes [8C, 71] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] kernel32.dll!LoadLibraryExW + 173 765F94E7 4 Bytes JMP 71AC000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] kernel32.dll!HeapCreate 765F9EA3 6 Bytes JMP 7196000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] kernel32.dll!VirtualProtectEx 765FDD42 6 Bytes JMP 71A2000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] kernel32.dll!VirtualAllocEx 7661AFDC 6 Bytes JMP 71A5000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] kernel32.dll!CreateFileW 7661B1AB 6 Bytes JMP 7181000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] kernel32.dll!CreateFileA 7661D13F 6 Bytes JMP 7184000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] kernel32.dll!CopyFileA 7662271B 6 Bytes JMP 714B000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] kernel32.dll!MoveFileA 7665FDF9 6 Bytes JMP 7145000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] kernel32.dll!SetProcessDEPPolicy 766663D8 6 Bytes JMP 7193000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] kernel32.dll!WinExec 766667CA 6 Bytes JMP 713F000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] msvcrt.dll!_wsystem 76357F3F 6 Bytes JMP 7169000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] msvcrt.dll!system 7635805B 6 Bytes JMP 716C000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] USER32.dll!MessageBoxA 7670D681 6 Bytes JMP 7139000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] USER32.dll!MessageBoxW 7670D6CF 6 Bytes JMP 713C000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] WS2_32.dll!WSAStartup 7788A639 6 Bytes JMP 717E000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] WININET.dll!InternetReadFile 769BFA90 6 Bytes JMP 716F000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] WININET.dll!InternetOpenUrlA 769DE376 6 Bytes JMP 7175000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] WININET.dll!HttpOpenRequestA 76A0B921 6 Bytes JMP 7178000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] WININET.dll!HttpOpenRequestW 76A0C1AF 6 Bytes JMP 717B000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] WININET.dll!InternetOpenUrlW 76A3DC3A 6 Bytes JMP 7172000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[4776] SHELL32.dll!ShellExecuteW 76C39725 6 Bytes JMP 7166000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] ntdll.dll!NtAllocateVirtualMemory 777A3FC4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] ntdll.dll!NtAllocateVirtualMemory + 4 777A3FC8 2 Bytes [A7, 71] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] ntdll.dll!NtCreateFile + 6 777A426A 4 Bytes [28, 64, 53, 00] {SUB [EBX+EDX*2+0x0], AH} .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] ntdll.dll!NtCreateFile + B 777A426F 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] ntdll.dll!NtMapViewOfSection + 6 777A49BA 4 Bytes [28, 67, 53, 00] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] ntdll.dll!NtMapViewOfSection + B 777A49BF 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] ntdll.dll!NtOpenFile + 6 777A4A4A 4 Bytes [68, 64, 53, 00] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] ntdll.dll!NtOpenFile + B 777A4A4F 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] ntdll.dll!NtOpenProcess + 6 777A4ACA 4 Bytes [A8, 65, 53, 00] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] ntdll.dll!NtOpenProcess + B 777A4ACF 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] ntdll.dll!NtOpenProcessToken + 6 777A4ADA 4 Bytes CALL 767A9E44 C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] ntdll.dll!NtOpenProcessToken + B 777A4ADF 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] ntdll.dll!NtOpenProcessTokenEx + 6 777A4AEA 4 Bytes [A8, 66, 53, 00] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] ntdll.dll!NtOpenProcessTokenEx + B 777A4AEF 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] ntdll.dll!NtOpenThread + 6 777A4B3A 4 Bytes [68, 65, 53, 00] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] ntdll.dll!NtOpenThread + B 777A4B3F 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] ntdll.dll!NtOpenThreadToken + 6 777A4B4A 4 Bytes [68, 66, 53, 00] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] ntdll.dll!NtOpenThreadToken + B 777A4B4F 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] ntdll.dll!NtOpenThreadTokenEx + 6 777A4B5A 4 Bytes CALL 767A9EC5 C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] ntdll.dll!NtOpenThreadTokenEx + B 777A4B5F 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] ntdll.dll!NtProtectVirtualMemory 777A4BC4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] ntdll.dll!NtProtectVirtualMemory + 4 777A4BC8 2 Bytes [AE, 71] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] ntdll.dll!NtQueryAttributesFile + 6 777A4BEA 4 Bytes [A8, 64, 53, 00] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] ntdll.dll!NtQueryAttributesFile + B 777A4BEF 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] ntdll.dll!NtQueryFullAttributesFile + 6 777A4C9A 4 Bytes CALL 767AA003 C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] ntdll.dll!NtQueryFullAttributesFile + B 777A4C9F 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] ntdll.dll!NtSetInformationFile + 6 777A517A 4 Bytes [28, 65, 53, 00] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] ntdll.dll!NtSetInformationFile + B 777A517F 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] ntdll.dll!NtSetInformationThread + 6 777A51CA 4 Bytes [28, 66, 53, 00] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] ntdll.dll!NtSetInformationThread + B 777A51CF 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] ntdll.dll!NtUnmapViewOfSection + 6 777A546A 4 Bytes [68, 67, 53, 00] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] ntdll.dll!NtUnmapViewOfSection + B 777A546F 1 Byte [E2] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] kernel32.dll!CreateProcessW 765D1BF3 6 Bytes JMP 718A000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] kernel32.dll!CreateProcessA 765D1C28 6 Bytes JMP 7187000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] kernel32.dll!WriteProcessMemory 765D1CB8 6 Bytes JMP 719F000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] kernel32.dll!MoveFileW 765DA2F2 6 Bytes JMP 7142000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] kernel32.dll!CopyFileW 765E02A9 6 Bytes JMP 7148000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] kernel32.dll!CreateProcessInternalW 765F5477 3 Bytes [FF, 25, 1E] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] kernel32.dll!CreateProcessInternalW + 4 765F547B 2 Bytes [8F, 71] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] kernel32.dll!CreateProcessInternalA 765F8D19 3 Bytes [FF, 25, 1E] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] kernel32.dll!CreateProcessInternalA + 4 765F8D1D 2 Bytes [8C, 71] .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] kernel32.dll!LoadLibraryExW + 173 765F94E7 4 Bytes JMP 71AC000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] kernel32.dll!HeapCreate 765F9EA3 6 Bytes JMP 7196000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] kernel32.dll!VirtualProtectEx 765FDD42 6 Bytes JMP 71A2000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] kernel32.dll!VirtualAllocEx 7661AFDC 6 Bytes JMP 71A5000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] kernel32.dll!CreateFileW 7661B1AB 6 Bytes JMP 7181000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] kernel32.dll!CreateFileA 7661D13F 6 Bytes JMP 7184000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] kernel32.dll!CopyFileA 7662271B 6 Bytes JMP 714B000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] kernel32.dll!MoveFileA 7665FDF9 6 Bytes JMP 7145000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] kernel32.dll!SetProcessDEPPolicy 766663D8 6 Bytes JMP 7193000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] kernel32.dll!WinExec 766667CA 6 Bytes JMP 713F000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] msvcrt.dll!_wsystem 76357F3F 6 Bytes JMP 7169000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] msvcrt.dll!system 7635805B 6 Bytes JMP 716C000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] USER32.dll!MessageBoxA 7670D681 6 Bytes JMP 7139000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] USER32.dll!MessageBoxW 7670D6CF 6 Bytes JMP 713C000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] WS2_32.dll!WSAStartup 7788A639 6 Bytes JMP 717E000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] WININET.dll!InternetReadFile 769BFA90 6 Bytes JMP 716F000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] WININET.dll!InternetOpenUrlA 769DE376 6 Bytes JMP 7175000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] WININET.dll!HttpOpenRequestA 76A0B921 6 Bytes JMP 7178000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] WININET.dll!HttpOpenRequestW 76A0C1AF 6 Bytes JMP 717B000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] WININET.dll!InternetOpenUrlW 76A3DC3A 6 Bytes JMP 7172000A .text C:\Program Files\Opera 25\25.0.1614.50\opera.exe[5076] SHELL32.dll!ShellExecuteW 76C39725 6 Bytes JMP 7166000A ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[3492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74607817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[3492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7464B4F1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[3492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7460BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[3492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [745FF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[3492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [746075E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[3492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [745FE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[3492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [746373F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[3492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7460DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[3492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [745FFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[3492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [745FFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[3492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [745F71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[3492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7468CB12] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[3492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7462C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[3492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [745FD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[3492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [745F6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[3492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [745F687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[3492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74602AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Ntfs \Ntfs tvtumon.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\tdx \Device\Tcp kltdi.sys AttachedDevice \Driver\tdx \Device\Udp kltdi.sys AttachedDevice \Driver\tdx \Device\RawIp kltdi.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00234ef838a9 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00234ef838a9@3017c81c1d45 0x0F 0x01 0xDD 0x21 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBE 0xDC 0xAA 0xF8 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0xCC 0x56 0x85 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00234ef838a9 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00234ef838a9@3017c81c1d45 0x0F 0x01 0xDD 0x21 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBE 0xDC 0xAA 0xF8 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0xCC 0x56 0x85 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00234ef838a9 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00234ef838a9@3017c81c1d45 0x0F 0x01 0xDD 0x21 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBE 0xDC 0xAA 0xF8 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0xCC 0x56 0x85 ... Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00234ef838a9 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00234ef838a9@3017c81c1d45 0x0F 0x01 0xDD 0x21 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBE 0xDC 0xAA 0xF8 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0xCC 0x56 0x85 ... Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\00234ef838a9 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\00234ef838a9@3017c81c1d45 0x0F 0x01 0xDD 0x21 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBE 0xDC 0xAA 0xF8 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0xCC 0x56 0x85 ... Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\00234ef838a9 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\00234ef838a9@3017c81c1d45 0x0F 0x01 0xDD 0x21 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBE 0xDC 0xAA 0xF8 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0xCC 0x56 0x85 ... Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\00234ef838a9 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\00234ef838a9@3017c81c1d45 0x0F 0x01 0xDD 0x21 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBE 0xDC 0xAA 0xF8 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0xCC 0x56 0x85 ... Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\00234ef838a9 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\00234ef838a9@3017c81c1d45 0x0F 0x01 0xDD 0x21 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBE 0xDC 0xAA 0xF8 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0xCC 0x56 0x85 ... Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\00234ef838a9 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\00234ef838a9@3017c81c1d45 0x0F 0x01 0xDD 0x21 ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBE 0xDC 0xAA 0xF8 ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0xCC 0x56 0x85 ... Reg HKLM\SYSTEM\ControlSet010\Services\BTHPORT\Parameters\Keys\00234ef838a9 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet010\Services\BTHPORT\Parameters\Keys\00234ef838a9@3017c81c1d45 0x0F 0x01 0xDD 0x21 ... Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBE 0xDC 0xAA 0xF8 ... Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0xCC 0x56 0x85 ... Reg HKLM\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\00234ef838a9 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\00234ef838a9@3017c81c1d45 0x0F 0x01 0xDD 0x21 ... Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBE 0xDC 0xAA 0xF8 ... Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0xCC 0x56 0x85 ... Reg HKLM\SYSTEM\ControlSet012\Services\BTHPORT\Parameters\Keys\00234ef838a9 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet012\Services\BTHPORT\Parameters\Keys\00234ef838a9@3017c81c1d45 0x0F 0x01 0xDD 0x21 ... Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBE 0xDC 0xAA 0xF8 ... Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0xCC 0x56 0x85 ... Reg HKLM\SYSTEM\ControlSet013\Services\BTHPORT\Parameters\Keys\00234ef838a9 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet013\Services\BTHPORT\Parameters\Keys\00234ef838a9@3017c81c1d45 0x0F 0x01 0xDD 0x21 ... Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBE 0xDC 0xAA 0xF8 ... Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0xCC 0x56 0x85 ... Reg HKLM\SYSTEM\ControlSet014\Services\BTHPORT\Parameters\Keys\00234ef838a9 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet014\Services\BTHPORT\Parameters\Keys\00234ef838a9@3017c81c1d45 0x0F 0x01 0xDD 0x21 ... Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBE 0xDC 0xAA 0xF8 ... Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0xCC 0x56 0x85 ... Reg HKLM\SYSTEM\ControlSet015\Services\BTHPORT\Parameters\Keys\00234ef838a9 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet015\Services\BTHPORT\Parameters\Keys\00234ef838a9@3017c81c1d45 0x0F 0x01 0xDD 0x21 ... Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBE 0xDC 0xAA 0xF8 ... Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0xCC 0x56 0x85 ... Reg HKLM\SYSTEM\ControlSet016\Services\BTHPORT\Parameters\Keys\00234ef838a9 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet016\Services\BTHPORT\Parameters\Keys\00234ef838a9@3017c81c1d45 0x0F 0x01 0xDD 0x21 ... Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBE 0xDC 0xAA 0xF8 ... Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0xCC 0x56 0x85 ... Reg HKLM\SYSTEM\ControlSet017\Services\BTHPORT\Parameters\Keys\00234ef838a9 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet017\Services\BTHPORT\Parameters\Keys\00234ef838a9@3017c81c1d45 0x0F 0x01 0xDD 0x21 ... Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBE 0xDC 0xAA 0xF8 ... Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0xCC 0x56 0x85 ... Reg HKLM\SYSTEM\ControlSet018\Services\BTHPORT\Parameters\Keys\00234ef838a9 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet018\Services\BTHPORT\Parameters\Keys\00234ef838a9@3017c81c1d45 0x0F 0x01 0xDD 0x21 ... Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBE 0xDC 0xAA 0xF8 ... Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0xCC 0x56 0x85 ... Reg HKLM\SYSTEM\ControlSet019\Services\BTHPORT\Parameters\Keys\00234ef838a9 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet019\Services\BTHPORT\Parameters\Keys\00234ef838a9@3017c81c1d45 0x0F 0x01 0xDD 0x21 ... Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBE 0xDC 0xAA 0xF8 ... Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0xCC 0x56 0x85 ... Reg HKLM\SYSTEM\ControlSet020\Services\BTHPORT\Parameters\Keys\00234ef838a9 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet020\Services\BTHPORT\Parameters\Keys\00234ef838a9@3017c81c1d45 0x0F 0x01 0xDD 0x21 ... Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBE 0xDC 0xAA 0xF8 ... Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0xCC 0x56 0x85 ... Reg HKLM\SYSTEM\ControlSet021\Services\BTHPORT\Parameters\Keys\00234ef838a9 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet021\Services\BTHPORT\Parameters\Keys\00234ef838a9@3017c81c1d45 0x0F 0x01 0xDD 0x21 ... Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBE 0xDC 0xAA 0xF8 ... Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0xCC 0x56 0x85 ... Reg HKLM\SYSTEM\ControlSet022\Services\BTHPORT\Parameters\Keys\00234ef838a9 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet022\Services\BTHPORT\Parameters\Keys\00234ef838a9@3017c81c1d45 0x0F 0x01 0xDD 0x21 ... Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBE 0xDC 0xAA 0xF8 ... Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0xCC 0x56 0x85 ... Reg HKLM\SYSTEM\ControlSet023\Services\BTHPORT\Parameters\Keys\00234ef838a9 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet023\Services\BTHPORT\Parameters\Keys\00234ef838a9@3017c81c1d45 0x0F 0x01 0xDD 0x21 ... Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBE 0xDC 0xAA 0xF8 ... Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0xCC 0x56 0x85 ... Reg HKLM\SYSTEM\ControlSet024\Services\BTHPORT\Parameters\Keys\00234ef838a9 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet024\Services\BTHPORT\Parameters\Keys\00234ef838a9@3017c81c1d45 0x0F 0x01 0xDD 0x21 ... Reg HKLM\SYSTEM\ControlSet024\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet024\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet024\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet024\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBE 0xDC 0xAA 0xF8 ... Reg HKLM\SYSTEM\ControlSet024\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet024\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet024\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0xCC 0x56 0x85 ... Reg HKLM\SYSTEM\ControlSet025\Services\BTHPORT\Parameters\Keys\00234ef838a9 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet025\Services\BTHPORT\Parameters\Keys\00234ef838a9@3017c81c1d45 0x0F 0x01 0xDD 0x21 ... Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBE 0xDC 0xAA 0xF8 ... Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0xCC 0x56 0x85 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG17.00.00.01PROFESSIONAL 3B1E32E25F7528BE850D27AD22637009A56B0CC055E16BDE4C129A299F35B52E5AD7D7AA44CF30AD25C6875678E7BF18CE16B9E6BD5D9E2E2B71E7F4CFE94316379B19F4A52C5001A0D8220881F5969F59AB6E9D88F32872C15FD7E1F8A17BDCDBE81582E20E9E0E930EB238FB6EF53D14661BADF705132DB0A4372FFC561406D7B491A51EAA19029DA8146EEA6244DF4D74D777109FCC30167A73AE0335A26B3D6673C8BE6C9FD861DDC84A1A1BC94CDBF85B6B9B8828A71B10214A739FA33B22D948E6EF72F56709D575FA1115B518168886902739DC8F6709767A7EAB747721604191FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D14078EDD5E5BE2F6E667A6A0AC4980AC79339DB7CE019D40AA5C4636052FD573230C02F9E83307CBF52707B6793A20679DAD953C8DEA3BCFF1CA24C70AC531688A7591720AC14CCAA8B3DE78903191F2B42B81CEC67B94BF4900BE07D1A7603B48881C83B631EDB78949DE7947B3A73C164915CAAAE002C36EB03C256DCA2547EA39EAFA24FB9D9A21F00DC41CE02518DF463896217C799EBAEC8606CD7645DC258E06DA6EEF12701A45359874AA51CED773164F7787F204AC5E49C1C9C80B3DCDA4BA58952D07A8C5F8666819597A9EE73520C3608DEA2066BCF5A51B32422161299D5D7DA ---- EOF - GMER 2.1 ----