GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-11-09 19:32:19 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.JF3O 465,76GB Running: gmer.exe; Driver: C:\Users\hp\AppData\Local\Temp\uglciaoc.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077921401 2 bytes JMP 7738b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2304] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077921419 2 bytes JMP 7738b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077921431 2 bytes JMP 77409149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007792144a 2 bytes CALL 77364885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2304] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779214dd 2 bytes JMP 77408a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779214f5 2 bytes JMP 77408c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2304] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007792150d 2 bytes JMP 77408938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077921525 2 bytes JMP 77408d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007792153d 2 bytes JMP 7737fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2304] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077921555 2 bytes JMP 77386907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007792156d 2 bytes JMP 77409201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077921585 2 bytes JMP 77408d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2304] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007792159d 2 bytes JMP 774088fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779215b5 2 bytes JMP 7737fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779215cd 2 bytes JMP 7738b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779216b2 2 bytes JMP 774090c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779216bd 2 bytes JMP 77408891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2332] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077921401 2 bytes JMP 7738b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2332] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077921419 2 bytes JMP 7738b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077921431 2 bytes JMP 77409149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007792144a 2 bytes CALL 77364885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2332] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779214dd 2 bytes JMP 77408a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2332] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779214f5 2 bytes JMP 77408c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2332] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007792150d 2 bytes JMP 77408938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2332] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077921525 2 bytes JMP 77408d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2332] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007792153d 2 bytes JMP 7737fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2332] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077921555 2 bytes JMP 77386907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2332] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007792156d 2 bytes JMP 77409201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2332] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077921585 2 bytes JMP 77408d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2332] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007792159d 2 bytes JMP 774088fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2332] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779215b5 2 bytes JMP 7737fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2332] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779215cd 2 bytes JMP 7738b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2332] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779216b2 2 bytes JMP 774090c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2332] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779216bd 2 bytes JMP 77408891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2564] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000077368769 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2564] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000077921401 2 bytes JMP 7738b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2564] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000077921419 2 bytes JMP 7738b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2564] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000077921431 2 bytes JMP 77409149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2564] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007792144a 2 bytes CALL 77364885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2564] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000779214dd 2 bytes JMP 77408a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2564] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000779214f5 2 bytes JMP 77408c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2564] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007792150d 2 bytes JMP 77408938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2564] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077921525 2 bytes JMP 77408d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2564] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007792153d 2 bytes JMP 7737fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2564] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000077921555 2 bytes JMP 77386907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2564] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007792156d 2 bytes JMP 77409201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2564] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000077921585 2 bytes JMP 77408d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2564] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007792159d 2 bytes JMP 774088fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2564] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000779215b5 2 bytes JMP 7737fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2564] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000779215cd 2 bytes JMP 7738b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2564] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000779216b2 2 bytes JMP 774090c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2564] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000779216bd 2 bytes JMP 77408891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2808] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077921401 2 bytes JMP 7738b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2808] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077921419 2 bytes JMP 7738b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077921431 2 bytes JMP 77409149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007792144a 2 bytes CALL 77364885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2808] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779214dd 2 bytes JMP 77408a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2808] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779214f5 2 bytes JMP 77408c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2808] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007792150d 2 bytes JMP 77408938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2808] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077921525 2 bytes JMP 77408d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2808] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007792153d 2 bytes JMP 7737fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2808] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077921555 2 bytes JMP 77386907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2808] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007792156d 2 bytes JMP 77409201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2808] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077921585 2 bytes JMP 77408d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2808] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007792159d 2 bytes JMP 774088fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2808] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779215b5 2 bytes JMP 7737fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2808] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779215cd 2 bytes JMP 7738b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2808] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779216b2 2 bytes JMP 774090c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2808] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779216bd 2 bytes JMP 77408891 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 0000000074b011a8 2 bytes [B0, 74] .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248 0000000074b0127d 2 bytes CALL 773614b9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 395 0000000074b01310 2 bytes CALL 773614b9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 0000000074b013a8 2 bytes [B0, 74] .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000074b01422 2 bytes [B0, 74] .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000074b01498 2 bytes [B0, 74] .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextCreate + 4 0000000074af1825 2 bytes JMP 764c65bd C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroy + 4 0000000074af1830 2 bytes JMP 764c65dd C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroyAll + 4 0000000074af183b 2 bytes JMP 764c65fd C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dDrawPrimitives2 + 4 0000000074af1846 2 bytes JMP 764c5e9d C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dValidateTextureStageState + 4 0000000074af1851 2 bytes JMP 764c661d C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAddAttachedSurface + 4 0000000074af185c 2 bytes JMP 764c66fd C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAlphaBlt + 4 0000000074af1867 2 bytes JMP 764c671d C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAttachSurface + 4 0000000074af1872 2 bytes JMP 764c673d C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBeginMoCompFrame + 4 0000000074af187d 2 bytes JMP 764c675d C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBlt + 4 0000000074af1888 2 bytes JMP 764c5ebd C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateD3DBuffer + 4 0000000074af1893 2 bytes JMP 764c677d C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateSurface + 4 0000000074af189e 2 bytes JMP 764c5f3d C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdColorControl + 4 0000000074af18a9 2 bytes JMP 764c679d C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateD3DBuffer + 4 0000000074af18b4 2 bytes JMP 764c67bd C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateDirectDrawObject + 4 0000000074af18bf 2 bytes JMP 7648f133 C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateMoComp + 4 0000000074af18ca 2 bytes JMP 764c67fd C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurface + 4 0000000074af18d5 2 bytes JMP 764c5f5d C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceEx + 4 0000000074af18e0 2 bytes JMP 764c5fdd C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceObject + 4 0000000074af18eb 2 bytes JMP 764c5ffd C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteDirectDrawObject + 4 0000000074af18f6 2 bytes JMP 764c6d5d C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteSurfaceObject + 4 0000000074af1901 2 bytes JMP 764c5f1d C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyD3DBuffer + 4 0000000074af190c 2 bytes JMP 764c6d7d C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyMoComp + 4 0000000074af1917 2 bytes JMP 764c6dbd C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroySurface + 4 0000000074af1922 2 bytes JMP 764c5f7d C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdEndMoCompFrame + 4 0000000074af192d 2 bytes JMP 764c6ddd C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlip + 4 0000000074af1938 2 bytes JMP 764c6dfd C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlipToGDISurface + 4 0000000074af1943 2 bytes JMP 764c6e1d C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetAvailDriverMemory + 4 0000000074af194e 2 bytes JMP 764c6e3d C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetBltStatus + 4 0000000074af1959 2 bytes JMP 764c6e5d C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDC + 4 0000000074af1964 2 bytes JMP 764c6e7d C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverInfo + 4 0000000074af196f 2 bytes JMP 764c6e9d C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverState + 4 0000000074af197a 2 bytes JMP 764c6ebd C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDxHandle + 4 0000000074af1985 2 bytes JMP 764c6edd C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetFlipStatus + 4 0000000074af1990 2 bytes JMP 764c6efd C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetInternalMoCompInfo + 4 0000000074af199b 2 bytes JMP 764c6f1d C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompBuffInfo + 4 0000000074af19a6 2 bytes JMP 764c6f3d C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompFormats + 4 0000000074af19b1 2 bytes JMP 764c6f5d C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompGuids + 4 0000000074af19bc 2 bytes JMP 764c6f7d C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetScanLine + 4 0000000074af19c7 2 bytes JMP 764c6f9d C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLock + 4 0000000074af19d2 2 bytes JMP 764c6fbd C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLockD3D + 4 0000000074af19dd 2 bytes JMP 764c601d C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryDirectDrawObject + 4 0000000074af19e8 2 bytes JMP 764c6ffd C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryMoCompStatus + 4 0000000074af19f3 2 bytes JMP 764c701d C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReenableDirectDrawObject + 4 0000000074af19fe 2 bytes JMP 764c705b C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReleaseDC + 4 0000000074af1a09 2 bytes JMP 764c707b C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdRenderMoComp + 4 0000000074af1a14 2 bytes JMP 764c709b C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdResetVisrgn + 4 0000000074af1a1f 2 bytes JMP 764c5f9d C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetColorKey + 4 0000000074af1a2a 2 bytes JMP 764c70bb C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetExclusiveMode + 4 0000000074af1a35 2 bytes JMP 764c70db C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetGammaRamp + 4 0000000074af1a40 2 bytes JMP 764c70fb C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetOverlayPosition + 4 0000000074af1a4b 2 bytes JMP 764c711b C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnattachSurface + 4 0000000074af1a56 2 bytes JMP 764c713b C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlock + 4 0000000074af1a61 2 bytes JMP 764c715b C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlockD3D + 4 0000000074af1a6c 2 bytes JMP 764c603d C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUpdateOverlay + 4 0000000074af1a77 2 bytes JMP 764c717b C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 4 0000000074af1a82 2 bytes JMP 764c719b C:\Windows\syswow64\GDI32.dll .text C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe[1888] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 52 0000000074af1ab2 2 bytes JMP 7626dc75 C:\Windows\syswow64\msvcrt.dll .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077921401 2 bytes JMP 7738b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[2324] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077921419 2 bytes JMP 7738b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077921431 2 bytes JMP 77409149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007792144a 2 bytes CALL 77364885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[2324] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779214dd 2 bytes JMP 77408a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779214f5 2 bytes JMP 77408c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[2324] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007792150d 2 bytes JMP 77408938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077921525 2 bytes JMP 77408d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007792153d 2 bytes JMP 7737fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[2324] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077921555 2 bytes JMP 77386907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007792156d 2 bytes JMP 77409201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077921585 2 bytes JMP 77408d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[2324] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007792159d 2 bytes JMP 774088fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779215b5 2 bytes JMP 7737fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779215cd 2 bytes JMP 7738b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779216b2 2 bytes JMP 774090c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779216bd 2 bytes JMP 77408891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[4452] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000077368769 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe[4532] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077921401 2 bytes JMP 7738b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe[4532] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077921419 2 bytes JMP 7738b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe[4532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077921431 2 bytes JMP 77409149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe[4532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007792144a 2 bytes CALL 77364885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe[4532] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779214dd 2 bytes JMP 77408a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe[4532] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779214f5 2 bytes JMP 77408c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe[4532] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007792150d 2 bytes JMP 77408938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe[4532] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077921525 2 bytes JMP 77408d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe[4532] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007792153d 2 bytes JMP 7737fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe[4532] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077921555 2 bytes JMP 77386907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe[4532] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007792156d 2 bytes JMP 77409201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe[4532] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077921585 2 bytes JMP 77408d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe[4532] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007792159d 2 bytes JMP 774088fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe[4532] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779215b5 2 bytes JMP 7737fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe[4532] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779215cd 2 bytes JMP 7738b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe[4532] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779216b2 2 bytes JMP 774090c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe[4532] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779216bd 2 bytes JMP 77408891 C:\Windows\syswow64\kernel32.dll ---- Modules - GMER 2.2 ---- Module \??\C:\Windows\System32\drivers:ucdrv-x64.sys fffff880031c3000-fffff880031cf000 (49152 bytes) ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74e543ea7e08 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74e543ea7e08@bcb1f3543831 0xE9 0x60 0x7F 0x17 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74e543ea7e08@980d2e4574e7 0x6B 0x43 0x51 0xA9 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74e543ea7e08@30392619668f 0x13 0x8C 0xBC 0x1E ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74e543ea7e08@a0e453014008 0xA5 0x17 0x02 0xAD ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74e543ea7e08@bc6e649c0ae3 0x0F 0xD1 0x3B 0xC1 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74e543ea7e08@001167000055 0xC1 0xBE 0x57 0x31 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74e543ea7e08@9cf387bb639d 0xF5 0x9C 0xB4 0xC2 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74e543ea7e08@001060eaf03d 0xFB 0xA6 0xC0 0x69 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74e543ea7e08@3022ae507eaa 0xCF 0x6A 0xB6 0x46 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74e543ea7e08@40ef4ccde969 0x36 0x35 0xA6 0x42 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74e543ea7e08 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74e543ea7e08@bcb1f3543831 0xE9 0x60 0x7F 0x17 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74e543ea7e08@980d2e4574e7 0x6B 0x43 0x51 0xA9 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74e543ea7e08@30392619668f 0x13 0x8C 0xBC 0x1E ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74e543ea7e08@a0e453014008 0xA5 0x17 0x02 0xAD ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74e543ea7e08@bc6e649c0ae3 0x0F 0xD1 0x3B 0xC1 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74e543ea7e08@001167000055 0xC1 0xBE 0x57 0x31 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74e543ea7e08@9cf387bb639d 0xF5 0x9C 0xB4 0xC2 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74e543ea7e08@001060eaf03d 0xFB 0xA6 0xC0 0x69 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74e543ea7e08@3022ae507eaa 0xCF 0x6A 0xB6 0x46 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74e543ea7e08@40ef4ccde969 0x36 0x35 0xA6 0x42 ... ---- EOF - GMER 2.2 ----