GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-09-29 13:30:56 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003f HGST_HTS545050A7E680 rev.GR2OA230 465,76GB Running: xzpnxpbg.exe; Driver: C:\Users\user\AppData\Local\Temp\agrcapod.sys ---- User code sections - GMER 2.2 ---- .text C:\Windows\system32\lsass.exe[704] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd6d4b177a 4 bytes [4B, 6D, FD, 07] .text C:\Windows\system32\lsass.exe[704] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd6d4b1782 4 bytes [4B, 6D, FD, 07] .text C:\Windows\system32\lsass.exe[704] C:\Windows\system32\WSOCK32.dll!recvfrom + 742 000007fd6be41b32 4 bytes [E4, 6B, FD, 07] .text C:\Windows\system32\lsass.exe[704] C:\Windows\system32\WSOCK32.dll!recvfrom + 750 000007fd6be41b3a 4 bytes [E4, 6B, FD, 07] .text C:\Windows\system32\dwm.exe[1016] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd6d4b177a 4 bytes [4B, 6D, FD, 07] .text C:\Windows\system32\dwm.exe[1016] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd6d4b1782 4 bytes [4B, 6D, FD, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[852] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fd69ea1532 4 bytes [EA, 69, FD, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[852] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fd69ea153a 4 bytes [EA, 69, FD, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[852] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fd69ea165a 4 bytes [EA, 69, FD, 07] .text C:\Windows\system32\nvvsvc.exe[1028] C:\Windows\system32\MSIMG32.dll!GradientFill + 690 000007fd69ea1532 4 bytes [EA, 69, FD, 07] .text C:\Windows\system32\nvvsvc.exe[1028] C:\Windows\system32\MSIMG32.dll!GradientFill + 698 000007fd69ea153a 4 bytes [EA, 69, FD, 07] .text C:\Windows\system32\nvvsvc.exe[1028] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246 000007fd69ea165a 4 bytes [EA, 69, FD, 07] .text C:\Windows\system32\nvvsvc.exe[1028] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd6d4b177a 4 bytes [4B, 6D, FD, 07] .text C:\Windows\system32\nvvsvc.exe[1028] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd6d4b1782 4 bytes [4B, 6D, FD, 07] .text C:\Program Files\Common Files\SPBA\upeksvr.exe[1600] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd6d4b177a 4 bytes [4B, 6D, FD, 07] .text C:\Program Files\Common Files\SPBA\upeksvr.exe[1600] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd6d4b1782 4 bytes [4B, 6D, FD, 07] .text C:\Program Files\Common Files\SPBA\upeksvr.exe[1600] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fd69ea1532 4 bytes [EA, 69, FD, 07] .text C:\Program Files\Common Files\SPBA\upeksvr.exe[1600] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fd69ea153a 4 bytes [EA, 69, FD, 07] .text C:\Program Files\Common Files\SPBA\upeksvr.exe[1600] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fd69ea165a 4 bytes [EA, 69, FD, 07] .text C:\Windows\system32\WLANExt.exe[1656] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd6d4b177a 4 bytes [4B, 6D, FD, 07] .text C:\Windows\system32\WLANExt.exe[1656] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd6d4b1782 4 bytes [4B, 6D, FD, 07] .text C:\Windows\system32\WLANExt.exe[1656] C:\Windows\system32\MSIMG32.dll!GradientFill + 690 000007fd69ea1532 4 bytes [EA, 69, FD, 07] .text C:\Windows\system32\WLANExt.exe[1656] C:\Windows\system32\MSIMG32.dll!GradientFill + 698 000007fd69ea153a 4 bytes [EA, 69, FD, 07] .text C:\Windows\system32\WLANExt.exe[1656] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246 000007fd69ea165a 4 bytes [EA, 69, FD, 07] .text C:\Windows\System32\spoolsv.exe[2024] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd6d4b177a 4 bytes [4B, 6D, FD, 07] .text C:\Windows\System32\spoolsv.exe[2024] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd6d4b1782 4 bytes [4B, 6D, FD, 07] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2496] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fd69ea1532 4 bytes [EA, 69, FD, 07] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2496] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fd69ea153a 4 bytes [EA, 69, FD, 07] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2496] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fd69ea165a 4 bytes [EA, 69, FD, 07] .text C:\Windows\Explorer.EXE[2776] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd6d4b177a 4 bytes [4B, 6D, FD, 07] .text C:\Windows\Explorer.EXE[2776] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd6d4b1782 4 bytes [4B, 6D, FD, 07] .text C:\Windows\Explorer.EXE[2776] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fd69ea1532 4 bytes [EA, 69, FD, 07] .text C:\Windows\Explorer.EXE[2776] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fd69ea153a 4 bytes [EA, 69, FD, 07] .text C:\Windows\Explorer.EXE[2776] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fd69ea165a 4 bytes [EA, 69, FD, 07] .text C:\Windows\system32\BtwRSupportService.exe[2984] C:\Windows\system32\MSIMG32.dll!GradientFill + 690 000007fd69ea1532 4 bytes [EA, 69, FD, 07] .text C:\Windows\system32\BtwRSupportService.exe[2984] C:\Windows\system32\MSIMG32.dll!GradientFill + 698 000007fd69ea153a 4 bytes [EA, 69, FD, 07] .text C:\Windows\system32\BtwRSupportService.exe[2984] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246 000007fd69ea165a 4 bytes [EA, 69, FD, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2548] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fd69ea1532 4 bytes [EA, 69, FD, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2548] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fd69ea153a 4 bytes [EA, 69, FD, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2548] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fd69ea165a 4 bytes [EA, 69, FD, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2548] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd6d4b177a 4 bytes [4B, 6D, FD, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2548] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd6d4b1782 4 bytes [4B, 6D, FD, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2548] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fd6be41b32 4 bytes [E4, 6B, FD, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2548] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fd6be41b3a 4 bytes [E4, 6B, FD, 07] .text C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe[2832] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd6d4b177a 4 bytes [4B, 6D, FD, 07] .text C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe[2832] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd6d4b1782 4 bytes [4B, 6D, FD, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3572] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fd69ea1532 4 bytes [EA, 69, FD, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3572] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fd69ea153a 4 bytes [EA, 69, FD, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3572] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fd69ea165a 4 bytes [EA, 69, FD, 07] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3588] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd6d4b177a 4 bytes [4B, 6D, FD, 07] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3588] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd6d4b1782 4 bytes [4B, 6D, FD, 07] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3588] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fd69ea1532 4 bytes [EA, 69, FD, 07] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3588] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fd69ea153a 4 bytes [EA, 69, FD, 07] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3588] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fd69ea165a 4 bytes [EA, 69, FD, 07] .text C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe[3792] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd6d4b177a 4 bytes [4B, 6D, FD, 07] .text C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe[3792] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd6d4b1782 4 bytes [4B, 6D, FD, 07] .text C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe[3792] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fd6be41b32 4 bytes [E4, 6B, FD, 07] .text C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe[3792] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fd6be41b3a 4 bytes [E4, 6B, FD, 07] .text C:\Program Files\Windows Defender\MsMpEng.exe[3840] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 306 000007fd6d4b177a 4 bytes [4B, 6D, FD, 07] .text C:\Program Files\Windows Defender\MsMpEng.exe[3840] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 314 000007fd6d4b1782 4 bytes [4B, 6D, FD, 07] .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3952] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fd69ea1532 4 bytes [EA, 69, FD, 07] .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3952] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fd69ea153a 4 bytes [EA, 69, FD, 07] .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3952] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fd69ea165a 4 bytes [EA, 69, FD, 07] .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3952] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd6d4b177a 4 bytes [4B, 6D, FD, 07] .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3952] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd6d4b1782 4 bytes [4B, 6D, FD, 07] .text C:\Windows\system32\wbem\wmiprvse.exe[4000] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd6d4b177a 4 bytes [4B, 6D, FD, 07] .text C:\Windows\system32\wbem\wmiprvse.exe[4000] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd6d4b1782 4 bytes [4B, 6D, FD, 07] .text C:\Windows\system32\wbem\wmiprvse.exe[4000] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fd69ea1532 4 bytes [EA, 69, FD, 07] .text C:\Windows\system32\wbem\wmiprvse.exe[4000] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fd69ea153a 4 bytes [EA, 69, FD, 07] .text C:\Windows\system32\wbem\wmiprvse.exe[4000] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fd69ea165a 4 bytes [EA, 69, FD, 07] .text C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe[1180] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fd69ea1532 4 bytes [EA, 69, FD, 07] .text C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe[1180] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fd69ea153a 4 bytes [EA, 69, FD, 07] .text C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe[1180] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fd69ea165a 4 bytes [EA, 69, FD, 07] .text C:\Program Files\Smart Menu\Smart Menu.exe[5400] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd6d4b177a 4 bytes [4B, 6D, FD, 07] .text C:\Program Files\Smart Menu\Smart Menu.exe[5400] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd6d4b1782 4 bytes [4B, 6D, FD, 07] .text C:\Program Files\DellTPad\Apoint.exe[1484] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd6d4b177a 4 bytes [4B, 6D, FD, 07] .text C:\Program Files\DellTPad\Apoint.exe[1484] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd6d4b1782 4 bytes [4B, 6D, FD, 07] .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2588] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fd69ea1532 4 bytes [EA, 69, FD, 07] .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2588] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fd69ea153a 4 bytes [EA, 69, FD, 07] .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2588] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fd69ea165a 4 bytes [EA, 69, FD, 07] .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2588] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd6d4b177a 4 bytes [4B, 6D, FD, 07] .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2588] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd6d4b1782 4 bytes [4B, 6D, FD, 07] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5416] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fd69ea1532 4 bytes [EA, 69, FD, 07] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5416] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fd69ea153a 4 bytes [EA, 69, FD, 07] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5416] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fd69ea165a 4 bytes [EA, 69, FD, 07] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5416] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd6d4b177a 4 bytes [4B, 6D, FD, 07] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5416] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd6d4b1782 4 bytes [4B, 6D, FD, 07] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5416] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fd6be41b32 4 bytes [E4, 6B, FD, 07] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5416] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fd6be41b3a 4 bytes [E4, 6B, FD, 07] .text C:\Program Files\DellTPad\ApMsgFwd.exe[3568] C:\Windows\system32\PSAPI.dll!GetProcessImageFileNameA + 306 000007fd6d4b177a 4 bytes [4B, 6D, FD, 07] .text C:\Program Files\DellTPad\ApMsgFwd.exe[3568] C:\Windows\system32\PSAPI.dll!GetProcessImageFileNameA + 314 000007fd6d4b1782 4 bytes [4B, 6D, FD, 07] .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[6052] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fd6be41b32 4 bytes [E4, 6B, FD, 07] .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[6052] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fd6be41b3a 4 bytes [E4, 6B, FD, 07] .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[6052] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fd69ea1532 4 bytes [EA, 69, FD, 07] .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[6052] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fd69ea153a 4 bytes [EA, 69, FD, 07] .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[6052] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fd69ea165a 4 bytes [EA, 69, FD, 07] .text C:\Users\user\Downloads\FRST64(1).exe[6640] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fd6be41b32 4 bytes [E4, 6B, FD, 07] .text C:\Users\user\Downloads\FRST64(1).exe[6640] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fd6be41b3a 4 bytes [E4, 6B, FD, 07] .text C:\Users\user\Downloads\FRST64(1).exe[6640] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd6d4b177a 4 bytes [4B, 6D, FD, 07] .text C:\Users\user\Downloads\FRST64(1).exe[6640] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd6d4b1782 4 bytes [4B, 6D, FD, 07] ---- Devices - GMER 2.2 ---- Device \FileSystem\MBAMWebAccessControl \Device\StreamEitor fffff8800ce8f698 ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\csrss.exe [580:592] fffff960008a15e8 ---- Processes - GMER 2.2 ---- Library C:\Users\user\AppData\Local\Temp\nsq77FF.tmp\System.dll (*** suspicious ***) @ C:\Users\user\AppData\Local\Temp\~nsu.tmp\Au_.exe [7052] 00000000566c0000 Library C:\Users\user\AppData\Local\Temp\nsq77FF.tmp\nsArray.dll (*** suspicious ***) @ C:\Users\user\AppData\Local\Temp\~nsu.tmp\Au_.exe [7052] 00000000708b0000 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -108410117 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\24fd5230071b Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\24fd5230071b@7c1e526e01dc 0x14 0x3F 0x4E 0x24 ... ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----