GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-07-29 16:37:41 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-10 ST3500630AS rev.3.AAK Running: wgwvnj62.exe; Driver: C:\DOCUME~1\WOJTEK\USTAWI~1\Temp\pwtdqpow.sys ---- System - GMER 1.0.15 ---- SSDT spxp.sys ZwCreateKey [0xB9EB50E0] SSDT spxp.sys ZwEnumerateKey [0xB9ECDDA4] SSDT spxp.sys ZwEnumerateValueKey [0xB9ECE132] SSDT spxp.sys ZwOpenKey [0xB9EB50C0] SSDT spxp.sys ZwQueryKey [0xB9ECE20A] SSDT spxp.sys ZwQueryValueKey [0xB9ECE08A] SSDT spxp.sys ZwSetValueKey [0xB9ECE29C] INT 0x63 ? 8A699BF8 INT 0x63 ? 8A699BF8 INT 0x63 ? 8A699BF8 INT 0x63 ? 8A699BF8 INT 0x63 ? 8A4A7BF8 INT 0x83 ? 8A699BF8 INT 0x83 ? 8A699BF8 INT 0x83 ? 8A4A7BF8 INT 0x83 ? 8A699BF8 INT 0x84 ? 8A4A7BF8 INT 0xA4 ? 8A4A7BF8 INT 0xA4 ? 8A4A7BF8 INT 0xA4 ? 8A4A7BF8 INT 0xA4 ? 8A4A7BF8 INT 0xB1 ? 8A69CBF8 INT 0xB1 ? 8A69CBF8 INT 0xB4 ? 8A4A7BF8 ---- Kernel code sections - GMER 1.0.15 ---- ? spxp.sys Nie można odnaleźć określonego pliku. ! .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9684360, 0x3535DF, 0xE8000020] .text USBPORT.SYS!DllUnload B96648AC 5 Bytes JMP 8A4A71D8 .text aoh6ntsw.SYS B94FB384 1 Byte [20] .text aoh6ntsw.SYS B94FB384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...] .text aoh6ntsw.SYS B94FB3AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...] .text aoh6ntsw.SYS B94FB3C4 3 Bytes [00, 00, 00] .text aoh6ntsw.SYS B94FB3C9 1 Byte [00] .text ... .text amoyf9vd.SYS B94C2386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...] .text amoyf9vd.SYS B94C23AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text amoyf9vd.SYS B94C23C4 3 Bytes [00, 80, 02] .text amoyf9vd.SYS B94C23C9 1 Byte [30] .text amoyf9vd.SYS B94C23C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL} .text ... .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB5AB8300, 0x3B6D8, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA408300, 0x1BEE, 0xE8000020] C:\Program Files\CyberLink\PowerDVD\000.fcl entry point in "" section [0xB5832000] .clc C:\Program Files\CyberLink\PowerDVD\000.fcl unknown last section [0xB5833000, 0x1000, 0x00000000] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1696] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00] .text C:\WINDOWS\Explorer.EXE[1708] SHELL32.dll!SHFileOperationW 7CA70924 5 Bytes JMP 10001102 C:\Program Files\Unlocker\UnlockerHook.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3564] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 011FFA35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3564] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 014A07C5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3564] kernel32.dll!MapViewOfFile 7C80B9A5 5 Bytes JMP 014A079E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3564] GDI32.dll!CreateDIBSection 77F19E19 5 Bytes JMP 014A0728 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EB6042] spxp.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EB613E] spxp.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EB60C0] spxp.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EB6800] spxp.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EB66D6] spxp.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EC5B90] spxp.sys IAT \SystemRoot\System32\Drivers\aoh6ntsw.SYS[HAL.dll!KfAcquireSpinLock] 00000034 IAT \SystemRoot\System32\Drivers\aoh6ntsw.SYS[HAL.dll!READ_PORT_UCHAR] 0000008E IAT \SystemRoot\System32\Drivers\aoh6ntsw.SYS[HAL.dll!KeGetCurrentIrql] 00000043 IAT \SystemRoot\System32\Drivers\aoh6ntsw.SYS[HAL.dll!KfRaiseIrql] 00000044 IAT \SystemRoot\System32\Drivers\aoh6ntsw.SYS[HAL.dll!KfLowerIrql] 000000C4 IAT \SystemRoot\System32\Drivers\aoh6ntsw.SYS[HAL.dll!HalGetInterruptVector] 000000DE IAT \SystemRoot\System32\Drivers\aoh6ntsw.SYS[HAL.dll!HalTranslateBusAddress] 000000E9 IAT \SystemRoot\System32\Drivers\aoh6ntsw.SYS[HAL.dll!KeStallExecutionProcessor] 000000CB IAT \SystemRoot\System32\Drivers\aoh6ntsw.SYS[HAL.dll!KfReleaseSpinLock] 00000054 IAT \SystemRoot\System32\Drivers\aoh6ntsw.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 0000007B IAT \SystemRoot\System32\Drivers\aoh6ntsw.SYS[HAL.dll!READ_PORT_USHORT] 00000094 IAT \SystemRoot\System32\Drivers\aoh6ntsw.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000032 IAT \SystemRoot\System32\Drivers\aoh6ntsw.SYS[HAL.dll!WRITE_PORT_UCHAR] 000000A6 IAT \SystemRoot\System32\Drivers\aoh6ntsw.SYS[WMILIB.SYS!WmiSystemControl] 00000023 IAT \SystemRoot\System32\Drivers\aoh6ntsw.SYS[WMILIB.SYS!WmiCompleteRequest] 0000003D IAT \SystemRoot\System32\Drivers\amoyf9vd.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E IAT \SystemRoot\System32\Drivers\amoyf9vd.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88 IAT \SystemRoot\System32\Drivers\amoyf9vd.SYS[HAL.dll!KeGetCurrentIrql] 9E880000 IAT \SystemRoot\System32\Drivers\amoyf9vd.SYS[HAL.dll!KfRaiseIrql] 00001CB1 IAT \SystemRoot\System32\Drivers\amoyf9vd.SYS[HAL.dll!KfLowerIrql] 0E798366 IAT \SystemRoot\System32\Drivers\amoyf9vd.SYS[HAL.dll!HalGetInterruptVector] 74AAB000 IAT \SystemRoot\System32\Drivers\amoyf9vd.SYS[HAL.dll!HalTranslateBusAddress] 8986C636 IAT \SystemRoot\System32\Drivers\amoyf9vd.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C IAT \SystemRoot\System32\Drivers\amoyf9vd.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6 IAT \SystemRoot\System32\Drivers\amoyf9vd.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000 IAT \SystemRoot\System32\Drivers\amoyf9vd.SYS[HAL.dll!READ_PORT_USHORT] 001C9686 IAT \SystemRoot\System32\Drivers\amoyf9vd.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200 IAT \SystemRoot\System32\Drivers\amoyf9vd.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2 IAT \SystemRoot\System32\Drivers\amoyf9vd.SYS[WMILIB.SYS!WmiSystemControl] 8800001C IAT \SystemRoot\System32\Drivers\amoyf9vd.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C42F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C42DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C42D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[1708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C42DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Documents and Settings\WOJTEK\Pulpit\wgwvnj62.exe[2552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Documents and Settings\WOJTEK\Pulpit\wgwvnj62.exe[2552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Documents and Settings\WOJTEK\Pulpit\wgwvnj62.exe[2552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Documents and Settings\WOJTEK\Pulpit\wgwvnj62.exe[2552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\wscntfy.exe[2944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00932F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\wscntfy.exe[2944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00932DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\wscntfy.exe[2944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00932D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\wscntfy.exe[2944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00932DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[3564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009F2F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[3564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009F2DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[3564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009F2D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[3564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009F2DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A6981F8 AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) Device \Driver\sptd \Device\2012782722 spxp.sys Device \Driver\sptd \Device\2012626472 spxp.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{AC8B370A-39A0-45CC-AC68-E1624E27F839} 89C5C1F8 Device \Driver\usbuhci \Device\USBPDO-0 8A3FA500 Device \Driver\usbuhci \Device\USBPDO-1 8A3FA500 Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A7091F8 Device \Driver\dmio \Device\DmControl\DmConfig 8A7091F8 Device \Driver\dmio \Device\DmControl\DmPnP 8A7091F8 Device \Driver\dmio \Device\DmControl\DmInfo 8A7091F8 Device \Driver\usbuhci \Device\USBPDO-2 8A3FA500 Device \Driver\usbehci \Device\USBPDO-3 8A3FB500 Device \Driver\usbuhci \Device\USBPDO-4 8A3FA500 AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys Device \Driver\usbuhci \Device\USBPDO-5 8A3FA500 Device \Driver\usbuhci \Device\USBPDO-6 8A3FA500 Device \Driver\Ftdisk \Device\HarddiskVolume1 8A69A1F8 Device \Driver\usbehci \Device\USBPDO-7 8A3FB500 Device \Driver\Ftdisk \Device\HarddiskVolume2 8A69A1F8 Device \Driver\Cdrom \Device\CdRom0 8A3EB500 Device \Driver\atapi \Device\Ide\IdePort0 [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort4 [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort5 [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-10 [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-5 [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-1f [B9E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\Ftdisk \Device\HarddiskVolume3 8A69A1F8 Device \Driver\Cdrom \Device\CdRom1 8A3EB500 Device \Driver\NetBT \Device\NetBt_Wins_Export 89C5C1F8 Device \Driver\NetBT \Device\NetbiosSmb 89C5C1F8 Device \Driver\PCI_PNP0222 \Device\0000004d spxp.sys Device \Driver\PCI_PNP0222 \Device\0000004e spxp.sys Device \Driver\usbuhci \Device\USBFDO-0 8A3FA500 Device \Driver\usbuhci \Device\USBFDO-1 8A3FA500 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89B961F8 Device \Driver\usbuhci \Device\USBFDO-2 8A3FA500 Device \FileSystem\MRxSmb \Device\LanmanRedirector 89B961F8 Device \Driver\usbehci \Device\USBFDO-3 8A3FB500 Device \Driver\usbuhci \Device\USBFDO-4 8A3FA500 Device \Driver\Ftdisk \Device\FtControl 8A69A1F8 Device \Driver\usbuhci \Device\USBFDO-5 8A3FA500 Device \Driver\usbuhci \Device\USBFDO-6 8A3FA500 Device \Driver\usbehci \Device\USBFDO-7 8A3FB500 Device \Driver\aoh6ntsw \Device\Scsi\aoh6ntsw1 8A39A1F8 Device \Driver\amoyf9vd \Device\Scsi\amoyf9vd1 8A40E500 Device \Driver\amoyf9vd \Device\Scsi\amoyf9vd1Port6Path0Target0Lun0 8A40E500 Device \FileSystem\Cdfs \Cdfs 8A35C500 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xAF 0xE7 0x69 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x58 0xB2 0xA6 0xED ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x86 0xAE 0x5E 0x0A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x57 0x80 0x0D 0xB2 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x20 0x47 0x36 0xFB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x8E 0xC8 0xC4 0xB2 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x43 0x0E 0x37 0x9F ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x46 0xFB 0x93 0xCA ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x60 0x92 0xC8 0x57 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x86 0xAE 0x5E 0x0A ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x57 0x80 0x0D 0xB2 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x20 0x47 0x36 0xFB ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x8E 0xC8 0xC4 0xB2 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x43 0x0E 0x37 0x9F ... ---- EOF - GMER 1.0.15 ----