GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-10-21 16:39:38 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0 Running: cl77hht8.exe; Driver: C:\Users\Lukasz\AppData\Local\Temp\kwdirpow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0xA74C9004] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0xA74C90D4] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA74C8D76] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA74C8E1E] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA74C8EBA] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA74C8F56] INT 0x62 ? 87D16BF8 INT 0x72 ? 87D16BF8 INT 0x81 ? 90412050 INT 0x91 ? 904122D0 INT 0x92 ? 87D16BF8 INT 0x92 ? 87D16BF8 INT 0xA2 ? 87D16BF8 INT 0xB2 ? 86126BF8 INT 0xB2 ? 87D16BF8 INT 0xB2 ? 87D16BF8 INT 0xB2 ? 87D16BF8 INT 0xB2 ? 86126BF8 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 3BD 82AB9A80 8 Bytes [04, 90, 4C, A7, D4, 90, 4C, ...] {ADD AL, 0x90; DEC ESP; CMPSD ; AAM 0x90; DEC ESP; CMPSD } .text ntkrnlpa.exe!KeSetEvent + 3F1 82AB9AB4 4 Bytes [76, 8D, 4C, A7] {JBE 0xffffffffffffff8f; DEC ESP; CMPSD } .text ntkrnlpa.exe!KeSetEvent + 621 82AB9CE4 8 Bytes [1E, 8E, 4C, A7, BA, 8E, 4C, ...] .text ntkrnlpa.exe!KeSetEvent + 681 82AB9D44 4 Bytes [56, 8F, 4C, A7] ? System32\Drivers\spne.sys System nie może odnaleźć określonej ścieżki. ! .text USBPORT.SYS!DllUnload 8F55B41B 5 Bytes JMP 87D161D8 .text a6wcfurs.SYS 8F99D000 22 Bytes [82, E3, DC, 82, 6C, E2, DC, ...] .text a6wcfurs.SYS 8F99D017 145 Bytes [00, 32, 47, 78, 80, 3D, 45, ...] .text a6wcfurs.SYS 8F99D0A9 35 Bytes [32, A5, 82, A0, 29, A5, 82, ...] .text a6wcfurs.SYS 8F99D0CE 10 Bytes [00, 00, 00, 00, 00, 00, 4D, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; DEC EBP; SUB AL, 0x7c; DEC EDX} .text a6wcfurs.SYS 8F99D0DA 12 Bytes [00, 00, 02, 00, 00, 00, 26, ...] .text ... ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[5868] ntdll.dll!LdrLoadDll 77A39378 5 Bytes JMP 6522A650 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[5868] kernel32.dll!HeapSetInformation + 26 76B9A8C0 7 Bytes JMP 6522EDB3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[5868] kernel32.dll!LockResource + C 76BB6B0B 7 Bytes JMP 65467DF7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[5868] kernel32.dll!VirtualAllocEx + 54 76BBAF70 7 Bytes JMP 65467E1A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[5868] GDI32.dll!SetStretchBltMode + 256 76DB745C 7 Bytes JMP 65467D78 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806886D6] \SystemRoot\System32\Drivers\spne.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80688042] \SystemRoot\System32\Drivers\spne.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80688800] \SystemRoot\System32\Drivers\spne.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806880C0] \SystemRoot\System32\Drivers\spne.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068813E] \SystemRoot\System32\Drivers\spne.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [80697B90] \SystemRoot\System32\Drivers\spne.sys IAT \SystemRoot\System32\Drivers\a6wcfurs.SYS[ataport.SYS!AtaPortNotification] 9831BC8D IAT \SystemRoot\System32\Drivers\a6wcfurs.SYS[ataport.SYS!AtaPortWritePortUchar] 33000000 IAT \SystemRoot\System32\Drivers\a6wcfurs.SYS[ataport.SYS!AtaPortWritePortUlong] 40C683C9 IAT \SystemRoot\System32\Drivers\a6wcfurs.SYS[ataport.SYS!AtaPortGetPhysicalAddress] C10FF041 IAT \SystemRoot\System32\Drivers\a6wcfurs.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] FF45C60E IAT \SystemRoot\System32\Drivers\a6wcfurs.SYS[ataport.SYS!AtaPortGetScatterGatherList] 8BA8EB01 IAT \SystemRoot\System32\Drivers\a6wcfurs.SYS[ataport.SYS!AtaPortReadPortUchar] 11890855 IAT \SystemRoot\System32\Drivers\a6wcfurs.SYS[ataport.SYS!AtaPortStallExecution] CB8BD08A IAT \SystemRoot\System32\Drivers\a6wcfurs.SYS[ataport.SYS!AtaPortGetParentBusType] 0ACC87C7 IAT \SystemRoot\System32\Drivers\a6wcfurs.SYS[ataport.SYS!AtaPortRequestCallback] 00010000 IAT \SystemRoot\System32\Drivers\a6wcfurs.SYS[ataport.SYS!AtaPortWritePortBufferUshort] D6FF0000 IAT \SystemRoot\System32\Drivers\a6wcfurs.SYS[ataport.SYS!AtaPortGetUnCachedExtension] E8F475FF IAT \SystemRoot\System32\Drivers\a6wcfurs.SYS[ataport.SYS!AtaPortCompleteRequest] FFFFF13E IAT \SystemRoot\System32\Drivers\a6wcfurs.SYS[ataport.SYS!AtaPortMoveMemory] 00FF7D80 IAT \SystemRoot\System32\Drivers\a6wcfurs.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 0090850F IAT \SystemRoot\System32\Drivers\a6wcfurs.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 75FF0000 IAT \SystemRoot\System32\Drivers\a6wcfurs.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] E8006A08 IAT \SystemRoot\System32\Drivers\a6wcfurs.SYS[ataport.SYS!AtaPortReadPortUshort] 0001E7FA IAT \SystemRoot\System32\Drivers\a6wcfurs.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 000081E9 IAT \SystemRoot\System32\Drivers\a6wcfurs.SYS[ataport.SYS!AtaPortInitialize] 087D8300 IAT \SystemRoot\System32\Drivers\a6wcfurs.SYS[ataport.SYS!AtaPortGetDeviceBase] BF7B7501 IAT \SystemRoot\System32\Drivers\a6wcfurs.SYS[ataport.SYS!AtaPortDeviceStateChange] [8F9C2FB0] \SystemRoot\System32\Drivers\a6wcfurs.SYS (ATAPI IDE Miniport Driver/Microsoft Corporation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[3624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [743C7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7440B4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [743CBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [743BF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [743C75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [743BE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [743F73F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [743CDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [743BFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [743BFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [743B71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7444CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [743EC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [743BD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [743B6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [743B687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [743C2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3624] @ C:\Windows\system32\ole32.dll [msvcrt.dll!free] [68B2F3FB] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 861291F8 AttachedDevice \FileSystem\Ntfs \Ntfs tvtumon.sys (Windows Update Monitor Driver/Lenovo) AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. ) Device \Driver\netbt \Device\NetBT_Tcpip_{D49B8651-5A06-4DF3-8901-E5CFD1910F3F} 9124F1F8 AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) Device \Driver\volmgr \Device\VolMgrControl 857911F8 Device \Driver\sptd \Device\1567157062 spne.sys Device \Driver\usbuhci \Device\USBPDO-0 87CE61F8 Device \Driver\usbuhci \Device\USBPDO-1 87CE61F8 Device \Driver\usbuhci \Device\USBPDO-2 87CE61F8 Device \Driver\usbehci \Device\USBPDO-3 87CF21F8 Device \Driver\PCI_PNP3023 \Device\00000054 spne.sys Device \Driver\usbuhci \Device\USBPDO-4 87CE61F8 AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBPDO-5 87CE61F8 Device \Driver\usbuhci \Device\USBPDO-6 87CE61F8 Device \Driver\volmgr \Device\HarddiskVolume1 857911F8 Device \Driver\usbehci \Device\USBPDO-7 87CF21F8 Device \Driver\volmgr \Device\HarddiskVolume2 857911F8 Device \Driver\cdrom \Device\CdRom0 87FCA1F8 Device \Driver\iaStor \Device\Ide\iaStor0 [838C0720] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [838C0720] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [838C0720] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\cdrom \Device\CdRom1 87FCA1F8 Device \Driver\volmgr \Device\HarddiskVolume3 857911F8 Device \Driver\netbt \Device\NetBt_Wins_Export 9124F1F8 Device \Driver\Smb \Device\NetbiosSmb 90D601F8 Device \Driver\iScsiPrt \Device\RaidPort0 87FAC1F8 AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-0 87CE61F8 Device \Driver\usbuhci \Device\USBFDO-1 87CE61F8 Device \Driver\usbuhci \Device\USBFDO-2 87CE61F8 Device \Driver\netbt \Device\NetBT_Tcpip_{A2713340-4185-43D7-87E9-403F1ED4894A} 9124F1F8 Device \Driver\usbehci \Device\USBFDO-3 87CF21F8 Device \Driver\usbuhci \Device\USBFDO-4 87CE61F8 Device \Driver\usbuhci \Device\USBFDO-5 87CE61F8 Device \Driver\usbuhci \Device\USBFDO-6 87CE61F8 Device \Driver\usbehci \Device\USBFDO-7 87CF21F8 Device \Driver\a6wcfurs \Device\Scsi\a6wcfurs1 87FC1500 Device \Driver\a6wcfurs \Device\Scsi\a6wcfurs1Port2Path0Target0Lun0 87FC1500 Device \FileSystem\cdfs \Cdfs 91337500 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002556ed2c09 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002556ed2c09@001edc7aa55c 0x36 0x82 0x1D 0x36 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002556ed2c09@0024031d37ce 0x0B 0xDA 0x3C 0xAF ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002556ed80dc Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x49 0xA4 0x5E 0xF0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x84 0x8B 0x29 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x2F 0xB9 0x91 0x42 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5C 0x5A 0x71 0x05 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002556ed2c09 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002556ed2c09@001edc7aa55c 0x36 0x82 0x1D 0x36 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002556ed2c09@0024031d37ce 0x0B 0xDA 0x3C 0xAF ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002556ed80dc (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x49 0xA4 0x5E 0xF0 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x84 0x8B 0x29 0x02 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x2F 0xB9 0x91 0x42 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5C 0x5A 0x71 0x05 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC3 0x6F 0xD3 0x7E ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8C 0xA5 0xE3 0x07 ... ---- EOF - GMER 1.0.15 ----