GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-02-27 12:35:51 Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543225L9A300 rev.FBEOC40C Running: gz59681n.exe; Driver: C:\Users\Ewelina\AppData\Local\Temp\pxldyfod.sys ---- System - GMER 1.0.15 ---- INT 0x62 ? 876B7BF8 INT 0x72 ? 876B7BF8 INT 0x82 ? 876B7BF8 INT 0x82 ? 876B7BF8 INT 0x92 ? 85B8FBF8 INT 0x92 ? 85B8FBF8 INT 0x92 ? 85B8FBF8 INT 0x92 ? 85B8FBF8 INT 0x92 ? 876B7BF8 INT 0x92 ? 876B7BF8 INT 0x92 ? 876B7BF8 INT 0x92 ? 85B8FBF8 INT 0xB2 ? 876B7BF8 Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8F8E6BAE] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8F8E69D2] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8F8E6B0C] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- PAGE ntkrnlpa.exe!ZwLoadDriver 8318EBFE 7 Bytes JMP 8F8E6B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 831FEB62 5 Bytes JMP 8F8E25D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 83267507 5 Bytes JMP 8F8E3FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!NtCreateSection 83268307 7 Bytes JMP 8F8E69D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 832B34C4 7 Bytes JMP 8F8E6BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ? System32\Drivers\splk.sys System nie może odnaleźć określonej ścieżki. ! .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8EA0D000, 0x20BE32, 0xE8000020] .text USBPORT.SYS!DllUnload 8B5D34CB 5 Bytes JMP 876B71D8 .text a1mvwtk4.SYS 837BD000 22 Bytes [26, F2, 3D, 83, 10, F1, 3D, ...] .text a1mvwtk4.SYS 837BD017 78 Bytes [00, 32, 07, 7A, 80, 3D, 05, ...] .text a1mvwtk4.SYS 837BD066 5 Bytes [02, 83, 20, 4C, 07] .text a1mvwtk4.SYS 837BD06C 96 Bytes [80, 1C, 07, 83, 58, 19, 0D, ...] .text a1mvwtk4.SYS 837BD0CE 10 Bytes [00, 00, 00, 00, 00, 00, 02, ...] .text ... ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1720] kernel32.dll!SetUnhandledExceptionFilter 76DF6E2D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4364] USER32.dll!TrackPopupMenu 77071417 5 Bytes JMP 672FDDE0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[4456] ntdll.dll!LdrLoadDll 76ED7933 5 Bytes JMP 013E13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806966D6] \SystemRoot\System32\Drivers\splk.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80696042] \SystemRoot\System32\Drivers\splk.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80696800] \SystemRoot\System32\Drivers\splk.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806960C0] \SystemRoot\System32\Drivers\splk.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069613E] \SystemRoot\System32\Drivers\splk.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806A5E9C] \SystemRoot\System32\Drivers\splk.sys IAT \SystemRoot\System32\Drivers\a1mvwtk4.SYS[ataport.SYS!AtaPortNotification] CC358B04 IAT \SystemRoot\System32\Drivers\a1mvwtk4.SYS[ataport.SYS!AtaPortWritePortUchar] 83837E2F IAT \SystemRoot\System32\Drivers\a1mvwtk4.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6 IAT \SystemRoot\System32\Drivers\a1mvwtk4.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514 IAT \SystemRoot\System32\Drivers\a1mvwtk4.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 100D8BA5 IAT \SystemRoot\System32\Drivers\a1mvwtk4.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F837E00 IAT \SystemRoot\System32\Drivers\a1mvwtk4.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889 IAT \SystemRoot\System32\Drivers\a1mvwtk4.SYS[ataport.SYS!AtaPortStallExecution] 54771129 IAT \SystemRoot\System32\Drivers\a1mvwtk4.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E IAT \SystemRoot\System32\Drivers\a1mvwtk4.SYS[ataport.SYS!AtaPortRequestCallback] [8B55CC00] \SystemRoot\System32\drivers\dxgkrnl.sys (DirectX Graphics Kernel/Microsoft Corporation) IAT \SystemRoot\System32\Drivers\a1mvwtk4.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC IAT \SystemRoot\System32\Drivers\a1mvwtk4.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B IAT \SystemRoot\System32\Drivers\a1mvwtk4.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000 IAT \SystemRoot\System32\Drivers\a1mvwtk4.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910 IAT \SystemRoot\System32\Drivers\a1mvwtk4.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491 IAT \SystemRoot\System32\Drivers\a1mvwtk4.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900 IAT \SystemRoot\System32\Drivers\a1mvwtk4.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980 IAT \SystemRoot\System32\Drivers\a1mvwtk4.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B IAT \SystemRoot\System32\Drivers\a1mvwtk4.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557 IAT \SystemRoot\System32\Drivers\a1mvwtk4.SYS[ataport.SYS!AtaPortInitialize] B18D0502 IAT \SystemRoot\System32\Drivers\a1mvwtk4.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8 IAT \SystemRoot\System32\Drivers\a1mvwtk4.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\system32\services.exe[668] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 001B0002 IAT C:\Windows\system32\services.exe[668] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 001B0000 IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73B97BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73BD98C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73B9D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73B8F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73B97599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73B8E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73BCB33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73B9D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73B9012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73B90095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73B871F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73C1D802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73BB75E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73B8DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73B8668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73B866BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73B91E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) Device \FileSystem\Ntfs \Ntfs 865221F8 Device \FileSystem\fastfat \FatCdrom 9EDA21F8 Device \Driver\netbt \Device\NetBT_Tcpip_{5FADAC76-006F-47A0-B2C6-AC84DD4F7163} 87C321F8 Device \Driver\volmgr \Device\VolMgrControl 85B911F8 Device \Driver\usbuhci \Device\USBPDO-0 875391F8 Device \Driver\usbuhci \Device\USBPDO-1 875391F8 Device \Driver\usbuhci \Device\USBPDO-2 875391F8 Device \Driver\usbehci \Device\USBPDO-3 8763D1F8 Device \Driver\usbuhci \Device\USBPDO-4 875391F8 Device \Driver\PCI_PNP3554 \Device\00000055 splk.sys AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\usbuhci \Device\USBPDO-5 875391F8 Device \Driver\usbuhci \Device\USBPDO-6 875391F8 Device \Driver\volmgr \Device\HarddiskVolume1 85B911F8 Device \Driver\usbehci \Device\USBPDO-7 8763D1F8 Device \Driver\volmgr \Device\HarddiskVolume2 85B911F8 Device \Driver\cdrom \Device\CdRom0 8762B1F8 Device \Driver\volmgr \Device\HarddiskVolume3 85B911F8 Device \Driver\cdrom \Device\CdRom1 8762B1F8 Device \Driver\BTHUSB \Device\00000081 bthport.sys (Sterownik magistrali Bluetooth/Microsoft Corporation) Device \Driver\netbt \Device\NetBt_Wins_Export 87C321F8 Device \Driver\Smb \Device\NetbiosSmb 87BFB1F8 Device \Driver\iScsiPrt \Device\RaidPort0 876C11F8 AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\sptd \Device\629621567 splk.sys Device \Driver\usbuhci \Device\USBFDO-0 875391F8 Device \Driver\netbt \Device\NetBT_Tcpip_{381C2D6E-23DE-4104-BE23-B29D428320BE} 87C321F8 Device \Driver\usbuhci \Device\USBFDO-1 875391F8 Device \Driver\usbuhci \Device\USBFDO-2 875391F8 Device \Driver\usbehci \Device\USBFDO-3 8763D1F8 Device \Driver\usbuhci \Device\USBFDO-4 875391F8 Device \Driver\netbt \Device\NetBT_Tcpip_{EB700D7F-A7B1-4607-BB01-682E27A1132D} 87C321F8 Device \Driver\usbuhci \Device\USBFDO-5 875391F8 Device \Driver\BTHUSB \Device\0000007f bthport.sys (Sterownik magistrali Bluetooth/Microsoft Corporation) Device \Driver\usbuhci \Device\USBFDO-6 875391F8 Device \Driver\usbehci \Device\USBFDO-7 8763D1F8 Device \Driver\a1mvwtk4 \Device\Scsi\a1mvwtk41Port5Path0Target0Lun0 876A31F8 Device \Driver\a1mvwtk4 \Device\Scsi\a1mvwtk41 876A31F8 Device \FileSystem\fastfat \Fat 9EDA21F8 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) Device \FileSystem\cdfs \Cdfs 8B1E51F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\00225f22ac05 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x58 0x17 0x52 0x9E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFE 0x55 0x58 0xA6 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA2 0x72 0xC4 0x8A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\BthPort\Parameters\Keys\00225f22ac05 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x58 0x17 0x52 0x9E ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFE 0x55 0x58 0xA6 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA2 0x72 0xC4 0x8A ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\00225f22ac05 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x58 0x17 0x52 0x9E ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFE 0x55 0x58 0xA6 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA2 0x72 0xC4 0x8A ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ ---- EOF - GMER 1.0.15 ----