GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-05-20 05:28:20 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9250410AS rev.0003HPM1 232,89GB Running: 5vlniyvk.exe; Driver: C:\DOCUME~1\user\USTAWI~1\Temp\uxtdapow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xAC71DAA0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xAC71E57E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xAC76285D] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xAC72A5C8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xAC72A614] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xAC72A7AE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xAC762211] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xAC72A536] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xAC72A658] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xAC72A57E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xAC71EAB4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xAC72A768] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xAC71F36C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xAC71DB06] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xAC762F23] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xAC7631D9] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xAC722B40] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xAC762D8E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xAC762BF9] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xAC71D6F2] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xACA337B2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xAC71DB6C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xAC722F36] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xAC71FE54] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xAC72A5F2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xAC72A636] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xAC72A7D2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xAC76256D] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xAC72A55C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xAC72243A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xAC72A6E6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xAC72A5A6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xAC722822] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xAC72A78C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xACA33556] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xAC762A74] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xAC71FCC8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xAC7628C6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xAC71F81E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwRenameKey [0xACA41526] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xAC761857] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xAC71DBD2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xAC71DC38] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xAC71F1E6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xAC71D78C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xAC71D95E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xAC76302A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xAC71D8EC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xAC71F536] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xAC71F698] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xAC71D9E6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xAC71F024] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xAC71F1C6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xAC71DC9E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xAC71E5DA] INT 0x62 ? 8AB4DCC8 INT 0x63 ? 8AB4DCC8 INT 0x63 ? 8AB4DCC8 INT 0x63 ? 8A817CC8 INT 0x63 ? 8A817CC8 INT 0x63 ? 8AB4DCC8 INT 0x73 ? 8A817CC8 INT 0x82 ? 8AB4DCC8 INT 0x84 ? 8A817CC8 INT 0x94 ? 8A817CC8 INT 0xA4 ? 8A817CC8 ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2C98 80504524 8 Bytes JMP A768AC71 .text ntkrnlpa.exe!ZwCallbackReturn + 2F10 8050479C 12 Bytes [D2, DB, 71, AC, 38, DC, 71, ...] {RCR BL, CL; JNO 0xffffffb0; CMP AH, BL; JNO 0xffffffb4; OUT 0xf1, AL; JNO 0xffffffb8} .text ntkrnlpa.exe!ZwCallbackReturn + 2FB8 80504844 12 Bytes [36, F5, 71, AC, 98, F6, 71, ...] {CMC ; JNO 0xffffffb0; CWDE ; DIV BYTE [ECX-0x54]; OUT 0xd9, AL; JNO 0xffffffb8} PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A648C 4 Bytes CALL AC720501 \SystemRoot\system32\drivers\aswSnx.sys .sptd1 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xB9F8D346] .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB91BE000, 0x1BDE76, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\accelerometerST.exe[124] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\System32\accelerometerST.exe[124] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[144] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[144] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[192] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[448] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[448] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[540] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[540] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[652] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[652] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[700] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[700] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[784] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[784] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\System32\smss.exe[848] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[860] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[860] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[912] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[912] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[952] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[952] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[984] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[984] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\services.exe[1028] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1040] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1220] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1220] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1236] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1392] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1392] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1464] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1464] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1480] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1480] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1516] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1560] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1560] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1612] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[1724] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003C01F8 .text C:\Program Files\Internet Explorer\iexplore.exe[1724] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[1724] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003C03FC .text C:\Program Files\Internet Explorer\iexplore.exe[1724] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[1724] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 00CA9315 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1724] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00D7DBCB C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1724] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 00D7DD81 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1724] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 00D84832 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1724] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00CE1CA2 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1724] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 00E9E021 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1724] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 00E9DF51 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1724] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 00E9DFBE C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1724] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 00E9DE22 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1724] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 00E9DE84 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1724] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 00E9E084 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1724] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 00E9DEE6 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1724] ole32.dll!CoCreateInstance 774F057E 5 Bytes JMP 00D8488E C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[1736] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[1736] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1748] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1748] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1748] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[1752] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[1752] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Messenger\msmsgs.exe[1848] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Messenger\msmsgs.exe[1848] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1876] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1876] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1876] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[1908] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe[1908] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Documents and Settings\user\Pulpit\5vlniyvk.exe[2056] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Documents and Settings\user\Pulpit\5vlniyvk.exe[2056] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[2088] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[2088] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2384] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2384] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2640] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2640] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2720] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2720] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[2748] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003C01F8 .text C:\Program Files\Internet Explorer\iexplore.exe[2748] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[2748] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003C03FC .text C:\Program Files\Internet Explorer\iexplore.exe[2748] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[2748] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 00CA9315 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2748] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 00D84832 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2748] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 00E9E021 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2748] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 00E9DF51 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2748] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 00E9DFBE C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2748] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 00E9DE22 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2748] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 00E9DE84 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2748] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 00E9E084 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2748] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 00E9DEE6 C:\WINDOWS\system32\IEFRAME.dll .text C:\WINDOWS\System32\alg.exe[2752] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2752] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[2980] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003C01F8 .text C:\Program Files\Internet Explorer\iexplore.exe[2980] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[2980] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003C03FC .text C:\Program Files\Internet Explorer\iexplore.exe[2980] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[2980] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 00CA9315 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2980] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00D7DBCB C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2980] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 00D7DD81 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2980] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 00D84832 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2980] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00CE1CA2 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2980] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 00E9E021 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2980] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 00E9DF51 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2980] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 00E9DFBE C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2980] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 00E9DE22 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2980] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 00E9DE84 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2980] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 00E9E084 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2980] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 00E9DEE6 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2980] ole32.dll!CoCreateInstance 774F057E 5 Bytes JMP 00D8488E C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3016] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3016] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[3028] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003C01F8 .text C:\Program Files\Internet Explorer\iexplore.exe[3028] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[3028] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003C03FC .text C:\Program Files\Internet Explorer\iexplore.exe[3028] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[3028] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 00CA9315 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3028] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00D7DBCB C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3028] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 00D7DD81 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3028] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 00D84832 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3028] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00CE1CA2 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3028] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 00E9E021 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3028] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 00E9DF51 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3028] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 00E9DFBE C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3028] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 00E9DE22 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3028] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 00E9DE84 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3028] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 00E9E084 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3028] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 00E9DEE6 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3028] ole32.dll!CoCreateInstance 774F057E 5 Bytes JMP 00D8488E C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3996] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003C01F8 .text C:\Program Files\Internet Explorer\iexplore.exe[3996] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[3996] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003C03FC .text C:\Program Files\Internet Explorer\iexplore.exe[3996] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[3996] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 00CA9315 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3996] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00D7DBCB C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3996] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 00D7DD81 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3996] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 00D84832 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3996] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00CE1CA2 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3996] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 00E9E021 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3996] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 00E9DF51 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3996] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 00E9DFBE C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3996] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 00E9DE22 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3996] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 00E9DE84 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3996] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 00E9E084 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3996] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 00E9DEE6 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3996] ole32.dll!CoCreateInstance 774F057E 5 Bytes JMP 00D8488E C:\WINDOWS\system32\IEFRAME.dll ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\system32\services.exe[1028] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[1028] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 8AB4C1F8 AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 Wdf01000.sys Device \Driver\usbuhci \Device\USBPDO-0 8A90A430 Device \Driver\usbuhci \Device\USBPDO-1 8A90A430 Device \Driver\usbehci \Device\USBPDO-2 8A8FB430 Device \Driver\usbuhci \Device\USBPDO-3 8A90A430 Device \Driver\usbuhci \Device\USBPDO-4 8A90A430 AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys Device \Driver\usbehci \Device\USBPDO-5 8A8FB430 Device \Driver\usbuhci \Device\USBPDO-6 8A90A430 Device \Driver\usbuhci \Device\USBPDO-7 8A90A430 Device \Driver\Cdrom \Device\CdRom0 8A925430 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9DFCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 [B9DFCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B9DFCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [B9DFCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 [B9DFCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 [B9DFCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\NetBT \Device\NetBt_Wins_Export 89DA0430 Device \Driver\NetBT \Device\NetbiosSmb 89DA0430 Device \Driver\NetBT \Device\NetBT_Tcpip_{9546C111-48B7-4CFA-994C-E713B79B81CA} 89DA0430 AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys Device \Driver\usbuhci \Device\USBFDO-0 8A90A430 Device \Driver\usbuhci \Device\USBFDO-1 8A90A430 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89D8A1F8 Device \Driver\usbuhci \Device\USBFDO-2 8A90A430 Device \FileSystem\MRxSmb \Device\LanmanRedirector 89D8A1F8 Device \Driver\usbehci \Device\USBFDO-3 8A8FB430 Device \Driver\usbuhci \Device\USBFDO-4 8A90A430 Device \Driver\usbuhci \Device\USBFDO-5 8A90A430 Device \Driver\NetBT \Device\NetBT_Tcpip_{D943668F-A2C8-4361-BB91-81E8F556EAE8} 89DA0430 Device \Driver\usbuhci \Device\USBFDO-6 8A90A430 Device \Driver\usbehci \Device\USBFDO-7 8A8FB430 Device \FileSystem\Cdfs \Cdfs 897CD1F8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x37 0x7C 0x6F 0xD2 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x13 0x8E 0xB6 0x76 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x37 0x7C 0x6F 0xD2 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x37 0x7C 0x6F 0xD2 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x13 0x8E 0xB6 0x76 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x47 0xC6 0xB2 0x99 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2E 0xF9 0x29 0xBE ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD9 0x34 0x8A 0x73 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x13 0x8E 0xB6 0x76 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x47 0xC6 0xB2 0x99 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2E 0xF9 0x29 0xBE ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD9 0x34 0x8A 0x73 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x13 0x8E 0xB6 0x76 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x47 0xC6 0xB2 0x99 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2E 0xF9 0x29 0xBE ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD9 0x34 0x8A 0x73 ... ---- EOF - GMER 2.1 ----