GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-09-28 19:38:30 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 WDC_WD5000AAKS-00YGA0 rev.12.01C02 465,76GB Running: l7t1tcjq.exe; Driver: C:\DOCUME~1\User1\USTAWI~1\Temp\kgxoraob.sys ---- System - GMER 2.1 ---- INT 0x63 ? 8B584CC8 INT 0x63 ? 8B584CC8 INT 0x63 ? 8B584CC8 INT 0x63 ? 8B584CC8 INT 0x63 ? 8B584CC8 INT 0x83 ? 8B584CC8 INT 0x83 ? 8B584CC8 INT 0x83 ? 8B2CFCC8 INT 0x84 ? 8B2CFCC8 INT 0x94 ? 8B2CFCC8 INT 0x94 ? 8B2CFCC8 INT 0x94 ? 8B2CFCC8 INT 0x94 ? 8B2CFCC8 INT 0xA4 ? 8B2CFCC8 INT 0xB4 ? 8B2CFCC8 ---- Kernel code sections - GMER 2.1 ---- .sptd1 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xB7F8D346] .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6A283C0, 0x851EEA, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB27E9300, 0x22020, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB8340300, 0x1B7E, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\explorer.exe[492] SHELL32.dll!StrStrW 7C9CEF18 8 Bytes [80, 11, 60, 19, C0, 11, 60, ...] {ADC BYTE [ECX], 0x60; SBB EAX, EAX; ADC [EAX+0x19], ESP} .text C:\Program Files\CCleaner\CCleaner.exe[1284] USER32.dll!SetScrollInfo 7E369056 5 Bytes JMP 00505223 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[1284] USER32.dll!GetScrollInfo 7E37DFE2 5 Bytes JMP 0050516D C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[1284] USER32.dll!ShowScrollBar 7E37F2F2 5 Bytes JMP 005051A6 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[1284] USER32.dll!GetScrollPos 7E37F704 5 Bytes JMP 00505142 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[1284] USER32.dll!SetScrollPos 7E37F750 5 Bytes JMP 005050D9 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[1284] USER32.dll!GetScrollRange 7E37F787 5 Bytes JMP 00505104 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[1284] USER32.dll!SetScrollRange 7E37F99B 5 Bytes JMP 005051E6 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[1284] USER32.dll!EnableScrollBar 7E3B8005 5 Bytes JMP 0050525D C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\Internet Explorer\iexplore.exe[1692] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D5545 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1692] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADC24 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1692] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A7997 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1692] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A78C9 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1692] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A7934 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1692] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A779A C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1692] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A77FC C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1692] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A79FA C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1692] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A785E C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1692] WININET.dll!InternetConnectW 3FD18902 5 Bytes JMP 10003800 C:\Documents and Settings\All Users\Dane aplikacji\ExtTag\Daltfresh.dll .text C:\Documents and Settings\User1\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1852] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 016E6E2C C:\Documents and Settings\User1\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\User1\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1852] ntdll.dll!NtFlushBuffersFile 7C90D32E 5 Bytes JMP 016E6CC7 C:\Documents and Settings\User1\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\User1\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1852] ntdll.dll!NtQueryFullAttributesFile 7C90D7AE 5 Bytes JMP 016E6EAD C:\Documents and Settings\User1\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\User1\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1852] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 016E6BA3 C:\Documents and Settings\User1\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\User1\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1852] ntdll.dll!NtReadFileScatter 7C90D9DE 5 Bytes JMP 016E6BEC C:\Documents and Settings\User1\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\User1\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1852] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 016E6C35 C:\Documents and Settings\User1\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\User1\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1852] ntdll.dll!NtWriteFileGather 7C90DF8E 5 Bytes JMP 016E6C7E C:\Documents and Settings\User1\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\User1\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1852] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10001F42 C:\Documents and Settings\User1\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\mozglue.dll .text C:\Documents and Settings\User1\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1852] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 016AEE7B C:\Documents and Settings\User1\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\User1\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1852] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 016AEEC3 C:\Documents and Settings\User1\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\User1\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1852] kernel32.dll!ValidateLocale + B648 7C844EE0 7 Bytes JMP 0268E562 C:\Documents and Settings\User1\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\User1\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1852] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 0206662C C:\Documents and Settings\User1\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\User1\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[1852] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 016AEEEA C:\Documents and Settings\User1\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4144] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D5545 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4144] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 406A9B99 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4144] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4069D1CD C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4144] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADC24 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4144] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 406146FC C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4144] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A7997 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4144] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A78C9 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4144] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A7934 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4144] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A779A C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4144] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A77FC C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4144] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A79FA C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4144] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A785E C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4144] ole32.dll!CoCreateInstance 774EF1D4 5 Bytes JMP 406ADC80 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4144] ole32.dll!OleLoadFromStream 7751988B 5 Bytes JMP 407A7CFF C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4144] WININET.dll!InternetConnectW 3FD18902 5 Bytes JMP 02483800 C:\Documents and Settings\All Users\Dane aplikacji\ExtTag\Daltfresh.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 8B5831F8 Device \FileSystem\Fastfat \FatCdrom 8B138430 Device \Driver\usbehci \Device\USBPDO-0 8B2B81F8 Device \Driver\usbuhci \Device\USBPDO-1 8B3BE1F8 Device \Driver\usbuhci \Device\USBPDO-2 8B3BE1F8 Device \Driver\usbuhci \Device\USBPDO-3 8B3BE1F8 Device \Driver\usbehci \Device\USBPDO-4 8B2B81F8 Device \Driver\usbuhci \Device\USBPDO-5 8B3BE1F8 Device \Driver\usbuhci \Device\USBPDO-6 8B3BE1F8 Device \Driver\usbuhci \Device\USBPDO-7 8B3BE1F8 Device \Driver\Cdrom \Device\CdRom0 8B3821F8 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-12 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-7 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort4 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort5 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\USBSTOR \Device\00000090 8A9A51F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 8A9891F8 Device \Driver\USBSTOR \Device\00000091 8A9A51F8 Device \Driver\NetBT \Device\NetbiosSmb 8A9891F8 Device \Driver\USBSTOR \Device\00000085 8A9A51F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{CF3EE96F-D62D-4459-A960-BC916DBCDE49} 8A9891F8 Device \Driver\USBSTOR \Device\00000087 8A9A51F8 Device \Driver\USBSTOR \Device\00000088 8A9A51F8 Device \Driver\USBSTOR \Device\00000089 8A9A51F8 Device \Driver\usbuhci \Device\USBFDO-0 8B3BE1F8 Device \Driver\usbuhci \Device\USBFDO-1 8B3BE1F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A97E1F8 Device \Driver\usbuhci \Device\USBFDO-2 8B3BE1F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A97E1F8 Device \Driver\usbehci \Device\USBFDO-3 8B2B81F8 Device \Driver\usbuhci \Device\USBFDO-4 8B3BE1F8 Device \Driver\USBSTOR \Device\0000008a 8A9A51F8 Device \Driver\usbuhci \Device\USBFDO-5 8B3BE1F8 Device \Driver\usbuhci \Device\USBFDO-6 8B3BE1F8 Device \Driver\usbehci \Device\USBFDO-7 8B2B81F8 Device \FileSystem\Fastfat \Fat 8B138430 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys Device \FileSystem\Cdfs \Cdfs 8B117430 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet001\Control\Video\{36CADE1B-D37D-4D2D-A5A3-194EEF6D514F}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet001\Control\Video\{6DAE2808-8063-4A41-A260-05303C4B71FC}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet001\Control\Video\{6DAE2808-8063-4A41-A260-05303C4B71FC}\0001@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001bdc0fb126 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001bdc0fb126@002547657e45 0x7C 0x7D 0x65 0xED ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xFB 0x3D 0x26 0x11 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC4 0xF9 0x6D 0x30 ... Reg HKLM\SYSTEM\ControlSet002\Control\Video\{36CADE1B-D37D-4D2D-A5A3-194EEF6D514F}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet002\Control\Video\{6DAE2808-8063-4A41-A260-05303C4B71FC}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet002\Control\Video\{6DAE2808-8063-4A41-A260-05303C4B71FC}\0001@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001bdc0fb126 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001bdc0fb126@002547657e45 0x7C 0x7D 0x65 0xED ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xFB 0x3D 0x26 0x11 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC4 0xF9 0x6D 0x30 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{36CADE1B-D37D-4D2D-A5A3-194EEF6D514F}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{6DAE2808-8063-4A41-A260-05303C4B71FC}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{6DAE2808-8063-4A41-A260-05303C4B71FC}\0001@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bdc0fb126 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bdc0fb126@002547657e45 0x7C 0x7D 0x65 0xED ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xFB 0x3D 0x26 0x11 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC4 0xF9 0x6D 0x30 ... ---- EOF - GMER 2.1 ----