GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2006-01-01 11:29:32 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e ST9250410AS rev.0003HPM1 232,89GB Running: qth9q5ll.exe; Driver: C:\DOCUME~1\user\USTAWI~1\Temp\uxtdapow.sys ---- System - GMER 2.2 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xABD0867A] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0xAC332AE2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xABD09158] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xABD4FD3C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xABD158F6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xABD15942] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xABD15ADC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xABD4F6F0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xABD15864] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xABD15986] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xABD158AC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xABD0968E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xABD15A96] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xABD09DC0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xABD086E0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xABD50402] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xABD506B8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xABD0D252] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xABD5026D] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xABD500D8] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwFreeVirtualMemory [0xAC332BBA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwGetContextThread [0xABD0A652] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xABD082CC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xAC332F9C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xABD08746] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xABD0D648] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xABD0ABE4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xABD15920] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xABD15964] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xABD15B00] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xABD4FA4C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xABD1588A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xABD0CB2A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xABD15A14] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xABD158D4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xABD0CF20] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xABD15ABA] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xAC332D3A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xABD4FF53] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xABD0A9FC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xABD4FDA5] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xABD0A3EA] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwRenameKey [0xAC340F10] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwReplaceKey [0xAC3418DC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xABD4ED33] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwResumeProcess [0xABD09F8A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwResumeThread [0xABD0A196] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xABD087AC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xABD08812] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xABD0A77C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xABD08366] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xABD08538] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xABD50509] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xABD084C6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xABD0A090] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xABD0A2C0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xABD085C0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xABD09BFE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xABD09DA0] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwUnloadDriver [0xAC32FD7A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xABD08878] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xABD091B4] INT 0x62 ? 8A9D5CC8 INT 0x63 ? 8A6DFF00 INT 0x73 ? 8A9D5CC8 INT 0x73 ? 8A9D5CC8 INT 0x73 ? 8A6DFF00 INT 0x73 ? 8A9D5CC8 INT 0x83 ? 8A6DFF00 INT 0xB4 ? 8A6DFF00 ---- Kernel code sections - GMER 2.2 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2E94 80504720 4 Bytes JMP B4ABD0A3 .text ntkrnlpa.exe!ZwCallbackReturn + 2EF4 80504780 12 Bytes [33, ED, D4, AB, 8A, 9F, D0, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2F10 8050479C 12 Bytes [AC, 87, D0, AB, 12, 88, D0, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2FB8 80504844 12 Bytes [90, A0, D0, AB, C0, A2, D0, ...] {NOP ; MOV AL, [0xa2c0abd0]; SHR BYTE [EBX-0x542f7a40], 0x1} PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A648C 4 Bytes CALL ABD0B25D \SystemRoot\system32\drivers\aswSnx.sys .sptd1 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xB9F6E346] .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8CFC000, 0x1C5D38, 0xE8000020] ---- User code sections - GMER 2.2 ---- .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[396] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\Mozilla Firefox\firefox.exe[1492] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00301980 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1492] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1BFB03FC .text C:\Program Files\Mozilla Firefox\firefox.exe[1492] KERNEL32.dll!lstrlenW + 43 7C809ADC 7 Bytes JMP 01915949 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1492] KERNEL32.dll!MapViewOfFileEx + 6A 7C80B990 7 Bytes JMP 01914BDC C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1492] KERNEL32.dll!ValidateLocale + B1E8 7C8449F8 7 Bytes JMP 016672D1 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1492] GDI32.dll!SetDIBitsToDevice + 209 77F19E04 7 Bytes JMP 019144C6 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1492] USER32.dll!GetWindowInfo 7E37C49C 1 Byte [E9] .text C:\Program Files\Mozilla Firefox\firefox.exe[1492] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 024659B1 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1492] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 016406F3 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1492] USER32.dll!CreateWindowExA 7E37E4A9 5 Bytes JMP 01A017E3 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3576] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } ---- Devices - GMER 2.2 ---- Device \FileSystem\Ntfs \Ntfs 8AA061F8 Device \FileSystem\Fastfat \FatCdrom 8A8141F8 Device \Driver\Tcpip \Device\Ip aswStmXP.sys Device \Driver\Tcpip6 \Device\Ip6 aswStmXP.sys Device \Driver\usbuhci \Device\USBPDO-0 8A6DE1F8 Device \Driver\usbuhci \Device\USBPDO-1 8A6DE1F8 Device \Driver\usbuhci \Device\USBPDO-2 8A6DE1F8 Device \Driver\usbuhci \Device\USBPDO-3 8A6DE1F8 Device \Driver\usbehci \Device\USBPDO-4 8A7911F8 Device \Driver\Tcpip \Device\Tcp aswStmXP.sys AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.sys Device \Driver\Cdrom \Device\CdRom0 8A6BD1F8 Device \Driver\atapi \Device\Ide\IdePort0 [B9DDDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9DDDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B9DDDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [B9DDDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 [B9DDDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-19 [B9DDDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e [B9DDDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\Tcpip6 \Device\RawIp6 aswStmXP.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{BF84CC1D-E177-4FAB-908C-917E5048CEB4} 89BF01F8 Device \Driver\Tcpip6 \Device\Tcp6 aswStmXP.sys Device \Driver\NetBT \Device\NetBt_Wins_Export 89BF01F8 Device \Driver\NetBT \Device\NetbiosSmb 89BF01F8 Device \Driver\Tcpip \Device\Udp aswStmXP.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{743EDB46-8A08-4578-A4A7-97385FAF842F} 89BF01F8 Device \Driver\Tcpip \Device\RawIp aswStmXP.sys Device \Driver\usbuhci \Device\USBFDO-0 8A6DE1F8 Device \Driver\usbuhci \Device\USBFDO-1 8A6DE1F8 Device \Driver\Tcpip6 \Device\Udp6 aswStmXP.sys Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89C691F8 Device \Driver\Tcpip \Device\IPMULTICAST aswStmXP.sys Device \Driver\usbuhci \Device\USBFDO-2 8A6DE1F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 89C691F8 Device \Driver\usbuhci \Device\USBFDO-3 8A6DE1F8 Device \Driver\usbehci \Device\USBFDO-4 8A7911F8 Device \Driver\imagedrv \Device\Scsi\imagedrv1 8AA071F8 Device \FileSystem\Fastfat \Fat 8A8141F8 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys Device \FileSystem\Cdfs \Cdfs 89B16430 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x37 0x7C 0x6F 0xD2 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x13 0x8E 0xB6 0x76 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x37 0x7C 0x6F 0xD2 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x37 0x7C 0x6F 0xD2 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x13 0x8E 0xB6 0x76 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x47 0xC6 0xB2 0x99 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2E 0xF9 0x29 0xBE ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD9 0x34 0x8A 0x73 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x13 0x8E 0xB6 0x76 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x47 0xC6 0xB2 0x99 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2E 0xF9 0x29 0xBE ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD9 0x34 0x8A 0x73 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x13 0x8E 0xB6 0x76 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x47 0xC6 0xB2 0x99 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2E 0xF9 0x29 0xBE ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD9 0x34 0x8A 0x73 ... ---- EOF - GMER 2.2 ----