GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-10-27 17:24:28 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 ST3500418AS rev.CC35 Running: gmer.exe; Driver: C:\Users\Grizzly\AppData\Local\Temp\pwtirfow.sys ---- System - GMER 1.0.15 ---- INT 0x52 ? 87F5BBF8 INT 0x72 ? 87F5BBF8 INT 0x72 ? 87F5BBF8 INT 0x72 ? 87F5BBF8 INT 0x72 ? 87F5BBF8 INT 0x82 ? 87F5BBF8 INT 0x92 ? 86989BF8 INT 0x92 ? 86989BF8 INT 0x92 ? 86989BF8 INT 0x92 ? 86989BF8 INT 0x92 ? 86988BF8 INT 0x92 ? 87F5BBF8 INT 0x92 ? 86989BF8 INT 0xB1 ? 86988BF8 INT 0xB1 ? 86988BF8 INT 0xB2 ? 86988BF8 INT 0xB2 ? 87F5BBF8 INT 0xB2 ? 87F5BBF8 INT 0xB2 ? 86988BF8 ---- Kernel code sections - GMER 1.0.15 ---- ? System32\Drivers\spwo.sys System nie może odnaleźć określonej ścieżki. ! .text USBPORT.SYS!DllUnload 8C9ED41B 5 Bytes JMP 87F5B1D8 .text a5spxuvc.SYS 91D64000 22 Bytes [82, E3, 01, 83, 6C, E2, 01, ...] .text a5spxuvc.SYS 91D64017 84 Bytes [00, 32, 97, 78, 80, 3D, 95, ...] .text a5spxuvc.SYS 91D6406C 52 Bytes [A0, 0E, 09, 83, 98, 0E, 0F, ...] .text a5spxuvc.SYS 91D640A1 29 Bytes [30, 0F, 83, 74, 26, 09, 83, ...] .text a5spxuvc.SYS 91D640BF 13 Bytes [83, 00, 00, 00, 00, 00, 00, ...] {ADD DWORD [EAX], 0x0; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL} .text ... .text a7rupwl9.SYS 91D9B000 22 Bytes [82, E3, 01, 83, 6C, E2, 01, ...] .text a7rupwl9.SYS 91D9B017 84 Bytes [00, 32, 97, 78, 80, 3D, 95, ...] .text a7rupwl9.SYS 91D9B06C 52 Bytes [A0, 0E, 09, 83, 98, 0E, 0F, ...] .text a7rupwl9.SYS 91D9B0A1 29 Bytes [30, 0F, 83, 74, 26, 09, 83, ...] .text a7rupwl9.SYS 91D9B0BF 13 Bytes [83, 00, 00, 00, 00, 00, 00, ...] {ADD DWORD [EAX], 0x0; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL} .text ... ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[2284] kernel32.dll!SetUnhandledExceptionFilter 771FA8C5 4 Bytes [C2, 04, 00, 00] ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8068D6D6] \SystemRoot\System32\Drivers\spwo.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8068D042] \SystemRoot\System32\Drivers\spwo.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8068D800] \SystemRoot\System32\Drivers\spwo.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8068D0C0] \SystemRoot\System32\Drivers\spwo.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068D13E] \SystemRoot\System32\Drivers\spwo.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8069CB90] \SystemRoot\System32\Drivers\spwo.sys IAT \SystemRoot\System32\Drivers\a5spxuvc.SYS[ataport.SYS!AtaPortNotification] 9831BC8D IAT \SystemRoot\System32\Drivers\a5spxuvc.SYS[ataport.SYS!AtaPortWritePortUchar] 33000000 IAT \SystemRoot\System32\Drivers\a5spxuvc.SYS[ataport.SYS!AtaPortWritePortUlong] 40C683C9 IAT \SystemRoot\System32\Drivers\a5spxuvc.SYS[ataport.SYS!AtaPortGetPhysicalAddress] C10FF041 IAT \SystemRoot\System32\Drivers\a5spxuvc.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] FF45C60E IAT \SystemRoot\System32\Drivers\a5spxuvc.SYS[ataport.SYS!AtaPortGetScatterGatherList] 8BA8EB01 IAT \SystemRoot\System32\Drivers\a5spxuvc.SYS[ataport.SYS!AtaPortReadPortUchar] 11890855 IAT \SystemRoot\System32\Drivers\a5spxuvc.SYS[ataport.SYS!AtaPortStallExecution] CB8BD08A IAT \SystemRoot\System32\Drivers\a5spxuvc.SYS[ataport.SYS!AtaPortGetParentBusType] 0ACC87C7 IAT \SystemRoot\System32\Drivers\a5spxuvc.SYS[ataport.SYS!AtaPortRequestCallback] 00010000 IAT \SystemRoot\System32\Drivers\a5spxuvc.SYS[ataport.SYS!AtaPortWritePortBufferUshort] D6FF0000 IAT \SystemRoot\System32\Drivers\a5spxuvc.SYS[ataport.SYS!AtaPortGetUnCachedExtension] E8F475FF IAT \SystemRoot\System32\Drivers\a5spxuvc.SYS[ataport.SYS!AtaPortCompleteRequest] FFFFF13E IAT \SystemRoot\System32\Drivers\a5spxuvc.SYS[ataport.SYS!AtaPortMoveMemory] 00FF7D80 IAT \SystemRoot\System32\Drivers\a5spxuvc.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 0090850F IAT \SystemRoot\System32\Drivers\a5spxuvc.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 75FF0000 IAT \SystemRoot\System32\Drivers\a5spxuvc.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] E8006A08 IAT \SystemRoot\System32\Drivers\a5spxuvc.SYS[ataport.SYS!AtaPortReadPortUshort] 0001E7FA IAT \SystemRoot\System32\Drivers\a5spxuvc.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 000081E9 IAT \SystemRoot\System32\Drivers\a5spxuvc.SYS[ataport.SYS!AtaPortInitialize] 087D8300 IAT \SystemRoot\System32\Drivers\a5spxuvc.SYS[ataport.SYS!AtaPortGetDeviceBase] BF7B7501 IAT \SystemRoot\System32\Drivers\a5spxuvc.SYS[ataport.SYS!AtaPortDeviceStateChange] [91D89FB0] \SystemRoot\System32\Drivers\a5spxuvc.SYS (ATAPI IDE Miniport Driver/Microsoft Corporation) IAT \SystemRoot\System32\Drivers\a7rupwl9.SYS[ataport.SYS!AtaPortNotification] CC358B04 IAT \SystemRoot\System32\Drivers\a7rupwl9.SYS[ataport.SYS!AtaPortWritePortUchar] 8391DC1F IAT \SystemRoot\System32\Drivers\a7rupwl9.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6 IAT \SystemRoot\System32\Drivers\a7rupwl9.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514 IAT \SystemRoot\System32\Drivers\a7rupwl9.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 100D8BA5 IAT \SystemRoot\System32\Drivers\a7rupwl9.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F91DBF0 IAT \SystemRoot\System32\Drivers\a7rupwl9.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889 IAT \SystemRoot\System32\Drivers\a7rupwl9.SYS[ataport.SYS!AtaPortStallExecution] 54771129 IAT \SystemRoot\System32\Drivers\a7rupwl9.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E IAT \SystemRoot\System32\Drivers\a7rupwl9.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00 IAT \SystemRoot\System32\Drivers\a7rupwl9.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC IAT \SystemRoot\System32\Drivers\a7rupwl9.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B IAT \SystemRoot\System32\Drivers\a7rupwl9.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000 IAT \SystemRoot\System32\Drivers\a7rupwl9.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910 IAT \SystemRoot\System32\Drivers\a7rupwl9.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491 IAT \SystemRoot\System32\Drivers\a7rupwl9.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900 IAT \SystemRoot\System32\Drivers\a7rupwl9.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980 IAT \SystemRoot\System32\Drivers\a7rupwl9.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B IAT \SystemRoot\System32\Drivers\a7rupwl9.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557 IAT \SystemRoot\System32\Drivers\a7rupwl9.SYS[ataport.SYS!AtaPortInitialize] B18D0502 IAT \SystemRoot\System32\Drivers\a7rupwl9.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8 IAT \SystemRoot\System32\Drivers\a7rupwl9.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73F47817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73F9A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73F4BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73F3F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73F475E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73F3E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73F78395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73F4DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73F3FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73F3FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73F371CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73FCCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73F6C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73F3D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73F36853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73F3687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73F42AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8698F1F8 Device \Driver\netbt \Device\NetBT_Tcpip_{A3799E6E-77D6-47C7-87CB-D78B65F7C5A3} 891B5500 Device \Driver\netbt \Device\NetBT_Tcpip_{647BE224-2E06-49F5-AF6D-7D1974C1F462} 891B5500 Device \Driver\USBSTOR \Device\0000008e 883041F8 Device \Driver\USBSTOR \Device\0000008f 883041F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00158315a389 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00158315a389@001a8ade1a15 0xFD 0x71 0x64 0x5A ... Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00158315a389@0022fd0b1ce0 0x56 0xAF 0x1C 0xA4 ... Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00158315a389@001e458530d5 0x4D 0x65 0x39 0x03 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x12 0x12 0x90 0x75 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xF3 0x7C 0x71 0xA0 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x28 0xBE 0x51 0x97 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0C 0x8B 0xD5 0xC8 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA5 0x20 0xC5 0xE9 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5E 0x64 0x94 0xE3 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x73 0xCC 0x1F 0x87 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a389 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a389@001a8ade1a15 0xFD 0x71 0x64 0x5A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a389@0022fd0b1ce0 0x56 0xAF 0x1C 0xA4 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a389@001e458530d5 0x4D 0x65 0x39 0x03 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a389@001cccb2278b 0x86 0x96 0x83 0x7D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a389@001d3bb4b535 0x7A 0xB1 0x41 0x9B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a389@00174b44b29e 0xA2 0x13 0x84 0xAB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a389@6c0e0d80be82 0xDB 0x21 0x68 0x83 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a389@001f5cf530e9 0xBB 0x8B 0x01 0xD4 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD5 0x1A 0x83 0x20 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xF3 0x7C 0x71 0xA0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x28 0xBE 0x51 0x97 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0C 0x8B 0xD5 0xC8 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA5 0x20 0xC5 0xE9 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC9 0x3A 0x20 0x1F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x7B 0x02 0xB3 0xBC ... Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00158315a389 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00158315a389@001a8ade1a15 0xFD 0x71 0x64 0x5A ... Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00158315a389@0022fd0b1ce0 0x56 0xAF 0x1C 0xA4 ... Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00158315a389@001e458530d5 0x4D 0x65 0x39 0x03 ... Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00158315a389@001cccb2278b 0x86 0x96 0x83 0x7D ... Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00158315a389@001d3bb4b535 0x7A 0xB1 0x41 0x9B ... Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00158315a389@00174b44b29e 0xA2 0x13 0x84 0xAB ... Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00158315a389@6c0e0d80be82 0xDB 0x21 0x68 0x83 ... Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00158315a389@001f5cf530e9 0xBB 0x8B 0x01 0xD4 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD5 0x1A 0x83 0x20 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xF3 0x7C 0x71 0xA0 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x28 0xBE 0x51 0x97 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0C 0x8B 0xD5 0xC8 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA5 0x20 0xC5 0xE9 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC9 0x3A 0x20 0x1F ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x7B 0x02 0xB3 0xBC ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1B202417-D3EC-8C94-6544-19C6B12527E1} ---- EOF - GMER 1.0.15 ----