GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-07-04 12:01:07 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 TOSHIBA_MK2546GSX rev.LB012A Running: 73ceggid.exe; Driver: C:\Users\Grucha\AppData\Local\Temp\pxldrpow.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 8225D3C9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82296D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- User code sections - GMER 1.0.15 ---- .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtCreateFile + 6 778555CE 4 Bytes [28, 00, 18, 00] {SUB [EAX], AL; SBB [EAX], AL} .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtCreateFile + B 778555D3 1 Byte [E2] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtMapViewOfSection + 6 77855C2E 1 Byte [28] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtMapViewOfSection + 6 77855C2E 4 Bytes [28, 03, 18, 00] {SUB [EBX], AL; SBB [EAX], AL} .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtMapViewOfSection + B 77855C33 1 Byte [E2] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenFile + 6 77855CDE 4 Bytes [68, 00, 18, 00] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenFile + B 77855CE3 1 Byte [E2] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenProcess + 6 77855D8E 4 Bytes [A8, 01, 18, 00] {TEST AL, 0x1; SBB [EAX], AL} .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenProcess + B 77855D93 1 Byte [E2] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenProcessToken + B 77855DA3 1 Byte [E2] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenProcessTokenEx + 6 77855DAE 4 Bytes [A8, 02, 18, 00] {TEST AL, 0x2; SBB [EAX], AL} .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenProcessTokenEx + B 77855DB3 1 Byte [E2] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenThread + 6 77855E0E 4 Bytes [68, 01, 18, 00] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenThread + B 77855E13 1 Byte [E2] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenThreadToken + 6 77855E1E 4 Bytes [68, 02, 18, 00] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenThreadToken + B 77855E23 1 Byte [E2] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenThreadTokenEx + B 77855E33 1 Byte [E2] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtQueryAttributesFile + 6 77855F3E 4 Bytes [A8, 00, 18, 00] {TEST AL, 0x0; SBB [EAX], AL} .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtQueryAttributesFile + B 77855F43 1 Byte [E2] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtQueryFullAttributesFile + B 77855FF3 1 Byte [E2] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtSetInformationFile + 6 7785663E 4 Bytes [28, 01, 18, 00] {SUB [ECX], AL; SBB [EAX], AL} .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtSetInformationFile + B 77856643 1 Byte [E2] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtSetInformationThread + 6 7785669E 4 Bytes [28, 02, 18, 00] {SUB [EDX], AL; SBB [EAX], AL} .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtSetInformationThread + B 778566A3 1 Byte [E2] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtUnmapViewOfSection + 6 778569BE 1 Byte [68] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtUnmapViewOfSection + 6 778569BE 4 Bytes [68, 03, 18, 00] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtUnmapViewOfSection + B 778569C3 1 Byte [E2] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtCreateFile + 6 778555CE 4 Bytes [28, 00, 18, 00] {SUB [EAX], AL; SBB [EAX], AL} .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtCreateFile + B 778555D3 1 Byte [E2] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtMapViewOfSection + 6 77855C2E 1 Byte [28] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtMapViewOfSection + 6 77855C2E 4 Bytes [28, 03, 18, 00] {SUB [EBX], AL; SBB [EAX], AL} .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtMapViewOfSection + B 77855C33 1 Byte [E2] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtOpenFile + 6 77855CDE 4 Bytes [68, 00, 18, 00] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtOpenFile + B 77855CE3 1 Byte [E2] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtOpenProcess + 6 77855D8E 4 Bytes [A8, 01, 18, 00] {TEST AL, 0x1; SBB [EAX], AL} .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtOpenProcess + B 77855D93 1 Byte [E2] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtOpenProcessToken + B 77855DA3 1 Byte [E2] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtOpenProcessTokenEx + 6 77855DAE 4 Bytes [A8, 02, 18, 00] {TEST AL, 0x2; SBB [EAX], AL} .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtOpenProcessTokenEx + B 77855DB3 1 Byte [E2] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtOpenThread + 6 77855E0E 4 Bytes [68, 01, 18, 00] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtOpenThread + B 77855E13 1 Byte [E2] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtOpenThreadToken + 6 77855E1E 4 Bytes [68, 02, 18, 00] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtOpenThreadToken + B 77855E23 1 Byte [E2] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtOpenThreadTokenEx + B 77855E33 1 Byte [E2] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtQueryAttributesFile + 6 77855F3E 4 Bytes [A8, 00, 18, 00] {TEST AL, 0x0; SBB [EAX], AL} .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtQueryAttributesFile + B 77855F43 1 Byte [E2] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtQueryFullAttributesFile + B 77855FF3 1 Byte [E2] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtSetInformationFile + 6 7785663E 4 Bytes [28, 01, 18, 00] {SUB [ECX], AL; SBB [EAX], AL} .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtSetInformationFile + B 77856643 1 Byte [E2] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtSetInformationThread + 6 7785669E 4 Bytes [28, 02, 18, 00] {SUB [EDX], AL; SBB [EAX], AL} .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtSetInformationThread + B 778566A3 1 Byte [E2] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtUnmapViewOfSection + 6 778569BE 1 Byte [68] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtUnmapViewOfSection + 6 778569BE 4 Bytes [68, 03, 18, 00] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1756] ntdll.dll!NtUnmapViewOfSection + B 778569C3 1 Byte [E2] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtCreateFile + 6 778555CE 4 Bytes [28, 00, 28, 00] {SUB [EAX], AL; SUB [EAX], AL} .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtCreateFile + B 778555D3 1 Byte [E2] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtMapViewOfSection + 6 77855C2E 1 Byte [28] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtMapViewOfSection + 6 77855C2E 4 Bytes [28, 03, 28, 00] {SUB [EBX], AL; SUB [EAX], AL} .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtMapViewOfSection + B 77855C33 1 Byte [E2] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtOpenFile + 6 77855CDE 4 Bytes [68, 00, 28, 00] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtOpenFile + B 77855CE3 1 Byte [E2] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtOpenProcess + 6 77855D8E 4 Bytes [A8, 01, 28, 00] {TEST AL, 0x1; SUB [EAX], AL} .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtOpenProcess + B 77855D93 1 Byte [E2] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtOpenProcessToken + B 77855DA3 1 Byte [E2] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtOpenProcessTokenEx + 6 77855DAE 4 Bytes [A8, 02, 28, 00] {TEST AL, 0x2; SUB [EAX], AL} .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtOpenProcessTokenEx + B 77855DB3 1 Byte [E2] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtOpenThread + 6 77855E0E 4 Bytes [68, 01, 28, 00] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtOpenThread + B 77855E13 1 Byte [E2] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtOpenThreadToken + 6 77855E1E 4 Bytes [68, 02, 28, 00] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtOpenThreadToken + B 77855E23 1 Byte [E2] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtOpenThreadTokenEx + B 77855E33 1 Byte [E2] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtQueryAttributesFile + 6 77855F3E 4 Bytes [A8, 00, 28, 00] {TEST AL, 0x0; SUB [EAX], AL} .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtQueryAttributesFile + B 77855F43 1 Byte [E2] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtQueryFullAttributesFile + B 77855FF3 1 Byte [E2] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtSetInformationFile + 6 7785663E 4 Bytes [28, 01, 28, 00] {SUB [ECX], AL; SUB [EAX], AL} .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtSetInformationFile + B 77856643 1 Byte [E2] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtSetInformationThread + 6 7785669E 4 Bytes [28, 02, 28, 00] {SUB [EDX], AL; SUB [EAX], AL} .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtSetInformationThread + B 778566A3 1 Byte [E2] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtUnmapViewOfSection + 6 778569BE 1 Byte [68] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtUnmapViewOfSection + 6 778569BE 4 Bytes [68, 03, 28, 00] .text C:\Users\Grucha\AppData\Local\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!NtUnmapViewOfSection + B 778569C3 1 Byte [E2] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [744D24CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [744B562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [744B56EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [744D2546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [744C85AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [744C4D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [744C5105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [744C51DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [744C6707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [744C8301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [744C8850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [744C90B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [744CE254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [744C4C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \Driver\ACPI_HAL \Device\00000052 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001e3d893c21 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001e3d893c21@001a75561eec 0x2E 0xC3 0xF1 0xD9 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x00 0x47 0x52 0x78 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xFF 0xDB 0xB2 0x80 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xF0 0x34 0x87 0x25 ... Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Dane\Instalki\VAIO DRIVERS\!! WIN 7\System Components - 3 files\Sony\xae Firmware Extension Parser Device Driver\SODOTH-70187337-32.EXE 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Dane\Instalki\VAIO DRIVERS\!! WIN 7\System Components - 3 files\Sony\xae Firmware Extension Parser Device Driver Update\SODSNC-00205671-32US.EXE 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Dane\Instalki\VAIO DRIVERS\!! WIN 7\System Software - 2 files\Sony\xae Firmware Extension Parser Device Driver\SODOTH-00228472-1040.EXE 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Dane\Instalki\VAIO DRIVERS\!! WIN 7\System Components - 3 files\Sony\xae Shared Library\SOASSL-70189398-US.EXE 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Dane\Instalki\VAIO DRIVERS\!! WIN 7\System Software - 2 files\VAIO\xae Event Service\SOAVES-70192615-US.EXE 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Dane\Instalki\VAIO DRIVERS\System Component - 2 files\Sony\xae Shared Library\SOASSL-13989500-US.EXE 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Dane\Instalki\VAIO DRIVERS\Video - 4 files\Mobile Intel\xae Express Chipset Family Graphics Driver\INDVID-13984100-US.EXE 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Dane\Instalki\VAIO DRIVERS\Video - 4 files\NVIDIA\xae Display Drivers\NVDVID-14139200-US.EXE 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Dane\Instalki\VAIO DRIVERS\!! WIN 7\Notebook Control and Utilities - 3 files\VAIO\xae Control Center Software\SOAVCC-70192539-US.EXE 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Dane\Instalki\VAIO DRIVERS\!! WIN 7\Notebook Control and Utilities - 3 files\VAIO\xae Launcher Software\SOAOTH-70193336-US.EXE 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Dane\Instalki\VAIO DRIVERS\!! WIN 7\Wireless LAN - 2 files\Intel\xae Wireless Driver Update\INDWLL-03823813-732.EXE 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Dane\Instalki\VAIO DRIVERS\!! WIN 7\Wireless LAN - 2 files\Intel\xae Wireless LAN Driver Update\INDWLL-001357911-732.EXE 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Dane\Instalki\VAIO DRIVERS\!! WIN 7\Modem - 1 file\Conexant\xae Modem Driver\CODMOD-70144983-32.EXE 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Dane\Instalki\VAIO DRIVERS\!! WIN 7\Hard Drive - 1 file\Intel\xae SATA Non-RAID Driver\INDOTH-70152638-32.EXE 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Dane\Instalki\VAIO DRIVERS\!! WIN 7\Pointing Device - 1 file\Synaptics\xae Pointing Device Driver\SPDOTH-70128146-32.EXE 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Dane\Instalki\VAIO DRIVERS\!! WIN 7\CD-DVD drivers - 1 file\Optiarc\xae DVD RW AD-7560A ATA Device Update\OPFOPD-00211614-1070.EXE 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Dane\Instalki\VAIO DRIVERS\!! WIN 7\Camera - 2 files\WebCam Companion\xae Software\SOAOTH-70163007-US.EXE 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Dane\Instalki\VAIO DRIVERS\!! WIN 7\Camera - 2 files\ArcSoft Magic-i\x2122 Visual Effects Software\SOAOTH-70193889-US.EXE 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Dane\Instalki\VAIO DRIVERS\Camera - 1 file\Ricoh\xae Camera Driver\RIDCAM-14137700-US.EXE 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Dane\Instalki\VAIO DRIVERS\Bluetooth Wireless - 1 file\Broadcom\xae Bluetooth\xae Driver\BRDBLT-14023900-US.EXE 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Dane\Instalki\VAIO DRIVERS\Audio - 1 file\SigmaTel\xae Audio Driver\STDAUD-14133700-US.EXE 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Dane\Instalki\VAIO DRIVERS\Network - 1 file\Marvell\xae Ethernet Driver\MRDETH-14005500-US.EXE 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Dane\Instalki\VAIO DRIVERS\!! WIN 7\Sony Applications (various)\VAIO\xae Original Function Settings Software\SOAOTH-70189922-US.EXE 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Dane\Instalki\VAIO DRIVERS\!! WIN 7\VAIO Update - 2 files\VAIO\xae Update Software\SOAVUD-70190115-US.EXE 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Dane\Instalki\VAIO DRIVERS\Pointing Device - 1 file\Alps\xae Pointing Device Driver\ALDOTH-13275900-US.EXE 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Dane\Instalki\VAIO DRIVERS\!! WIN 7\VAIO Update - 2 files\VAIO\xae Update Software Update\SOAVUD-00226187-1070.EXE 1 ---- EOF - GMER 1.0.15 ----