GMER 1.0.15.15477 - http://www.gmer.net Rootkit scan 2010-10-24 10:33:22 Windows 5.1.2600 Dodatek Service Pack 3 Running: cf2db66d.exe; Driver: C:\DOCUME~1\POCZTA~1\USTAWI~1\Temp\uxtdipow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF39986B8] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwConnectPort [0xF3AC4040] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0xF3AC0930] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF3998574] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreatePort [0xF3AC4510] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcess [0xF3ACA870] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcessEx [0xF3ACAAA0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateSection [0xF3ACDFD0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateWaitablePort [0xF3AC4600] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0xF3AC0F20] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteKey [0xF3ACC6E0] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF3998A52] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDuplicateObject [0xF3ACA580] SSDT spqp.sys ZwEnumerateKey [0xF72A5CA2] SSDT spqp.sys ZwEnumerateValueKey [0xF72A6030] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwLoadKey [0xF3ACC8B0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0xF3AC0D70] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF399864E] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenProcess [0xF3ACA350] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenThread [0xF3ACA150] SSDT spqp.sys ZwQueryKey [0xF72A6108] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF399876E] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRenameKey [0xF3ACD250] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwReplaceKey [0xF3ACCCB0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRequestWaitReplyPort [0xF3AC3C00] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF399872E] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSecureConnectPort [0xF3AC4220] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0xF3AC1120] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF39988AE] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwTerminateProcess [0xF3ACACD0] INT 0x62 ? 865DDBF8 INT 0x73 ? 863C9BF8 INT 0x83 ? 8656CBF8 INT 0xB1 ? 8656FBF8 INT 0xB1 ? 8656FBF8 INT 0xB4 ? 863C9BF8 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2C7C 80504508 12 Bytes [10, 45, AC, F3, 70, A8, AC, ...] ? spqp.sys Nie można odnaleźć określonego pliku. ! ? srescan.sys Nie można odnaleźć określonego pliku. ! .text USBPORT.SYS!DllUnload F6CBE8AC 5 Bytes JMP 863C91D8 .text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF6468360, 0x348C87, 0xE8000020] .text agb4fquf.SYS F641E386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...] .text agb4fquf.SYS F641E3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text agb4fquf.SYS F641E3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH} .text agb4fquf.SYS F641E3C9 1 Byte [2E] .text agb4fquf.SYS F641E3C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...] .text ... .text a9wz4hiu.SYS F63E7386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...] .text a9wz4hiu.SYS F63E73AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text a9wz4hiu.SYS F63E73C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH} .text a9wz4hiu.SYS F63E73C9 1 Byte [2E] .text a9wz4hiu.SYS F63E73C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...] .text ... .text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xBA5CA400, 0x87EE2, 0xE8000020] .protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xBA66E620] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xBA66E620] .protect˙˙˙˙hardlockunknown last code section [0xBA66E400, 0x5126, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xBA66E400, 0x5126, 0xE0000020] ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7288040] spqp.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F728813C] spqp.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F72880BE] spqp.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F72887FC] spqp.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F72886D2] spqp.sys IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7298048] spqp.sys IAT \SystemRoot\System32\Drivers\agb4fquf.SYS[HAL.dll!KfAcquireSpinLock] 8BEC8B55 IAT \SystemRoot\System32\Drivers\agb4fquf.SYS[HAL.dll!READ_PORT_UCHAR] 00C73445 IAT \SystemRoot\System32\Drivers\agb4fquf.SYS[HAL.dll!KeGetCurrentIrql] 00000000 IAT \SystemRoot\System32\Drivers\agb4fquf.SYS[HAL.dll!KfRaiseIrql] 830C458B IAT \SystemRoot\System32\Drivers\agb4fquf.SYS[HAL.dll!KfLowerIrql] C0840CEC IAT \SystemRoot\System32\Drivers\agb4fquf.SYS[HAL.dll!HalGetInterruptVector] 053C0D74 IAT \SystemRoot\System32\Drivers\agb4fquf.SYS[HAL.dll!HalTranslateBusAddress] 57B80974 IAT \SystemRoot\System32\Drivers\agb4fquf.SYS[HAL.dll!KeStallExecutionProcessor] 8B000000 IAT \SystemRoot\System32\Drivers\agb4fquf.SYS[HAL.dll!KfReleaseSpinLock] 56C35DE5 IAT \SystemRoot\System32\Drivers\agb4fquf.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 8D08758B IAT \SystemRoot\System32\Drivers\agb4fquf.SYS[HAL.dll!READ_PORT_USHORT] 8D51FC4D IAT \SystemRoot\System32\Drivers\agb4fquf.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 8D52FD55 IAT \SystemRoot\System32\Drivers\agb4fquf.SYS[HAL.dll!WRITE_PORT_UCHAR] 8D51FE4D IAT \SystemRoot\System32\Drivers\agb4fquf.SYS[WMILIB.SYS!WmiSystemControl] 8D51F84D IAT \SystemRoot\System32\Drivers\agb4fquf.SYS[WMILIB.SYS!WmiCompleteRequest] 5052F455 IAT \SystemRoot\System32\Drivers\a9wz4hiu.SYS[HAL.dll!KfAcquireSpinLock] C0840CEC IAT \SystemRoot\System32\Drivers\a9wz4hiu.SYS[HAL.dll!READ_PORT_UCHAR] 053C0D74 IAT \SystemRoot\System32\Drivers\a9wz4hiu.SYS[HAL.dll!KeGetCurrentIrql] 57B80974 IAT \SystemRoot\System32\Drivers\a9wz4hiu.SYS[HAL.dll!KfRaiseIrql] 8B000000 IAT \SystemRoot\System32\Drivers\a9wz4hiu.SYS[HAL.dll!KfLowerIrql] 56C35DE5 IAT \SystemRoot\System32\Drivers\a9wz4hiu.SYS[HAL.dll!HalGetInterruptVector] 8D08758B IAT \SystemRoot\System32\Drivers\a9wz4hiu.SYS[HAL.dll!HalTranslateBusAddress] 8D51FC4D IAT \SystemRoot\System32\Drivers\a9wz4hiu.SYS[HAL.dll!KeStallExecutionProcessor] 8D52FD55 IAT \SystemRoot\System32\Drivers\a9wz4hiu.SYS[HAL.dll!KfReleaseSpinLock] 8D51FE4D IAT \SystemRoot\System32\Drivers\a9wz4hiu.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 8D52FF55 IAT \SystemRoot\System32\Drivers\a9wz4hiu.SYS[HAL.dll!READ_PORT_USHORT] 8D51F84D IAT \SystemRoot\System32\Drivers\a9wz4hiu.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 5052F455 IAT \SystemRoot\System32\Drivers\a9wz4hiu.SYS[HAL.dll!WRITE_PORT_UCHAR] EACAE856 IAT \SystemRoot\System32\Drivers\a9wz4hiu.SYS[WMILIB.SYS!WmiSystemControl] 0FC08520 IAT \SystemRoot\System32\Drivers\a9wz4hiu.SYS[WMILIB.SYS!WmiCompleteRequest] 0001B185 IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F3AC8CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F3AC91C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F3AC9320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F3AC8E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F3AC8E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F3AC8CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F3AC91C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F3AC9320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F3AC8CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F3AC8E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F3AC9320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F3AC91C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F3AC9320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F3AC91C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F3AC8CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F3AC8E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F3AC8CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F3AC91C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F3AC9320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F3AC8CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F3AC8E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F3AC9320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F3AC91C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[780] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[780] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8656B1F8 AttachedDevice \FileSystem\Ntfs \Ntfs symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) Device \FileSystem\Fastfat \FatCdrom 86276500 Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \Driver\NetBT \Device\NetBT_Tcpip_{B9AB2955-7343-4448-AEC5-024F3DD151C9} 85C471F8 Device \Driver\usbohci \Device\USBPDO-0 863C81F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 8656D1F8 Device \Driver\dmio \Device\DmControl\DmConfig 8656D1F8 Device \Driver\dmio \Device\DmControl\DmPnP 8656D1F8 Device \Driver\dmio \Device\DmControl\DmInfo 8656D1F8 Device \Driver\usbehci \Device\USBPDO-1 865121F8 Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \Driver\Ftdisk \Device\HarddiskVolume1 865DE1F8 AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft) Device \Driver\Ftdisk \Device\HarddiskVolume2 865DE1F8 AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft) Device \Driver\sptd \Device\167338528 spqp.sys Device \Driver\Cdrom \Device\CdRom0 863CC500 Device \Driver\Ftdisk \Device\HarddiskVolume3 865DE1F8 AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft) Device \Driver\Cdrom \Device\CdRom1 863CC500 Device \Driver\atapi \Device\Ide\IdePort0 [F71DAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F71DAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [F71DAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\Ftdisk \Device\HarddiskVolume4 865DE1F8 AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft) Device \Driver\Cdrom \Device\CdRom2 863CC500 Device \Driver\Cdrom \Device\CdRom3 863CC500 Device \Driver\NetBT \Device\NetBt_Wins_Export 85C471F8 Device \Driver\NetBT \Device\NetbiosSmb 85C471F8 Device \Driver\PCI_PNP9778 \Device\0000004d spqp.sys Device \Driver\PCI_PNP9778 \Device\0000004e spqp.sys Device \Driver\sptd \Device\167494778 spqp.sys Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \Driver\usbohci \Device\USBFDO-0 863C81F8 Device \Driver\nvata \Device\0000006d 8656C1F8 Device \Driver\usbehci \Device\USBFDO-1 865121F8 Device \Driver\nvata \Device\NvAta0 8656C1F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85AB81F8 Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \FileSystem\MRxSmb \Device\LanmanRedirector 85AB81F8 Device \Driver\Ftdisk \Device\FtControl 865DE1F8 Device \Driver\a9wz4hiu \Device\Scsi\a9wz4hiu1Port3Path0Target1Lun0 8614F2A8 Device \Driver\agb4fquf \Device\Scsi\agb4fquf1 86156330 Device \Driver\agb4fquf \Device\Scsi\agb4fquf1Port4Path0Target0Lun0 86156330 Device \Driver\a9wz4hiu \Device\Scsi\a9wz4hiu1Port3Path0Target0Lun0 8614F2A8 Device \Driver\a9wz4hiu \Device\Scsi\a9wz4hiu1 8614F2A8 Device \FileSystem\Fastfat \Fat 86276500 AttachedDevice \FileSystem\Fastfat \Fat symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft) AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) Device \FileSystem\Cdfs \Cdfs 861BC300 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 E:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x35 0x2A 0x66 0x09 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x73 0xC5 0x03 0x7A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xFB 0xFA 0x51 0x06 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7C 0x1A 0x87 0x0A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD6 0xD5 0x0D 0xC0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x8C 0xED 0x23 0xB2 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x6A 0xC1 0x37 0x4F ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 E:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x35 0x2A 0x66 0x09 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x73 0xC5 0x03 0x7A ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xFB 0xFA 0x51 0x06 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7C 0x1A 0x87 0x0A ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD6 0xD5 0x0D 0xC0 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x8C 0xED 0x23 0xB2 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x6A 0xC1 0x37 0x4F ... ---- EOF - GMER 1.0.15 ----