GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-08-08 23:56:20 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-5 SAMSUNG_SP2504C rev.VT100-41 Running: yg7ntogg.exe; Driver: C:\Users\DaMeK\AppData\Local\Temp\ugloapow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwCreateThread [0x8953E7F0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwLoadDriver [0x8953E8B0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSystemInformation [0x8953E870] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSystemDebugControl [0x8953E830] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C433C9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C7CD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 1203 82C83EB8 4 Bytes [F0, E7, 53, 89] .text ntkrnlpa.exe!KeRemoveQueueEx + 161F 82C842D4 4 Bytes [70, E8, 53, 89] .text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82C8431C 4 Bytes JMP D6B073A3 ? System32\Drivers\spfs.sys System nie może odnaleźć określonej ścieżki. ! PAGE PCIIDEX.SYS!DllUnload 88C0E606 5 Bytes JMP 84E7A1D8 PAGE ataport.SYS!DllUnload + 1 88E5FAD7 4 Bytes JMP 84E771D9 .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8F430000, 0x267978, 0xE8000020] .text USBPORT.SYS!DllUnload 8F03ADB9 5 Bytes JMP 85FA41D8 ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1712] kernel32.dll!SetUnhandledExceptionFilter 77DDF4FB 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3684] ntdll.dll!NtCreateFile + 6 77F055CE 4 Bytes [28, 00, 1C, 00] {SUB [EAX], AL; SBB AL, 0x0} .text C:\Program Files\Avant Browser\webkit\chrome.exe[3684] ntdll.dll!NtCreateFile + B 77F055D3 1 Byte [E2] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3684] ntdll.dll!NtMapViewOfSection + 6 77F05C2E 1 Byte [28] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3684] ntdll.dll!NtMapViewOfSection + 6 77F05C2E 4 Bytes [28, 03, 1C, 00] {SUB [EBX], AL; SBB AL, 0x0} .text C:\Program Files\Avant Browser\webkit\chrome.exe[3684] ntdll.dll!NtMapViewOfSection + B 77F05C33 1 Byte [E2] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3684] ntdll.dll!NtOpenFile + 6 77F05CDE 4 Bytes [68, 00, 1C, 00] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3684] ntdll.dll!NtOpenFile + B 77F05CE3 1 Byte [E2] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3684] ntdll.dll!NtOpenProcess + 6 77F05D8E 4 Bytes [A8, 01, 1C, 00] {TEST AL, 0x1; SBB AL, 0x0} .text C:\Program Files\Avant Browser\webkit\chrome.exe[3684] ntdll.dll!NtOpenProcess + B 77F05D93 1 Byte [E2] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3684] ntdll.dll!NtOpenProcessToken + 6 77F05D9E 4 Bytes CALL 76F079A4 C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\Program Files\Avant Browser\webkit\chrome.exe[3684] ntdll.dll!NtOpenProcessToken + B 77F05DA3 1 Byte [E2] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3684] ntdll.dll!NtOpenProcessTokenEx + 6 77F05DAE 4 Bytes [A8, 02, 1C, 00] {TEST AL, 0x2; SBB AL, 0x0} .text C:\Program Files\Avant Browser\webkit\chrome.exe[3684] ntdll.dll!NtOpenProcessTokenEx + B 77F05DB3 1 Byte [E2] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3684] ntdll.dll!NtOpenThread + 6 77F05E0E 4 Bytes [68, 01, 1C, 00] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3684] ntdll.dll!NtOpenThread + B 77F05E13 1 Byte [E2] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3684] ntdll.dll!NtOpenThreadToken + 6 77F05E1E 4 Bytes [68, 02, 1C, 00] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3684] ntdll.dll!NtOpenThreadToken + B 77F05E23 1 Byte [E2] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3684] ntdll.dll!NtOpenThreadTokenEx + 6 77F05E2E 4 Bytes CALL 76F07A35 C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\Program Files\Avant Browser\webkit\chrome.exe[3684] ntdll.dll!NtOpenThreadTokenEx + B 77F05E33 1 Byte [E2] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3684] ntdll.dll!NtQueryAttributesFile + 6 77F05F3E 4 Bytes [A8, 00, 1C, 00] {TEST AL, 0x0; SBB AL, 0x0} .text C:\Program Files\Avant Browser\webkit\chrome.exe[3684] ntdll.dll!NtQueryAttributesFile + B 77F05F43 1 Byte [E2] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3684] ntdll.dll!NtQueryFullAttributesFile + 6 77F05FEE 4 Bytes CALL 76F07BF3 C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\Program Files\Avant Browser\webkit\chrome.exe[3684] ntdll.dll!NtQueryFullAttributesFile + B 77F05FF3 1 Byte [E2] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3684] ntdll.dll!NtSetInformationFile + 6 77F0663E 4 Bytes [28, 01, 1C, 00] {SUB [ECX], AL; SBB AL, 0x0} .text C:\Program Files\Avant Browser\webkit\chrome.exe[3684] ntdll.dll!NtSetInformationFile + B 77F06643 1 Byte [E2] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3684] ntdll.dll!NtSetInformationThread + 6 77F0669E 4 Bytes [28, 02, 1C, 00] {SUB [EDX], AL; SBB AL, 0x0} .text C:\Program Files\Avant Browser\webkit\chrome.exe[3684] ntdll.dll!NtSetInformationThread + B 77F066A3 1 Byte [E2] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3684] ntdll.dll!NtUnmapViewOfSection + 6 77F069BE 1 Byte [68] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3684] ntdll.dll!NtUnmapViewOfSection + 6 77F069BE 4 Bytes [68, 03, 1C, 00] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3684] ntdll.dll!NtUnmapViewOfSection + B 77F069C3 1 Byte [E2] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3764] ntdll.dll!NtCreateFile + 6 77F055CE 4 Bytes [28, 00, 40, 00] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3764] ntdll.dll!NtCreateFile + B 77F055D3 1 Byte [E2] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3764] ntdll.dll!NtMapViewOfSection + 6 77F05C2E 1 Byte [28] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3764] ntdll.dll!NtMapViewOfSection + 6 77F05C2E 4 Bytes [28, 03, 40, 00] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3764] ntdll.dll!NtMapViewOfSection + B 77F05C33 1 Byte [E2] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3764] ntdll.dll!NtOpenFile + 6 77F05CDE 4 Bytes [68, 00, 40, 00] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3764] ntdll.dll!NtOpenFile + B 77F05CE3 1 Byte [E2] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3764] ntdll.dll!NtOpenProcess + 6 77F05D8E 4 Bytes [A8, 01, 40, 00] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3764] ntdll.dll!NtOpenProcess + B 77F05D93 1 Byte [E2] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3764] ntdll.dll!NtOpenProcessToken + 6 77F05D9E 4 Bytes CALL 76F09DA4 C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\Program Files\Avant Browser\webkit\chrome.exe[3764] ntdll.dll!NtOpenProcessToken + B 77F05DA3 1 Byte [E2] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3764] ntdll.dll!NtOpenProcessTokenEx + 6 77F05DAE 4 Bytes [A8, 02, 40, 00] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3764] ntdll.dll!NtOpenProcessTokenEx + B 77F05DB3 1 Byte [E2] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3764] ntdll.dll!NtOpenThread + 6 77F05E0E 4 Bytes [68, 01, 40, 00] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3764] ntdll.dll!NtOpenThread + B 77F05E13 1 Byte [E2] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3764] ntdll.dll!NtOpenThreadToken + 6 77F05E1E 4 Bytes [68, 02, 40, 00] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3764] ntdll.dll!NtOpenThreadToken + B 77F05E23 1 Byte [E2] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3764] ntdll.dll!NtOpenThreadTokenEx + 6 77F05E2E 4 Bytes CALL 76F09E35 C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\Program Files\Avant Browser\webkit\chrome.exe[3764] ntdll.dll!NtOpenThreadTokenEx + B 77F05E33 1 Byte [E2] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3764] ntdll.dll!NtQueryAttributesFile + 6 77F05F3E 4 Bytes [A8, 00, 40, 00] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3764] ntdll.dll!NtQueryAttributesFile + B 77F05F43 1 Byte [E2] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3764] ntdll.dll!NtQueryFullAttributesFile + 6 77F05FEE 4 Bytes CALL 76F09FF3 C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\Program Files\Avant Browser\webkit\chrome.exe[3764] ntdll.dll!NtQueryFullAttributesFile + B 77F05FF3 1 Byte [E2] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3764] ntdll.dll!NtSetInformationFile + 6 77F0663E 4 Bytes [28, 01, 40, 00] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3764] ntdll.dll!NtSetInformationFile + B 77F06643 1 Byte [E2] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3764] ntdll.dll!NtSetInformationThread + 6 77F0669E 4 Bytes [28, 02, 40, 00] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3764] ntdll.dll!NtSetInformationThread + B 77F066A3 1 Byte [E2] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3764] ntdll.dll!NtUnmapViewOfSection + 6 77F069BE 1 Byte [68] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3764] ntdll.dll!NtUnmapViewOfSection + 6 77F069BE 4 Bytes [68, 03, 40, 00] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3764] ntdll.dll!NtUnmapViewOfSection + B 77F069C3 1 Byte [E2] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3944] ntdll.dll!NtCreateFile + 6 77F055CE 4 Bytes [28, 00, 3B, 00] {SUB [EAX], AL; CMP EAX, [EAX]} .text C:\Program Files\Avant Browser\webkit\chrome.exe[3944] ntdll.dll!NtCreateFile + B 77F055D3 1 Byte [E2] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3944] ntdll.dll!NtMapViewOfSection + 6 77F05C2E 1 Byte [28] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3944] ntdll.dll!NtMapViewOfSection + 6 77F05C2E 4 Bytes [28, 03, 3B, 00] {SUB [EBX], AL; CMP EAX, [EAX]} .text C:\Program Files\Avant Browser\webkit\chrome.exe[3944] ntdll.dll!NtMapViewOfSection + B 77F05C33 1 Byte [E2] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3944] ntdll.dll!NtOpenFile + 6 77F05CDE 4 Bytes [68, 00, 3B, 00] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3944] ntdll.dll!NtOpenFile + B 77F05CE3 1 Byte [E2] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3944] ntdll.dll!NtOpenProcess + 6 77F05D8E 4 Bytes [A8, 01, 3B, 00] {TEST AL, 0x1; CMP EAX, [EAX]} .text C:\Program Files\Avant Browser\webkit\chrome.exe[3944] ntdll.dll!NtOpenProcess + B 77F05D93 1 Byte [E2] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3944] ntdll.dll!NtOpenProcessToken + 6 77F05D9E 4 Bytes CALL 76F098A4 C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\Program Files\Avant Browser\webkit\chrome.exe[3944] ntdll.dll!NtOpenProcessToken + B 77F05DA3 1 Byte [E2] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3944] ntdll.dll!NtOpenProcessTokenEx + 6 77F05DAE 4 Bytes [A8, 02, 3B, 00] {TEST AL, 0x2; CMP EAX, [EAX]} .text C:\Program Files\Avant Browser\webkit\chrome.exe[3944] ntdll.dll!NtOpenProcessTokenEx + B 77F05DB3 1 Byte [E2] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3944] ntdll.dll!NtOpenThread + 6 77F05E0E 4 Bytes [68, 01, 3B, 00] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3944] ntdll.dll!NtOpenThread + B 77F05E13 1 Byte [E2] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3944] ntdll.dll!NtOpenThreadToken + 6 77F05E1E 4 Bytes [68, 02, 3B, 00] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3944] ntdll.dll!NtOpenThreadToken + B 77F05E23 1 Byte [E2] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3944] ntdll.dll!NtOpenThreadTokenEx + 6 77F05E2E 4 Bytes CALL 76F09935 C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\Program Files\Avant Browser\webkit\chrome.exe[3944] ntdll.dll!NtOpenThreadTokenEx + B 77F05E33 1 Byte [E2] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3944] ntdll.dll!NtQueryAttributesFile + 6 77F05F3E 4 Bytes [A8, 00, 3B, 00] {TEST AL, 0x0; CMP EAX, [EAX]} .text C:\Program Files\Avant Browser\webkit\chrome.exe[3944] ntdll.dll!NtQueryAttributesFile + B 77F05F43 1 Byte [E2] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3944] ntdll.dll!NtQueryFullAttributesFile + 6 77F05FEE 4 Bytes CALL 76F09AF3 C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\Program Files\Avant Browser\webkit\chrome.exe[3944] ntdll.dll!NtQueryFullAttributesFile + B 77F05FF3 1 Byte [E2] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3944] ntdll.dll!NtSetInformationFile + 6 77F0663E 4 Bytes [28, 01, 3B, 00] {SUB [ECX], AL; CMP EAX, [EAX]} .text C:\Program Files\Avant Browser\webkit\chrome.exe[3944] ntdll.dll!NtSetInformationFile + B 77F06643 1 Byte [E2] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3944] ntdll.dll!NtSetInformationThread + 6 77F0669E 4 Bytes [28, 02, 3B, 00] {SUB [EDX], AL; CMP EAX, [EAX]} .text C:\Program Files\Avant Browser\webkit\chrome.exe[3944] ntdll.dll!NtSetInformationThread + B 77F066A3 1 Byte [E2] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3944] ntdll.dll!NtUnmapViewOfSection + 6 77F069BE 1 Byte [68] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3944] ntdll.dll!NtUnmapViewOfSection + 6 77F069BE 4 Bytes [68, 03, 3B, 00] .text C:\Program Files\Avant Browser\webkit\chrome.exe[3944] ntdll.dll!NtUnmapViewOfSection + B 77F069C3 1 Byte [E2] ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [88C3390E] \SystemRoot\System32\Drivers\spfs.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [88C33F9C] \SystemRoot\System32\Drivers\spfs.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [88C333E6] \SystemRoot\System32\Drivers\spfs.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [88C34178] \SystemRoot\System32\Drivers\spfs.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [88C331D4] \SystemRoot\System32\Drivers\spfs.sys ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 84E7E1F8 Device \Driver\volmgr \Device\VolMgrControl 84E791F8 Device \Driver\usbohci \Device\USBPDO-0 85FA51F8 Device \Driver\usbohci \Device\USBPDO-1 85FA51F8 Device \Driver\usbohci \Device\USBPDO-2 85FA51F8 Device \Driver\usbehci \Device\USBPDO-3 85FA61F8 Device \Driver\volmgr \Device\HarddiskVolume1 84E791F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\volmgr \Device\HarddiskVolume2 84E791F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom0 85DD61F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84E7C1F8 Device \Driver\atapi \Device\Ide\IdePort0 84E7C1F8 Device \Driver\atapi \Device\Ide\IdePort1 84E7C1F8 Device \Driver\atapi \Device\Ide\IdePort2 84E7C1F8 Device \Driver\atapi \Device\Ide\IdePort3 84E7C1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-5 84E7C1F8 Device \Driver\volmgr \Device\HarddiskVolume3 84E791F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\NetBT \Device\NetBt_Wins_Export 85EF01F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{FBC36194-789B-4DD9-B2C4-CE9C6DD7BC11} 85EF01F8 Device \Driver\ACPI_HAL \Device\0000004c halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) Device \Driver\usbohci \Device\USBFDO-0 85FA51F8 Device \Driver\usbohci \Device\USBFDO-1 85FA51F8 Device \Driver\usbohci \Device\USBFDO-2 85FA51F8 Device \Driver\usbehci \Device\USBFDO-3 85FA61F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x86 0x49 0x0A 0xA9 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x5D 0x4E 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x64 0x6F 0xFA 0x86 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x86 0x49 0x0A 0xA9 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x5D 0x4E 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x64 0x6F 0xFA 0x86 ... ---- EOF - GMER 1.0.15 ----