GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-09-12 20:37:21 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-12 ST3160812AS rev.2AAA Running: gmer.exe; Driver: C:\DOCUME~1\Asd\USTAWI~1\Temp\kwtdrpog.sys ---- System - GMER 1.0.15 ---- SSDT sptd.sys ZwCreateKey [0xB7ED49E0] SSDT sptd.sys ZwEnumerateKey [0xB7F090EE] SSDT sptd.sys ZwEnumerateValueKey [0xB7F0947C] SSDT sptd.sys ZwOpenKey [0xB7ED49C0] SSDT sptd.sys ZwQueryKey [0xB7F09554] SSDT sptd.sys ZwQueryValueKey [0xB7F093D4] SSDT sptd.sys ZwSetValueKey [0xB7F095E6] INT 0x62 ? 8B58ECB8 INT 0x63 ? 8B3F3CB8 INT 0x73 ? 8B58ECB8 INT 0x73 ? 8B58ECB8 INT 0x73 ? 8B58ECB8 INT 0x73 ? 8B58ECB8 INT 0x73 ? 8B3F3CB8 INT 0x73 ? 8B58ECB8 INT 0x82 ? 8B58ECB8 INT 0xA4 ? 8B3F3CB8 INT 0xB4 ? 8B3F3CB8 INT 0xB4 ? 8B3F3CB8 INT 0xB4 ? 8B3F3CB8 INT 0xB4 ? 8B3F3CB8 ---- Kernel code sections - GMER 1.0.15 ---- PAGE sptd.sys B7EF8000 1 Byte [74] PAGE sptd.sys B7EF8004 5 Bytes [40, 83, EF, B7, A3] PAGE sptd.sys B7EF800C 5 Bytes [50, 84, EF, B7, 98] {PUSH EAX; TEST BH, CH; MOV BH, 0x98} PAGE sptd.sys B7EF8014 5 Bytes [B8, 83, EF, B7, 59] {MOV EAX, 0x59b7ef83} PAGE sptd.sys B7EF801C 5 Bytes [78, 82, EF, B7, 61] {JS 0xffffffffffffff84; OUT DX, EAX; MOV BH, 0x61} PAGE ... .sptd2 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd2" section [0xB7F720AD] ? C:\WINDOWS\system32\drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6BD83A0, 0x5FE082, 0xE8000020] .text USBPORT.SYS!DllUnload B6BB88AC 5 Bytes JMP 8B3F31C8 .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xAC470300, 0x3AE88, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB83D8300, 0x1B7E, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[3288] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01220C00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3288] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01457B4C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3288] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 01457B29 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3288] kernel32.dll!ValidateLocale + B130 7C844958 7 Bytes JMP 01223FAC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3288] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 01457AAA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\System32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [B7E9A22E] sptd.sys IAT \WINDOWS\System32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [B7E9971C] sptd.sys IAT \WINDOWS\System32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [B7E99F0E] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7E9971C] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7E99910] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7E99852] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7E9A0EC] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7E99F0E] sptd.sys IAT \SystemRoot\System32\Drivers\ahy6r0zr.SYS[HAL.dll!KeGetCurrentIrql] 830C55FF IAT \SystemRoot\System32\Drivers\ahy6r0zr.SYS[HAL.dll!KfAcquireSpinLock] B60F14C4 IAT \SystemRoot\System32\Drivers\ahy6r0zr.SYS[HAL.dll!KfReleaseSpinLock] 4E8DE745 IAT \SystemRoot\System32\Drivers\ahy6r0zr.SYS[HAL.dll!KfRaiseIrql] 77C13BFC IAT \SystemRoot\System32\Drivers\ahy6r0zr.SYS[HAL.dll!KfLowerIrql] 59FC6A24 IAT \SystemRoot\System32\Drivers\ahy6r0zr.SYS[USBD.SYS!USBD_CreateConfigurationRequestEx] 8D104D8B ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8B58D1E8 Device \FileSystem\Fastfat \FatCdrom 8AA8E430 Device \Driver\usbuhci \Device\USBPDO-0 8B2A21E8 Device \Driver\usbuhci \Device\USBPDO-1 8B2A21E8 Device \Driver\usbuhci \Device\USBPDO-2 8B2A21E8 Device \Driver\usbehci \Device\USBPDO-3 8B28E1E8 Device \Driver\usbuhci \Device\USBPDO-4 8B2A21E8 Device \Driver\usbuhci \Device\USBPDO-5 8B2A21E8 Device \Driver\usbuhci \Device\USBPDO-6 8B2A21E8 Device \Driver\usbehci \Device\USBPDO-7 8B28E1E8 Device \Driver\PCI_PNP1032 \Device\00000058 sptd.sys Device \Driver\PCI_PNP1032 \Device\00000058 sptd.sys Device \Driver\Cdrom \Device\CdRom0 8B285430 Device \Driver\atapi \Device\Ide\IdePort0 [B7DEBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B7DEBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B7DEBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [B7DEBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 [B7DEBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort4 [B7DEBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort5 [B7DEBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-12 [B7DEBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\Cdrom \Device\CdRom1 8B285430 Device \Driver\Cdrom \Device\CdRom2 8B285430 Device \Driver\dtsoftbus01 \Device\00000083 8B3B81E8 Device \Driver\NetBT \Device\NetBt_Wins_Export 892D91E8 Device \Driver\USBSTOR \Device\00000090 8AA8B430 Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl 8B3B81E8 Device \Driver\NetBT \Device\NetbiosSmb 892D91E8 Device \Driver\USBSTOR \Device\00000094 8AA8B430 Device \Driver\usbuhci \Device\USBFDO-0 8B2A21E8 Device \Driver\usbuhci \Device\USBFDO-1 8B2A21E8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 892D31E8 Device \Driver\usbuhci \Device\USBFDO-2 8B2A21E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 892D31E8 Device \Driver\usbehci \Device\USBFDO-3 8B28E1E8 Device \Driver\usbuhci \Device\USBFDO-4 8B2A21E8 Device \Driver\usbuhci \Device\USBFDO-5 8B2A21E8 Device \Driver\usbuhci \Device\USBFDO-6 8B2A21E8 Device \Driver\usbehci \Device\USBFDO-7 8B28E1E8 Device \Driver\NetBT \Device\NetBT_Tcpip_{ABE43544-8CCF-4BA5-9A1C-ACEA778BCA75} 892D91E8 Device \Driver\ahy6r0zr \Device\Scsi\ahy6r0zr1Port6Path0Target0Lun0 8B3F9430 Device \Driver\ahy6r0zr \Device\Scsi\ahy6r0zr1 8B3F9430 Device \FileSystem\Fastfat \Fat 8AA8E430 Device \FileSystem\Cdfs \Cdfs 8AA8F430 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBC 0x0E 0x36 0xD3 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x85 0xD2 0x60 0xB7 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBC 0x0E 0x36 0xD3 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA4 0x40 0xBC 0xFE ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2C 0x47 0x93 0xD1 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2C 0xCB 0x81 0x6F ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBC 0x0E 0x36 0xD3 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x85 0xD2 0x60 0xB7 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBC 0x0E 0x36 0xD3 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x45 0xE3 0x5D 0x2A ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2C 0x47 0x93 0xD1 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5A 0xE9 0x65 0xB1 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBC 0x0E 0x36 0xD3 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x45 0xE3 0x5D 0x2A ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2C 0x47 0x93 0xD1 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5A 0xE9 0x65 0xB1 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBC 0x0E 0x36 0xD3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x45 0xE3 0x5D 0x2A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2C 0x47 0x93 0xD1 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5A 0xE9 0x65 0xB1 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBC 0x0E 0x36 0xD3 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x45 0xE3 0x5D 0x2A ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2C 0x47 0x93 0xD1 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5A 0xE9 0x65 0xB1 ... ---- EOF - GMER 1.0.15 ----