GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-01-02 23:06:35 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS542525K9A300 rev.BBFOC3EP Running: qc551qzb.exe; Driver: C:\Users\Piotrek\AppData\Local\Temp\kwddyfow.sys ---- System - GMER 1.0.15 ---- INT 0x51 ? 86E0BBF8 INT 0x51 ? 86E0BBF8 INT 0x62 ? 86E0BBF8 INT 0x72 ? 86E0BBF8 INT 0x82 ? 85C21BF8 INT 0x92 ? 85C21BF8 INT 0xA2 ? 86E0BBF8 INT 0xB3 ? 86E0BBF8 Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x90B44BAE] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x90B449D2] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x90B44B0C] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- PAGE ntoskrnl.exe!ZwLoadDriver 82D683A8 7 Bytes JMP 90B44B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ObMakeTemporaryObject 82DA7E16 5 Bytes JMP 90B405D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ObInsertObject 82DF553C 5 Bytes JMP 90B41FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!NtCreateSection 82E0DB8F 7 Bytes JMP 90B449D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ZwCreateProcessEx 82E8C98A 7 Bytes JMP 90B44BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ? System32\Drivers\spiu.sys System nie może odnaleźć określonej ścieżki. ! .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8FC0D340, 0x3EE1D7, 0xE8000020] .text USBPORT.SYS!DllUnload 8BA3541B 5 Bytes JMP 86E0B1D8 .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA11D7300, 0x3AE88, 0xE8000020] .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA121A300, 0x1B7E, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1640] kernel32.dll!SetUnhandledExceptionFilter 768BA84F 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 85C202D8 IAT \SystemRoot\system32\drivers\pci.sys[ntoskrnl.exe!IoDetachDevice] [8B279C4C] \SystemRoot\System32\Drivers\spiu.sys IAT \SystemRoot\system32\drivers\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [8B279CA0] \SystemRoot\System32\Drivers\spiu.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8B2496D2] \SystemRoot\System32\Drivers\spiu.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8B249040] \SystemRoot\System32\Drivers\spiu.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8B2497FC] \SystemRoot\System32\Drivers\spiu.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8B2490BE] \SystemRoot\System32\Drivers\spiu.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8B24913C] \SystemRoot\System32\Drivers\spiu.sys IAT \SystemRoot\system32\drivers\ataport.SYS[ntoskrnl.exe!DbgBreakPoint] 85C212D8 IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 86E0B2D8 IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8B259048] \SystemRoot\System32\Drivers\spiu.sys IAT \SystemRoot\system32\DRIVERS\storport.sys[ntoskrnl.exe!DbgBreakPoint] 86C1D2D8 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 001F0002 IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 001F0000 IAT C:\Windows\Explorer.EXE[1532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74807817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7485A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7480BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [747FF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [748075E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [747FE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74838395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7480DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [747FFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [747FFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [747F71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7488CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7482C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [747FD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [747F6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [747F687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74802AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) Device \FileSystem\Ntfs \Ntfs 85C261F8 AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) Device \Driver\volmgr \Device\VolMgrControl 85C231F8 Device \Driver\usbuhci \Device\USBPDO-0 86C1A1F8 Device \Driver\usbuhci \Device\USBPDO-1 86C1A1F8 Device \Driver\usbehci \Device\USBPDO-2 86C101F8 Device \Driver\netbt \Device\NetBT_Tcpip_{E3802881-6B10-4B0E-AAAF-F760934A1BEF} 88504500 Device \Driver\usbuhci \Device\USBPDO-3 86C1A1F8 Device \Driver\usbuhci \Device\USBPDO-4 86C1A1F8 AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\usbuhci \Device\USBPDO-5 86C1A1F8 Device \Driver\usbehci \Device\USBPDO-6 86C101F8 Device \Driver\volmgr \Device\HarddiskVolume1 85C231F8 Device \Driver\volmgr \Device\HarddiskVolume2 85C231F8 Device \Driver\cdrom \Device\CdRom0 86C491F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85C251F8 Device \Driver\atapi \Device\Ide\IdePort0 85C251F8 Device \Driver\atapi \Device\Ide\IdePort1 85C251F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 85C251F8 Device \Driver\volmgr \Device\HarddiskVolume3 85C231F8 Device \Driver\netbt \Device\NetBt_Wins_Export 88504500 Device \Driver\Smb \Device\NetbiosSmb 886AB500 Device \Driver\iScsiPrt \Device\RaidPort0 86C191F8 AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\usbuhci \Device\USBFDO-0 86C1A1F8 Device \Driver\usbuhci \Device\USBFDO-1 86C1A1F8 Device \Driver\usbehci \Device\USBFDO-2 86C101F8 Device \Driver\usbuhci \Device\USBFDO-3 86C1A1F8 Device \Driver\usbuhci \Device\USBFDO-4 86C1A1F8 Device \Driver\usbuhci \Device\USBFDO-5 86C1A1F8 Device \Driver\usbehci \Device\USBFDO-6 86C101F8 Device \Driver\netbt \Device\NetBT_Tcpip_{F7FE7127-8614-4911-935D-409E3CDE9E9B} 88504500 Device \FileSystem\cdfs \Cdfs 895B21F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001dd9ed112e Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001dd9ed12e0 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001dd9f5f21a Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001dd9f60035 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x1E 0x63 0x85 0xD1 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001dd9ed112e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001dd9ed12e0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001dd9f5f21a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001dd9f60035 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x1D 0xBE 0x2B 0xF9 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD9 0x2A 0x90 0xD1 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x97 0x4B 0xBF 0x50 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001dd9ed112e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001dd9ed12e0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001dd9f5f21a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001dd9f60035 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x1D 0xBE 0x2B 0xF9 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD9 0x2A 0x90 0xD1 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x97 0x4B 0xBF 0x50 ... Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001dd9ed112e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001dd9ed12e0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001dd9f5f21a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001dd9f60035 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x1E 0x63 0x85 0xD1 ... Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001dd9ed112e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001dd9ed12e0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001dd9f5f21a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001dd9f60035 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x1E 0x63 0x85 0xD1 ... Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001dd9ed112e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001dd9ed12e0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001dd9f5f21a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001dd9f60035 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x1E 0x63 0x85 0xD1 ... Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\001dd9ed112e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\001dd9ed12e0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\001dd9f5f21a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\001dd9f60035 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x1E 0x63 0x85 0xD1 ... Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\001dd9ed112e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\001dd9ed12e0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\001dd9f5f21a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\001dd9f60035 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x1E 0x63 0x85 0xD1 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB2442962~31bf3856ad364e35~x86~~6.0.1.1@CurrentState 2 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB2442962~31bf3856ad364e35~x86~~6.0.1.1@LastProgressState 3 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB2442962~31bf3856ad364e35~x86~~6.0.1.1@LastError -2146498538 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_2_for_KB2296199~31bf3856ad364e35~x86~~6.0.1.0@CurrentState 4 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_2_for_KB2296199~31bf3856ad364e35~x86~~6.0.1.0@Visibility 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_2_for_KB2296199~31bf3856ad364e35~x86~~6.0.1.0@LastProgressState 6 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_2_for_KB2296199~31bf3856ad364e35~x86~~6.0.1.0@LastError 985089 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_3_for_KB2442962~31bf3856ad364e35~x86~~6.0.1.1@CurrentState 2 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_3_for_KB2442962~31bf3856ad364e35~x86~~6.0.1.1@LastProgressState 2 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_3_for_KB2442962~31bf3856ad364e35~x86~~6.0.1.1@LastError -2146498538 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_5_for_KB2296199~31bf3856ad364e35~x86~~6.0.1.0@CurrentState 4 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_5_for_KB2296199~31bf3856ad364e35~x86~~6.0.1.0@Visibility 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_5_for_KB2296199~31bf3856ad364e35~x86~~6.0.1.0@LastProgressState 6 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_5_for_KB2296199~31bf3856ad364e35~x86~~6.0.1.0@LastError 985089 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2296199_client_1~31bf3856ad364e35~x86~~6.0.1.0@CurrentState 4 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2296199_client_1~31bf3856ad364e35~x86~~6.0.1.0@Visibility 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2296199_client_1~31bf3856ad364e35~x86~~6.0.1.0@LastProgressState 6 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2296199_client_1~31bf3856ad364e35~x86~~6.0.1.0@LastError 985089 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2296199_client_2~31bf3856ad364e35~x86~~6.0.1.0@CurrentState 4 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2296199_client_2~31bf3856ad364e35~x86~~6.0.1.0@Visibility 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2296199_client_2~31bf3856ad364e35~x86~~6.0.1.0@LastProgressState 6 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2296199_client_2~31bf3856ad364e35~x86~~6.0.1.0@LastError 985089 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2296199_client~31bf3856ad364e35~x86~~6.0.1.0@CurrentState 4 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2296199_client~31bf3856ad364e35~x86~~6.0.1.0@Visibility 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2296199_client~31bf3856ad364e35~x86~~6.0.1.0@LastProgressState 6 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2296199_client~31bf3856ad364e35~x86~~6.0.1.0@LastError 985089 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2296199~31bf3856ad364e35~x86~~6.0.1.0@CurrentState 4 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2296199~31bf3856ad364e35~x86~~6.0.1.0@LastProgressState 6 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2296199~31bf3856ad364e35~x86~~6.0.1.0@LastError 985089 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2442962_client_1~31bf3856ad364e35~x86~~6.0.1.1@CurrentState 2 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2442962_client_1~31bf3856ad364e35~x86~~6.0.1.1@LastProgressState 2 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2442962_client_1~31bf3856ad364e35~x86~~6.0.1.1@LastError -2146498538 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2442962_client_2~31bf3856ad364e35~x86~~6.0.1.1@CurrentState 2 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2442962_client_2~31bf3856ad364e35~x86~~6.0.1.1@LastProgressState 2 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2442962_client_2~31bf3856ad364e35~x86~~6.0.1.1@LastError -2146498538 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2442962_client~31bf3856ad364e35~x86~~6.0.1.1@CurrentState 2 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2442962_client~31bf3856ad364e35~x86~~6.0.1.1@LastProgressState 2 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2442962_client~31bf3856ad364e35~x86~~6.0.1.1@LastError -2146498538 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2442962~31bf3856ad364e35~x86~~6.0.1.1@CurrentState 2 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2442962~31bf3856ad364e35~x86~~6.0.1.1@LastProgressState 2 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2442962~31bf3856ad364e35~x86~~6.0.1.1@LastError -2146498538 Reg HKLM\SOFTWARE\Classes\PowerPoint.Template.12\shell\Print\command@ """" /p "%1" ---- Files - GMER 1.0.15 ---- File C:\Windows\SoftwareDistribution\Download\f7d339ef10919176ac90d7861ffe67b6\img 0 bytes File C:\Windows\SoftwareDistribution\Download\f7d339ef10919176ac90d7861ffe67b6\img\OUTLOOK.msp 8444928 bytes File C:\Config.Msi 0 bytes File C:\Config.Msi\163b14.rbf 12276560 bytes executable ---- EOF - GMER 1.0.15 ----