GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-01-13 22:35:06 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK1237GSX rev.DL130M Running: tn6y1v0r.exe; Driver: C:\Users\Nelly\AppData\Local\Temp\fglcqpod.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x8CF72DAA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x8CF74FE8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x8CF75262] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x8CF754D8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x8CF736BE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x8CF744F2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x8CF74A3C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x8CF7399A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x8CF74922] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x8CF72998] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x8CF747F6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x8CF72B40] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x8CF74B5C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x8CF73344] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x8CF73442] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0x8CF75722] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x8CF7488C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x8CF7624A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x8CF73E1C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x8CF77458] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x8CF73C2A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x8CF7633C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x8CF76AA4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x8CF74AD2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x8CF73740] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x8CF749B2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x8CF72FE8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x8CF7683E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x8CF74BF2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x8CF72ED8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x8CF757DC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x8CF76DDE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x8CF766D0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplaceKey [0x8CF71652] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x8CF74F56] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x8CF74E1C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x8CF75FE4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRestoreKey [0x8CF719CA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x8CF772FA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSaveKey [0x8CF715EA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x8CF74238] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x8CF73560] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x8CF7587E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x8CF764DA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x8CF76F2E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x8CF77020] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x8CF7715A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x8CF7616E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x8CF7318E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x8CF730E4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x8CF76C82] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x8CF7327A] ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!ZwSaveKeyEx + 13B1 82C728E9 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C923D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntoskrnl.exe!KeRemoveQueueEx + 1397 82C99664 4 Bytes [AA, 2D, F7, 8C] .text ntoskrnl.exe!KeRemoveQueueEx + 13BF 82C9968C 8 Bytes CALL E5568DE0 .text ntoskrnl.exe!KeRemoveQueueEx + 1403 82C996D0 4 Bytes [D8, 54, F7, 8C] {FCOM DWORD [EDI+ESI*8-0x74]} .text ntoskrnl.exe!KeRemoveQueueEx + 1453 82C99720 4 Bytes [F2, 44, F7, 8C] .text ntoskrnl.exe!KeRemoveQueueEx + 1467 82C99734 4 Bytes [3C, 4A, F7, 8C] .text ... .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x95432340, 0x3EE2B7, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\Dwm.exe[1780] USER32.dll!SetFocus 75E2CBA9 5 Bytes JMP 6BBE14E0 C:\Program Files\XWindows Dock\XWDCore.dll .text C:\Windows\system32\Dwm.exe[1780] USER32.dll!FlashWindow 75E54562 5 Bytes JMP 6BBE1450 C:\Program Files\XWindows Dock\XWDCore.dll .text C:\Windows\system32\Dwm.exe[1780] USER32.dll!FlashWindowEx 75E545A1 5 Bytes JMP 6BBE14A0 C:\Program Files\XWindows Dock\XWDCore.dll .text C:\Windows\explorer.exe[1824] USER32.dll!SetFocus 75E2CBA9 5 Bytes JMP 6BBE14E0 C:\Program Files\XWindows Dock\XWDCore.dll .text C:\Windows\explorer.exe[1824] USER32.dll!FlashWindow 75E54562 5 Bytes JMP 6BBE1450 C:\Program Files\XWindows Dock\XWDCore.dll .text C:\Windows\explorer.exe[1824] USER32.dll!FlashWindowEx 75E545A1 5 Bytes JMP 6BBE14A0 C:\Program Files\XWindows Dock\XWDCore.dll .text C:\Windows\system32\taskhost.exe[1880] USER32.dll!SetFocus 75E2CBA9 5 Bytes JMP 6BBE14E0 C:\Program Files\XWindows Dock\XWDCore.dll .text C:\Windows\system32\taskhost.exe[1880] USER32.dll!FlashWindow 75E54562 5 Bytes JMP 6BBE1450 C:\Program Files\XWindows Dock\XWDCore.dll .text C:\Windows\system32\taskhost.exe[1880] USER32.dll!FlashWindowEx 75E545A1 5 Bytes JMP 6BBE14A0 C:\Program Files\XWindows Dock\XWDCore.dll .text C:\Windows\Explorer.EXE[1948] USER32.dll!SetFocus 75E2CBA9 5 Bytes JMP 6BBE14E0 C:\Program Files\XWindows Dock\XWDCore.dll .text C:\Windows\Explorer.EXE[1948] USER32.dll!FlashWindow 75E54562 5 Bytes JMP 6BBE1450 C:\Program Files\XWindows Dock\XWDCore.dll .text C:\Windows\Explorer.EXE[1948] USER32.dll!FlashWindowEx 75E545A1 5 Bytes JMP 6BBE14A0 C:\Program Files\XWindows Dock\XWDCore.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1972] USER32.dll!SetFocus 75E2CBA9 5 Bytes JMP 6BBE14E0 C:\Program Files\XWindows Dock\XWDCore.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1972] USER32.dll!FlashWindow 75E54562 5 Bytes JMP 6BBE1450 C:\Program Files\XWindows Dock\XWDCore.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1972] USER32.dll!FlashWindowEx 75E545A1 5 Bytes JMP 6BBE14A0 C:\Program Files\XWindows Dock\XWDCore.dll .text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[2216] USER32.dll!SetFocus 75E2CBA9 5 Bytes JMP 6BBE14E0 C:\Program Files\XWindows Dock\XWDCore.dll .text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[2216] USER32.dll!FlashWindow 75E54562 5 Bytes JMP 6BBE1450 C:\Program Files\XWindows Dock\XWDCore.dll .text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[2216] USER32.dll!FlashWindowEx 75E545A1 5 Bytes JMP 6BBE14A0 C:\Program Files\XWindows Dock\XWDCore.dll .text C:\Windows\System32\rundll32.exe[3208] USER32.dll!SetFocus 75E2CBA9 5 Bytes JMP 6BBE14E0 C:\Program Files\XWindows Dock\XWDCore.dll .text C:\Windows\System32\rundll32.exe[3208] USER32.dll!FlashWindow 75E54562 5 Bytes JMP 6BBE1450 C:\Program Files\XWindows Dock\XWDCore.dll .text C:\Windows\System32\rundll32.exe[3208] USER32.dll!FlashWindowEx 75E545A1 5 Bytes JMP 6BBE14A0 C:\Program Files\XWindows Dock\XWDCore.dll .text C:\Program Files\iTunes\iTunesHelper.exe[3244] USER32.dll!SetFocus 75E2CBA9 5 Bytes JMP 6BBE14E0 C:\Program Files\XWindows Dock\XWDCore.dll .text C:\Program Files\iTunes\iTunesHelper.exe[3244] USER32.dll!FlashWindow 75E54562 5 Bytes JMP 6BBE1450 C:\Program Files\XWindows Dock\XWDCore.dll .text C:\Program Files\iTunes\iTunesHelper.exe[3244] USER32.dll!FlashWindowEx 75E545A1 5 Bytes JMP 6BBE14A0 C:\Program Files\XWindows Dock\XWDCore.dll .text C:\Program Files\Rainmeter\Rainmeter.exe[3272] USER32.dll!SetFocus 75E2CBA9 5 Bytes JMP 6BBE14E0 C:\Program Files\XWindows Dock\XWDCore.dll .text C:\Program Files\Rainmeter\Rainmeter.exe[3272] USER32.dll!FlashWindow 75E54562 5 Bytes JMP 6BBE1450 C:\Program Files\XWindows Dock\XWDCore.dll .text C:\Program Files\Rainmeter\Rainmeter.exe[3272] USER32.dll!FlashWindowEx 75E545A1 5 Bytes JMP 6BBE14A0 C:\Program Files\XWindows Dock\XWDCore.dll .text C:\Program Files\XWindows Dock\XWD.exe[3384] USER32.dll!SetFocus 75E2CBA9 5 Bytes JMP 6BBE14E0 C:\Program Files\XWindows Dock\XWDCore.dll .text C:\Program Files\XWindows Dock\XWD.exe[3384] USER32.dll!FlashWindow 75E54562 5 Bytes JMP 6BBE1450 C:\Program Files\XWindows Dock\XWDCore.dll .text C:\Program Files\XWindows Dock\XWD.exe[3384] USER32.dll!FlashWindowEx 75E545A1 5 Bytes JMP 6BBE14A0 C:\Program Files\XWindows Dock\XWDCore.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3752] ntdll.dll!LdrLoadDll 7765F585 5 Bytes JMP 003713F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3752] USER32.dll!SetFocus 75E2CBA9 5 Bytes JMP 6BBE14E0 C:\Program Files\XWindows Dock\XWDCore.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3752] USER32.dll!FlashWindow 75E54562 5 Bytes JMP 6BBE1450 C:\Program Files\XWindows Dock\XWDCore.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3752] USER32.dll!FlashWindowEx 75E545A1 5 Bytes JMP 6BBE14A0 C:\Program Files\XWindows Dock\XWDCore.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtblfs.exe[3868] USER32.dll!SetFocus 75E2CBA9 5 Bytes JMP 6BBE14E0 C:\Program Files\XWindows Dock\XWDCore.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtblfs.exe[3868] USER32.dll!FlashWindow 75E54562 5 Bytes JMP 6BBE1450 C:\Program Files\XWindows Dock\XWDCore.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtblfs.exe[3868] USER32.dll!FlashWindowEx 75E545A1 5 Bytes JMP 6BBE14A0 C:\Program Files\XWindows Dock\XWDCore.dll ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\system32\rundll32.exe[1260] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[1260] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[1260] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[1260] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\System32\rundll32.exe[3208] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\System32\rundll32.exe[3208] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\System32\rundll32.exe[3208] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\System32\rundll32.exe[3208] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75675E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\0000004f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00037adaf7b2 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x26 0xA7 0xA1 0x6D ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x72 0x1E 0xD9 0xBC ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA6 0x18 0xA1 0x8B ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00037adaf7b2 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x26 0xA7 0xA1 0x6D ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x72 0x1E 0xD9 0xBC ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA6 0x18 0xA1 0x8B ... ---- EOF - GMER 1.0.15 ----