GMER 2.0.18444 - http://www.gmer.net Rootkit scan 2013-01-19 18:48:09 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST320LT0 rev.0003 298,09GB Running: 0xw2if78.exe; Driver: C:\Users\slawek\AppData\Local\Temp\awpiaaod.sys ---- System - GMER 2.0 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x886DF4BA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x886DFED6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x886EAFA8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x886EAFF4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x886EB176] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x886EAF16] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x886EB038] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x886EAF5E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x886E011C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x886E02F4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x886EB130] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x886E093E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x886DF508] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x886DF170] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x886DF556] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x886E4534] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x886E13A6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x886EAFD2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x886EB016] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x886EB19A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x886EAF3C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x886EB0BA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x886EAF86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x886EB154] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x886E1272] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x886E0F86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x886DF5A4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x886DF5F2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x886E07BE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x886DF1FA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x886DF3AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x886DF350] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x886E0AF8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x886E0C54] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x886DF41A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0x886E04D4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x886E0636] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x886DF640] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0x886DFF1A] ---- Kernel code sections - GMER 2.0 ---- .text ntkrnlpa.exe!ZwSaveKey + 13D1 81A47349 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81A80D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 81A87D80 4 Bytes [BA, F4, 6D, 88] .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 81A87E08 4 Bytes [D6, FE, 6D, 88] .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 81A87E5C 8 Bytes [A8, AF, 6E, 88, F4, AF, 6E, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 81A87E68 4 Bytes [76, B1, 6E, 88] .text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 81A87E84 4 Bytes [16, AF, 6E, 88] .text ... .text sptd.sys 87CA0001 31 Bytes [E7, E1, 81, 34, 82, E2, 81, ...] .text sptd.sys 87CA0024 104 Bytes [37, 57, AA, 81, 05, 90, B2, ...] .text sptd.sys 87CA008D 91 Bytes [55, A4, 81, 15, 05, A4, 81, ...] .text sptd.sys 87CA00E9 227 Bytes [2B, A4, 81, D7, B4, AA, 81, ...] .text sptd.sys 87CA01D4 4 Bytes [27, 39, 4F, 4E] {DAA ; CMP [EDI+0x4e], ECX} .text ... .sptd2 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd2" section [0x87D4C1AA] ? C:\Windows\System32\Drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. .text USBPORT.SYS!DllUnload 8D085DB9 5 Bytes JMP 867EC1C8 .text a0eq027s.SYS 8D352000 24 Bytes [A0, E7, E1, 81, 44, 08, E2, ...] .text a0eq027s.SYS 8D352019 4 Bytes [E7, E1, 81, 00] .text a0eq027s.SYS 8D35201E 22 Bytes [00, 00, DE, 77, 39, 8D, E6, ...] .text a0eq027s.SYS 8D352036 167 Bytes [00, 00, A0, 1E, A4, 81, F8, ...] .text a0eq027s.SYS 8D3520DE 16 Bytes [00, 00, 22, 00, 00, 00, 38, ...] {ADD [EAX], AL; AND AL, [EAX]; ADD [EAX], AL; CMP [ECX], BL; ADD [EAX], AL; CMP [EDI], CL; ADD [EAX], AL; ADD [EAX], AL} .text ... ---- User code sections - GMER 2.0 ---- .text C:\Windows\system32\svchost.exe[128] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62] .text C:\Windows\notepad.exe[428] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62] .text C:\Windows\system32\csrss.exe[504] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62] .text C:\Windows\system32\wininit.exe[564] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62] .text C:\Windows\system32\csrss.exe[576] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62] .text ... .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1664] kernel32.dll!SetUnhandledExceptionFilter 76C4F4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1664] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62] .text C:\Windows\system32\WLANExt.exe[1680] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62] .text C:\Windows\system32\conhost.exe[1688] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62] .text C:\Windows\SYSTEM32\WISPTIS.EXE[1704] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1712] kernel32.dll!GetBinaryTypeW + 70 76C669F4 1 Byte [62] .text ... ---- Kernel IAT/EAT - GMER 2.0 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [87CA170C] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [87CA1EEE] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [87CA220E] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [87CA20CC] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [87CA18F0] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\System32\Drivers\a0eq027s.SYS[PCIIDEX.SYS!AtaPortWriteRegisterUlong] 5D8D3520 IAT \SystemRoot\System32\Drivers\a0eq027s.SYS[PCIIDEX.SYS!AtaPortEtwTraceLog] 8B55CCC3 IAT \SystemRoot\System32\Drivers\a0eq027s.SYS[PCIIDEX.SYS!AtaPortCopyMemory] 0CEC83EC IAT \SystemRoot\System32\Drivers\a0eq027s.SYS[PCIIDEX.SYS!AtaPortGetPhysicalAddress] 758B5653 IAT \SystemRoot\System32\Drivers\a0eq027s.SYS[PCIIDEX.SYS!AtaPortInitializeEx] 3D8B5708 IAT \SystemRoot\System32\Drivers\a0eq027s.SYS[PCIIDEX.SYS!AtaPortRegistryRead] [8D352010] \SystemRoot\System32\Drivers\a0eq027s.SYS (MS AHCI 1.0 Standard Driver/Microsoft Corporation) IAT \SystemRoot\System32\Drivers\a0eq027s.SYS[PCIIDEX.SYS!AtaPortGetBusData] 16EC8E8D IAT \SystemRoot\System32\Drivers\a0eq027s.SYS[PCIIDEX.SYS!AtaPortRegistryFreeBuffer] 558D0000 IAT \SystemRoot\System32\Drivers\a0eq027s.SYS[PCIIDEX.SYS!AtaPortReadRegisterUlong] 8BD7FFF4 IAT \SystemRoot\System32\Drivers\a0eq027s.SYS[PCIIDEX.SYS!AtaPortGetUnCachedExtension] 35200C1D IAT \SystemRoot\System32\Drivers\a0eq027s.SYS[PCIIDEX.SYS!AtaPortStallExecution] FF14EB8D IAT \SystemRoot\System32\Drivers\a0eq027s.SYS[PCIIDEX.SYS!AtaPortBuildRequestSenseIrb] E8016AD3 IAT \SystemRoot\System32\Drivers\a0eq027s.SYS[PCIIDEX.SYS!AtaPortReadRegisterUchar] FFFFF870 IAT \SystemRoot\System32\Drivers\a0eq027s.SYS[PCIIDEX.SYS!AtaPortNotification] 8DF4558D IAT \SystemRoot\System32\Drivers\a0eq027s.SYS[PCIIDEX.SYS!AtaPortGetDeviceBase] 0016EC8E IAT \SystemRoot\System32\Drivers\a0eq027s.SYS[PCIIDEX.SYS!AtaPortCompleteRequest] 80D7FF00 IAT \SystemRoot\System32\Drivers\a0eq027s.SYS[PCIIDEX.SYS!AtaPortReleaseRequestSenseIrb] 0016D4BE IAT \SystemRoot\System32\Drivers\a0eq027s.SYS[PCIIDEX.SYS!AtaPortGetScatterGatherList] 4D8D0000 IAT \SystemRoot\System32\Drivers\a0eq027s.SYS[PCIIDEX.SYS!AtaPortRequestCallback] 8DE075F4 IAT \SystemRoot\System32\Drivers\a0eq027s.SYS[PCIIDEX.SYS!AtaPortRegistryAllocateBuffer] 0016D086 IAT \SystemRoot\System32\Drivers\a0eq027s.SYS[PCIIDEX.SYS!AtaPortDeviceStateChange] 33308B00 ---- User IAT/EAT - GMER 2.0 ---- IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1664] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7197F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74212437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [741F5600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [741F56BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [742124B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74208514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74204CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7420506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74205144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74206671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7420826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [742087BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7420901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7420E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1908] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74204BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[3932] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7197F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) ---- Registry - GMER 2.0 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e0b9a5b18272 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3E 0x87 0x8D 0x1E ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x36 0xC0 0x2F 0xBB ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xEA 0xAC 0x18 0xD6 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xB3 0xFA 0x67 0xA7 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e0b9a5b18272 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3E 0x87 0x8D 0x1E ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x36 0xC0 0x2F 0xBB ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xEA 0xAC 0x18 0xD6 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xB3 0xFA 0x67 0xA7 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@\1\3\1\3\1\3\1\3\1\3\1\3\1\3\1\3\1\3\1\3\1\3\1\3\1\3\1\3\1\3\1\3\1\3\1\3\1\3\1\3\1\3\1\3\x2030 1 ---- EOF - GMER 2.0 ----