GMER 2.1.18952 - http://www.gmer.net Rootkit scan 2013-02-19 00:54:43 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5 ST3500320AS rev.SD1A 465,76GB Running: gmer.exe; Driver: C:\DOCUME~1\Filipo\USTAWI~1\Temp\fwwdrkoc.sys ---- System - GMER 2.1 ---- SSDT F7A6710C ZwClose SSDT F7A670C6 ZwCreateKey SSDT F7A67116 ZwCreateSection SSDT F7A670BC ZwCreateThread SSDT F7A670CB ZwDeleteKey SSDT F7A670D5 ZwDeleteValueKey SSDT F7A67107 ZwDuplicateObject SSDT F7A670DA ZwLoadKey SSDT F7A670A8 ZwOpenProcess SSDT F7A670AD ZwOpenThread SSDT F7A670E4 ZwReplaceKey SSDT F7A670DF ZwRestoreKey SSDT F7A6711B ZwSetContextThread SSDT F7A670D0 ZwSetValueKey SSDT F7A670B7 ZwTerminateProcess ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xB968F360, 0x1DE5ED, 0xE8000020] .gal C:\WINDOWS\System32\DRIVERS\serial.sys entry point in ".gal" section [0xBA3CDC89] .Gemsm C:\WINDOWS\System32\DRIVERS\serial.sys unknown last section [0xBA3DD000, 0x5483, 0x48000040] ? C:\WINDOWS\System32\DRIVERS\serial.sys suspicious PE modification init C:\WINDOWS\System32\atkosdmini.dll entry point in "init" section [0xBF044000] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Real\RealPlayer\update\realsched.exe[272] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[13516] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, C4, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[13516] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[13516] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, C7, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[13516] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[13516] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, C4, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[13516] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[13516] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, C5, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[13516] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[13516] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9105DE .text C:\Program Files\Google\Chrome\Application\chrome.exe[13516] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[13516] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, C6, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[13516] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[13516] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, C5, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[13516] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[13516] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, C6, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[13516] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[13516] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91064F .text C:\Program Files\Google\Chrome\Application\chrome.exe[13516] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[13516] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, C4, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[13516] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[13516] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91077D .text C:\Program Files\Google\Chrome\Application\chrome.exe[13516] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[13516] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, C5, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[13516] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[13516] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, C6, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[13516] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[13516] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, C7, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[13516] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[15460] CRYPT32.dll!CryptMsgCountersignEncoded + 27A 77A82F42 7 Bytes JMP 0670EE40 .text C:\Program Files\Google\Chrome\Application\chrome.exe[15460] CRYPT32.dll!CertComparePublicKeyInfo + 1E8 77A8B761 7 Bytes JMP 0670EEB0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[18020] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, B0, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18020] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18020] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, B3, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18020] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18020] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, B0, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18020] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18020] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, B1, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18020] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18020] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B919ECA .text C:\Program Files\Google\Chrome\Application\chrome.exe[18020] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18020] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, B2, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18020] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18020] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, B1, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18020] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18020] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, B2, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18020] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18020] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B919F3B .text C:\Program Files\Google\Chrome\Application\chrome.exe[18020] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18020] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, B0, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18020] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18020] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91A069 .text C:\Program Files\Google\Chrome\Application\chrome.exe[18020] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18020] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, B1, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18020] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18020] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, B2, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18020] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18020] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, B3, C8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[18020] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\WINDOWS\System32\svchost.exe[18052] USER32.dll!DialogBoxIndirectParamAorW 7E3749D0 5 Bytes JMP 0093000A .text C:\WINDOWS\System32\svchost.exe[18052] USER32.dll!GetCursorPos 7E37974E 5 Bytes JMP 0092000A .text C:\WINDOWS\System32\svchost.exe[18052] ole32.dll!CoCreateInstance 774EF1BC 5 Bytes JMP 0091000A .text C:\Program Files\Google\Chrome\Application\chrome.exe[19552] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 9C, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[19552] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[19552] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 9F, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[19552] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[19552] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 9C, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[19552] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[19552] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 9D, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[19552] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[19552] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91A4B6 .text C:\Program Files\Google\Chrome\Application\chrome.exe[19552] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[19552] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 9E, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[19552] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[19552] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 9D, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[19552] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[19552] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 9E, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[19552] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[19552] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91A527 .text C:\Program Files\Google\Chrome\Application\chrome.exe[19552] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[19552] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 9C, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[19552] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[19552] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91A655 .text C:\Program Files\Google\Chrome\Application\chrome.exe[19552] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[19552] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 9D, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[19552] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[19552] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 9E, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[19552] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[19552] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 9F, CE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[19552] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[20216] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 08, 30, 00] {SUB [EAX], CL; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[20216] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[20216] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 0B, 30, 00] {SUB [EBX], CL; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[20216] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[20216] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 08, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[20216] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[20216] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 09, 30, 00] {TEST AL, 0x9; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[20216] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[20216] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B910622 .text C:\Program Files\Google\Chrome\Application\chrome.exe[20216] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[20216] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 0A, 30, 00] {TEST AL, 0xa; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[20216] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[20216] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 09, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[20216] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[20216] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 0A, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[20216] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[20216] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B910693 .text C:\Program Files\Google\Chrome\Application\chrome.exe[20216] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[20216] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 08, 30, 00] {TEST AL, 0x8; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[20216] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[20216] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9107C1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[20216] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[20216] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 09, 30, 00] {SUB [ECX], CL; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[20216] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[20216] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 0A, 30, 00] {SUB [EDX], CL; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[20216] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[20216] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 0B, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[20216] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\Google\Chrome\Application\chrome.exe[13516] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00360010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[18020] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00DF0010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[19552] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00E40010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[20216] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00370010 ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Modules - GMER 2.1 ---- Module (noname) (*** hidden *** ) B9607000-B9620000 (102400 bytes) ---- Processes - GMER 2.1 ---- Process C:\WINDOWS\System32\svchost.exe (*** hidden *** ) 18052 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD6 0x4B 0xE7 0xF3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x32 0xBC 0x45 0x07 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x25 0xE6 0x59 0xB5 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD6 0x4B 0xE7 0xF3 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x32 0xBC 0x45 0x07 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x25 0xE6 0x59 0xB5 ... ---- EOF - GMER 2.1 ----