GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-25 17:50:06 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 TOSHIBA_MK5055GSX rev.FG001M 465,76GB Running: h5l9igyj.exe; Driver: C:\Users\Toshiba\AppData\Local\Temp\pwliypog.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1996] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000077621401 2 bytes JMP 75ddeb26 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1996] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000077621419 2 bytes JMP 75deb513 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1996] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000077621431 2 bytes JMP 75e68609 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1996] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007762144a 2 bytes CALL 75dc1dfa C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1996] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000776214dd 2 bytes JMP 75e67efe C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1996] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000776214f5 2 bytes JMP 75e680d8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1996] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007762150d 2 bytes JMP 75e67df4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1996] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077621525 2 bytes JMP 75e681c2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1996] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007762153d 2 bytes JMP 75ddf088 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1996] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000077621555 2 bytes JMP 75deb885 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1996] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007762156d 2 bytes JMP 75e686c1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1996] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000077621585 2 bytes JMP 75e68222 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1996] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007762159d 2 bytes JMP 75e67db8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1996] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000776215b5 2 bytes JMP 75ddf121 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1996] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000776215cd 2 bytes JMP 75deb29f C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1996] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000776216b2 2 bytes JMP 75e68584 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1996] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000776216bd 2 bytes JMP 75e67d4d C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\ipla\ipla.exe[3060] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077621401 2 bytes JMP 75ddeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ipla\ipla.exe[3060] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077621419 2 bytes JMP 75deb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ipla\ipla.exe[3060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077621431 2 bytes JMP 75e68609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ipla\ipla.exe[3060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007762144a 2 bytes CALL 75dc1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\ipla\ipla.exe[3060] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000776214dd 2 bytes JMP 75e67efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ipla\ipla.exe[3060] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000776214f5 2 bytes JMP 75e680d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ipla\ipla.exe[3060] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007762150d 2 bytes JMP 75e67df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ipla\ipla.exe[3060] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077621525 2 bytes JMP 75e681c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ipla\ipla.exe[3060] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007762153d 2 bytes JMP 75ddf088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ipla\ipla.exe[3060] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077621555 2 bytes JMP 75deb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ipla\ipla.exe[3060] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007762156d 2 bytes JMP 75e686c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ipla\ipla.exe[3060] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077621585 2 bytes JMP 75e68222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ipla\ipla.exe[3060] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007762159d 2 bytes JMP 75e67db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ipla\ipla.exe[3060] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000776215b5 2 bytes JMP 75ddf121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ipla\ipla.exe[3060] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000776215cd 2 bytes JMP 75deb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ipla\ipla.exe[3060] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000776216b2 2 bytes JMP 75e68584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ipla\ipla.exe[3060] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000776216bd 2 bytes JMP 75e67d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[3180] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077621401 2 bytes JMP 75ddeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[3180] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077621419 2 bytes JMP 75deb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[3180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077621431 2 bytes JMP 75e68609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[3180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007762144a 2 bytes CALL 75dc1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[3180] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000776214dd 2 bytes JMP 75e67efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[3180] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000776214f5 2 bytes JMP 75e680d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[3180] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007762150d 2 bytes JMP 75e67df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[3180] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077621525 2 bytes JMP 75e681c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[3180] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007762153d 2 bytes JMP 75ddf088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[3180] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077621555 2 bytes JMP 75deb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[3180] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007762156d 2 bytes JMP 75e686c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[3180] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077621585 2 bytes JMP 75e68222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[3180] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007762159d 2 bytes JMP 75e67db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[3180] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000776215b5 2 bytes JMP 75ddf121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[3180] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000776215cd 2 bytes JMP 75deb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[3180] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000776216b2 2 bytes JMP 75e68584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[3180] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000776216bd 2 bytes JMP 75e67d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\Downloads\OTL.exe[4436] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExW + 17 0000000077621401 2 bytes JMP 75ddeb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\Downloads\OTL.exe[4436] C:\Windows\syswow64\PSAPI.dll!EnumProcessModules + 17 0000000077621419 2 bytes JMP 75deb513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\Downloads\OTL.exe[4436] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 17 0000000077621431 2 bytes JMP 75e68609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\Downloads\OTL.exe[4436] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 42 000000007762144a 2 bytes CALL 75dc1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Toshiba\Downloads\OTL.exe[4436] C:\Windows\syswow64\PSAPI.dll!EnumDeviceDrivers + 17 00000000776214dd 2 bytes JMP 75e67efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\Downloads\OTL.exe[4436] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameA + 17 00000000776214f5 2 bytes JMP 75e680d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\Downloads\OTL.exe[4436] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSetEx + 17 000000007762150d 2 bytes JMP 75e67df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\Downloads\OTL.exe[4436] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameW + 17 0000000077621525 2 bytes JMP 75e681c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\Downloads\OTL.exe[4436] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameW + 17 000000007762153d 2 bytes JMP 75ddf088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\Downloads\OTL.exe[4436] C:\Windows\syswow64\PSAPI.dll!EnumProcesses + 17 0000000077621555 2 bytes JMP 75deb885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\Downloads\OTL.exe[4436] C:\Windows\syswow64\PSAPI.dll!GetProcessMemoryInfo + 17 000000007762156d 2 bytes JMP 75e686c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\Downloads\OTL.exe[4436] C:\Windows\syswow64\PSAPI.dll!GetPerformanceInfo + 17 0000000077621585 2 bytes JMP 75e68222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\Downloads\OTL.exe[4436] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSet + 17 000000007762159d 2 bytes JMP 75e67db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\Downloads\OTL.exe[4436] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameA + 17 00000000776215b5 2 bytes JMP 75ddf121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\Downloads\OTL.exe[4436] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExA + 17 00000000776215cd 2 bytes JMP 75deb29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\Downloads\OTL.exe[4436] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 20 00000000776216b2 2 bytes JMP 75e68584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\Downloads\OTL.exe[4436] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 31 00000000776216bd 2 bytes JMP 75e67d4d C:\Windows\syswow64\kernel32.dll ---- User IAT/EAT - GMER 2.1 ---- IAT c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2432] @ c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef54f741c] c:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2432] @ c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef54f5f10] c:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2432] @ c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef54f5674] c:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2432] @ c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef54f5e2c] c:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2432] @ c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef54f7f48] c:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2432] @ c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef54f6a38] c:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2432] @ c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef54f6ee8] c:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2432] @ c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef54f7b58] c:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2432] @ c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef54f7ea0] c:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2432] @ c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef54f78b0] c:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2432] @ c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef54f4fb4] c:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2432] @ c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef54f5d38] c:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2432] @ c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef54f7584] c:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1C 0x49 0x9A 0x67 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1C 0x49 0x9A 0x67 ... ---- EOF - GMER 2.1 ----