GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-03-10 22:39:16 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0 ST380811 rev.3.AA 74,53GB Running: 727qukid.exe; Driver: C:\DOCUME~1\x\USTAWI~1\Temp\pxldapow.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF5ECF360, 0x3CDCE5, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Real\RealPlayer\update\realsched.exe[116] kernel32.dll!SetUnhandledExceptionFilter 7C844935 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\Real\RealPlayer\update\realsched.exe[116] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 10007440 c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll .text C:\WINDOWS\RTHDCPL.EXE[168] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 10007440 c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[460] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 10007440 c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll .text C:\WINDOWS\Explorer.EXE[560] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10014200 c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll .text C:\WINDOWS\Explorer.EXE[560] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100143D0 c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll .text C:\WINDOWS\Explorer.EXE[560] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 10007440 c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll .text C:\Program Files\Mobile Partner\Mobile Partner.exe[576] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 10007440 c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll .text C:\Documents and Settings\All Users\Dane aplikacji\BitGuard\2.7.1832.68\{16cdff19-861d-48e3-a751-d99a27784753}\BitGuard.exe[732] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10014200 C:\Documents and Settings\All Users\Dane aplikacji\BitGuard\2.7.1832.68\{16cdff19-861d-48e3-a751-d99a27784753}\BitGuard.dll .text C:\Documents and Settings\All Users\Dane aplikacji\BitGuard\2.7.1832.68\{16cdff19-861d-48e3-a751-d99a27784753}\BitGuard.exe[732] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100143D0 C:\Documents and Settings\All Users\Dane aplikacji\BitGuard\2.7.1832.68\{16cdff19-861d-48e3-a751-d99a27784753}\BitGuard.dll .text C:\Documents and Settings\All Users\Dane aplikacji\BitGuard\2.7.1832.68\{16cdff19-861d-48e3-a751-d99a27784753}\BitGuard.exe[732] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 10007440 C:\Documents and Settings\All Users\Dane aplikacji\BitGuard\2.7.1832.68\{16cdff19-861d-48e3-a751-d99a27784753}\BitGuard.dll .text C:\Program Files\iPlus\iPlusChecker.exe[764] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 10007440 c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll .text C:\WINDOWS\system32\winlogon.exe[840] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 10007440 c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll .text C:\WINDOWS\system32\services.exe[884] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 10007440 c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll .text C:\WINDOWS\system32\lsass.exe[896] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 10007440 c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll .text ... .text C:\Documents and Settings\All Users\Dane aplikacji\BitGuard\2.7.1832.68\{16cdff19-861d-48e3-a751-d99a27784753}\BitGuard.exe[1836] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10014200 C:\Documents and Settings\All Users\Dane aplikacji\BitGuard\2.7.1832.68\{16cdff19-861d-48e3-a751-d99a27784753}\BitGuard.dll .text C:\Documents and Settings\All Users\Dane aplikacji\BitGuard\2.7.1832.68\{16cdff19-861d-48e3-a751-d99a27784753}\BitGuard.exe[1836] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100143D0 C:\Documents and Settings\All Users\Dane aplikacji\BitGuard\2.7.1832.68\{16cdff19-861d-48e3-a751-d99a27784753}\BitGuard.dll .text C:\Documents and Settings\All Users\Dane aplikacji\BitGuard\2.7.1832.68\{16cdff19-861d-48e3-a751-d99a27784753}\BitGuard.exe[1836] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 10007440 C:\Documents and Settings\All Users\Dane aplikacji\BitGuard\2.7.1832.68\{16cdff19-861d-48e3-a751-d99a27784753}\BitGuard.dll .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe[1948] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 10007440 c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1984] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 10007440 c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll ? C:\WINDOWS\system32\svchost.exe[2080] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: dbghelp.dll .text C:\WINDOWS\system32\svchost.exe[2080] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 10007440 c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 60, F6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 63, F6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 60, F6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 61, F6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91CC7A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 62, F6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 61, F6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 62, F6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91CCEB .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 60, F6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91CE19 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 61, F6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 62, F6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 63, F6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2100] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 10007440 c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2500] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 10007440 c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll .text C:\Documents and Settings\x\dbupwj.exe[2720] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 10007440 c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3108] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 10007440 c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\Explorer.EXE[560] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExA] [1000F740] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\Explorer.EXE[560] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExW] [1000F7A0] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\Explorer.EXE[560] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!OpenProcess] [1000D120] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\Explorer.EXE[560] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryA] [1000F800] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\Explorer.EXE[560] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!TerminateProcess] [1000D170] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\Explorer.EXE[560] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryW] [1000F860] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\winlogon.exe[840] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!LoadLibraryW] [1000F860] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\winlogon.exe[840] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!TerminateProcess] [1000D170] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\winlogon.exe[840] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!OpenProcess] [1000D120] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\winlogon.exe[840] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!LoadLibraryExW] [1000F7A0] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\winlogon.exe[840] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!LoadLibraryA] [1000F800] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\winlogon.exe[840] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!LoadLibraryExA] [1000F740] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\winlogon.exe[840] @ C:\WINDOWS\system32\winlogon.exe [ntdll.dll!NtOpenFile] [1000FA10] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\winlogon.exe[840] @ C:\WINDOWS\system32\winlogon.exe [ntdll.dll!NtOpenKey] [10013170] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\winlogon.exe[840] @ C:\WINDOWS\system32\winlogon.exe [ntdll.dll!NtQueryValueKey] [10013020] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\winlogon.exe[840] @ C:\WINDOWS\system32\winlogon.exe [ntdll.dll!NtClose] [10013240] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\winlogon.exe[840] @ C:\WINDOWS\system32\winlogon.exe [ntdll.dll!NtSetValueKey] [10013090] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\winlogon.exe[840] @ C:\WINDOWS\system32\winlogon.exe [ntdll.dll!NtCreateKey] [10013100] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\services.exe[884] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!LoadLibraryA] [1000F800] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\services.exe[884] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!TerminateProcess] [1000D170] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\services.exe[884] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!LoadLibraryW] [1000F860] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\services.exe[884] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtCreateKey] [10013100] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\services.exe[884] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryValueKey] [10013020] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\services.exe[884] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtSetValueKey] [10013090] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\services.exe[884] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtDeleteValueKey] [10013320] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\services.exe[884] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtEnumerateKey] [10012F40] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\services.exe[884] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtOpenKey] [10013170] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\services.exe[884] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtDeleteKey] [100132C0] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\services.exe[884] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtSetInformationFile] [1000FBE0] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\services.exe[884] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryInformationFile] [1000D2A0] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\services.exe[884] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtDeleteFile] [1000FB80] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\services.exe[884] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtOpenFile] [1000FA10] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\services.exe[884] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryKey] [1000D260] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\services.exe[884] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtClose] [10013240] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\svchost.exe[1080] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000F7A0] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\svchost.exe[1080] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000F800] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\svchost.exe[1080] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!TerminateProcess] [1000D170] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\svchost.exe[1080] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] [10013170] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\svchost.exe[1080] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] [10013240] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\svchost.exe[1128] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000F7A0] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\svchost.exe[1128] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000F800] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\svchost.exe[1128] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!TerminateProcess] [1000D170] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\svchost.exe[1128] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] [10013170] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\svchost.exe[1128] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] [10013240] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\System32\svchost.exe[1168] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000F7A0] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\System32\svchost.exe[1168] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000F800] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\System32\svchost.exe[1168] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] [1000D170] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\System32\svchost.exe[1168] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [10013170] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\System32\svchost.exe[1168] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [10013240] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\svchost.exe[1200] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000F7A0] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\svchost.exe[1200] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000F800] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\svchost.exe[1200] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!TerminateProcess] [1000D170] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\svchost.exe[1200] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] [10013170] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\svchost.exe[1200] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] [10013240] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000F7A0] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000F800] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!TerminateProcess] [1000D170] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] [10013170] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] [10013240] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\svchost.exe[1320] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000F7A0] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\svchost.exe[1320] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000F800] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\svchost.exe[1320] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!TerminateProcess] [1000D170] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\svchost.exe[1320] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] [10013170] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\svchost.exe[1320] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] [10013240] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\svchost.exe[1448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000F7A0] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\svchost.exe[1448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000F800] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\svchost.exe[1448] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!TerminateProcess] [1000D170] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\svchost.exe[1448] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] [10013170] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\svchost.exe[1448] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] [10013240] c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 244C8D51 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 1BC82B04 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 23D0F7C0 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 25C48BC8 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] FFFFF000 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 0A72C83B IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 9459C18B IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [0489008B] C:\WINDOWS\system32\xpsp2res.dll IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 002DC324 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 85000010 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] E9E9EB00 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegCloseKey] 0000B00A IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 042474FF IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 00B063E8 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] D1D001C7 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrlenW] F6C30009 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalFree] 01042444 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentProcess] C7F18B56 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentThread] 09D1D006 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] 56077400 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 00B03BE8 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LCMapStringW] FF505608 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!FreeLibrary] 330C2474 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcpyW] B81FE8F6 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] C0850000 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpiW] 087E5959 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExitProcess] 15FF4650 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCommandLineW] [0009D190] C:\WINDOWS\system32\svchost.exe IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] C35EC68B IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcessHeap] 83EC8B55 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetErrorMode] 575318EC IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 4868DB33 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 890009D2 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 5D89F05D IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] 8815FFE8 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 680009D1 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetTickCount] [0009D238] C:\WINDOWS\system32\svchost.exe IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] FFEC4589 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] 09D07C15 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 3BF88B00 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!TerminateProcess] F47D89FB IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] C0330775 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalAlloc] 0000EAE9 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpW] 358B5600 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [0009D078] C:\WINDOWS\system32\svchost.exe IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtQuerySecurityObject] D6FF5700 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlFreeHeap] 09D21C68 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] 45895700 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscat] 68D6FFF8 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscpy] [0009D208] C:\WINDOWS\system32\svchost.exe IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlAllocateHeap] 8BF475FF IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] 39D6FFF8 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 840FF85D IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitializeSid] 000000AF IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 840FFB3B IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 000000A7 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] 840FC33B IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] 0000009F IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 51F04D8D IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] FFEC75FF IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetAce] 7415FFD0 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlImageNtHeader] 3B0009D0 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcslen] EC4589C3 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 008E840F IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCopySid] 88BE0000 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 15FF5053 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [0009D070] C:\WINDOWS\system32\svchost.exe IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] FB3BF88B IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 458D7A74 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerListen] 895750FC IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 55FFFC75 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [6FF883F8] C:\WINDOWS\system32\NETAPI32.dll IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 75FF1075 IAT C:\WINDOWS\system32\svchost.exe[2080] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] FF5357FC ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys ---- Processes - GMER 2.1 ---- Process C:\Documents and Settings\x\dbupwj.exe (*** hidden *** ) 2720 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFF 0xDA 0xEC 0x16 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA2 0xD8 0x9E 0xBF ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4A 0x35 0x28 0x97 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xA3 0x5C 0x4F 0x29 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFF 0xDA 0xEC 0x16 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA2 0xD8 0x9E 0xBF ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4A 0x35 0x28 0x97 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xA3 0x5C 0x4F 0x29 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesProcessed 72 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesSuccessful 58 ---- EOF - GMER 2.1 ----