GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-03-31 14:18:39 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 SAMSUNG_SP1604N rev.TM100-24 149,05GB Running: d7lgu6ys.exe; Driver: C:\DOCUME~1\Tomix\USTAWI~1\Temp\uxtdipod.sys ---- System - GMER 2.1 ---- SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwAddBootEntry [0xB7ADFB10] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xB7AE05EE] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwClose [0xB7B2443E] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateEvent [0xB7AEC5E0] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateEventPair [0xB7AEC62C] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xB7AEC7C6] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateKey [0xB7B23DF2] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateMutant [0xB7AEC54E] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateSection [0xB7AEC670] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xB7AEC596] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateThread [0xB7AE0B24] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateTimer [0xB7AEC780] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xB7AE13DC] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xB7ADFB76] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDeleteKey [0xB7B24B04] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xB7B24DBA] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDuplicateObject [0xB7AE4B58] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwEnumerateKey [0xB7B2496F] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xB7B247DA] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwLoadDriver [0xB7ADF75E] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xB7ADFBDC] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xB7AE4F4E] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xB7AE1E6C] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenEvent [0xB7AEC60A] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenEventPair [0xB7AEC64E] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xB7AEC7EA] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenKey [0xB7B2414E] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenMutant [0xB7AEC574] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenProcess [0xB7AE4452] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenSection [0xB7AEC6FE] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xB7AEC5BE] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenThread [0xB7AE483A] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenTimer [0xB7AEC7A4] SSDT \??\C:\WINDOWS\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xB7B950CC] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueryKey [0xB7B24655] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueryObject [0xB7AE1D38] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueryValueKey [0xB7B244A7] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueueApcThread [0xB7AE188E] SSDT \??\C:\WINDOWS\system32\drivers\aswSP.sys ZwRenameKey [0xB7BA2F22] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwRestoreKey [0xB7B23438] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xB7ADFC42] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetBootOptions [0xB7ADFCA8] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetContextThread [0xB7AE1256] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xB7ADF7F8] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xB7ADF9CE] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetValueKey [0xB7B24C0B] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwShutdownSystem [0xB7ADF95C] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSuspendProcess [0xB7AE15A6] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSuspendThread [0xB7AE1708] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xB7ADFA56] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwTerminateProcess [0xB7AE1094] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwTerminateThread [0xB7AE1236] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwVdmControl [0xB7ADFD0E] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xB7AE064A] INT 0x62 ? 89F0FBF8 INT 0x73 ? 89D55F00 INT 0x73 ? 89D55F00 INT 0x82 ? 89F0FBF8 INT 0x83 ? 89F0FBF8 INT 0x83 ? 89F0FBF8 INT 0x83 ? 89D55F00 INT 0x83 ? 89F0FBF8 INT 0xA4 ? 89D55F00 INT 0xB4 ? 89D55F00 ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!_abnormal_termination + 220 804E287C 4 Bytes [EA, C7, AE, B7] .text ntoskrnl.exe!_abnormal_termination + 398 804E29F4 12 Bytes [42, FC, AD, B7, A8, FC, AD, ...] .text ntoskrnl.exe!_abnormal_termination + 440 804E2A9C 12 Bytes [A6, 15, AE, B7, 08, 17, AE, ...] PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056B712 4 Bytes CALL B7AE2519 \??\C:\WINDOWS\system32\drivers\aswSnx.sys ? spqf.sys Nie można odnaleźć określonego pliku. ! .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xBA316360, 0x24BB1D, 0xE8000020] ? \Program Files\Alcohol Soft\Alcohol 120\alcoholx.dll Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\svchost.exe[288] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\System32\smss.exe[636] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[708] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[708] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[732] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[732] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\services.exe[776] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\services.exe[776] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[788] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[856] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[856] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\wscntfy.exe[928] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\wscntfy.exe[928] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[1152] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[1152] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1184] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1184] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1384] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1568] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1568] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1628] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1628] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1788] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2036] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2036] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Documents and Settings\Tomix\Pulpit\d7lgu6ys.exe[3508] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Documents and Settings\Tomix\Pulpit\d7lgu6ys.exe[3508] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\system32\services.exe[776] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[776] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 89F0E1F8 Device \FileSystem\Fastfat \FatCdrom 89A3E1F8 AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys Device \Driver\PCI_PNP3752 \Device\00000040 spqf.sys Device \Driver\PCI_PNP3752 \Device\00000040 spqf.sys Device \Driver\usbuhci \Device\USBPDO-0 89D531F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 89EA31F8 Device \Driver\dmio \Device\DmControl\DmConfig 89EA31F8 Device \Driver\dmio \Device\DmControl\DmPnP 89EA31F8 Device \Driver\dmio \Device\DmControl\DmInfo 89EA31F8 Device \Driver\usbuhci \Device\USBPDO-1 89D531F8 Device \Driver\usbuhci \Device\USBPDO-2 89D531F8 Device \Driver\usbuhci \Device\USBPDO-3 89D531F8 Device \Driver\usbehci \Device\USBPDO-4 89D261F8 AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys Device \Driver\Ftdisk \Device\HarddiskVolume1 89F101F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 89F101F8 Device \Driver\Cdrom \Device\CdRom0 89D6C1F8 Device \Driver\Ftdisk \Device\HarddiskVolume3 89F101F8 Device \Driver\atapi \Device\Ide\IdePort0 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-24 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\Cdrom \Device\CdRom1 89D6C1F8 Device \Driver\Ftdisk \Device\HarddiskVolume4 89F101F8 Device \Driver\Cdrom \Device\CdRom2 89D6C1F8 Device \Driver\Ftdisk \Device\HarddiskVolume5 89F101F8 Device \Driver\Ftdisk \Device\HarddiskVolume6 89F101F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 89AD6500 Device \Driver\NetBT \Device\NetbiosSmb 89AD6500 Device \Driver\NetBT \Device\NetBT_Tcpip_{FFC0CBD6-B224-4915-A5B1-AAFEFBF323B8} 89AD6500 AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys Device \Driver\usbuhci \Device\USBFDO-0 89D531F8 Device \Driver\sptd \Device\292743752 spqf.sys Device \Driver\usbuhci \Device\USBFDO-1 89D531F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89AB51F8 Device \Driver\usbuhci \Device\USBFDO-2 89D531F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 89AB51F8 Device \Driver\usbuhci \Device\USBFDO-3 89D531F8 Device \Driver\usbehci \Device\USBFDO-4 89D261F8 Device \Driver\Ftdisk \Device\FtControl 89F101F8 Device \Driver\adzrg48i \Device\Scsi\adzrg48i1 89D071F8 Device \Driver\adzrg48i \Device\Scsi\adzrg48i1Port4Path0Target0Lun0 89D071F8 Device \FileSystem\Fastfat \Fat 89A3E1F8 AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys Device \FileSystem\Cdfs \Cdfs 8987D1F8 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spqf.sys >>UNKNOWN [0x89ec3938]<< 89ec3938 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89e6cab8] 89e6cab8 Trace 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\0000005e[0x89f19248] 89f19248 Trace 5 ACPI.sys[f7494620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x89e51d98] 89e51d98 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 4105 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE5 0xD0 0xCF 0x2B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 F:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x6B 0x4E 0xE1 0x5D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xD3 0x82 0x8C 0x3D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FFC0CBD6-B224-4915-A5B1-AAFEFBF323B8}@LeaseObtainedTime 1396244631 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FFC0CBD6-B224-4915-A5B1-AAFEFBF323B8}@T1 1396248231 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FFC0CBD6-B224-4915-A5B1-AAFEFBF323B8}@T2 1396250931 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FFC0CBD6-B224-4915-A5B1-AAFEFBF323B8}@LeaseTerminatesTime 1396251831 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FFC0CBD6-B224-4915-A5B1-AAFEFBF323B8}@DhcpRetryTime 3596 Reg HKLM\SYSTEM\CurrentControlSet\Services\{FFC0CBD6-B224-4915-A5B1-AAFEFBF323B8}\Parameters\Tcpip@LeaseObtainedTime 1396244631 Reg HKLM\SYSTEM\CurrentControlSet\Services\{FFC0CBD6-B224-4915-A5B1-AAFEFBF323B8}\Parameters\Tcpip@T1 1396248231 Reg HKLM\SYSTEM\CurrentControlSet\Services\{FFC0CBD6-B224-4915-A5B1-AAFEFBF323B8}\Parameters\Tcpip@T2 1396250931 Reg HKLM\SYSTEM\CurrentControlSet\Services\{FFC0CBD6-B224-4915-A5B1-AAFEFBF323B8}\Parameters\Tcpip@LeaseTerminatesTime 1396251831 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE5 0xD0 0xCF 0x2B ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 F:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x6B 0x4E 0xE1 0x5D ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xD3 0x82 0x8C 0x3D ... ---- EOF - GMER 2.1 ----