GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-09-28 15:50:15 Windows 6.2.9200 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 KINGSTON_SV300S37A120G rev.521ABBF0 111,79GB Running: gmer.exe; Driver: C:\Users\Komputronik\AppData\Local\Temp\pxldrpoc.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff9600009fd00 15 bytes [00, 2E, F7, 01, 80, FC, 6F, ...] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 16 fffff9600009fd10 11 bytes [00, F8, FB, FF, 00, 09, C3, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Arcabit\ArcaVir\AVMenu.exe[3304] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe32e4169a 4 bytes [E4, 32, FE, 7F] .text C:\Program Files\Arcabit\ArcaVir\AVMenu.exe[3304] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe32e416a2 4 bytes [E4, 32, FE, 7F] .text C:\Program Files\Arcabit\ArcaVir\AVMenu.exe[3304] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe32e4181a 4 bytes [E4, 32, FE, 7F] .text C:\Program Files\Arcabit\ArcaVir\AVMenu.exe[3304] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe32e41832 4 bytes [E4, 32, FE, 7F] ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [544:564] fffff9600084db90 Thread C:\Windows\System32\SettingSyncHost.exe [1960:3956] 00007ffe2a206da0 ---- Processes - GMER 2.1 ---- Library C:\Program Files (x86)\Google\Update\Install\{784245AE-AF8C-476C-A71A-8A2B4ADA9E86}\37.0.2062.124_chrome_installer.exe (*** suspicious ***) @ C:\Program Files (x86)\Google\Update\Install\{784245AE-AF8C-476C-A71A-8A2B4ADA9E86}\37.0.2062.124_chrome_installer.exe 0000000000400000 Process C:\Users\Komputronik\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe (*** suspicious ***) @ C:\Users\Komputronik\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe [4532](2014-01-28 16:36:04) 0000000000400000 ---- Services - GMER 2.1 ---- Service System32\drivers\dtsoftbus01.sys (*** hidden *** ) [SYSTEM] dtsoftbus01 <-- ROOTKIT !!! ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations \??\C:\Windows\TEMP\37.0.2062.124_chrome_installer.exe216f920?? Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 990690460 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01@Tag 88 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01@ImagePath \SystemRoot\System32\drivers\dtsoftbus01.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01@DisplayName @oem16.inf,%DTSoftBus.SVCDESC%;DAEMON Tools Virtual Bus Driver Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01@Group SCSI Miniport Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01@Owners oem16.inf? Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01@mask 0x5F 0x0F 0x83 0xFD ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01@AdapterStatus 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01@client 0x41 0x3B 0x13 0x40 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit0 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit0@data 0xE6 0xEB 0xB3 0x3C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit1 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit1@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit10 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit10@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit100 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit100@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit101 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit101@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit102 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit102@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit103 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit103@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit104 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit104@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit105 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit105@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit106 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit106@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit107 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit107@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit108 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit108@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit109 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit109@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit11 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit11@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit110 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit110@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit111 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit111@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit112 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit112@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit113 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit113@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit114 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit114@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit115 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit115@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit116 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit116@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit117 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit117@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit118 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit118@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit119 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit119@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit12 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit12@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit120 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit120@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit121 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit121@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit122 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit122@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit123 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit123@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit124 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit124@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit125 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit125@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit126 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit126@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit13 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit13@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit14 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit14@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit15 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit15@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit16 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit16@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit17 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit17@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit18 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit18@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit19 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit19@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit2 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit2@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit20 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit20@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit21 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit21@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit22 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit22@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit23 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit23@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit24 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit24@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit25 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit25@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit26 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit26@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit27 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit27@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit28 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit28@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit29 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit29@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit3 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit3@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit30 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit30@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit31 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit31@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit32 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit32@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit33 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit33@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit34 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit34@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit35 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit35@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit36 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit36@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit37 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit37@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit38 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit38@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit39 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit39@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit4 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit4@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit40 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit40@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit41 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit41@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit42 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit42@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit43 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit43@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit44 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit44@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit45 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit45@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit46 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit46@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit47 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit47@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit48 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit48@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit49 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit49@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit5 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit5@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit50 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit50@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit51 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit51@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit52 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit52@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit53 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit53@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit54 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit54@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit55 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit55@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit56 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit56@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit57 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit57@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit58 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit58@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit59 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit59@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit6 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit6@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit60 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit60@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit61 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit61@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit62 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit62@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit63 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit63@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit64 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit64@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit65 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit65@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit66 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit66@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit67 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit67@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit68 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit68@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit69 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit69@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit7 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit7@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit70 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit70@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit71 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit71@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit72 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit72@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit73 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit73@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit74 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit74@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit75 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit75@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit76 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit76@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit77 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit77@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit78 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit78@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit79 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit79@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit8 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit8@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit80 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit80@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit81 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit81@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit82 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit82@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit83 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit83@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit84 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit84@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit85 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit85@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit86 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit86@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit87 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit87@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit88 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit88@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit89 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit89@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit9 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit9@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit90 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit90@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit91 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit91@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit92 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit92@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit93 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit93@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit94 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit94@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit95 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit95@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit96 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit96@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit97 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit97@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit98 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit98@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit99 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit99@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{b648f8c3-ce95-11e3-825e-448a5b63aee6} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{b648f8c3-ce95-11e3-825e-448a5b63aee6}@Drive Type 1048593 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{b648f8c3-ce95-11e3-825e-448a5b63aee6}@IsImapiDataBurnSupported 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\StagingInfo\Volume{b648f8c3-ce95-11e3-825e-448a5b63aee6}@Active 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ape\OpenWithProgids@DAEMON.Tools.Lite Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ape\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice@Hash M/JCTxuU5Ls= Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice@ProgId Microsoft.PhotoManager.imagetype Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ccd\OpenWithProgids@DAEMON.Tools.Lite Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ccd\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice@Hash 5nbaYjXKiuE= Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice@ProgId Microsoft.PhotoManager.imagetype Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice@Hash Wvh3NaYF45A= Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice@ProgId Microsoft.PhotoManager.imagetype Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice@Hash +7LcQsuHymo= Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice@ProgId Microsoft.PhotoManager.imagetype Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\OpenWithProgids@DAEMON.Tools.Lite Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso\OpenWithProgids@DAEMON.Tools.Lite Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso\UserChoice@Hash 8FyDUupDrkg= Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso\UserChoice@ProgId DAEMON.Tools.Lite Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice@Hash IguvFa7PWH0= Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice@ProgId Microsoft.PhotoManager.imagetype Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice@Hash OQyh5b+e3k4= Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice@ProgId Microsoft.PhotoManager.imagetype Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice@Hash tqFN1iiE9BQ= Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice@ProgId Microsoft.PhotoManager.imagetype Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice@Hash Qxn/eWtw52E= Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice@ProgId Microsoft.PhotoManager.imagetype Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice@Hash o9QmuNO6/R4= Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice@ProgId Microsoft.PhotoManager.imagetype Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice@Hash bbJ0JerUM9k= Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice@ProgId Microsoft.PhotoManager.imagetype Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice@Hash Ib1nmlYd01U= Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice@ProgId Microsoft.PhotoManager.imagetype Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice@Hash XnZJMpAMcF0= Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice@ProgId Microsoft.PhotoManager.imagetype Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice@Hash RIwzOcpg6nY= Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice@ProgId Microsoft.PhotoManager.imagetype Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice@Hash g+0dr0Djmv0= Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice@ProgId Microsoft.PhotoManager.imagetype Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice@Hash tJlBQ1x66R0= Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice@ProgId Microsoft.PhotoManager.imagetype Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice@Hash A+OaRdSqySw= Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice@ProgId Microsoft.PhotoManager.imagetype Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@DAEMON Tools Lite "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun ---- EOF - GMER 2.1 ----