GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-10-10 13:08:00 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GC00 298,09GB Running: 405oflti.exe; Driver: C:\Users\user2\AppData\Local\Temp\kgldipob.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80003deb000 63 bytes [00, 00, 15, 02, 46, 69, 6C, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 592 fffff80003deb040 1 byte [01] .text C:\Windows\system32\drivers\USBPORT.SYS!DllUnload fffff880063b1d8c 12 bytes {MOV RAX, 0xfffffa8006e6a2a0; JMP RAX} ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[708] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c2ef8d 1 byte [62] .text C:\Windows\system32\services.exe[764] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c2ef8d 1 byte [62] .text C:\Windows\system32\winlogon.exe[880] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c2ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[120] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c2ef8d 1 byte [62] .text C:\Windows\system32\atiesrxx.exe[340] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c2ef8d 1 byte [62] .text C:\Windows\System32\svchost.exe[840] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c2ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[1068] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c2ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[1252] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c2ef8d 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c2ef8d 1 byte [62] .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1816] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076508791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1816] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007652a2fd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75] .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75] .text ... * 2 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2092] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007652a2fd 1 byte [62] .text C:\Windows\system32\taskhost.exe[2124] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c2ef8d 1 byte [62] .text C:\Windows\SysWOW64\svchost.exe[2688] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007652a2fd 1 byte [62] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2720] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c2ef8d 1 byte [62] .text C:\ProgramData\DatacardService\DCSHelper.exe[2768] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007652a2fd 1 byte [62] .text C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe[2936] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007652a2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2956] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007652a2fd 1 byte [62] .text C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe[2456] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076c2ef8d 1 byte [62] .text C:\Windows\system32\TODDSrv.exe[2540] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c2ef8d 1 byte [62] .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[3040] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c2ef8d 1 byte [62] .text C:\Program Files\TOSHIBA\TECO\TecoService.exe[396] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c2ef8d 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[308] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007652a2fd 1 byte [62] .text C:\Windows\explorer.exe[3808] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c2ef8d 1 byte [62] .text C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[4068] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076c2ef8d 1 byte [62] .text C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe[3672] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c2ef8d 1 byte [62] .text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3660] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c2ef8d 1 byte [62] .text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3196] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c2ef8d 1 byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2644] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c2ef8d 1 byte [62] .text C:\Program Files\TOSHIBA\TECO\Teco.exe[2780] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c2ef8d 1 byte [62] .text C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe[3608] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c2ef8d 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3892] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c2ef8d 1 byte [62] .text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[4312] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007652a2fd 1 byte [62] .text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[4312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75] .text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[4312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75] .text ... * 2 .text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[4392] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007652a2fd 1 byte [62] .text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[4392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75] .text C:\Users\user\AppData\Local\Akamai\netsession_win.exe[4392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4540] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007652a2fd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4684] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076508791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4684] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007652a2fd 1 byte [62] .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[3048] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c2ef8d 1 byte [62] .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[3228] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007652a2fd 1 byte [62] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c2ef8d 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4800] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007652a2fd 1 byte [62] .text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[5500] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c2ef8d 1 byte [62] .text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[5548] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c2ef8d 1 byte [62] .text C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe[5720] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c2ef8d 1 byte [62] .text C:\Program Files (x86)\Framed Display\bin\utilFramedDisplay.exe[5424] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007652a2fd 1 byte [62] .text C:\Program Files (x86)\Framed Display\bin\utilFramedDisplay.exe[5424] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75] .text C:\Program Files (x86)\Framed Display\bin\utilFramedDisplay.exe[5424] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75] .text ... * 2 .text C:\Program Files (x86)\Framed Display\updateFramedDisplay.exe[2416] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007652a2fd 1 byte [62] .text C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BOASHelper.exe[5708] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007652a2fd 1 byte [62] .text C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter.exe[4636] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007652a2fd 1 byte [62] .text C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter.exe[4636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75] .text C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter.exe[4636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75] .text ... * 2 .text C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BrowserAdapter64.exe[2880] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c2ef8d 1 byte [62] .text C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BOASPRT.exe[5984] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007652a2fd 1 byte [62] .text C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BOASPRT.exe[5984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75] .text C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BOASPRT.exe[5984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75] .text ... * 2 .text C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BOAS.exe[5740] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007652a2fd 1 byte [62] .text C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BOAS.exe[5740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75] .text C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BOAS.exe[5740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75] .text ... * 2 .text C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BOASPRT.exe[4572] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007652a2fd 1 byte [62] .text C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BOASPRT.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75] .text C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BOASPRT.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75] .text ... * 2 .text C:\Program Files (x86)\Framed Display\bin\FramedDisplay.BOAS.exe[4612] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007652a2fd 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1524] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007652a2fd 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75] .text ... * 2 .text C:\Users\user\Desktop\405oflti.exe[1120] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007652a2fd 1 byte [62] ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff880010920c0] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88001091e4c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff88001092838] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88001091600] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff88001092a8c] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.1 ---- Device \Driver\ahinvdje \Device\Scsi\ahinvdje1Port1Path0Target1Lun0 fffffa8006e142c0 Device \Driver\ahinvdje \Device\Scsi\ahinvdje1 fffffa8006e142c0 Device \Driver\ahinvdje \Device\Scsi\ahinvdje1Port1Path0Target0Lun0 fffffa8006e142c0 Device \FileSystem\Ntfs \Ntfs fffffa800485b2c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa8006e6c2c0 Device \Driver\cdrom \Device\CdRom0 fffffa8006c812c0 Device \Driver\cdrom \Device\CdRom1 fffffa8006c812c0 Device \Driver\cdrom \Device\CdRom2 fffffa8006c812c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa8006e6c2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{B238880D-8335-4588-9A9A-F180838B92CE} fffffa8006cc02c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa8006e6c2c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8006cc02c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{46628AD5-1D03-46A3-8B28-E5CDE7D96071} fffffa8006cc02c0 Device \Driver\ahinvdje \Device\ScsiPort1 fffffa8006e142c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa8006e6c2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{8BD51B32-005A-448F-93A9-B7258CDBDFCC} fffffa8006cc02c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\ahinvdje.SYS fffff88006110000-fffff88006155000 (282624 bytes) ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [1492:5388] 000007fef1be9688 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5056:1888] 000007fefae12bf8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x00 0xDD 0x10 0x25 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCF 0x16 0xEA 0x77 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x58 0x1B 0x2C 0xAA ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x64 0x66 0x16 0xED ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x60 0x12 0xF8 0x62 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x00 0xDD 0x10 0x25 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCF 0x16 0xEA 0x77 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x58 0x1B 0x2C 0xAA ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x64 0x66 0x16 0xED ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x60 0x12 0xF8 0x62 ... ---- EOF - GMER 2.1 ----