GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-11-02 18:32:51 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3320613AS rev.SD11 298,09GB Running: ko3hffgk.exe; Driver: C:\Users\oem\AppData\Local\Temp\uwldapow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x92278BA6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x92279684] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x922856F8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x92285744] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x922858DE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x92285666] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x9232FDF0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x922856AE] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThread [0x92330080] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x92285898] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x9227A472] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x92278C0C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0x9227DC68] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0x922787F8] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x9232FED0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x92278C72] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x9227E05E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x9227AF5A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x92285722] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x92285766] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x92285902] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x9228568C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x9227D560] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x92285816] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x922856D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x9227D94C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x922858BC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x9232FC6E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x9227ADCE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0x9227A924] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x92278CD8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x92278D3E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x9232FFCC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x92278892] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x92278A64] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x922789F2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x9227A63C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x9227A79E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x92278AEC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x9232FD3C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x9227A2CC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x92278DA4] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwWriteVirtualMemory [0x9232FBA0] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThreadEx [0x9233016A] INT 0x51 ? 86AB9CB8 INT 0x51 ? 87921F00 INT 0x51 ? 86AB9CB8 INT 0x62 ? 87921F00 INT 0x82 ? 87921F00 INT 0x82 ? 87921F00 INT 0x82 ? 87921F00 INT 0x82 ? 87921F00 INT 0x92 ? 87921F00 INT 0xA2 ? 86ABACB8 INT 0xA2 ? 86ABACB8 INT 0xA2 ? 86ABACB8 INT 0xA2 ? 86ABACB8 INT 0xA2 ? 87921F00 INT 0xA2 ? 86ABACB8 ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetEvent + 10D 832E9758 4 Bytes [A6, 8B, 27, 92] {CMPSB ; MOV ESP, [EDI]; XCHG EDX, EAX} .text ntkrnlpa.exe!KeSetEvent + 191 832E97DC 4 Bytes [84, 96, 27, 92] .text ntkrnlpa.exe!KeSetEvent + 1D1 832E981C 8 Bytes [F8, 56, 28, 92, 44, 57, 28, ...] {CLC ; PUSH ESI; SUB [EDX-0x6dd7a8bc], DL} .text ntkrnlpa.exe!KeSetEvent + 1DD 832E9828 4 Bytes [DE, 58, 28, 92] {FICOMP WORD [EAX+0x28]; XCHG EDX, EAX} .text ntkrnlpa.exe!KeSetEvent + 1F5 832E9840 4 Bytes [66, 56, 28, 92] .text ... PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 8347700F 2 Bytes CALL 9227B641 \SystemRoot\system32\drivers\aswSnx.sys PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 113 83477012 1 Byte [0E] PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 8347AC83 2 Bytes CALL 9227B657 \SystemRoot\system32\drivers\aswSnx.sys PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 124 8347AC86 1 Byte [0E] .sptd1 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0x8074F774] .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA3454300, 0x3AE88, 0xE8000020] .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA3497300, 0x1B7E, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[612] KERNEL32.dll!GetBinaryTypeW + 70 7724252F 1 Byte [62] .text C:\Windows\system32\wininit.exe[664] kernel32.dll!GetBinaryTypeW + 70 7724252F 1 Byte [62] .text C:\Windows\system32\csrss.exe[676] KERNEL32.dll!GetBinaryTypeW + 70 7724252F 1 Byte [62] .text C:\Windows\system32\services.exe[708] kernel32.dll!GetBinaryTypeW + 70 7724252F 1 Byte [62] .text C:\Windows\system32\lsass.exe[724] kernel32.dll!GetBinaryTypeW + 70 7724252F 1 Byte [62] .text ... .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1740] kernel32.dll!SetUnhandledExceptionFilter 7721A9BD 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1740] kernel32.dll!GetBinaryTypeW + 70 7724252F 1 Byte [62] .text C:\Windows\ehome\ehtray.exe[1828] kernel32.dll!GetBinaryTypeW + 70 7724252F 1 Byte [62] .text C:\Windows\system32\svchost.exe[1872] kernel32.dll!GetBinaryTypeW + 70 7724252F 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[2008] kernel32.dll!GetBinaryTypeW + 70 7724252F 1 Byte [62] .text C:\Windows\system32\svchost.exe[2032] kernel32.dll!GetBinaryTypeW + 70 7724252F 1 Byte [62] .text ... .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3832] kernel32.dll!SetUnhandledExceptionFilter 7721A9BD 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3832] kernel32.dll!GetBinaryTypeW + 70 7724252F 1 Byte [62] .text C:\Program Files\Windows Media Player\wmplayer.exe[3900] kernel32.dll!GetBinaryTypeW + 70 7724252F 1 Byte [62] .text C:\Windows\system32\svchost.exe[3940] kernel32.dll!GetBinaryTypeW + 70 7724252F 1 Byte [62] .text C:\Windows\system32\conime.exe[4524] kernel32.dll!GetBinaryTypeW + 70 7724252F 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[5756] ntdll.dll!LdrLoadDll 77359378 5 Bytes JMP 6C721F43 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5756] ntdll.dll!LdrUnloadDll 7736B680 5 Bytes JMP 000603FC .text C:\Program Files\Mozilla Firefox\firefox.exe[5756] ntdll.dll!NtCreateFile 77394264 5 Bytes JMP 5A68A790 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5756] ntdll.dll!NtFlushBuffersFile 77394764 5 Bytes JMP 5A66EF64 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5756] ntdll.dll!NtQueryFullAttributesFile 77394C94 5 Bytes JMP 5A66EC80 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5756] ntdll.dll!NtReadFile 77394EC4 5 Bytes JMP 5A66EE60 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5756] ntdll.dll!NtReadFileScatter 77394ED4 5 Bytes JMP 5AFB64C0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5756] ntdll.dll!NtWriteFile 773954D4 5 Bytes JMP 5A68B690 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5756] ntdll.dll!NtWriteFileGather 773954E4 5 Bytes JMP 5AFB646F C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5756] KERNEL32.dll!HeapSetInformation + 26 7721A9B8 7 Bytes JMP 5A687374 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5756] KERNEL32.dll!LockResource + C 77236BD3 7 Bytes JMP 5AF1D001 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5756] KERNEL32.dll!VirtualAllocEx + 54 7723B030 7 Bytes JMP 5AF1D024 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5756] KERNEL32.dll!GetBinaryTypeW + 70 7724252F 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[5756] USER32.dll!GetWindowInfo 769A428E 5 Bytes JMP 5AE23388 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5756] GDI32.dll!SetStretchBltMode + 256 76FE745C 7 Bytes JMP 5AF1CF82 C:\Program Files\Mozilla Firefox\xul.dll ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[2132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74327817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[2132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7436B4F1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[2132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7432BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[2132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7431F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[2132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [743275E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[2132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7431E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[2132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [743573F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[2132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7432DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[2132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7431FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[2132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7431FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[2132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [743171CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[2132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [743ACB12] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[2132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7434C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[2132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7431D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[2132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74316853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[2132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7431687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll IAT C:\Windows\Explorer.EXE[2132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74322AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_9e59a14eca0fa8de\gdiplus.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 86AC21F8 Device \FileSystem\fastfat \FatCdrom 866771F8 Device \Driver\usbuhci \Device\USBPDO-0 87901440 Device \Driver\usbuhci \Device\USBPDO-1 87901440 Device \Driver\usbuhci \Device\USBPDO-2 87901440 Device \Driver\usbehci \Device\USBPDO-3 87977440 Device \Driver\usbuhci \Device\USBPDO-4 87901440 AttachedDevice \Driver\tdx \Device\Tcp aswTdi.sys Device \Driver\usbuhci \Device\USBPDO-5 87901440 Device \Driver\USBSTOR \Device\00000070 884101F8 Device \Driver\usbuhci \Device\USBPDO-6 87901440 Device \Driver\USBSTOR \Device\00000071 884101F8 Device \Driver\usbehci \Device\USBPDO-7 87977440 Device \Driver\USBSTOR \Device\00000072 884101F8 Device \Driver\cdrom \Device\CdRom0 87AC21F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 86AC01F8 Device \Driver\atapi \Device\Ide\IdePort0 86AC01F8 Device \Driver\atapi \Device\Ide\IdePort1 86AC01F8 Device \Driver\atapi \Device\Ide\IdePort2 86AC01F8 Device \Driver\atapi \Device\Ide\IdePort3 86AC01F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 86AC01F8 Device \Driver\netbt \Device\NetBt_Wins_Export 883A31F8 Device \Driver\Smb \Device\NetbiosSmb 882E41F8 Device \Driver\netbt \Device\NetBT_Tcpip_{64D08EAE-5C36-42BF-BF13-B6DB21E3B9F0} 883A31F8 Device \Driver\iScsiPrt \Device\RaidPort0 87AAE1F8 AttachedDevice \Driver\tdx \Device\Udp aswTdi.sys Device \Driver\usbuhci \Device\USBFDO-0 87901440 Device \Driver\USBSTOR \Device\0000006d 884101F8 Device \Driver\usbuhci \Device\USBFDO-1 87901440 Device \Driver\usbuhci \Device\USBFDO-2 87901440 Device \Driver\USBSTOR \Device\0000006f 884101F8 Device \Driver\usbehci \Device\USBFDO-3 87977440 Device \Driver\usbuhci \Device\USBFDO-4 87901440 Device \Driver\usbuhci \Device\USBFDO-5 87901440 Device \Driver\usbuhci \Device\USBFDO-6 87901440 Device \Driver\usbehci \Device\USBFDO-7 87977440 Device \Driver\mv61xx \Device\Scsi\mv61xx1Port4Path0Target14Lun0 86AC11F8 Device \Driver\mv61xx \Device\Scsi\mv61xx1 86AC11F8 Device \FileSystem\fastfat \Fat 866771F8 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys Device \FileSystem\cdfs \Cdfs 865E21F8 ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x86ac01f8]<< 86ac01f8 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d8b968] 86d8b968 Trace 3 CLASSPNP.SYS[8c3a28b3] -> nt!IofCallDriver -> [0x86ae1918] 86ae1918 Trace 5 acpi.sys[807736bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86ac7b98] 86ac7b98 Trace \Driver\atapi[0x86af2a48] -> IRP_MJ_CREATE -> 0x86ac01f8 86ac01f8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x21 0xDF 0x76 0x13 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 H:\Ja\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF9 0x2F 0xC2 0x12 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x21 0xDF 0x76 0x13 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xE5 0x7C 0x68 0xD5 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x8C 0x0E 0x6A 0xE9 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF9 0x2F 0xC2 0x12 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x21 0xDF 0x76 0x13 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xE5 0x7C 0x68 0xD5 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x8C 0x0E 0x6A 0xE9 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF9 0x2F 0xC2 0x12 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x21 0xDF 0x76 0x13 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xE5 0x7C 0x68 0xD5 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x8C 0x0E 0x6A 0xE9 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF9 0x2F 0xC2 0x12 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x21 0xDF 0x76 0x13 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xE5 0x7C 0x68 0xD5 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x8C 0x0E 0x6A 0xE9 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF9 0x2F 0xC2 0x12 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x21 0xDF 0x76 0x13 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xE5 0x7C 0x68 0xD5 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x8C 0x0E 0x6A 0xE9 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF9 0x2F 0xC2 0x12 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x21 0xDF 0x76 0x13 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xE5 0x7C 0x68 0xD5 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x8C 0x0E 0x6A 0xE9 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF9 0x2F 0xC2 0x12 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x21 0xDF 0x76 0x13 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xE5 0x7C 0x68 0xD5 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x8C 0x0E 0x6A 0xE9 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF9 0x2F 0xC2 0x12 ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x21 0xDF 0x76 0x13 ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xE5 0x7C 0x68 0xD5 ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x8C 0x0E 0x6A 0xE9 ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF9 0x2F 0xC2 0x12 ... Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x21 0xDF 0x76 0x13 ... Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 H:\Ja\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF9 0x2F 0xC2 0x12 ... ---- EOF - GMER 2.1 ----