GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-16 22:49:02 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000067 ST950032 rev.0002 465,76GB Running: gmer.exe; Driver: C:\Users\MICHA&~1\AppData\Local\Temp\fxldrpoc.sys ---- User code sections - GMER 2.1 ---- .text C:\ProgramData\{d0ddc317-1050-f890-d0dd-dc3171050c5c}\SLIC ToolKit V3.2.exe[2452] C:\Windows\syswow64\kernel32.dll!CreateEventA + 8 0000000076a43254 7 bytes JMP 0000000100db1ed0 .text C:\ProgramData\{d0ddc317-1050-f890-d0dd-dc3171050c5c}\SLIC ToolKit V3.2.exe[2452] C:\Windows\syswow64\kernel32.dll!lstrcmpW + 30 0000000076a4590f 7 bytes JMP 0000000100db2140 .text C:\ProgramData\{d0ddc317-1050-f890-d0dd-dc3171050c5c}\SLIC ToolKit V3.2.exe[2452] C:\Windows\syswow64\kernel32.dll!LoadResource + 8 0000000076a4591c 7 bytes JMP 0000000100db2860 .text C:\ProgramData\{d0ddc317-1050-f890-d0dd-dc3171050c5c}\SLIC ToolKit V3.2.exe[2452] C:\Windows\syswow64\kernel32.dll!LockResource + 19 0000000076a45934 7 bytes JMP 0000000100db1000 .text C:\ProgramData\{d0ddc317-1050-f890-d0dd-dc3171050c5c}\SLIC ToolKit V3.2.exe[2452] C:\Windows\syswow64\kernel32.dll!GetLocalTime + 30 0000000076a45a8c 7 bytes JMP 0000000100db2b10 .text C:\ProgramData\{d0ddc317-1050-f890-d0dd-dc3171050c5c}\SLIC ToolKit V3.2.exe[2452] C:\Windows\syswow64\kernel32.dll!GetQueuedCompletionStatus + 19 0000000076a5d3a6 7 bytes JMP 0000000100db3250 .text C:\ProgramData\{d0ddc317-1050-f890-d0dd-dc3171050c5c}\SLIC ToolKit V3.2.exe[2452] C:\Windows\syswow64\KERNELBASE.dll!SetEndOfFile + 152 000000007539c850 7 bytes JMP 0000000100e2bc90 .text C:\ProgramData\{d0ddc317-1050-f890-d0dd-dc3171050c5c}\SLIC ToolKit V3.2.exe[2452] C:\Windows\syswow64\KERNELBASE.dll!GetFileType + 218 000000007539dc45 7 bytes JMP 0000000100e2b630 .text C:\ProgramData\{d0ddc317-1050-f890-d0dd-dc3171050c5c}\SLIC ToolKit V3.2.exe[2452] C:\Windows\syswow64\KERNELBASE.dll!UnlockFile + 103 000000007539dff3 7 bytes JMP 0000000100e2c630 .text C:\ProgramData\{d0ddc317-1050-f890-d0dd-dc3171050c5c}\SLIC ToolKit V3.2.exe[2452] C:\Windows\syswow64\KERNELBASE.dll!CreateFileMappingNumaW + 298 000000007539e826 7 bytes JMP 0000000100e2ccb0 .text C:\ProgramData\{d0ddc317-1050-f890-d0dd-dc3171050c5c}\SLIC ToolKit V3.2.exe[2452] C:\Windows\syswow64\KERNELBASE.dll!UnmapViewOfFile + 81 000000007539eb2c 7 bytes JMP 0000000100e2d2a0 .text C:\ProgramData\{d0ddc317-1050-f890-d0dd-dc3171050c5c}\SLIC ToolKit V3.2.exe[2452] C:\Windows\syswow64\KERNELBASE.dll!SetFileInformationByHandle + 168 00000000753ac294 7 bytes JMP 0000000100e2a9b0 .text C:\ProgramData\{d0ddc317-1050-f890-d0dd-dc3171050c5c}\SLIC ToolKit V3.2.exe[2452] C:\Windows\syswow64\OLEAUT32.dll!LoadTypeLibEx + 742 0000000074a91d45 7 bytes JMP 0000000100e2a960 .text C:\ProgramData\{d0ddc317-1050-f890-d0dd-dc3171050c5c}\SLIC ToolKit V3.2.exe[2452] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076771401 2 bytes JMP 76a6b21b C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\{d0ddc317-1050-f890-d0dd-dc3171050c5c}\SLIC ToolKit V3.2.exe[2452] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076771419 2 bytes JMP 76a6b346 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\{d0ddc317-1050-f890-d0dd-dc3171050c5c}\SLIC ToolKit V3.2.exe[2452] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076771431 2 bytes JMP 76ae8ea9 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\{d0ddc317-1050-f890-d0dd-dc3171050c5c}\SLIC ToolKit V3.2.exe[2452] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007677144a 2 bytes CALL 76a448ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\ProgramData\{d0ddc317-1050-f890-d0dd-dc3171050c5c}\SLIC ToolKit V3.2.exe[2452] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000767714dd 2 bytes JMP 76ae87a2 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\{d0ddc317-1050-f890-d0dd-dc3171050c5c}\SLIC ToolKit V3.2.exe[2452] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000767714f5 2 bytes JMP 76ae8978 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\{d0ddc317-1050-f890-d0dd-dc3171050c5c}\SLIC ToolKit V3.2.exe[2452] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007677150d 2 bytes JMP 76ae8698 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\{d0ddc317-1050-f890-d0dd-dc3171050c5c}\SLIC ToolKit V3.2.exe[2452] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076771525 2 bytes JMP 76ae8a62 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\{d0ddc317-1050-f890-d0dd-dc3171050c5c}\SLIC ToolKit V3.2.exe[2452] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007677153d 2 bytes JMP 76a5fca8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\{d0ddc317-1050-f890-d0dd-dc3171050c5c}\SLIC ToolKit V3.2.exe[2452] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076771555 2 bytes JMP 76a668ef C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\{d0ddc317-1050-f890-d0dd-dc3171050c5c}\SLIC ToolKit V3.2.exe[2452] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007677156d 2 bytes JMP 76ae8f61 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\{d0ddc317-1050-f890-d0dd-dc3171050c5c}\SLIC ToolKit V3.2.exe[2452] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076771585 2 bytes JMP 76ae8ac2 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\{d0ddc317-1050-f890-d0dd-dc3171050c5c}\SLIC ToolKit V3.2.exe[2452] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007677159d 2 bytes JMP 76ae865c C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\{d0ddc317-1050-f890-d0dd-dc3171050c5c}\SLIC ToolKit V3.2.exe[2452] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000767715b5 2 bytes JMP 76a5fd41 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\{d0ddc317-1050-f890-d0dd-dc3171050c5c}\SLIC ToolKit V3.2.exe[2452] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000767715cd 2 bytes JMP 76a6b2dc C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\{d0ddc317-1050-f890-d0dd-dc3171050c5c}\SLIC ToolKit V3.2.exe[2452] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000767716b2 2 bytes JMP 76ae8e24 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\{d0ddc317-1050-f890-d0dd-dc3171050c5c}\SLIC ToolKit V3.2.exe[2452] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000767716bd 2 bytes JMP 76ae85f1 C:\Windows\syswow64\kernel32.dll ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff88001061e94] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88001061c38] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff88001062614] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88001062a10] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff8800106286c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\System32\Drivers\ait26blh.SYS[PCIIDEX.SYS!AtaPortCopyMemory] [?] IAT C:\Windows\System32\Drivers\ait26blh.SYS[PCIIDEX.SYS!AtaPortGetPhysicalAddress] [?] IAT C:\Windows\System32\Drivers\ait26blh.SYS[PCIIDEX.SYS!AtaPortReadRegisterUlong] [?] IAT C:\Windows\System32\Drivers\ait26blh.SYS[PCIIDEX.SYS!AtaPortInitializeEx] [?] IAT C:\Windows\System32\Drivers\ait26blh.SYS[PCIIDEX.SYS!AtaPortDeviceStateChange] [?] IAT C:\Windows\System32\Drivers\ait26blh.SYS[PCIIDEX.SYS!AtaPortEtwTraceLog] [?] IAT C:\Windows\System32\Drivers\ait26blh.SYS[PCIIDEX.SYS!AtaPortRegistryFreeBuffer] [?] IAT C:\Windows\System32\Drivers\ait26blh.SYS[PCIIDEX.SYS!AtaPortGetBusData] [?] IAT C:\Windows\System32\Drivers\ait26blh.SYS[PCIIDEX.SYS!AtaPortRegistryRead] [?] IAT C:\Windows\System32\Drivers\ait26blh.SYS[PCIIDEX.SYS!AtaPortRequestCallback] [?] IAT C:\Windows\System32\Drivers\ait26blh.SYS[PCIIDEX.SYS!AtaPortStallExecution] [ffffb0a015ff5024] [unknown section] IAT C:\Windows\System32\Drivers\ait26blh.SYS[PCIIDEX.SYS!AtaPortGetUnCachedExtension] [fffffa60e8cb8b48] [unknown section] IAT C:\Windows\System32\Drivers\ait26blh.SYS[PCIIDEX.SYS!AtaPortReadRegisterUchar] [?] IAT C:\Windows\System32\Drivers\ait26blh.SYS[PCIIDEX.SYS!AtaPortBuildRequestSenseIrb] [fff9c3e8d2330000] [unknown section] IAT C:\Windows\System32\Drivers\ait26blh.SYS[PCIIDEX.SYS!AtaPortReleaseRequestSenseIrb] [fffa47e8cb8b48ff] [unknown section] IAT C:\Windows\System32\Drivers\ait26blh.SYS[PCIIDEX.SYS!AtaPortCompleteRequest] [?] IAT C:\Windows\System32\Drivers\ait26blh.SYS[PCIIDEX.SYS!AtaPortNotification] [?] IAT C:\Windows\System32\Drivers\ait26blh.SYS[PCIIDEX.SYS!AtaPortGetDeviceBase] [?] IAT C:\Windows\System32\Drivers\ait26blh.SYS[PCIIDEX.SYS!AtaPortGetScatterGatherList] [?] IAT C:\Windows\System32\Drivers\ait26blh.SYS[PCIIDEX.SYS!AtaPortRegistryAllocateBuffer] [?] IAT C:\Windows\System32\Drivers\ait26blh.SYS[PCIIDEX.SYS!AtaPortWriteRegisterUlong] [?] IAT C:\Windows\System32\Drivers\ait26blh.SYS[NTOSKRNL.exe!KeBugCheckEx] [?] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2932] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef471741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2932] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef4715f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2932] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef4715674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2932] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef4715e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2932] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef4717f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2932] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef4716a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2932] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef4716ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2932] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef4717b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2932] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef4717ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2932] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef47178b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2932] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef4714fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2932] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef4715d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2932] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef4717584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll ---- Devices - GMER 2.1 ---- Device \Driver\ait26blh \Device\Scsi\ait26blh1 fffffa8004abb2c0 Device \Driver\ait26blh \Device\Scsi\ait26blh1Port1Path0Target0Lun0 fffffa8004abb2c0 Device \FileSystem\Ntfs \Ntfs fffffa8003ff82c0 Device \FileSystem\fastfat \Fat fffffa8008f002c0 Device \Driver\nvstor64 \Device\00000068 fffffa80036a82c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa80049132c0 Device \Driver\nvstor64 \Device\RaidPort0 fffffa80036a82c0 Device \Driver\cdrom \Device\CdRom0 fffffa80047ff2c0 Device \Driver\cdrom \Device\CdRom1 fffffa80047ff2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{9CA03FF2-79BC-40D3-ABB3-8591BC65D724} fffffa800488b2c0 Device \Driver\usbohci \Device\USBFDO-0 fffffa80049092c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{2F9DD707-CC1A-4487-B7D6-82A53DA89EB0} fffffa800488b2c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa80049132c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa800488b2c0 Device \Driver\nvstor64 \Device\00000067 fffffa80036a82c0 Device \Driver\nvstor64 \Device\ScsiPort0 fffffa80036a82c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{93B5F5A3-FE69-408A-89A9-16B4A84F0938} fffffa800488b2c0 Device \Driver\usbohci \Device\USBPDO-0 fffffa80049092c0 Device \Driver\ait26blh \Device\ScsiPort1 fffffa8004abb2c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80036a82c0]<< sptd.sys storport.sys hal.dll nvstor64.sys fffffa80036a82c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80045d3060] fffffa80045d3060 Trace 3 CLASSPNP.SYS[fffff88001ab643f] -> nt!IofCallDriver -> [0xfffffa80044b47a0] fffffa80044b47a0 Trace 5 ACPI.sys[fffff880011887a1] -> nt!IofCallDriver -> \Device\00000067[0xfffffa80044b4060] fffffa80044b4060 Trace \Driver\nvstor64[0xfffffa80044aad80] -> IRP_MJ_CREATE -> 0xfffffa80036a82c0 fffffa80036a82c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\ait26blh.SYS (MS AHCI 1.0 Standard Driver/Microsoft Corporation SIGNED)(2011-07-02 07:45:48) fffff8800400d000-fffff8800405e000 (331776 bytes) ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [4068:1956] 000007fef1ec9688 ---- Processes - GMER 2.1 ---- Library C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (*** suspicious ***) @ C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [1404] 0000000000400000 Library C:\Program Files (x86)\ASUS\Splendid\OVS.dll (*** suspicious ***) @ C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [1404] 0000000010000000 Library C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll (*** suspicious ***) @ C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [1404] 0000000000020000 Library C:\Program Files (x86)\ASUS\Splendid\Chameleon.dll (*** suspicious ***) @ C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [1404] 00000000001e0000 Process C:\ProgramData\{d0ddc317-1050-f890-d0dd-dc3171050c5c}\SLIC ToolKit V3.2.exe (*** suspicious ***) @ C:\ProgramData\{d0ddc317-1050-f890-d0dd-dc3171050c5c}\SLIC ToolKit V3.2.exe [2452](2014-02-12 13:25:42) 0000000000db0000 Process C:\Users\Micha³&Damian\AppData\Local\Temp\Temp1_gmer (1).zip\gmer.exe (*** suspicious ***) @ C:\Users\Micha³&Damian\AppData\Local\Temp\Temp1_gmer (1).zip\gmer.exe [3624](2014-01-28 17:36:04) 0000000000400000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 82862 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC7 0xF2 0xC6 0x05 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xEF 0xCE 0xCF 0x9B ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6A 0x82 0xF1 0x4B ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC7 0xF2 0xC6 0x05 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xEF 0xCE 0xCF 0x9B ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6A 0x82 0xF1 0x4B ... ---- Files - GMER 2.1 ---- File C:\Users\Micha³&Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_009c2b 0 bytes File C:\Users\Micha³&Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_009c2c 0 bytes File C:\Users\Micha³&Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_009c2d 0 bytes File C:\Users\Micha³&Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_009c2e 0 bytes