GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-04-12 15:16:26 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.GM4O 465,76GB Running: dzt23i65.exe; Driver: C:\Users\Adrian\AppData\Local\Temp\awrdypog.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff880063bbd8c 12 bytes {MOV RAX, 0xfffffa80058662a0; JMP RAX} ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007711ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[852] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007711ef8d 1 byte [62] .text C:\Windows\system32\taskhost.exe[1976] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007711ef8d 1 byte [62] .text C:\Windows\Explorer.EXE[2152] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007711ef8d 1 byte [62] .text C:\Users\Adrian\AppData\Local\Akamai\netsession_win.exe[2996] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f4a2fd 1 byte [62] .text C:\Users\Adrian\AppData\Local\Akamai\netsession_win.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b51401 2 bytes JMP 74f4b21b C:\Windows\syswow64\kernel32.dll .text C:\Users\Adrian\AppData\Local\Akamai\netsession_win.exe[2996] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b51419 2 bytes JMP 74f4b346 C:\Windows\syswow64\kernel32.dll .text C:\Users\Adrian\AppData\Local\Akamai\netsession_win.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b51431 2 bytes JMP 74fc8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Users\Adrian\AppData\Local\Akamai\netsession_win.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b5144a 2 bytes CALL 74f248ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Adrian\AppData\Local\Akamai\netsession_win.exe[2996] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b514dd 2 bytes JMP 74fc87a2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Adrian\AppData\Local\Akamai\netsession_win.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b514f5 2 bytes JMP 74fc8978 C:\Windows\syswow64\kernel32.dll .text C:\Users\Adrian\AppData\Local\Akamai\netsession_win.exe[2996] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b5150d 2 bytes JMP 74fc8698 C:\Windows\syswow64\kernel32.dll .text C:\Users\Adrian\AppData\Local\Akamai\netsession_win.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b51525 2 bytes JMP 74fc8a62 C:\Windows\syswow64\kernel32.dll .text C:\Users\Adrian\AppData\Local\Akamai\netsession_win.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b5153d 2 bytes JMP 74f3fca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Adrian\AppData\Local\Akamai\netsession_win.exe[2996] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b51555 2 bytes JMP 74f468ef C:\Windows\syswow64\kernel32.dll .text C:\Users\Adrian\AppData\Local\Akamai\netsession_win.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b5156d 2 bytes JMP 74fc8f61 C:\Windows\syswow64\kernel32.dll .text C:\Users\Adrian\AppData\Local\Akamai\netsession_win.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b51585 2 bytes JMP 74fc8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Adrian\AppData\Local\Akamai\netsession_win.exe[2996] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b5159d 2 bytes JMP 74fc865c C:\Windows\syswow64\kernel32.dll .text C:\Users\Adrian\AppData\Local\Akamai\netsession_win.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b515b5 2 bytes JMP 74f3fd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\Adrian\AppData\Local\Akamai\netsession_win.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b515cd 2 bytes JMP 74f4b2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\Adrian\AppData\Local\Akamai\netsession_win.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b516b2 2 bytes JMP 74fc8e24 C:\Windows\syswow64\kernel32.dll .text C:\Users\Adrian\AppData\Local\Akamai\netsession_win.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b516bd 2 bytes JMP 74fc85f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2976] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074f4a2fd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\avastui.exe[1820] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000074f28791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[1820] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f4a2fd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\avastui.exe[1820] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b51401 2 bytes JMP 74f4b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[1820] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b51419 2 bytes JMP 74f4b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[1820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b51431 2 bytes JMP 74fc8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[1820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b5144a 2 bytes CALL 74f248ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\AVAST Software\Avast\avastui.exe[1820] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b514dd 2 bytes JMP 74fc87a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[1820] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b514f5 2 bytes JMP 74fc8978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[1820] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b5150d 2 bytes JMP 74fc8698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[1820] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b51525 2 bytes JMP 74fc8a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[1820] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b5153d 2 bytes JMP 74f3fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[1820] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b51555 2 bytes JMP 74f468ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[1820] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b5156d 2 bytes JMP 74fc8f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[1820] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b51585 2 bytes JMP 74fc8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[1820] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b5159d 2 bytes JMP 74fc865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[1820] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b515b5 2 bytes JMP 74f3fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[1820] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b515cd 2 bytes JMP 74f4b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[1820] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b516b2 2 bytes JMP 74fc8e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[1820] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b516bd 2 bytes JMP 74fc85f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3172] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074f4a2fd 1 byte [62] .text C:\Program Files (x86)\Techgile\bin\utilTechgile.exe[2180] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074f4a2fd 1 byte [62] .text C:\Program Files (x86)\Techgile\bin\Techgile.BrowserAdapter64.exe[1652] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007711ef8d 1 byte [62] .text C:\Program Files (x86)\Techgile\bin\Techgile.BrowserAdapter.exe[6108] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f4a2fd 1 byte [62] .text C:\Program Files (x86)\Techgile\updateTechgile.exe[2792] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074f4a2fd 1 byte [62] .text C:\Users\Adrian\Downloads\dzt23i65.exe[6248] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074f4a2fd 1 byte [62] ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff880010400c0] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff8800103fe4c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff88001040838] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff8800103f600] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff88001040a8c] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdePort0 fffffa8002d292c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa8002d292c0 Device \Driver\at8xysbe \Device\Scsi\at8xysbe1Port4Path0Target0Lun0 fffffa8005bf22c0 Device \Driver\at8xysbe \Device\Scsi\at8xysbe1 fffffa8005bf22c0 Device \Driver\a3umxqgf \Device\Scsi\a3umxqgf1Port3Path0Target0Lun0 fffffa8005bcd2c0 Device \Driver\a3umxqgf \Device\Scsi\a3umxqgf1 fffffa8005bcd2c0 Device \FileSystem\Ntfs \Ntfs fffffa8002d2d2c0 Device \Driver\USBSTOR \Device\0000007e fffffa80066792c0 Device \Driver\usbehci \Device\USBFDO-7 fffffa8005b002c0 Device \Driver\usbuhci \Device\USBPDO-5 fffffa8005ac72c0 Device \Driver\usbehci \Device\USBFDO-3 fffffa8005b002c0 Device \Driver\usbuhci \Device\USBPDO-1 fffffa8005ac72c0 Device \Driver\cdrom \Device\CdRom0 fffffa80057342c0 Device \Driver\USBSTOR \Device\00000080 fffffa80066792c0 Device \Driver\cdrom \Device\CdRom1 fffffa80057342c0 Device \Driver\cdrom \Device\CdRom2 fffffa80057342c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{41C6A79C-2333-41D4-AF77-DB00732E7B5E} fffffa800587d2c0 Device \Driver\USBSTOR \Device\0000007f fffffa80066792c0 Device \Driver\usbuhci \Device\USBPDO-6 fffffa8005ac72c0 Device \Driver\usbuhci \Device\USBFDO-4 fffffa8005ac72c0 Device \Driver\usbuhci \Device\USBFDO-0 fffffa8005ac72c0 Device \Driver\usbuhci \Device\USBPDO-2 fffffa8005ac72c0 Device \Driver\USBSTOR \Device\00000081 fffffa80066792c0 Device \Driver\usbehci \Device\USBPDO-7 fffffa8005b002c0 Device \Driver\usbuhci \Device\USBFDO-5 fffffa8005ac72c0 Device \Driver\usbehci \Device\USBPDO-3 fffffa8005b002c0 Device \Driver\usbuhci \Device\USBFDO-1 fffffa8005ac72c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa800587d2c0 Device \Driver\USBSTOR \Device\0000007d fffffa80066792c0 Device \Driver\usbuhci \Device\USBFDO-6 fffffa8005ac72c0 Device \Driver\usbuhci \Device\USBPDO-4 fffffa8005ac72c0 Device \Driver\usbuhci \Device\USBFDO-2 fffffa8005ac72c0 Device \Driver\usbuhci \Device\USBPDO-0 fffffa8005ac72c0 Device \Driver\atapi \Device\ScsiPort1 fffffa8002d292c0 Device \Driver\atapi \Device\ScsiPort2 fffffa8002d292c0 Device \Driver\a3umxqgf \Device\ScsiPort3 fffffa8005bcd2c0 Device \Driver\at8xysbe \Device\ScsiPort4 fffffa8005bf22c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\a3umxqgf.SYS fffff8800581e000-fffff88005862000 (278528 bytes) Module \SystemRoot\System32\Drivers\at8xysbe.SYS fffff88005862000-fffff880058a7000 (282624 bytes) ---- Processes - GMER 2.1 ---- Library C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2152] (GG drive overlay/GG Network S.A.)(2012-06-06 07:21:05) 000000005c080000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9D 0xB0 0x81 0x68 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x72 0xAC 0x70 0x77 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB5 0xD2 0xB0 0xE2 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE6 0xFF 0xEA 0xE3 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF2 0x6B 0xF7 0x29 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6F 0x86 0xF1 0xA2 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9D 0xB0 0x81 0x68 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x72 0xAC 0x70 0x77 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB5 0xD2 0xB0 0xE2 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE6 0xFF 0xEA 0xE3 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF2 0x6B 0xF7 0x29 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6F 0x86 0xF1 0xA2 ... ---- EOF - GMER 2.1 ----