GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-12-10 17:00:08 Windows 5.1.2600 Dodatek Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HD321KJ rev.CP100-12 298,09GB Running: gmer.exe; Driver: C:\DOCUME~1\UYTKOW~1\USTAWI~1\Temp\pxtdipow.sys ---- System - GMER 2.1 ---- SSDT 897F5C90 ZwAssignProcessToJobObject SSDT 897F6200 ZwDebugActiveProcess SSDT 897F62F0 ZwDuplicateObject SSDT 897F5590 ZwOpenProcess SSDT 897F5800 ZwOpenThread SSDT 897F5FD0 ZwProtectVirtualMemory SSDT 897F60E0 ZwQueueApcThread SSDT 897F5EC0 ZwSetContextThread SSDT 897F5D90 ZwSetInformationThread SSDT 897F2DA0 ZwSetSecurityObject SSDT 897F5B90 ZwSuspendProcess SSDT 897F5A80 ZwSuspendThread SSDT 897F56E0 ZwTerminateProcess SSDT 897F5A50 ZwTerminateThread SSDT 897F66D0 ZwWriteVirtualMemory INT 0x63 ? 8AAD5CB8 INT 0x63 ? 8AAD5CB8 INT 0x63 ? 8AAD5CB8 INT 0x63 ? 8AAD5CB8 INT 0x63 ? 8AAD5CB8 INT 0x83 ? 8AA93CB8 INT 0x83 ? 89FEBCB8 INT 0x83 ? 8AA93CB8 INT 0x84 ? 89FEBCB8 INT 0x94 ? 89FEBCB8 INT 0xA4 ? 89FEBCB8 INT 0xA4 ? 89FEBCB8 INT 0xA4 ? 89FEBCB8 INT 0xA4 ? 89FEBCB8 INT 0xB1 ? 8AA93CB8 INT 0xB1 ? 8AA93CB8 INT 0xB4 ? 89FEBCB8 ---- Kernel code sections - GMER 2.1 ---- .sptd1 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xB9F83B2E] .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8E19360, 0x372FAD, 0xE8000020] ? C:\WINDOWS\System32\Drivers\apxxwsvw.SYS suspicious PE modification ? C:\WINDOWS\System32\Drivers\aw8nb0g7.SYS suspicious PE modification ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[268] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 4 Bytes [C2, 04, 00, 00] .text C:\WINDOWS\system32\winlogon.exe[744] ntdll.dll!NtLockProductActivationKeys 7C90D4AE 5 Bytes JMP 10001000 C:\WINDOWS\system32\antiwpa.dll .text C:\WINDOWS\system32\winlogon.exe[744] USER32.dll!GetSystemMetrics 77D38F75 5 Bytes JMP 10001018 C:\WINDOWS\system32\antiwpa.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2936] ntdll.dll!RtlAllocateHeap + 270 7C910334 7 Bytes JMP 004050C5 C:\Program Files\Mozilla Firefox\plugin-container.exe .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2936] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 003CA8A8 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2936] USER32.dll!GetWindowInfo 77D3F122 5 Bytes JMP 1127CDA9 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2936] USER32.dll!GetMenuContextHelpId + 1A 77D84F11 7 Bytes JMP 1127B5C8 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3140] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 014AB983 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3140] ntdll.dll!NtFlushBuffersFile 7C90D32E 5 Bytes JMP 014AB6C3 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3140] ntdll.dll!NtQueryFullAttributesFile 7C90D7AE 5 Bytes JMP 014AB7F8 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3140] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 014AB6FD C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3140] ntdll.dll!NtReadFileScatter 7C90D9DE 5 Bytes JMP 01832E91 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3140] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 014ABB27 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3140] ntdll.dll!NtWriteFileGather 7C90DF8E 5 Bytes JMP 01832EE1 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3140] ntdll.dll!RtlAllocateHeap + 270 7C910334 7 Bytes JMP 004149FE C:\Program Files\Mozilla Firefox\firefox.exe .text C:\Program Files\Mozilla Firefox\firefox.exe[3140] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 1000A8A8 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3140] kernel32.dll!lstrlenW + 43 7C809A5C 7 Bytes JMP 0181BFAC C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3140] kernel32.dll!MapViewOfFileEx + 6A 7C80B910 1 Byte [E9] .text C:\Program Files\Mozilla Firefox\firefox.exe[3140] kernel32.dll!MapViewOfFileEx + 6A 7C80B910 7 Bytes JMP 0181B5A5 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3140] kernel32.dll!ValidateLocale + AFA8 7C8447E8 7 Bytes JMP 0157AFF1 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3140] USER32.dll!GetWindowInfo 77D3F122 5 Bytes JMP 022FAE81 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3140] GDI32.dll!SetDIBitsToDevice + 20D 77F19A9C 3 Bytes JMP 0181AF5D C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3140] GDI32.dll!SetDIBitsToDevice + 211 77F19AA0 3 Bytes [89, EB, F9] {MOV EBX, EBP; STC } ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 8AA8E1E8 AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys Device \FileSystem\Fastfat \FatCdrom 8970F430 Device \Driver\usbuhci \Device\USBPDO-0 89F3D1E8 Device \Driver\usbuhci \Device\USBPDO-1 89F3D1E8 Device \Driver\PCI_PNP8684 \Device\00000045 sptd.sys Device \Driver\PCI_PNP8684 \Device\00000045 sptd.sys Device \Driver\usbuhci \Device\USBPDO-2 89F3D1E8 Device \Driver\PCI_PNP8684 \Device\00000046 sptd.sys Device \Driver\PCI_PNP8684 \Device\00000046 sptd.sys Device \Driver\usbehci \Device\USBPDO-3 89F2D1E8 Device \Driver\usbuhci \Device\USBPDO-4 89F3D1E8 AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys Device \Driver\usbuhci \Device\USBPDO-5 89F3D1E8 Device \Driver\usbuhci \Device\USBPDO-6 89F3D1E8 Device \Driver\dtsoftbus01 \Device\00000071 89EB31E8 Device \Driver\usbehci \Device\USBPDO-7 89F2D1E8 Device \Driver\Cdrom \Device\CdRom0 89FB61E8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8AAD51E8 Device \Driver\atapi \Device\Ide\IdePort0 8AAD51E8 Device \Driver\atapi \Device\Ide\IdePort1 8AAD51E8 Device \Driver\atapi \Device\Ide\IdePort2 8AAD51E8 Device \Driver\atapi \Device\Ide\IdePort3 8AAD51E8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 8AAD51E8 Device \Driver\Cdrom \Device\CdRom1 89FB61E8 Device \Driver\NetBT \Device\NetBt_Wins_Export 897601E8 Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl 89EB31E8 Device \Driver\usbstor \Device\00000084 897461E8 Device \Driver\usbstor \Device\00000085 897461E8 Device \Driver\NetBT \Device\NetbiosSmb 897601E8 Device \Driver\usbstor \Device\00000086 897461E8 Device \Driver\usbstor \Device\00000087 897461E8 Device \Driver\usbstor \Device\00000088 897461E8 Device \Driver\usbuhci \Device\USBFDO-0 89F3D1E8 Device \Driver\usbuhci \Device\USBFDO-1 89F3D1E8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 897491E8 Device \Driver\usbuhci \Device\USBFDO-2 89F3D1E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 897491E8 Device \Driver\usbehci \Device\USBFDO-3 89F2D1E8 Device \Driver\NetBT \Device\NetBT_Tcpip_{B68811BE-A06A-4DDC-BC32-29D3FE2F6B88} 897601E8 Device \Driver\usbuhci \Device\USBFDO-4 89F3D1E8 Device \Driver\usbuhci \Device\USBFDO-5 89F3D1E8 Device \Driver\usbuhci \Device\USBFDO-6 89F3D1E8 Device \Driver\usbehci \Device\USBFDO-7 89F2D1E8 Device \Driver\apxxwsvw \Device\Scsi\apxxwsvw1 89F911E8 Device \Driver\mv61xx \Device\Scsi\mv61xx1 8AA8F1E8 Device \Driver\mv61xx \Device\Scsi\mv61xx1Port4Path0Target19Lun0 8AA8F1E8 Device \Driver\aw8nb0g7 \Device\Scsi\aw8nb0g71 89EC1430 Device \FileSystem\Fastfat \Fat 8970F430 AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat eamon.sys Device \FileSystem\Cdfs \Cdfs 89ED5430 ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8aad51e8]<< 8aad51e8 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aa3dab8] 8aa3dab8 Trace 3 CLASSPNP.SYS[ba0e905b] -> nt!IofCallDriver -> \Device\0000006f[0x8aaa12e8] 8aaa12e8 Trace 5 ACPI.sys[b9e63620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8aa4dd98] 8aa4dd98 Trace \Driver\atapi[0x8aa30250] -> IRP_MJ_CREATE -> 0x8aad51e8 8aad51e8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8E 0xF5 0xE3 0x46 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x40 0xDC 0x4B 0xDA ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x56 0xB2 0x80 0xF2 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBB 0x64 0xF5 0xE5 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8E 0xF5 0xE3 0x46 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x40 0xDC 0x4B 0xDA ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x56 0xB2 0x80 0xF2 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBB 0x64 0xF5 0xE5 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8E 0xF5 0xE3 0x46 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x40 0xDC 0x4B 0xDA ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x56 0xB2 0x80 0xF2 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBB 0x64 0xF5 0xE5 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8E 0xF5 0xE3 0x46 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x40 0xDC 0x4B 0xDA ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x56 0xB2 0x80 0xF2 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBB 0x64 0xF5 0xE5 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8E 0xF5 0xE3 0x46 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x40 0xDC 0x4B 0xDA ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x56 0xB2 0x80 0xF2 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBB 0x64 0xF5 0xE5 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8E 0xF5 0xE3 0x46 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x40 0xDC 0x4B 0xDA ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x56 0xB2 0x80 0xF2 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBB 0x64 0xF5 0xE5 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8E 0xF5 0xE3 0x46 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x40 0xDC 0x4B 0xDA ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x56 0xB2 0x80 0xF2 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBB 0x64 0xF5 0xE5 ... ---- EOF - GMER 2.1 ----