Which rootkit AVG finds now?
Printable View
Which rootkit AVG finds now?
Argh it keeps not saying that I haven't posted anything, so very annoying... hopefully this works :)
Sorry but I don't fully understand you.
Can you please explain again?
oh sorry, i keep posting replies but it doesnt say that I have done. Plus I didnt notice your request for the AVG scan.
AVG rootkit scan shows 1 rootkit:
C:\WINDOWS\System32\Drivers\ao2sipn8.sys
sorry for the confusion earlier.
howcomes the rootkit cannot be completely removed by AVG and why does it change it's name constantly?
Thanks
That is most likely related to daemon tools by the looks of filename.
Do you have daemon tools installe?
I did but I deleted it before when you said it could be related to daemon tools. any other ideas? Also, how safe is it for me to be doing online transactions, such as ebay? Thanks.
I think that it still is related to that.
If you right-click that file, choose properties and information tab, what does it say about vendor?
Hmmm, strangely the file can't actually be found in the folder that avg says it's in. also, when performing a rootkit scan directly on the folder then no infections are found. The rootkit can only be found when performing a complete scan and is discovered within the first 10 seconds of the scan being started, long before the "WINDOWS" folder is scanned. The information that AVG gives on the infection is: "C:\WINDOWS\System32\Drivers\a35updwt.SYS";"Hidden driver";"Object is hidden"
I've set my computer to show hidden folders and looked in the system32\drivers folder many times and can not find it. This is all very strange and confusing :(. Hopefully you can help me :). I hope so, thanks.
So let's check this:
Download gmer.zip and save to your desktop.
alternate download site
- Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
- When you have done this, disconnect from the Internet and close all running programs.
There is a small chance this application may crash your computer so save any work you have open.- Double-click on Gmer.exe to start the program.
- Allow the gmer.sys driver to load if asked.
- If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
- Click on the Rootkit tab.
- Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
- Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
- Click on the "Scan" and wait for the scan to finish.
Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.- When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
- Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan..
Here is the log created by gmer:
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-14 21:42:13
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT spfn.sys ZwCreateKey [0xF73DC0E0]
SSDT spfn.sys ZwEnumerateKey [0xF73FACA2]
SSDT spfn.sys ZwEnumerateValueKey [0xF73FB030]
SSDT spfn.sys ZwOpenKey [0xF73DC0C0]
SSDT spfn.sys ZwQueryKey [0xF73FB108]
SSDT spfn.sys ZwQueryValueKey [0xF73FAF88]
SSDT spfn.sys ZwSetValueKey [0xF73FB19A]
INT 0x62 ? 875D8BF8
INT 0x63 ? 875D8BF8
INT 0x73 ? 875D8BF8
INT 0x82 ? 875D8BF8
INT 0xA4 ? 87365BF8
INT 0xB4 ? 87365BF8
---- Kernel code sections - GMER 1.0.15 ----
? spfn.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F5EEE8AC 5 Bytes JMP 873651D8
.text a35updwt.SYS ED9C2384 1 Byte [20]
.text a35updwt.SYS ED9C2384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
.text a35updwt.SYS ED9C23AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
.text a35updwt.SYS ED9C23C4 3 Bytes [00, 00, 00]
.text a35updwt.SYS ED9C23C9 1 Byte [00]
.text ...
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73DD040] spfn.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73DD13C] spfn.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73DD0BE] spfn.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73DD7FC] spfn.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73DD6D2] spfn.sys
IAT \SystemRoot\System32\Drivers\a35updwt.SYS[HAL.dll!KfAcquireSpinLock] 000000AD
IAT \SystemRoot\System32\Drivers\a35updwt.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4
IAT \SystemRoot\System32\Drivers\a35updwt.SYS[HAL.dll!KeGetCurrentIrql] 000000A2
IAT \SystemRoot\System32\Drivers\a35updwt.SYS[HAL.dll!KfRaiseIrql] 000000AF
IAT \SystemRoot\System32\Drivers\a35updwt.SYS[HAL.dll!KfLowerIrql] 0000009C
IAT \SystemRoot\System32\Drivers\a35updwt.SYS[HAL.dll!HalGetInterruptVector] 000000A4
IAT \SystemRoot\System32\Drivers\a35updwt.SYS[HAL.dll!HalTranslateBusAddress] 00000072
IAT \SystemRoot\System32\Drivers\a35updwt.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0
IAT \SystemRoot\System32\Drivers\a35updwt.SYS[HAL.dll!KfReleaseSpinLock] 000000B7
IAT \SystemRoot\System32\Drivers\a35updwt.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD
IAT \SystemRoot\System32\Drivers\a35updwt.SYS[HAL.dll!READ_PORT_USHORT] 00000093
IAT \SystemRoot\System32\Drivers\a35updwt.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026
IAT \SystemRoot\System32\Drivers\a35updwt.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036
IAT \SystemRoot\System32\Drivers\a35updwt.SYS[WMILIB.SYS!WmiSystemControl] 000000F7
IAT \SystemRoot\System32\Drivers\a35updwt.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73ED048] spfn.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 875D71F8
Device \FileSystem\Fastfat \FatCdrom 856F61F8
Device \FileSystem\Udfs \UdfsCdRom 8570A1F8
Device \FileSystem\Udfs \UdfsDisk 8570A1F8
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\sptd \Device\151309948 spfn.sys
Device \Driver\usbohci \Device\USBPDO-0 87364500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 875D91F8
Device \Driver\dmio \Device\DmControl\DmConfig 875D91F8
Device \Driver\dmio \Device\DmControl\DmPnP 875D91F8
Device \Driver\dmio \Device\DmControl\DmInfo 875D91F8
Device \Driver\usbehci \Device\USBPDO-1 873571F8
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\prodrv06 \Device\ProDrv06 E21D8420
Device \Driver\Ftdisk \Device\HarddiskVolume1 8756B1F8
Device \Driver\Cdrom \Device\CdRom0 8734A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8756B1F8
Device \Driver\Cdrom \Device\CdRom1 8734A1F8
Device \Driver\PCI_PNP8698 \Device\00000066 spfn.sys
Device \Driver\PCI_PNP8698 \Device\00000066 spfn.sys
Device \Driver\Cdrom \Device\CdRom2 8734A1F8
Device \Driver\Cdrom \Device\CdRom3 8734A1F8
Device \Driver\prohlp02 \Device\ProHlp02 E1CB68B0
Device \Driver\NetBT \Device\NetBt_Wins_Export 86509500
Device \Driver\NetBT \Device\NetbiosSmb 86509500
Device \Driver\mcdbus \Device\00000092 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\mcdbus \Device\mcdbus sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\USBSTOR \Device\00000096 8579F1F8
Device \Driver\USBSTOR \Device\00000096 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\USBSTOR \Device\00000097 8579F1F8
Device \Driver\USBSTOR \Device\00000097 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbohci \Device\USBFDO-0 87364500
Device \Driver\usbehci \Device\USBFDO-1 873571F8
Device \Driver\nvatabus \Device\NvAta0 875D81F8
Device \Driver\nvatabus \Device\NvAta0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 857DB1F8
Device \Driver\nvatabus \Device\NvAta1 875D81F8
Device \Driver\nvatabus \Device\NvAta1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\MRxSmb \Device\LanmanRedirector 857DB1F8
Device \Driver\nvatabus \Device\NvAta2 875D81F8
Device \Driver\nvatabus \Device\NvAta2 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Ftdisk \Device\FtControl 8756B1F8
Device \Driver\nvatabus \Device\0000008b 875D81F8
Device \Driver\nvatabus \Device\0000008b prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\nvatabus \Device\0000008c 875D81F8
Device \Driver\nvatabus \Device\0000008c prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\NetBT \Device\NetBT_Tcpip_{8C802F1A-0FFF-4FAD-8B4C-6C1B086D4A1D} 86509500
Device \Driver\a35updwt \Device\Scsi\a35updwt1 871F3500
Device \Driver\a35updwt \Device\Scsi\a35updwt1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\nvraid \Device\Scsi\nvraid0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\a35updwt \Device\Scsi\a35updwt1Port5Path0Target0Lun0 871F3500
Device \Driver\a35updwt \Device\Scsi\a35updwt1Port5Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\nvatabus \Device\0000008d 875D81F8
Device \Driver\nvatabus \Device\0000008d prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Fastfat \Fat 856F61F8
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 857C01F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x53 0x87 0x10 0xCE ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xE3 0x9D 0xAC 0x2E ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xD4 0xB5 0x6D 0x05 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA6 0x4B 0xC4 0xA5 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xAB 0x3F 0x43 0x71 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x71 0x9A 0x06 0x21 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x34 0x77 0xA7 0x9F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x53 0x87 0x10 0xCE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xE3 0x9D 0xAC 0x2E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xD4 0xB5 0x6D 0x05 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA6 0x4B 0xC4 0xA5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x7F 0x15 0x1E 0xF8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x34 0x77 0xA7 0x9F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x14 0x3D 0xEE 0x20 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x53 0x87 0x10 0xCE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xE3 0x9D 0xAC 0x2E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xD4 0xB5 0x6D 0x05 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA6 0x4B 0xC4 0xA5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0F 0x0F 0xB7 0x15 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x34 0x77 0xA7 0x9F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x53 0x87 0x10 0xCE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xE3 0x9D 0xAC 0x2E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xD4 0xB5 0x6D 0x05 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x75 0x53 0xE1 0xF9 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x53 0x87 0x10 0xCE ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xE3 0x9D 0xAC 0x2E ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xD4 0xB5 0x6D 0x05 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x75 0x53 0xE1 0xF9 ...
---- EOF - GMER 1.0.15 ----
Hope that helps :)