Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 33

Thread: (HJT log) problem: random crashes and recurring rootkits

  1. #11
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Which rootkit AVG finds now?
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  2. #12
    Junior Member
    Join Date
    Jun 2009
    Posts
    16

    Default

    Argh it keeps not saying that I haven't posted anything, so very annoying... hopefully this works

  3. #13
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Sorry but I don't fully understand you.

    Can you please explain again?
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  4. #14
    Junior Member
    Join Date
    Jun 2009
    Posts
    16

    Default

    oh sorry, i keep posting replies but it doesnt say that I have done. Plus I didnt notice your request for the AVG scan.

    AVG rootkit scan shows 1 rootkit:
    C:\WINDOWS\System32\Drivers\ao2sipn8.sys

    sorry for the confusion earlier.

    howcomes the rootkit cannot be completely removed by AVG and why does it change it's name constantly?

    Thanks

  5. #15
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    That is most likely related to daemon tools by the looks of filename.

    Do you have daemon tools installe?
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  6. #16
    Junior Member
    Join Date
    Jun 2009
    Posts
    16

    Default

    I did but I deleted it before when you said it could be related to daemon tools. any other ideas? Also, how safe is it for me to be doing online transactions, such as ebay? Thanks.

  7. #17
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    I think that it still is related to that.

    If you right-click that file, choose properties and information tab, what does it say about vendor?
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  8. #18
    Junior Member
    Join Date
    Jun 2009
    Posts
    16

    Default

    Hmmm, strangely the file can't actually be found in the folder that avg says it's in. also, when performing a rootkit scan directly on the folder then no infections are found. The rootkit can only be found when performing a complete scan and is discovered within the first 10 seconds of the scan being started, long before the "WINDOWS" folder is scanned. The information that AVG gives on the infection is: "C:\WINDOWS\System32\Drivers\a35updwt.SYS";"Hidden driver";"Object is hidden"

    I've set my computer to show hidden folders and looked in the system32\drivers folder many times and can not find it. This is all very strange and confusing :(. Hopefully you can help me . I hope so, thanks.

  9. #19
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    So let's check this:

    Download gmer.zip and save to your desktop.
    alternate download site
    • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
    • When you have done this, disconnect from the Internet and close all running programs.
      There is a small chance this application may crash your computer so save any work you have open.
    • Double-click on Gmer.exe to start the program.
    • Allow the gmer.sys driver to load if asked.
    • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
    • Click on the Rootkit tab.
    • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
    • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
    • Click on the "Scan" and wait for the scan to finish.
      Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
    • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
    • Note: If you have any problems, try running GMER in SAFE MODE"

    Important! Please do not select the "Show all" checkbox during the scan..
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  10. #20
    Junior Member
    Join Date
    Jun 2009
    Posts
    16

    Default

    Here is the log created by gmer:

    GMER 1.0.15.14972 - http://www.gmer.net
    Rootkit scan 2009-06-14 21:42:13
    Windows 5.1.2600 Service Pack 3


    ---- System - GMER 1.0.15 ----

    SSDT spfn.sys ZwCreateKey [0xF73DC0E0]
    SSDT spfn.sys ZwEnumerateKey [0xF73FACA2]
    SSDT spfn.sys ZwEnumerateValueKey [0xF73FB030]
    SSDT spfn.sys ZwOpenKey [0xF73DC0C0]
    SSDT spfn.sys ZwQueryKey [0xF73FB108]
    SSDT spfn.sys ZwQueryValueKey [0xF73FAF88]
    SSDT spfn.sys ZwSetValueKey [0xF73FB19A]

    INT 0x62 ? 875D8BF8
    INT 0x63 ? 875D8BF8
    INT 0x73 ? 875D8BF8
    INT 0x82 ? 875D8BF8
    INT 0xA4 ? 87365BF8
    INT 0xB4 ? 87365BF8

    ---- Kernel code sections - GMER 1.0.15 ----

    ? spfn.sys The system cannot find the file specified. !
    .text USBPORT.SYS!DllUnload F5EEE8AC 5 Bytes JMP 873651D8
    .text a35updwt.SYS ED9C2384 1 Byte [20]
    .text a35updwt.SYS ED9C2384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
    .text a35updwt.SYS ED9C23AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
    .text a35updwt.SYS ED9C23C4 3 Bytes [00, 00, 00]
    .text a35updwt.SYS ED9C23C9 1 Byte [00]
    .text ...

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73DD040] spfn.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73DD13C] spfn.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73DD0BE] spfn.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73DD7FC] spfn.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73DD6D2] spfn.sys
    IAT \SystemRoot\System32\Drivers\a35updwt.SYS[HAL.dll!KfAcquireSpinLock] 000000AD
    IAT \SystemRoot\System32\Drivers\a35updwt.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4
    IAT \SystemRoot\System32\Drivers\a35updwt.SYS[HAL.dll!KeGetCurrentIrql] 000000A2
    IAT \SystemRoot\System32\Drivers\a35updwt.SYS[HAL.dll!KfRaiseIrql] 000000AF
    IAT \SystemRoot\System32\Drivers\a35updwt.SYS[HAL.dll!KfLowerIrql] 0000009C
    IAT \SystemRoot\System32\Drivers\a35updwt.SYS[HAL.dll!HalGetInterruptVector] 000000A4
    IAT \SystemRoot\System32\Drivers\a35updwt.SYS[HAL.dll!HalTranslateBusAddress] 00000072
    IAT \SystemRoot\System32\Drivers\a35updwt.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0
    IAT \SystemRoot\System32\Drivers\a35updwt.SYS[HAL.dll!KfReleaseSpinLock] 000000B7
    IAT \SystemRoot\System32\Drivers\a35updwt.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD
    IAT \SystemRoot\System32\Drivers\a35updwt.SYS[HAL.dll!READ_PORT_USHORT] 00000093
    IAT \SystemRoot\System32\Drivers\a35updwt.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026
    IAT \SystemRoot\System32\Drivers\a35updwt.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036
    IAT \SystemRoot\System32\Drivers\a35updwt.SYS[WMILIB.SYS!WmiSystemControl] 000000F7
    IAT \SystemRoot\System32\Drivers\a35updwt.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC
    IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73ED048] spfn.sys

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 875D71F8
    Device \FileSystem\Fastfat \FatCdrom 856F61F8
    Device \FileSystem\Udfs \UdfsCdRom 8570A1F8
    Device \FileSystem\Udfs \UdfsDisk 8570A1F8

    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\sptd \Device\151309948 spfn.sys
    Device \Driver\usbohci \Device\USBPDO-0 87364500
    Device \Driver\dmio \Device\DmControl\DmIoDaemon 875D91F8
    Device \Driver\dmio \Device\DmControl\DmConfig 875D91F8
    Device \Driver\dmio \Device\DmControl\DmPnP 875D91F8
    Device \Driver\dmio \Device\DmControl\DmInfo 875D91F8
    Device \Driver\usbehci \Device\USBPDO-1 873571F8

    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\prodrv06 \Device\ProDrv06 E21D8420
    Device \Driver\Ftdisk \Device\HarddiskVolume1 8756B1F8
    Device \Driver\Cdrom \Device\CdRom0 8734A1F8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 8756B1F8
    Device \Driver\Cdrom \Device\CdRom1 8734A1F8
    Device \Driver\PCI_PNP8698 \Device\00000066 spfn.sys
    Device \Driver\PCI_PNP8698 \Device\00000066 spfn.sys
    Device \Driver\Cdrom \Device\CdRom2 8734A1F8
    Device \Driver\Cdrom \Device\CdRom3 8734A1F8
    Device \Driver\prohlp02 \Device\ProHlp02 E1CB68B0
    Device \Driver\NetBT \Device\NetBt_Wins_Export 86509500
    Device \Driver\NetBT \Device\NetbiosSmb 86509500
    Device \Driver\mcdbus \Device\00000092 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\mcdbus \Device\mcdbus sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\USBSTOR \Device\00000096 8579F1F8
    Device \Driver\USBSTOR \Device\00000096 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\USBSTOR \Device\00000097 8579F1F8
    Device \Driver\USBSTOR \Device\00000097 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\usbohci \Device\USBFDO-0 87364500
    Device \Driver\usbehci \Device\USBFDO-1 873571F8
    Device \Driver\nvatabus \Device\NvAta0 875D81F8
    Device \Driver\nvatabus \Device\NvAta0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 857DB1F8
    Device \Driver\nvatabus \Device\NvAta1 875D81F8
    Device \Driver\nvatabus \Device\NvAta1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 857DB1F8
    Device \Driver\nvatabus \Device\NvAta2 875D81F8
    Device \Driver\nvatabus \Device\NvAta2 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\Ftdisk \Device\FtControl 8756B1F8
    Device \Driver\nvatabus \Device\0000008b 875D81F8
    Device \Driver\nvatabus \Device\0000008b prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\nvatabus \Device\0000008c 875D81F8
    Device \Driver\nvatabus \Device\0000008c prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\NetBT \Device\NetBT_Tcpip_{8C802F1A-0FFF-4FAD-8B4C-6C1B086D4A1D} 86509500
    Device \Driver\a35updwt \Device\Scsi\a35updwt1 871F3500
    Device \Driver\a35updwt \Device\Scsi\a35updwt1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\nvraid \Device\Scsi\nvraid0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\a35updwt \Device\Scsi\a35updwt1Port5Path0Target0Lun0 871F3500
    Device \Driver\a35updwt \Device\Scsi\a35updwt1Port5Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\nvatabus \Device\0000008d 875D81F8
    Device \Driver\nvatabus \Device\0000008d prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \FileSystem\Fastfat \Fat 856F61F8

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \FileSystem\Cdfs \Cdfs 857C01F8

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x53 0x87 0x10 0xCE ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xE3 0x9D 0xAC 0x2E ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xD4 0xB5 0x6D 0x05 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA6 0x4B 0xC4 0xA5 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xAB 0x3F 0x43 0x71 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x71 0x9A 0x06 0x21 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x34 0x77 0xA7 0x9F ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x53 0x87 0x10 0xCE ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xE3 0x9D 0xAC 0x2E ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xD4 0xB5 0x6D 0x05 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA6 0x4B 0xC4 0xA5 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x7F 0x15 0x1E 0xF8 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x34 0x77 0xA7 0x9F ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x14 0x3D 0xEE 0x20 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x53 0x87 0x10 0xCE ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xE3 0x9D 0xAC 0x2E ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xD4 0xB5 0x6D 0x05 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA6 0x4B 0xC4 0xA5 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0F 0x0F 0xB7 0x15 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x34 0x77 0xA7 0x9F ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x53 0x87 0x10 0xCE ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xE3 0x9D 0xAC 0x2E ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xD4 0xB5 0x6D 0x05 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x75 0x53 0xE1 0xF9 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x53 0x87 0x10 0xCE ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xE3 0x9D 0xAC 0x2E ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xD4 0xB5 0x6D 0x05 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x75 0x53 0xE1 0xF9 ...

    ---- EOF - GMER 1.0.15 ----

    Hope that helps

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •