GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-27 15:20:57
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                                                                                                                               ZwAdjustPrivilegesToken [0xA91B381A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                                                                                                                               ZwClose [0xA91B3DC6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                                                                                                                               ZwConnectPort [0xA91B582A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                                                                                                                               ZwCreateFile [0xA91B51E0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                                                                                                                               ZwCreateKey [0xA91B2F90]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                                                                                                                               ZwCreateSymbolicLinkObject [0xA91B718C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                                                                                                                               ZwCreateThread [0xA91B3BC2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                                                                                                                               ZwDeleteKey [0xA91B33D2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                                                                                                                               ZwDeleteValueKey [0xA91B35D2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                                                                                                                               ZwDeviceIoControlFile [0xA91B54EC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                                                                                                                               ZwDuplicateObject [0xA91B7698]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                                                                                                                               ZwEnumerateKey [0xA91B36E8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                                                                                                                               ZwEnumerateValueKey [0xA91B3750]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                                                                                                                               ZwFsControlFile [0xA91B53A2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                                                                                                                               ZwLoadDriver [0xA91B6C50]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                                                                                                                               ZwOpenFile [0xA91B503C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                                                                                                                               ZwOpenKey [0xA91B30F2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                                                                                                                               ZwOpenProcess [0xA91B39E8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                                                                                                                               ZwOpenSection [0xA91B71B6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                                                                                                                               ZwOpenThread [0xA91B393E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                                                                                                                               ZwQueryKey [0xA91B37B8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                                                                                                                               ZwQueryMultipleValueKey [0xA91B34BC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                                                                                                                               ZwQueryValueKey [0xA91B329A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                                                                                                                               ZwQueueApcThread [0xA91B6EB8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                                                                                                                               ZwReplaceKey [0xA91B2C12]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                                                                                                                               ZwRequestWaitReplyPort [0xA91B60B4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                                                                                                                               ZwRestoreKey [0xA91B2D74]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                                                                                                                               ZwResumeThread [0xA91B7568]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                                                                                                                               ZwSaveKey [0xA91B2A10]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                                                                                                                               ZwSecureConnectPort [0xA91B56CC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                                                                                                                               ZwSetContextThread [0xA91B3CC0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                                                                                                                               ZwSetSecurityObject [0xA91B6D4A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                                                                                                                               ZwSetSystemInformation [0xA91B71E0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                                                                                                                               ZwSetValueKey [0xA91B3148]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                                                                                                                               ZwSuspendProcess [0xA91B72C4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                                                                                                                               ZwSuspendThread [0xA91B73F0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                                                                                                                               ZwSystemDebugControl [0xA91B6B7C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                                                                                                                               ZwTerminateProcess [0xA91B3A92]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                                                                                                                               ZwWriteVirtualMemory [0xA91B3B04]

INT 0x62        ?                                                                                                                                                                                                                                 8A533BF8
INT 0x63        ?                                                                                                                                                                                                                                 8A0E6BF8
INT 0x73        ?                                                                                                                                                                                                                                 8A533BF8
INT 0x73        ?                                                                                                                                                                                                                                 8A533BF8
INT 0x73        ?                                                                                                                                                                                                                                 8A533BF8
INT 0x73        ?                                                                                                                                                                                                                                 8A533BF8
INT 0x73        ?                                                                                                                                                                                                                                 8A0E6BF8
INT 0x73        ?                                                                                                                                                                                                                                 8A533BF8
INT 0x82        ?                                                                                                                                                                                                                                 8A533BF8
INT 0xB4        ?                                                                                                                                                                                                                                 8A0E6BF8

Code            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                                                                                                                               FsRtlCheckLockForReadAccess
Code            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)                                                                                                                                               IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.14 ----

.text           ntoskrnl.exe!_abnormal_termination + 24D                                                                                                                                                                                          804E28A9 3 Bytes  [ 39, 1B, A9 ]
.text           ntoskrnl.exe!_abnormal_termination + 440                                                                                                                                                                                          804E2A9C 12 Bytes  [ C4, 72, 1B, A9, F0, 73, 1B, ... ]
.text           ntoskrnl.exe!IoIsOperationSynchronous                                                                                                                                                                                             804E875A 5 Bytes  JMP A91CA3D6 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
.text           ntoskrnl.exe!FsRtlCheckLockForReadAccess                                                                                                                                                                                          80503289 5 Bytes  JMP A91CA01C \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
?               sphi.sys                                                                                                                                                                                                                          Ia oaaaony iaeoe oeacaiiue oaee. !
?               Combo-Fix.sys                                                                                                                                                                                                                     Ia oaaaony iaeoe oeacaiiue oaee. !
.text           USBPORT.SYS!DllUnload                                                                                                                                                                                                             B966980C 5 Bytes  JMP 8A0E61D8 
.text           a5oec4jq.SYS                                                                                                                                                                                                                      B938E386 35 Bytes  [ 00, 00, 00, 00, 00, 00, 20, ... ]
.text           a5oec4jq.SYS                                                                                                                                                                                                                      B938E3AA 24 Bytes  [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text           a5oec4jq.SYS                                                                                                                                                                                                                      B938E3C4 3 Bytes  [ 00, 70, 02 ]
.text           a5oec4jq.SYS                                                                                                                                                                                                                      B938E3C9 1 Byte  [ 2E ]
.text           a5oec4jq.SYS                                                                                                                                                                                                                      B938E3CB 9 Bytes  [ 00, 00, 5A, 02, 00, 00, 00, ... ]
.text           ...                                                                                                                                                                                                                               
?               C:\ComboFix\catchme.sys                                                                                                                                                                                                           Nenoaia ia oaaaony iaeoe oeacaiiue ioou. !
?               C:\WINDOWS\system32\Drivers\PROCEXP90.SYS                                                                                                                                                                                         Ia oaaaony iaeoe oeacaiiue oaee. !

---- User code sections - GMER 1.0.14 ----

?               C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1892] C:\WINDOWS\system32\kernel32.dll                                                                                                                    time/date stamp mismatch; 
.text           C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[1892] USER32.dll!VRipOutput + FFFA4C6F                                                                                                                    7E362A78 4 Bytes  [ 70, 11, 41, 6D ]
?               C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[2032] C:\WINDOWS\system32\kernel32.dll                                                                                                                    time/date stamp mismatch; 
.text           C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[2032] USER32.dll!VRipOutput + FFFA4C6F                                                                                                                    7E362A78 4 Bytes  [ 70, 11, 41, 6D ]
.text           C:\Program Files\internet explorer\iexplore.exe[3920] USER32.dll!DialogBoxParamW                                                                                                                                                  7E375F8F 5 Bytes  JMP 4360F2C1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\internet explorer\iexplore.exe[3920] USER32.dll!DialogBoxIndirectParamW                                                                                                                                          7E382062 5 Bytes  JMP 437A028F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\internet explorer\iexplore.exe[3920] USER32.dll!MessageBoxIndirectA                                                                                                                                              7E38A06A 5 Bytes  JMP 437A0210 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\internet explorer\iexplore.exe[3920] USER32.dll!DialogBoxParamA                                                                                                                                                  7E38B12C 5 Bytes  JMP 437A0254 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\internet explorer\iexplore.exe[3920] USER32.dll!MessageBoxExW                                                                                                                                                    7E3A0750 5 Bytes  JMP 437A019C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\internet explorer\iexplore.exe[3920] USER32.dll!MessageBoxExA                                                                                                                                                    7E3A0774 5 Bytes  JMP 437A01D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\internet explorer\iexplore.exe[3920] USER32.dll!DialogBoxIndirectParamA                                                                                                                                          7E3A6CD0 5 Bytes  JMP 437A02CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\internet explorer\iexplore.exe[3920] USER32.dll!MessageBoxIndirectW                                                                                                                                              7E3B6425 5 Bytes  JMP 4363166E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT             \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint]                                                                                                                                                                8A4C75E0
IAT             atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                                                                                                                                [F74D8040] sphi.sys
IAT             atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                                                                                                                                        [F74D813C] sphi.sys
IAT             atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                                                                                                                               [F74D80BE] sphi.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                                                                                                                                       [F74D87FC] sphi.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                                                                                                                               [F74D86D2] sphi.sys
IAT             \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint]                                                                                                                                                              8A0E62D8
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!RtlInitUnicodeString]                                                                                                                                                      2296E852
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!swprintf]                                                                                                                                                                  478B0000
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!KeSetEvent]                                                                                                                                                                50016A40
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!IoCreateSymbolicLink]                                                                                                                                                      1CAC8E8D
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!IoGetConfigurationInformation]                                                                                                                                             E8510000
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!IoDeleteSymbolicLink]                                                                                                                                                      00002284
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!MmFreeMappingAddress]                                                                                                                                                      6A18538B
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!IoFreeErrorLogEntry]                                                                                                                                                       868D5200
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!IoDisconnectInterrupt]                                                                                                                                                     00001C98
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!MmUnmapIoSpace]                                                                                                                                                            2272E850
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!ObReferenceObjectByPointer]                                                                                                                                                4B8B0000
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!IofCompleteRequest]                                                                                                                                                        51016A18
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!RtlCompareUnicodeString]                                                                                                                                                   1CB4968D
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!IofCallDriver]                                                                                                                                                             E8520000
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!MmAllocateMappingAddress]                                                                                                                                                  00002260
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry]                                                                                                                                                   8A05478A
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!IoConnectInterrupt]                                                                                                                                                        001CBB8E
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!IoDetachDevice]                                                                                                                                                            30C48300
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!KeWaitForSingleObject]                                                                                                                                                     1CBD8688
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!KeInitializeEvent]                                                                                                                                                         80E90000
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString]                                                                                                                                              C6000000
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!RtlInitAnsiString]                                                                                                                                                         001CBB86
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest]                                                                                                                                             438B0100
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!IoQueueWorkItem]                                                                                                                                                           8E8D5018
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!MmMapIoSpace]                                                                                                                                                              00001C90
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations]                                                                                                                                               2232E851
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!IoReportDetectedDevice]                                                                                                                                                    538B0000
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!IoReportResourceForDetection]                                                                                                                                              52016A18
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize]                                                                                                                                               1CAC868D
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!NlsMbCodePageTag]                                                                                                                                                          E8500000
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!PoRequestPowerIrp]                                                                                                                                                         00002220
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue]                                                                                                                                                  8A05478A
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection]                                                                                                                                          001CBB8E
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!sprintf]                                                                                                                                                                   18C48300
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache]                                                                                                                                              1CBD8688
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!ObfDereferenceObject]                                                                                                                                                      43EB0000
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference]                                                                                                                                              320C538A
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!IoInvalidateDeviceState]                                                                                                                                                   88F93BC0
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!ZwClose]                                                                                                                                                                   001CBB96
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!ObReferenceObjectByHandle]                                                                                                                                                 F6317300
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!ZwCreateDirectoryObject]                                                                                                                                                   74070647
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest]                                                                                                                                              75C0841A
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!PoStartNextPowerIrp]                                                                                                                                                       05578A0B
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!PoCallDriver]                                                                                                                                                              968801B0
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!IoCreateDevice]                                                                                                                                                            00001CBD
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension]                                                                                                                                           57B60F66
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!RtlQueryRegistryValues]                                                                                                                                                    533B6604
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!ZwOpenKey]                                                                                                                                                                 03087408
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!RtlFreeUnicodeString]                                                                                                                                                      72F93B3F
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!IoStartTimer]                                                                                                                                                              8A09EBDA
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!KeInitializeTimer]                                                                                                                                                         86880547
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!IoInitializeTimer]                                                                                                                                                         00001CBD
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!KeInitializeDpc]                                                                                                                                                           88084B8A
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!KeInitializeSpinLock]                                                                                                                                                      001CBE8E
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!IoInitializeIrp]                                                                                                                                                           40578B00
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!ZwCreateKey]                                                                                                                                                               8D52006A
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString]                                                                                                                                            001CC086
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString]                                                                                                                                                 B1E85000
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!ZwSetValueKey]                                                                                                                                                             8B000021
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!KeInsertQueueDpc]                                                                                                                                                          001CB88E
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel]                                                                                                                                              BC968B00
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!IoStartPacket]                                                                                                                                                             8900001C
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel]                                                                                                                                            001CC48E
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest]                                                                                                                                             C8968900
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!IoFreeMdl]                                                                                                                                                                 8B00001C
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!MmUnlockPages]                                                                                                                                                             016A4047
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!IoWriteErrorLogEntry]                                                                                                                                                      CCC68150
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue]                                                                                                                                                  5600001C
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping]                                                                                                                                       002187E8
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!MmUnmapReservedMapping]                                                                                                                                                    18C48300
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!KeSynchronizeExecution]                                                                                                                                                    5D5B5E5F
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!IoStartNextPacket]                                                                                                                                                         CCCCCCC3
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!KeBugCheckEx]                                                                                                                                                              CCCCCCCC
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!KeRemoveDeviceQueue]                                                                                                                                                       CCCCCCCC
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!KeSetTimer]                                                                                                                                                                CCCCCCCC
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!KeCancelTimer]                                                                                                                                                             8BEC8B55
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!_allmul]                                                                                                                                                                   00C73445
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!MmProbeAndLockPages]                                                                                                                                                       00000000
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!_except_handler3]                                                                                                                                                          830C458B
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!PoSetPowerState]                                                                                                                                                           C0840CEC
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey]                                                                                                                                                   053C0D74
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!RtlWriteRegistryValue]                                                                                                                                                     57B80974
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!_aulldiv]                                                                                                                                                                  8B000000
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!strstr]                                                                                                                                                                    56C35DE5
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!_strupr]                                                                                                                                                                   8D08758B
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!KeQuerySystemTime]                                                                                                                                                         8D51FC4D
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!IoWMIRegistrationControl]                                                                                                                                                  8D52FD55
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!KeTickCount]                                                                                                                                                               8D51FE4D
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack]                                                                                                                                               8D52FF55
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!IoDeleteDevice]                                                                                                                                                            8D51F84D
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!ExAllocatePoolWithTag]                                                                                                                                                     5052F455
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!IoAllocateWorkItem]                                                                                                                                                        EACAE856
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!IoAllocateIrp]                                                                                                                                                             C483FFFF
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!IoAllocateMdl]                                                                                                                                                             0FC08520
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool]                                                                                                                                                 0001B185
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!MmLockPagableDataSection]                                                                                                                                                  46B70F00
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!IoGetDriverObjectExtension]                                                                                                                                                F44D8B48
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!MmUnlockPagableImageSection]                                                                                                                                               C1815753
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!ExFreePoolWithTag]                                                                                                                                                         00002590
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!IoFreeIrp]                                                                                                                                                                 467C8D51
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!IoFreeWorkItem]                                                                                                                                                            76F6E84A
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!InitSafeBootMode]                                                                                                                                                          D88BFFFF
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!RtlCompareMemory]                                                                                                                                                          8504C483
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!RtlCopyUnicodeString]                                                                                                                                                      5F0A75DB
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!memmove]                                                                                                                                                                   5B08438D
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[ntoskrnl.exe!MmHighestUserAddress]                                                                                                                                                      5DE58B5E
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[HAL.dll!KfAcquireSpinLock]                                                                                                                                                              4B8BDF8B
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[HAL.dll!READ_PORT_UCHAR]                                                                                                                                                                8D3F0304
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[HAL.dll!KeGetCurrentIrql]                                                                                                                                                               CB033043
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[HAL.dll!KfRaiseIrql]                                                                                                                                                                    0673C13B
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[HAL.dll!KfLowerIrql]                                                                                                                                                                    C13B0003
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[HAL.dll!HalGetInterruptVector]                                                                                                                                                          8366FA72
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[HAL.dll!HalTranslateBusAddress]                                                                                                                                                         75000E7B
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[HAL.dll!KeStallExecutionProcessor]                                                                                                                                                      0B7D80E3
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[HAL.dll!KfReleaseSpinLock]                                                                                                                                                              307B8D00
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                                                                                                        00AA840F
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[HAL.dll!READ_PORT_USHORT]                                                                                                                                                               83660000
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                                                                                                       6A000E7A
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                                                                                                                               C6647400
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[WMILIB.SYS!WmiSystemControl]                                                                                                                                                            4F8B0200
IAT             \SystemRoot\System32\Drivers\a5oec4jq.SYS[WMILIB.SYS!WmiCompleteRequest]                                                                                                                                                          968D5140
IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[ntoskrnl.exe!IoCreateDevice]                                                                                                                                                               [BAB00D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject]                                                                                                                                                           [BAB00DF0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT             \SystemRoot\system32\DRIVERS\netbt.sys[ntoskrnl.exe!IoCreateDevice]                                                                                                                                                               [BAB00D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT             \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject]                                                                                                                                                           [BAB00DF0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT             \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateDevice]                                                                                                                                                                 [BAB00D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT             \SystemRoot\system32\DRIVERS\netbios.sys[ntoskrnl.exe!IoCreateDevice]                                                                                                                                                             [BAB00D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT             \SystemRoot\system32\DRIVERS\rdbss.sys[ntoskrnl.exe!IoCreateDevice]                                                                                                                                                               [BAB00D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT             \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IoCreateDevice]                                                                                                                                                              [BAB00D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT             \SystemRoot\system32\DRIVERS\ipnat.sys[ntoskrnl.exe!IoCreateDevice]                                                                                                                                                               [BAB00D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT             \SystemRoot\system32\DRIVERS\wanarp.sys[ntoskrnl.exe!IoCreateDevice]                                                                                                                                                              [BAB00D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT             \SystemRoot\system32\DRIVERS\usbccgp.sys[NTOSKRNL.EXE!IoCreateDevice]                                                                                                                                                             [BAB00D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT             \SystemRoot\system32\DRIVERS\usbscan.sys[ntoskrnl.exe!IoCreateDevice]                                                                                                                                                             [BAB00D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT             \SystemRoot\system32\DRIVERS\usbprint.sys[ntoskrnl.exe!IoCreateDevice]                                                                                                                                                            [BAB00D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT             \SystemRoot\System32\Drivers\Cdfs.SYS[ntoskrnl.exe!IoCreateDevice]                                                                                                                                                                [BAB00D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT             \SystemRoot\system32\DRIVERS\ndisuio.sys[ntoskrnl.exe!IoCreateDevice]                                                                                                                                                             [BAB00D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT             \SystemRoot\system32\DRIVERS\rspndr.sys[ntoskrnl.exe!IoCreateDevice]                                                                                                                                                              [BAB00D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT             \SystemRoot\system32\DRIVERS\mrxdav.sys[ntoskrnl.exe!IoCreateDevice]                                                                                                                                                              [BAB00D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT             \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateDevice]                                                                                                                                                                 [BAB00D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT             \SystemRoot\system32\drivers\wdmaud.sys[ntoskrnl.exe!IoCreateDevice]                                                                                                                                                              [BAB00D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT             \SystemRoot\system32\drivers\sysaudio.sys[ntoskrnl.exe!IoCreateDevice]                                                                                                                                                            [BAB00D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT             \SystemRoot\System32\Drivers\HTTP.sys[ntoskrnl.exe!IoCreateDevice]                                                                                                                                                                [BAB00D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT             \SystemRoot\system32\drivers\kmixer.sys[ntoskrnl.exe!IoCreateDevice]                                                                                                                                                              [BAB00D40] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- Devices - GMER 1.0.14 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                                                                                                                            8A5321F8

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                                                                                                                          kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device          \Driver\PCI_PNP4538 \Device\00000041                                                                                                                                                                                              sphi.sys
Device          \Driver\PCI_PNP4538 \Device\00000041                                                                                                                                                                                              sphi.sys
Device          \Driver\usbuhci \Device\USBPDO-0                                                                                                                                                                                                  8A0E51F8
Device          \Driver\dmio \Device\DmControl\DmIoDaemon                                                                                                                                                                                         8A4C51F8
Device          \Driver\dmio \Device\DmControl\DmConfig                                                                                                                                                                                           8A4C51F8
Device          \Driver\dmio \Device\DmControl\DmPnP                                                                                                                                                                                              8A4C51F8
Device          \Driver\dmio \Device\DmControl\DmInfo                                                                                                                                                                                             8A4C51F8
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                                                                                                                                  8A0E51F8
Device          \Driver\usbuhci \Device\USBPDO-2                                                                                                                                                                                                  8A0E51F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{BCC49F5E-3BA1-4ACB-87A9-D7BB098ADF10}                                                                                                                                                          89D161F8
Device          \Driver\usbuhci \Device\USBPDO-3                                                                                                                                                                                                  8A0E51F8
Device          \Driver\usbehci \Device\USBPDO-4                                                                                                                                                                                                  8A0B81F8

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                                                                                                                         kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                                                                                                                                            8A5341F8
Device          \Driver\Ftdisk \Device\HarddiskVolume2                                                                                                                                                                                            8A5341F8
Device          \Driver\Cdrom \Device\CdRom0                                                                                                                                                                                                      8A0A41F8
Device          \Driver\Ftdisk \Device\HarddiskVolume3                                                                                                                                                                                            8A5341F8
Device          \Driver\Cdrom \Device\CdRom1                                                                                                                                                                                                      8A0A41F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                                                                                                                                8A5331F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                                                                                                                                8A5331F8
Device          \Driver\atapi \Device\Ide\IdePort2                                                                                                                                                                                                8A5331F8
Device          \Driver\atapi \Device\Ide\IdePort3                                                                                                                                                                                                8A5331F8
Device          \Driver\atapi \Device\Ide\IdePort4                                                                                                                                                                                                8A5331F8
Device          \Driver\atapi \Device\Ide\IdePort5                                                                                                                                                                                                8A5331F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-16                                                                                                                                                                                      8A5331F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-9                                                                                                                                                                                       8A5331F8
Device          \Driver\Ftdisk \Device\HarddiskVolume4                                                                                                                                                                                            8A5341F8
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                                                                                                                                           89D161F8
Device          \Driver\NetBT \Device\NetbiosSmb                                                                                                                                                                                                  89D161F8

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                                                                                                                         kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                                                                                                                       kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device          \Driver\usbuhci \Device\USBFDO-0                                                                                                                                                                                                  8A0E51F8
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                                                                                                                                  8A0E51F8
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                                                                                                                                 89CFB1F8
Device          \Driver\usbuhci \Device\USBFDO-2                                                                                                                                                                                                  8A0E51F8
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                                                                                                                                       89CFB1F8
Device          \Driver\usbuhci \Device\USBFDO-3                                                                                                                                                                                                  8A0E51F8
Device          \Driver\usbehci \Device\USBFDO-4                                                                                                                                                                                                  8A0B81F8
Device          \Driver\Ftdisk \Device\FtControl                                                                                                                                                                                                  8A5341F8
Device          \Driver\sptd \Device\2339028288                                                                                                                                                                                                   sphi.sys
Device          \Driver\a5oec4jq \Device\Scsi\a5oec4jq1                                                                                                                                                                                           8A0A21F8
Device          \Driver\a5oec4jq \Device\Scsi\a5oec4jq1Port6Path0Target0Lun0                                                                                                                                                                      8A0A21F8
Device          \FileSystem\Cdfs \Cdfs                                                                                                                                                                                                            8A1291F8

---- Registry - GMER 1.0.14 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0W\0A\0N\0 \0(\0L\0002\0T\0P\0)                                                                     1?
Reg             HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0W\0A\0N\0 \0(\0P\0P\0T\0P\0)                                                                       1?
Reg             HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0W\0A\0N\0 \0(\0P\0P\0P\0o\0E\0)                                                                    1?
Reg             HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\37\4@\4O\4<\4>\49\4 \0?\0040\4@\0040\4;\4;\0045\4;\4L\4=\4K\49\4 \0?\4>\4@\4B\4                                                1?
Reg             HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0W\0A\0N\0 \0(\0I\0P\0)                                                                             1?
Reg             HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@#\4A\4B\4@\4>\49\4A\4B\0042\4>\4 \0B\0l\0u\0e\0t\0o\0o\0t\0h\0 \0(\0?\4@\4>\4B\4>\4:\4>\4;\4 \0R\0F\0C\0O\0M\0M\0 \0T\0D\0I\0)  1?
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a9413155a                                                                                                                                                       
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a9413155a@001c9a1f9563                                                                                                                                          0x85 0xC2 0xB9 0xD8 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                                                                                                                                771343423
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                                                                                                                                285507792
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                                                                                                                                1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                                                                                                                                  
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                                                                                                                               C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                                                                                                               0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                                                                                                            0x49 0xB4 0xF5 0xEA ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                                                                                                                                         
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                                                                                                                      0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                                                                                                                   0xF6 0x85 0x31 0xAF ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                                                                                                                                   
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                                                                                                                             0x5C 0xD8 0x17 0xEA ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries\{d4a6b3ff-b6c4-4a40-9516-c11fc9b9374a}@\20\4B\4@\48\0041\4C\4B\4K\4 \0E\4@\0040\4=\0045\4=\48\4O\4 \0004\0040\4=\4=\4K\4E\4                                          33
Reg             HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0W\0A\0N\0 \0(\0L\0002\0T\0P\0)                                                                         1?
Reg             HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0W\0A\0N\0 \0(\0P\0P\0T\0P\0)                                                                           1?
Reg             HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0W\0A\0N\0 \0(\0P\0P\0P\0o\0E\0)                                                                        1?
Reg             HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\37\4@\4O\4<\4>\49\4 \0?\0040\4@\0040\4;\4;\0045\4;\4L\4=\4K\49\4 \0?\4>\4@\4B\4                                                    1?
Reg             HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0W\0A\0N\0 \0(\0I\0P\0)                                                                                 1?
Reg             HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@#\4A\4B\4@\4>\49\4A\4B\0042\4>\4 \0B\0l\0u\0e\0t\0o\0o\0t\0h\0 \0(\0?\4@\4>\4B\4>\4:\4>\4;\4 \0R\0F\0C\0O\0M\0M\0 \0T\0D\0I\0)      1?
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a9413155a                                                                                                                                                           
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a9413155a@001c9a1f9563                                                                                                                                              0x85 0xC2 0xB9 0xD8 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                                                                                                                                      
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                                                                                                                                   C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                                                                                                                   0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                                                                                                                0x49 0xB4 0xF5 0xEA ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                                                                                                                                             
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                                                                                                                          0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                                                                                                                       0xF6 0x85 0x31 0xAF ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                                                                                                                                       
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                                                                                                                                 0x5C 0xD8 0x17 0xEA ...
Reg             HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{d4a6b3ff-b6c4-4a40-9516-c11fc9b9374a}@\20\4B\4@\48\0041\4C\4B\4K\4 \0E\4@\0040\4=\0045\4=\48\4O\4 \0004\0040\4=\4=\4K\4E\4                                              33

---- EOF - GMER 1.0.14 ----
