My problem is that when using the search bar in firefox. I am running windows 7 32 bit btw with nod32 for antivirus (which finds nothing). for google some (not all) results lead to the wrong sites, mostly bad news search engines. Occasionally when using the bar to search other sites (not wiki yet though) it will redirect to an entirely different site instead of the results. I have not included a malewarebytes log as I updated it and ran it with no results. I am however including the other requested logs and also a hijackthis log. Any help would be more than appreciated.
GMER -
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-08 02:38:40
Windows 6.1.7600
Running: hzhvw9pp.exe; Driver: C:\Users\Atom\AppData\Local\Temp\pxldqpob.sys
---- System - GMER 1.0.15 ----
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281DAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281D104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281D3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82805634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82805898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281D1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281D958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281D6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281DF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281E1A8
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 8286F8E9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 8288F3D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\Drivers\spmr.sys The system cannot find the path specified. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8E008000, 0x227A14, 0xE8000020]
.text USBPORT.SYS!DllUnload 8E5B6CA0 5 Bytes JMP 858D81D8
.text peauth.sys 96981C9D 28 Bytes JMP 5C6427C1
.text peauth.sys 96981CC1 28 Bytes JMP 5C6427C1
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[696] kernel32.dll!SetUnhandledExceptionFilter 75283162 4 Bytes [C2, 04, 00, 00]
.text C:\Windows\system32\svchost.exe[972] ntdll.dll!NtProtectVirtualMemory 76E25380 5 Bytes JMP 0021000A
.text C:\Windows\system32\svchost.exe[972] ntdll.dll!NtWriteVirtualMemory 76E25F00 5 Bytes JMP 0022000A
.text C:\Windows\system32\svchost.exe[972] ntdll.dll!KiUserExceptionDispatcher 76E26448 5 Bytes JMP 0014000A
.text C:\Windows\system32\svchost.exe[972] ole32.dll!CoCreateInstance 75D957FC 5 Bytes JMP 0047000A
.text C:\Windows\system32\svchost.exe[972] USER32.dll!GetCursorPos 75C7C198 5 Bytes JMP 00A6000A
.text C:\Windows\explorer.exe[6572] ntdll.dll!NtProtectVirtualMemory 76E25380 5 Bytes JMP 0028000A
.text C:\Windows\explorer.exe[6572] ntdll.dll!NtWriteVirtualMemory 76E25F00 5 Bytes JMP 0029000A
.text C:\Windows\explorer.exe[6572] ntdll.dll!KiUserExceptionDispatcher 76E26448 5 Bytes JMP 0027000A
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\pci.sys[ntoskrnl.exe!IoDetachDevice] [83643ECE] \SystemRoot\System32\Drivers\spmr.sys
IAT \SystemRoot\system32\DRIVERS\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [83643F22] \SystemRoot\System32\Drivers\spmr.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8361690E] \SystemRoot\System32\Drivers\spmr.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [83616F9C] \SystemRoot\System32\Drivers\spmr.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [836163E6] \SystemRoot\System32\Drivers\spmr.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [83617178] \SystemRoot\System32\Drivers\spmr.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [836161D4] \SystemRoot\System32\Drivers\spmr.sys
IAT \SystemRoot\system32\DRIVERS\ataport.SYS[ntoskrnl.exe!KeInsertQueueDpc] 846667E0
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8466E1F8
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
Device \FileSystem\udfs \UdfsCdRom 84F2F1F8
Device \FileSystem\udfs \UdfsDisk 84F2F1F8
Device \Driver\volmgr \Device\VolMgrControl 846681F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B8613016-B79C-4973-9CA1-C3383E66786B} 858001F8
Device \Driver\usbuhci \Device\USBPDO-0 858D91F8
Device \Driver\usbuhci \Device\USBPDO-1 858D91F8
Device \Driver\usbuhci \Device\USBPDO-2 858D91F8
Device \Driver\usbuhci \Device\USBPDO-3 858D91F8
Device \Driver\usbehci \Device\USBPDO-4 85920470
Device \Driver\PCI_PNP7290 \Device\00000056 spmr.sys
Device \Driver\volmgr \Device\HarddiskVolume1 846681F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{9A398067-F41F-4C95-91BB-8F29F51DFC42} 858001F8
Device \Driver\cdrom \Device\CdRom0 8568B1F8
Device \Driver\cdrom \Device\CdRom1 8568B1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8466B1F8
Device \Driver\atapi \Device\Ide\IdePort0 8466B1F8
Device \Driver\atapi \Device\Ide\IdePort1 8466B1F8
Device \Driver\atapi \Device\Ide\IdePort2 8466B1F8
Device \Driver\atapi \Device\Ide\IdePort3 8466B1F8
Device \Driver\atapi \Device\Ide\IdePort4 8466B1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel0 8466C1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel1 8466C1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel2 8466C1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel3 8466C1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 858001F8
Device \Driver\sptd \Device\1990621293 spmr.sys
Device \Driver\ACPI_HAL \Device\0000004d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-0 858D91F8
Device \Driver\usbuhci \Device\USBFDO-1 858D91F8
Device \Driver\usbuhci \Device\USBFDO-2 858D91F8
Device \Driver\usbuhci \Device\USBFDO-3 858D91F8
Device \Driver\usbehci \Device\USBFDO-4 85920470
Device \Driver\axtakl49 \Device\Scsi\axtakl491 859F11F8
Device \Driver\axtakl49 \Device\Scsi\axtakl491Port5Path0Target0Lun0 859F11F8
Device -> \Driver\atapi \Device\Harddisk0\DR0 85376EC5
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xBE 0x1F 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x65 0xB0 0xF8 0x40 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6D 0x81 0x7F 0xB8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4C 0x6B 0xDB 0x68 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xBE 0x1F 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x65 0xB0 0xF8 0x40 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6D 0x81 0x7F 0xB8 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4C 0x6B 0xDB 0x68 ...
---- Files - GMER 1.0.15 ----
File C:\Windows\system32\drivers\atapi.sys suspicious modification
---- EOF - GMER 1.0.15 ----
GMER -
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-08 02:38:40
Windows 6.1.7600
Running: hzhvw9pp.exe; Driver: C:\Users\Atom\AppData\Local\Temp\pxldqpob.sys
---- System - GMER 1.0.15 ----
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281DAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281D104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281D3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82805634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82805898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281D1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281D958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281D6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281DF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281E1A8
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 8286F8E9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 8288F3D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\Drivers\spmr.sys The system cannot find the path specified. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8E008000, 0x227A14, 0xE8000020]
.text USBPORT.SYS!DllUnload 8E5B6CA0 5 Bytes JMP 858D81D8
.text peauth.sys 96981C9D 28 Bytes JMP 5C6427C1
.text peauth.sys 96981CC1 28 Bytes JMP 5C6427C1
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[696] kernel32.dll!SetUnhandledExceptionFilter 75283162 4 Bytes [C2, 04, 00, 00]
.text C:\Windows\system32\svchost.exe[972] ntdll.dll!NtProtectVirtualMemory 76E25380 5 Bytes JMP 0021000A
.text C:\Windows\system32\svchost.exe[972] ntdll.dll!NtWriteVirtualMemory 76E25F00 5 Bytes JMP 0022000A
.text C:\Windows\system32\svchost.exe[972] ntdll.dll!KiUserExceptionDispatcher 76E26448 5 Bytes JMP 0014000A
.text C:\Windows\system32\svchost.exe[972] ole32.dll!CoCreateInstance 75D957FC 5 Bytes JMP 0047000A
.text C:\Windows\system32\svchost.exe[972] USER32.dll!GetCursorPos 75C7C198 5 Bytes JMP 00A6000A
.text C:\Windows\explorer.exe[6572] ntdll.dll!NtProtectVirtualMemory 76E25380 5 Bytes JMP 0028000A
.text C:\Windows\explorer.exe[6572] ntdll.dll!NtWriteVirtualMemory 76E25F00 5 Bytes JMP 0029000A
.text C:\Windows\explorer.exe[6572] ntdll.dll!KiUserExceptionDispatcher 76E26448 5 Bytes JMP 0027000A
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\pci.sys[ntoskrnl.exe!IoDetachDevice] [83643ECE] \SystemRoot\System32\Drivers\spmr.sys
IAT \SystemRoot\system32\DRIVERS\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [83643F22] \SystemRoot\System32\Drivers\spmr.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8361690E] \SystemRoot\System32\Drivers\spmr.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [83616F9C] \SystemRoot\System32\Drivers\spmr.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [836163E6] \SystemRoot\System32\Drivers\spmr.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [83617178] \SystemRoot\System32\Drivers\spmr.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [836161D4] \SystemRoot\System32\Drivers\spmr.sys
IAT \SystemRoot\system32\DRIVERS\ataport.SYS[ntoskrnl.exe!KeInsertQueueDpc] 846667E0
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8466E1F8
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
Device \FileSystem\udfs \UdfsCdRom 84F2F1F8
Device \FileSystem\udfs \UdfsDisk 84F2F1F8
Device \Driver\volmgr \Device\VolMgrControl 846681F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B8613016-B79C-4973-9CA1-C3383E66786B} 858001F8
Device \Driver\usbuhci \Device\USBPDO-0 858D91F8
Device \Driver\usbuhci \Device\USBPDO-1 858D91F8
Device \Driver\usbuhci \Device\USBPDO-2 858D91F8
Device \Driver\usbuhci \Device\USBPDO-3 858D91F8
Device \Driver\usbehci \Device\USBPDO-4 85920470
Device \Driver\PCI_PNP7290 \Device\00000056 spmr.sys
Device \Driver\volmgr \Device\HarddiskVolume1 846681F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{9A398067-F41F-4C95-91BB-8F29F51DFC42} 858001F8
Device \Driver\cdrom \Device\CdRom0 8568B1F8
Device \Driver\cdrom \Device\CdRom1 8568B1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8466B1F8
Device \Driver\atapi \Device\Ide\IdePort0 8466B1F8
Device \Driver\atapi \Device\Ide\IdePort1 8466B1F8
Device \Driver\atapi \Device\Ide\IdePort2 8466B1F8
Device \Driver\atapi \Device\Ide\IdePort3 8466B1F8
Device \Driver\atapi \Device\Ide\IdePort4 8466B1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel0 8466C1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel1 8466C1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel2 8466C1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel3 8466C1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 858001F8
Device \Driver\sptd \Device\1990621293 spmr.sys
Device \Driver\ACPI_HAL \Device\0000004d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-0 858D91F8
Device \Driver\usbuhci \Device\USBFDO-1 858D91F8
Device \Driver\usbuhci \Device\USBFDO-2 858D91F8
Device \Driver\usbuhci \Device\USBFDO-3 858D91F8
Device \Driver\usbehci \Device\USBFDO-4 85920470
Device \Driver\axtakl49 \Device\Scsi\axtakl491 859F11F8
Device \Driver\axtakl49 \Device\Scsi\axtakl491Port5Path0Target0Lun0 859F11F8
Device -> \Driver\atapi \Device\Harddisk0\DR0 85376EC5
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xBE 0x1F 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x65 0xB0 0xF8 0x40 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6D 0x81 0x7F 0xB8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4C 0x6B 0xDB 0x68 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xBE 0x1F 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x65 0xB0 0xF8 0x40 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6D 0x81 0x7F 0xB8 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4C 0x6B 0xDB 0x68 ...
---- Files - GMER 1.0.15 ----
File C:\Windows\system32\drivers\atapi.sys suspicious modification
---- EOF - GMER 1.0.15 ----