Thread: Pest Trap, mssync.sys, Trojan dialers
View Single Post
Old 07-27-2006, 07:39 AM   #42 (permalink)
sakahowdah
Registered User
 
Join Date: Jul 2006
Posts: 33
OS: XP


Here's the GMER log as per your request:
-----------------------------------------------------------------------

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-07-27 09:37:41
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.10 ----

SSDT 81FAD8D8 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\mssync20.sys ZwCreateFile <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\system32\mssync20.sys ZwCreateKey <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\system32\mssync20.sys ZwEnumerateKey <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\system32\mssync20.sys ZwEnumerateValueKey <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\system32\mssync20.sys ZwOpenFile <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\system32\mssync20.sys ZwOpenKey <-- ROOTKIT !!!
SSDT \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys ZwOpenProcess
SSDT 81F82460 ZwOpenThread
SSDT \??\C:\WINDOWS\system32\mssync20.sys ZwQueryDirectoryFile <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\system32\mssync20.sys ZwQuerySystemInformation <-- ROOTKIT !!!
SSDT \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys ZwTerminateProcess

---- Services - GMER 1.0.10 ----

Service C:\WINDOWS\system32\mssync20.sys (*** hidden *** ) [AUTO] mssync2020 <-- ROOTKIT !!!

---- Registry - GMER 1.0.10 ----

Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@mssync20 C:\WINDOWS\system32\mssync20.exe
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices@mssync20 C:\WINDOWS\system32\mssync20.exe
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\##?#Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\#{4245ff73-1db4-11d2-86e4-98ae20524153}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196}
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\##?#Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\#{4245ff73-1db4-11d2-86e4-98ae20524153}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft Kernel Acoustic Echo Canceller
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\##?#Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\#{6c1b9f60-c0a9-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196}
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\##?#Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\#{6c1b9f60-c0a9-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft Kernel GS Wavetable Synthesizer
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\##?#Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\#{6c1b9f60-c0a9-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FilterData 0x02 0x00 0x00 0x00 ...
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\##?#Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\#{eec12db6-ad9c-4168-8658-b03daef417fe}&{ABD61E00-9350-47e2-A632-4438B90C6641}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196}
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\##?#Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\#{eec12db6-ad9c-4168-8658-b03daef417fe}&{ABD61E00-9350-47e2-A632-4438B90C6641}\Device Parameters@FriendlyName Microsoft Kernel DRM Audio Descrambler
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\##?#Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\#{eec12db6-ad9c-4168-8658-b03daef417fe}&{ABD61E00-9350-47e2-A632-4438B90C6641}\Device Parameters@FilterData 0x02 0x00 0x00 0x00 ...
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{3e227e76-690d-11d2-8161-0000f8775bf1}\##?#Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}\#{cd171de3-69e5-11d2-b56d-0000f8754380}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196}
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{3e227e76-690d-11d2-8161-0000f8775bf1}\##?#Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}\#{cd171de3-69e5-11d2-b56d-0000f8754380}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft WINMM WDM Audio Compatibility Driver
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{2f412ab5-ed3a-4590-ab24-b0ce2aa77d3c}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@SetupPreferredAudioDevicesCount 0
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{2f412ab5-ed3a-4590-ab24-b0ce2aa77d3c}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196}
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{2f412ab5-ed3a-4590-ab24-b0ce2aa77d3c}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft Kernel Audio Splitter
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{4245ff73-1db4-11d2-86e4-98ae20524153}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@SetupPreferredAudioDevicesCount 0
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{4245ff73-1db4-11d2-86e4-98ae20524153}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196}
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{4245ff73-1db4-11d2-86e4-98ae20524153}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft Kernel Acoustic Echo Canceller
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{6c1b9f60-c0a9-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@SetupPreferredAudioDevicesCount 0
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{6c1b9f60-c0a9-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196}
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{6c1b9f60-c0a9-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft Kernel GS Wavetable Synthesizer
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{b7eafdc0-a680-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@SetupPreferredAudioDevicesCount 0
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{b7eafdc0-a680-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196}
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{b7eafdc0-a680-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft Kernel Wave Audio Mixer
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{eec12db6-ad9c-4168-8658-b03daef417fe}&{ABD61E00-9350-47e2-A632-4438B90C6641}\Device Parameters@SetupPreferredAudioDevicesCount 0
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{eec12db6-ad9c-4168-8658-b03daef417fe}&{ABD61E00-9350-47e2-A632-4438B90C6641}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196}
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{eec12db6-ad9c-4168-8658-b03daef417fe}&{ABD61E00-9350-47e2-A632-4438B90C6641}\Device Parameters@FriendlyName Microsoft Kernel DRM Audio Descrambler
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{9ea331fa-b91b-45f8-9285-bd2bc77afcde}\##?#Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}\#{2f412ab5-ed3a-4590-ab24-b0ce2aa77d3c}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196}
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{9ea331fa-b91b-45f8-9285-bd2bc77afcde}\##?#Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}\#{2f412ab5-ed3a-4590-ab24-b0ce2aa77d3c}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft Kernel Audio Splitter
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}\##?#Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}\#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196}
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}\##?#Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}\#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft Kernel System Audio Device
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad809c00-7b88-11d0-a5d6-28db04c10000}\##?#Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}\#{b7eafdc0-a680-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196}
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad809c00-7b88-11d0-a5d6-28db04c10000}\##?#Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}\#{b7eafdc0-a680-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft Kernel Wave Audio Mixer
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{bf963d80-c559-11d0-8a2b-00a0c9255ac1}\##?#Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}\#{4245ff73-1db4-11d2-86e4-98ae20524153}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196}
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{bf963d80-c559-11d0-8a2b-00a0c9255ac1}\##?#Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}\#{4245ff73-1db4-11d2-86e4-98ae20524153}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft Kernel Acoustic Echo Canceller
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{dff220f3-f70f-11d0-b917-00a0c9223196}\##?#Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}\#{6c1b9f60-c0a9-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196}
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{dff220f3-f70f-11d0-b917-00a0c9223196}\##?#Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}\#{6c1b9f60-c0a9-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft Kernel GS Wavetable Synthesizer
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}\##?#Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}\#{eec12db6-ad9c-4168-8658-b03daef417fe}&{ABD61E00-9350-47e2-A632-4438B90C6641}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196}
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}\##?#Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}\#{eec12db6-ad9c-4168-8658-b03daef417fe}&{ABD61E00-9350-47e2-A632-4438B90C6641}\Device Parameters@FriendlyName Microsoft Kernel DRM Audio Descrambler
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSSYNC2020
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSSYNC2020@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSSYNC2020@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSSYNC2020\0000
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSSYNC2020@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020@Type 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020@Start 2
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020@ErrorControl 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020@ImagePath \??\C:\WINDOWS\system32\mssync20.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020@DisplayName mssync2020
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020@Type 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020@Start 2
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020@ErrorControl 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020@ImagePath \??\C:\WINDOWS\system32\mssync20.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020@DisplayName mssync2020
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020\Security
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020@Type 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020@Start 2
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020@ErrorControl 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020@ImagePath \??\C:\WINDOWS\system32\mssync20.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020@DisplayName mssync2020
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020\Enum
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020@Type 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020@Start 2
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020@ErrorControl 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020@ImagePath \??\C:\WINDOWS\system32\mssync20.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020@DisplayName mssync2020
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\##?#Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\#{4245ff73-1db4-11d2-86e4-98ae20524153}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196}
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\##?#Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\#{4245ff73-1db4-11d2-86e4-98ae20524153}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft Kernel Acoustic Echo Canceller
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\##?#Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\#{6c1b9f60-c0a9-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196}
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\##?#Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\#{6c1b9f60-c0a9-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft Kernel GS Wavetable Synthesizer
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\##?#Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\#{6c1b9f60-c0a9-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FilterData 0x02 0x00 0x00 0x00 ...
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\##?#Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\#{eec12db6-ad9c-4168-8658-b03daef417fe}&{ABD61E00-9350-47e2-A632-4438B90C6641}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196}
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\##?#Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\#{eec12db6-ad9c-4168-8658-b03daef417fe}&{ABD61E00-9350-47e2-A632-4438B90C6641}\Device Parameters@FriendlyName Microsoft Kernel DRM Audio Descrambler
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\##?#Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\#{eec12db6-ad9c-4168-8658-b03daef417fe}&{ABD61E00-9350-47e2-A632-4438B90C6641}\Device Parameters@FilterData 0x02 0x00 0x00 0x00 ...
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{3e227e76-690d-11d2-8161-0000f8775bf1}\##?#Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}\#{cd171de3-69e5-11d2-b56d-0000f8754380}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196}
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{3e227e76-690d-11d2-8161-0000f8775bf1}\##?#Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}\#{cd171de3-69e5-11d2-b56d-0000f8754380}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft WINMM WDM Audio Compatibility Driver
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{2f412ab5-ed3a-4590-ab24-b0ce2aa77d3c}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@SetupPreferredAudioDevicesCount 0
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{2f412ab5-ed3a-4590-ab24-b0ce2aa77d3c}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196}
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{2f412ab5-ed3a-4590-ab24-b0ce2aa77d3c}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft Kernel Audio Splitter
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{4245ff73-1db4-11d2-86e4-98ae20524153}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@SetupPreferredAudioDevicesCount 0
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{4245ff73-1db4-11d2-86e4-98ae20524153}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196}
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{4245ff73-1db4-11d2-86e4-98ae20524153}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft Kernel Acoustic Echo Canceller
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{6c1b9f60-c0a9-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@SetupPreferredAudioDevicesCount 0
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{6c1b9f60-c0a9-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196}
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{6c1b9f60-c0a9-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft Kernel GS Wavetable Synthesizer
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{b7eafdc0-a680-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@SetupPreferredAudioDevicesCount 0
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{b7eafdc0-a680-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196}
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{b7eafdc0-a680-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft Kernel Wave Audio Mixer
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{eec12db6-ad9c-4168-8658-b03daef417fe}&{ABD61E00-9350-47e2-A632-4438B90C6641}\Device Parameters@SetupPreferredAudioDevicesCount 0
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{eec12db6-ad9c-4168-8658-b03daef417fe}&{ABD61E00-9350-47e2-A632-4438B90C6641}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196}
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{eec12db6-ad9c-4168-8658-b03daef417fe}&{ABD61E00-9350-47e2-A632-4438B90C6641}\Device Parameters@FriendlyName Microsoft Kernel DRM Audio Descrambler
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{9ea331fa-b91b-45f8-9285-bd2bc77afcde}\##?#Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}\#{2f412ab5-ed3a-4590-ab24-b0ce2aa77d3c}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196}
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{9ea331fa-b91b-45f8-9285-bd2bc77afcde}\##?#Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}\#{2f412ab5-ed3a-4590-ab24-b0ce2aa77d3c}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft Kernel Audio Splitter
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}\##?#Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}\#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196}
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}\##?#Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}\#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft Kernel System Audio Device
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{ad809c00-7b88-11d0-a5d6-28db04c10000}\##?#Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}\#{b7eafdc0-a680-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196}
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{ad809c00-7b88-11d0-a5d6-28db04c10000}\##?#Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}\#{b7eafdc0-a680-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft Kernel Wave Audio Mixer
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{bf963d80-c559-11d0-8a2b-00a0c9255ac1}\##?#Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}\#{4245ff73-1db4-11d2-86e4-98ae20524153}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196}
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{bf963d80-c559-11d0-8a2b-00a0c9255ac1}\##?#Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}\#{4245ff73-1db4-11d2-86e4-98ae20524153}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft Kernel Acoustic Echo Canceller
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{dff220f3-f70f-11d0-b917-00a0c9223196}\##?#Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}\#{6c1b9f60-c0a9-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196}
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{dff220f3-f70f-11d0-b917-00a0c9223196}\##?#Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}\#{6c1b9f60-c0a9-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft Kernel GS Wavetable Synthesizer
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}\##?#Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}\#{eec12db6-ad9c-4168-8658-b03daef417fe}&{ABD61E00-9350-47e2-A632-4438B90C6641}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196}
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}\##?#Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}\#{eec12db6-ad9c-4168-8658-b03daef417fe}&{ABD61E00-9350-47e2-A632-4438B90C6641}\Device Parameters@FriendlyName Microsoft Kernel DRM Audio Descrambler
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MSSYNC2020
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MSSYNC2020@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MSSYNC2020@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MSSYNC2020\0000
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MSSYNC2020@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\mssync2020
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\mssync2020@Type 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\mssync2020@Start 2
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\mssync2020@ErrorControl 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\mssync2020@ImagePath \??\C:\WINDOWS\system32\mssync20.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\mssync2020@DisplayName mssync2020
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\mssync2020@Type 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\mssync2020@Start 2
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\mssync2020@ErrorControl 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\mssync2020@ImagePath \??\C:\WINDOWS\system32\mssync20.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\mssync2020@DisplayName mssync2020
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\mssync2020\Security
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\mssync2020@Type 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\mssync2020@Start 2
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\mssync2020@ErrorControl 1
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\mssync2020@ImagePath \??\C:\WINDOWS\system32\mssync20.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\mssync2020@DisplayName mssync2020
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSSYNC2020
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSSYNC2020@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSSYNC2020@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSSYNC2020\0000
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSSYNC2020@NextInstance 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020@Type 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020@Start 2
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020@ErrorControl 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020@ImagePath \??\C:\WINDOWS\system32\mssync20.sys
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020@DisplayName mssync2020
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020@Type 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020@Start 2
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020@ErrorControl 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020@ImagePath \??\C:\WINDOWS\system32\mssync20.sys
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020@DisplayName mssync2020
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020\Security
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020@Type 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020@Start 2
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020@ErrorControl 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020@ImagePath \??\C:\WINDOWS\system32\mssync20.sys
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020@DisplayName mssync2020
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020\Enum
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020@Type 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020@Start 2
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020@ErrorControl 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020@ImagePath \??\C:\WINDOWS\system32\mssync20.sys
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020@DisplayName mssync2020
Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ...
Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Run@mssync20 C:\WINDOWS\system32\mssync20.exe
Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\RunServices@mssync20 C:\WINDOWS\system32\mssync20.exe
Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\mssync20.exe mssync20
Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\WINDOWS\system32\mssync20.exe mssync20

---- Files - GMER 1.0.10 ----

File C:\System Volume Information\catalog.wci
File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}
File C:\WINDOWS\system32\mssync20.sys <-- ROOTKIT !!!
File C:\WINDOWS\system32\mssync20.tlb

---- EOF - GMER 1.0.10 ----
sakahowdah is offline