GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-06-29 00:23:47 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.BBFO 232,89GB Running: o0zew1m0.exe; Driver: C:\Users\Matt\AppData\Local\Temp\pxldypow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwCreateThread [0x967777F0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwLoadDriver [0x967778B0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetSystemInformation [0x96777870] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSystemDebugControl [0x96777830] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetEvent + 221 884C19A4 4 Bytes [F0, 77, 77, 96] {JA 0x7a; XCHG ESI, EAX} .text ntkrnlpa.exe!KeSetEvent + 37D 884C1B00 4 Bytes [B0, 78, 77, 96] {MOV AL, 0x78; JA 0xffffff9a} .text ntkrnlpa.exe!KeSetEvent + 5DD 884C1D60 4 Bytes [70, 78, 77, 96] {JO 0x7a; JA 0xffffff9a} .text ntkrnlpa.exe!KeSetEvent + 619 884C1D9C 4 Bytes [30, 78, 77, 96] {XOR [EAX+0x77], BH; XCHG ESI, EAX} ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[428] kernel32.dll!SetUnhandledExceptionFilter 7703A8C5 4 Bytes [C2, 04, 00, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtCreateFile + 6 778D424A 4 Bytes [28, 40, 38, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtCreateFile + B 778D424F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtMapViewOfSection + 6 778D499A 4 Bytes [28, 43, 38, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtMapViewOfSection + B 778D499F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtOpenFile + 6 778D4A2A 4 Bytes [68, 40, 38, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtOpenFile + B 778D4A2F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtOpenProcess + 6 778D4AAA 4 Bytes [A8, 41, 38, 00] {TEST AL, 0x41; CMP [EAX], AL} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtOpenProcess + B 778D4AAF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtOpenProcessToken + B 778D4ABF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtOpenProcessTokenEx + 6 778D4ACA 4 Bytes [A8, 42, 38, 00] {TEST AL, 0x42; CMP [EAX], AL} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtOpenProcessTokenEx + B 778D4ACF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtOpenThread + 6 778D4B1A 4 Bytes [68, 41, 38, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtOpenThread + B 778D4B1F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtOpenThreadToken + 6 778D4B2A 4 Bytes [68, 42, 38, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtOpenThreadToken + B 778D4B2F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtOpenThreadTokenEx + B 778D4B3F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtQueryAttributesFile + 6 778D4BCA 4 Bytes [A8, 40, 38, 00] {TEST AL, 0x40; CMP [EAX], AL} .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtQueryAttributesFile + B 778D4BCF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtQueryFullAttributesFile + B 778D4C7F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtSetInformationFile + 6 778D515A 4 Bytes [28, 41, 38, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtSetInformationFile + B 778D515F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtSetInformationThread + 6 778D51AA 4 Bytes [28, 42, 38, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtSetInformationThread + B 778D51AF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtUnmapViewOfSection + 6 778D544A 4 Bytes [68, 43, 38, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtUnmapViewOfSection + B 778D544F 1 Byte [E2] .text C:\Windows\Explorer.EXE[3776] SHELL32.dll!SHFileOperationW 75F768E8 5 Bytes JMP 03E81102 C:\Program Files\Unlocker\UnlockerHook.dll .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtCreateFile + 6 778D424A 4 Bytes [28, F4, C1, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtCreateFile + B 778D424F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtMapViewOfSection + 6 778D499A 4 Bytes [28, F7, C1, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtMapViewOfSection + B 778D499F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtOpenFile + 6 778D4A2A 4 Bytes [68, F4, C1, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtOpenFile + B 778D4A2F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtOpenProcess + 6 778D4AAA 4 Bytes [A8, F5, C1, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtOpenProcess + B 778D4AAF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtOpenProcessToken + B 778D4ABF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtOpenProcessTokenEx + 6 778D4ACA 4 Bytes [A8, F6, C1, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtOpenProcessTokenEx + B 778D4ACF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtOpenThread + 6 778D4B1A 4 Bytes [68, F5, C1, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtOpenThread + B 778D4B1F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtOpenThreadToken + 6 778D4B2A 4 Bytes [68, F6, C1, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtOpenThreadToken + B 778D4B2F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtOpenThreadTokenEx + B 778D4B3F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtQueryAttributesFile + 6 778D4BCA 4 Bytes [A8, F4, C1, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtQueryAttributesFile + B 778D4BCF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtQueryFullAttributesFile + B 778D4C7F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtSetInformationFile + 6 778D515A 4 Bytes [28, F5, C1, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtSetInformationFile + B 778D515F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtSetInformationThread + 6 778D51AA 4 Bytes [28, F6, C1, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtSetInformationThread + B 778D51AF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtUnmapViewOfSection + 6 778D544A 4 Bytes [68, F7, C1, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[4040] ntdll.dll!NtUnmapViewOfSection + B 778D544F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtCreateFile + 6 778D424A 4 Bytes [28, 58, 68, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtCreateFile + B 778D424F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtMapViewOfSection + 6 778D499A 4 Bytes [28, 5B, 68, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtMapViewOfSection + B 778D499F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtOpenFile + 6 778D4A2A 4 Bytes [68, 58, 68, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtOpenFile + B 778D4A2F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtOpenProcess + 6 778D4AAA 4 Bytes [A8, 59, 68, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtOpenProcess + B 778D4AAF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtOpenProcessToken + B 778D4ABF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtOpenProcessTokenEx + 6 778D4ACA 4 Bytes [A8, 5A, 68, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtOpenProcessTokenEx + B 778D4ACF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtOpenThread + 6 778D4B1A 4 Bytes [68, 59, 68, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtOpenThread + B 778D4B1F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtOpenThreadToken + 6 778D4B2A 4 Bytes [68, 5A, 68, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtOpenThreadToken + B 778D4B2F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtOpenThreadTokenEx + B 778D4B3F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtQueryAttributesFile + 6 778D4BCA 4 Bytes [A8, 58, 68, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtQueryAttributesFile + B 778D4BCF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtQueryFullAttributesFile + B 778D4C7F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtSetInformationFile + 6 778D515A 4 Bytes [28, 59, 68, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtSetInformationFile + B 778D515F 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtSetInformationThread + 6 778D51AA 4 Bytes [28, 5A, 68, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtSetInformationThread + B 778D51AF 1 Byte [E2] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtUnmapViewOfSection + 6 778D544A 4 Bytes [68, 5B, 68, 00] .text C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe[5208] ntdll.dll!NtUnmapViewOfSection + B 778D544F 1 Byte [E2] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[3776] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74347817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll IAT C:\Windows\Explorer.EXE[3776] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7439A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll IAT C:\Windows\Explorer.EXE[3776] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7434BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll IAT C:\Windows\Explorer.EXE[3776] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7433F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll IAT C:\Windows\Explorer.EXE[3776] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [743475E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll IAT C:\Windows\Explorer.EXE[3776] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7433E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll IAT C:\Windows\Explorer.EXE[3776] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74378395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll IAT C:\Windows\Explorer.EXE[3776] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7434DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll IAT C:\Windows\Explorer.EXE[3776] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7433FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll IAT C:\Windows\Explorer.EXE[3776] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7433FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll IAT C:\Windows\Explorer.EXE[3776] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [743371CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll IAT C:\Windows\Explorer.EXE[3776] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [743CCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll IAT C:\Windows\Explorer.EXE[3776] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7436C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll IAT C:\Windows\Explorer.EXE[3776] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7433D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll IAT C:\Windows\Explorer.EXE[3776] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74336853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll IAT C:\Windows\Explorer.EXE[3776] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7433687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll IAT C:\Windows\Explorer.EXE[3776] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74342AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37b2faf4 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37b2faf4@001d289138a8 0x72 0xE2 0xF4 0x5B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37b2faf4@0019c0d67293 0x3D 0x3D 0x24 0x6D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37b2faf4@001ca48d9469 0x9A 0xC1 0x69 0x86 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37b2faf4@002376a0be21 0x30 0x72 0x61 0xBF ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37b2faf4@6c23b9da3477 0xE4 0x3B 0xC4 0xA3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37b2faf4@9c4a7b2fc11e 0xDA 0xDF 0x48 0x16 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37b2faf4@8451819e6b12 0xE5 0x4E 0xA1 0xBF ... Reg HKLM\SYSTEM\ControlSet029\Services\BTHPORT\Parameters\Keys\001e37b2faf4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet029\Services\BTHPORT\Parameters\Keys\001e37b2faf4@001d289138a8 0x72 0xE2 0xF4 0x5B ... Reg HKLM\SYSTEM\ControlSet029\Services\BTHPORT\Parameters\Keys\001e37b2faf4@0019c0d67293 0x3D 0x3D 0x24 0x6D ... Reg HKLM\SYSTEM\ControlSet029\Services\BTHPORT\Parameters\Keys\001e37b2faf4@001ca48d9469 0x9A 0xC1 0x69 0x86 ... Reg HKLM\SYSTEM\ControlSet029\Services\BTHPORT\Parameters\Keys\001e37b2faf4@002376a0be21 0x30 0x72 0x61 0xBF ... Reg HKLM\SYSTEM\ControlSet029\Services\BTHPORT\Parameters\Keys\001e37b2faf4@6c23b9da3477 0xE4 0x3B 0xC4 0xA3 ... Reg HKLM\SYSTEM\ControlSet029\Services\BTHPORT\Parameters\Keys\001e37b2faf4@9c4a7b2fc11e 0xDA 0xDF 0x48 0x16 ... Reg HKLM\SYSTEM\ControlSet029\Services\BTHPORT\Parameters\Keys\001e37b2faf4@8451819e6b12 0xE5 0x4E 0xA1 0xBF ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.1”\OpenWithProgids@1\x201d_auto_file Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C1B660E6-E8EF-A4E4-5670-8BFD8DAD09A3} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C1B660E6-E8EF-A4E4-5670-8BFD8DAD09A3}@papealdndiihnkeagacepekbmblekfjd 0x6B 0x61 0x6E 0x63 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C1B660E6-E8EF-A4E4-5670-8BFD8DAD09A3}@abjekkindoodjgjjoefbllmkdcfoiclaeo 0x6A 0x61 0x6A 0x64 ... ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----