GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-02-26 20:21:33 Windows 6.0.6001 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9160310AS rev.HP07 149,05GB Running: p378s0bk.exe; Driver: C:\Users\Klaudia\AppData\Local\Temp\pxliafog.sys ---- System - GMER 2.1 ---- SSDT 86FD2440 ZwAlertResumeThread SSDT 87255D80 ZwAlertThread SSDT 86FF35E0 ZwAllocateVirtualMemory SSDT 86EAAFB0 ZwAlpcConnectPort SSDT 86FFF5D0 ZwAssignProcessToJobObject SSDT 87022268 ZwCreateMutant SSDT 86F6D548 ZwCreateSymbolicLinkObject SSDT 86F6A1F0 ZwCreateThread SSDT 86F65470 ZwDebugActiveProcess SSDT 86FEFA60 ZwDuplicateObject SSDT 86FF72B0 ZwFreeVirtualMemory SSDT 86F93080 ZwImpersonateAnonymousToken SSDT 86F95600 ZwImpersonateThread SSDT 86EAAF18 ZwLoadDriver SSDT 86FEF110 ZwMapViewOfSection SSDT 874F3FD0 ZwOpenEvent SSDT 86FEB6E0 ZwOpenProcess SSDT 86FD2EC8 ZwOpenProcessToken SSDT 86FF8108 ZwOpenSection SSDT 86FECCF8 ZwOpenThread SSDT 87001100 ZwProtectVirtualMemory SSDT 8766AD58 ZwResumeThread SSDT 87358570 ZwSetContextThread SSDT 86FF8830 ZwSetInformationProcess SSDT 870093E8 ZwSetSystemInformation SSDT 86FF3110 ZwSuspendProcess SSDT 86F51F70 ZwSuspendThread SSDT 87358D68 ZwTerminateProcess SSDT 8706C808 ZwTerminateThread SSDT 86F51110 ZwUnmapViewOfSection SSDT 86FF4BC8 ZwWriteVirtualMemory SSDT 87004FB0 ZwCreateThreadEx ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetTimerEx + 350 81F02BA4 8 Bytes [40, 24, FD, 86, 80, 5D, 25, ...] .text ntkrnlpa.exe!KeSetTimerEx + 364 81F02BB8 4 Bytes [E0, 35, FF, 86] .text ntkrnlpa.exe!KeSetTimerEx + 370 81F02BC4 4 Bytes [B0, AF, EA, 86] .text ntkrnlpa.exe!KeSetTimerEx + 3C4 81F02C18 4 Bytes [D0, F5, FF, 86] .text ntkrnlpa.exe!KeSetTimerEx + 428 81F02C7C 4 Bytes [68, 22, 02, 87] .text ... .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9D007000, 0x23100A, 0xE8000020] .text C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl section is writeable [0xAC008000, 0x2892, 0xE8000020] .vmp2 C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl entry point in ".vmp2" section [0xAC02B050] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[172] ntdll.dll!NtCreateFile + 6 778F7C7E 4 Bytes [28, 38, 3D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[172] ntdll.dll!NtCreateFile + B 778F7C83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[172] ntdll.dll!NtMapViewOfSection + 6 778F83CE 4 Bytes [28, 3B, 3D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[172] ntdll.dll!NtMapViewOfSection + B 778F83D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[172] ntdll.dll!NtOpenFile + 6 778F845E 4 Bytes [68, 38, 3D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[172] ntdll.dll!NtOpenFile + B 778F8463 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[172] ntdll.dll!NtOpenProcess + 6 778F84DE 4 Bytes [A8, 39, 3D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[172] ntdll.dll!NtOpenProcess + B 778F84E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[172] ntdll.dll!NtOpenProcessToken + B 778F84F3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[172] ntdll.dll!NtOpenProcessTokenEx + 6 778F84FE 4 Bytes [A8, 3A, 3D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[172] ntdll.dll!NtOpenProcessTokenEx + B 778F8503 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[172] ntdll.dll!NtOpenThread + 6 778F854E 4 Bytes [68, 39, 3D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[172] ntdll.dll!NtOpenThread + B 778F8553 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[172] ntdll.dll!NtOpenThreadToken + 6 778F855E 4 Bytes [68, 3A, 3D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[172] ntdll.dll!NtOpenThreadToken + B 778F8563 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[172] ntdll.dll!NtOpenThreadTokenEx + B 778F8573 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[172] ntdll.dll!NtQueryAttributesFile + 6 778F85FE 4 Bytes [A8, 38, 3D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[172] ntdll.dll!NtQueryAttributesFile + B 778F8603 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[172] ntdll.dll!NtQueryFullAttributesFile + B 778F86B3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[172] ntdll.dll!NtSetInformationFile + 6 778F8B8E 4 Bytes [28, 39, 3D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[172] ntdll.dll!NtSetInformationFile + B 778F8B93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[172] ntdll.dll!NtSetInformationThread + 6 778F8BDE 4 Bytes [28, 3A, 3D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[172] ntdll.dll!NtSetInformationThread + B 778F8BE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[172] ntdll.dll!NtUnmapViewOfSection + 6 778F8E7E 4 Bytes [68, 3B, 3D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[172] ntdll.dll!NtUnmapViewOfSection + B 778F8E83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4692] ntdll.dll!NtCreateFile + 6 778F7C7E 4 Bytes [28, C4, 26, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4692] ntdll.dll!NtCreateFile + B 778F7C83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4692] ntdll.dll!NtMapViewOfSection + 6 778F83CE 4 Bytes [28, C7, 26, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4692] ntdll.dll!NtMapViewOfSection + B 778F83D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4692] ntdll.dll!NtOpenFile + 6 778F845E 4 Bytes [68, C4, 26, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4692] ntdll.dll!NtOpenFile + B 778F8463 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4692] ntdll.dll!NtOpenProcess + 6 778F84DE 4 Bytes [A8, C5, 26, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4692] ntdll.dll!NtOpenProcess + B 778F84E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4692] ntdll.dll!NtOpenProcessToken + B 778F84F3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4692] ntdll.dll!NtOpenProcessTokenEx + 6 778F84FE 4 Bytes [A8, C6, 26, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4692] ntdll.dll!NtOpenProcessTokenEx + B 778F8503 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4692] ntdll.dll!NtOpenThread + 6 778F854E 4 Bytes [68, C5, 26, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4692] ntdll.dll!NtOpenThread + B 778F8553 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4692] ntdll.dll!NtOpenThreadToken + 6 778F855E 4 Bytes [68, C6, 26, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4692] ntdll.dll!NtOpenThreadToken + B 778F8563 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4692] ntdll.dll!NtOpenThreadTokenEx + B 778F8573 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4692] ntdll.dll!NtQueryAttributesFile + 6 778F85FE 4 Bytes [A8, C4, 26, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4692] ntdll.dll!NtQueryAttributesFile + B 778F8603 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4692] ntdll.dll!NtQueryFullAttributesFile + B 778F86B3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4692] ntdll.dll!NtSetInformationFile + 6 778F8B8E 4 Bytes [28, C5, 26, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4692] ntdll.dll!NtSetInformationFile + B 778F8B93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4692] ntdll.dll!NtSetInformationThread + 6 778F8BDE 4 Bytes [28, C6, 26, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4692] ntdll.dll!NtSetInformationThread + B 778F8BE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4692] ntdll.dll!NtUnmapViewOfSection + 6 778F8E7E 4 Bytes [68, C7, 26, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4692] ntdll.dll!NtUnmapViewOfSection + B 778F8E83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtCreateFile + 6 778F7C7E 4 Bytes [28, 34, E1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtCreateFile + B 778F7C83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtMapViewOfSection + 6 778F83CE 4 Bytes [28, 37, E1, 00] {SUB [EDI], DH; LOOPZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtMapViewOfSection + B 778F83D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenFile + 6 778F845E 4 Bytes [68, 34, E1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenFile + B 778F8463 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenProcess + 6 778F84DE 4 Bytes [A8, 35, E1, 00] {TEST AL, 0x35; LOOPZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenProcess + B 778F84E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenProcessToken + 6 778F84EE 4 Bytes CALL 76906628 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenProcessToken + B 778F84F3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenProcessTokenEx + 6 778F84FE 4 Bytes [A8, 36, E1, 00] {TEST AL, 0x36; LOOPZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenProcessTokenEx + B 778F8503 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenThread + 6 778F854E 4 Bytes [68, 35, E1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenThread + B 778F8553 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenThreadToken + 6 778F855E 4 Bytes [68, 36, E1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenThreadToken + B 778F8563 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenThreadTokenEx + 6 778F856E 4 Bytes CALL 769066A9 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenThreadTokenEx + B 778F8573 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtQueryAttributesFile + 6 778F85FE 4 Bytes [A8, 34, E1, 00] {TEST AL, 0x34; LOOPZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtQueryAttributesFile + B 778F8603 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtQueryFullAttributesFile + 6 778F86AE 4 Bytes CALL 769067E7 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtQueryFullAttributesFile + B 778F86B3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtSetInformationFile + 6 778F8B8E 4 Bytes [28, 35, E1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtSetInformationFile + B 778F8B93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtSetInformationThread + 6 778F8BDE 4 Bytes [28, 36, E1, 00] {SUB [ESI], DH; LOOPZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtSetInformationThread + B 778F8BE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtUnmapViewOfSection + 6 778F8E7E 4 Bytes [68, 37, E1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtUnmapViewOfSection + B 778F8E83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6268] WS2_32.dll!recv 777A343A 5 Bytes JMP 6B567DB0 C:\Program Files\FindRight\bin\FindRight.BrowserFilter.Helper.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6268] WS2_32.dll!WSASend 777A4496 5 Bytes JMP 6B5679C0 C:\Program Files\FindRight\bin\FindRight.BrowserFilter.Helper.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6268] WS2_32.dll!send 777A659B 5 Bytes JMP 6B567860 C:\Program Files\FindRight\bin\FindRight.BrowserFilter.Helper.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6268] WS2_32.dll!WSAGetOverlappedResult 777A8143 5 Bytes JMP 6B567EA0 C:\Program Files\FindRight\bin\FindRight.BrowserFilter.Helper.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6268] WS2_32.dll!WSARecv 777A8400 5 Bytes JMP 6B567C00 C:\Program Files\FindRight\bin\FindRight.BrowserFilter.Helper.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7164] ntdll.dll!NtCreateFile + 6 778F7C7E 4 Bytes [28, 30, E1, 00] {SUB [EAX], DH; LOOPZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7164] ntdll.dll!NtCreateFile + B 778F7C83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7164] ntdll.dll!NtMapViewOfSection + 6 778F83CE 4 Bytes [28, 33, E1, 00] {SUB [EBX], DH; LOOPZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7164] ntdll.dll!NtMapViewOfSection + B 778F83D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7164] ntdll.dll!NtOpenFile + 6 778F845E 4 Bytes [68, 30, E1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7164] ntdll.dll!NtOpenFile + B 778F8463 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7164] ntdll.dll!NtOpenProcess + 6 778F84DE 4 Bytes [A8, 31, E1, 00] {TEST AL, 0x31; LOOPZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7164] ntdll.dll!NtOpenProcess + B 778F84E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7164] ntdll.dll!NtOpenProcessToken + 6 778F84EE 4 Bytes CALL 76906624 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7164] ntdll.dll!NtOpenProcessToken + B 778F84F3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7164] ntdll.dll!NtOpenProcessTokenEx + 6 778F84FE 4 Bytes [A8, 32, E1, 00] {TEST AL, 0x32; LOOPZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7164] ntdll.dll!NtOpenProcessTokenEx + B 778F8503 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7164] ntdll.dll!NtOpenThread + 6 778F854E 4 Bytes [68, 31, E1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7164] ntdll.dll!NtOpenThread + B 778F8553 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7164] ntdll.dll!NtOpenThreadToken + 6 778F855E 4 Bytes [68, 32, E1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7164] ntdll.dll!NtOpenThreadToken + B 778F8563 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7164] ntdll.dll!NtOpenThreadTokenEx + 6 778F856E 4 Bytes CALL 769066A5 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7164] ntdll.dll!NtOpenThreadTokenEx + B 778F8573 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7164] ntdll.dll!NtQueryAttributesFile + 6 778F85FE 4 Bytes [A8, 30, E1, 00] {TEST AL, 0x30; LOOPZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7164] ntdll.dll!NtQueryAttributesFile + B 778F8603 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7164] ntdll.dll!NtQueryFullAttributesFile + 6 778F86AE 4 Bytes CALL 769067E3 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7164] ntdll.dll!NtQueryFullAttributesFile + B 778F86B3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7164] ntdll.dll!NtSetInformationFile + 6 778F8B8E 4 Bytes [28, 31, E1, 00] {SUB [ECX], DH; LOOPZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7164] ntdll.dll!NtSetInformationFile + B 778F8B93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7164] ntdll.dll!NtSetInformationThread + 6 778F8BDE 4 Bytes [28, 32, E1, 00] {SUB [EDX], DH; LOOPZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7164] ntdll.dll!NtSetInformationThread + B 778F8BE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7164] ntdll.dll!NtUnmapViewOfSection + 6 778F8E7E 4 Bytes [68, 33, E1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7164] ntdll.dll!NtUnmapViewOfSection + B 778F8E83 1 Byte [E2] ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS Device \Driver\BTHUSB \Device\000000b7 bthport.sys Device \Driver\BTHUSB \Device\000000b9 bthport.sys AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Processes - GMER 2.1 ---- Process (*** hidden *** ) [4] 8423C910 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00247e430782 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00247e430782@98d6f7089b98 0x7B 0xB5 0xB0 0x16 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00247e430782 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00247e430782@98d6f7089b98 0x7B 0xB5 0xB0 0x16 ... ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----