GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-08-11 20:12:15 Windows 6.0.6001 Service Pack 1, v.658 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST916082 rev.3.BH Running: frqr8egg.exe; Driver: C:\Users\Angelika\AppData\Local\Temp\pxdyqkow.sys ---- Kernel code sections - GMER 1.0.15 ---- .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8A002340, 0x344EF7, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Users\Angelika\AppData\Local\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtCreateFile + 6 779868A6 4 Bytes [28, 00, 06, 00] .text C:\Users\Angelika\AppData\Local\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtCreateFile + B 779868AB 1 Byte [E2] .text C:\Users\Angelika\AppData\Local\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtMapViewOfSection + 6 77986FF6 1 Byte [28] .text C:\Users\Angelika\AppData\Local\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtMapViewOfSection + 6 77986FF6 4 Bytes [28, 03, 06, 00] .text C:\Users\Angelika\AppData\Local\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtMapViewOfSection + B 77986FFB 1 Byte [E2] .text C:\Users\Angelika\AppData\Local\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenFile + 6 77987086 4 Bytes [68, 00, 06, 00] .text C:\Users\Angelika\AppData\Local\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenFile + B 7798708B 1 Byte [E2] .text C:\Users\Angelika\AppData\Local\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenProcess + 6 77987106 4 Bytes [A8, 01, 06, 00] .text C:\Users\Angelika\AppData\Local\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenProcess + B 7798710B 1 Byte [E2] .text C:\Users\Angelika\AppData\Local\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenProcessToken + 6 77987116 4 Bytes CALL 7698771C C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\Users\Angelika\AppData\Local\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenProcessToken + B 7798711B 1 Byte [E2] .text C:\Users\Angelika\AppData\Local\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenProcessTokenEx + 6 77987126 4 Bytes [A8, 02, 06, 00] .text C:\Users\Angelika\AppData\Local\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenProcessTokenEx + B 7798712B 1 Byte [E2] .text C:\Users\Angelika\AppData\Local\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenThread + 6 77987176 4 Bytes [68, 01, 06, 00] .text C:\Users\Angelika\AppData\Local\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenThread + B 7798717B 1 Byte [E2] .text C:\Users\Angelika\AppData\Local\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenThreadToken + 6 77987186 4 Bytes [68, 02, 06, 00] .text C:\Users\Angelika\AppData\Local\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenThreadToken + B 7798718B 1 Byte [E2] .text C:\Users\Angelika\AppData\Local\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenThreadTokenEx + 6 77987196 4 Bytes CALL 7698779D C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\Users\Angelika\AppData\Local\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenThreadTokenEx + B 7798719B 1 Byte [E2] .text C:\Users\Angelika\AppData\Local\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtQueryAttributesFile + 6 77987226 4 Bytes [A8, 00, 06, 00] .text C:\Users\Angelika\AppData\Local\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtQueryAttributesFile + B 7798722B 1 Byte [E2] .text C:\Users\Angelika\AppData\Local\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtQueryFullAttributesFile + 6 779872D6 4 Bytes CALL 769878DB C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\Users\Angelika\AppData\Local\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtQueryFullAttributesFile + B 779872DB 1 Byte [E2] .text C:\Users\Angelika\AppData\Local\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtSetInformationFile + 6 779877B6 4 Bytes [28, 01, 06, 00] .text C:\Users\Angelika\AppData\Local\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtSetInformationFile + B 779877BB 1 Byte [E2] .text C:\Users\Angelika\AppData\Local\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtSetInformationThread + 6 77987806 4 Bytes [28, 02, 06, 00] .text C:\Users\Angelika\AppData\Local\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtSetInformationThread + B 7798780B 1 Byte [E2] .text C:\Users\Angelika\AppData\Local\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtUnmapViewOfSection + 6 77987AA6 1 Byte [68] .text C:\Users\Angelika\AppData\Local\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtUnmapViewOfSection + 6 77987AA6 4 Bytes [68, 03, 06, 00] .text C:\Users\Angelika\AppData\Local\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtUnmapViewOfSection + B 77987AAB 1 Byte [E2] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74521E7F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.17042_none_9e79000cc9c2b56a\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74570F7D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.17042_none_9e79000cc9c2b56a\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7452BC66] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.17042_none_9e79000cc9c2b56a\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74519D19] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.17042_none_9e79000cc9c2b56a\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [745276C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.17042_none_9e79000cc9c2b56a\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [745190F2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.17042_none_9e79000cc9c2b56a\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7457D765] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.17042_none_9e79000cc9c2b56a\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7452D039] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.17042_none_9e79000cc9c2b56a\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74517CD4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.17042_none_9e79000cc9c2b56a\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74517D6D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.17042_none_9e79000cc9c2b56a\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74517578] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.17042_none_9e79000cc9c2b56a\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [745AD3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.17042_none_9e79000cc9c2b56a\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74533455] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.17042_none_9e79000cc9c2b56a\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74519087] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.17042_none_9e79000cc9c2b56a\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7452209D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.17042_none_9e79000cc9c2b56a\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [745220C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.17042_none_9e79000cc9c2b56a\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [7451C1FD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.17042_none_9e79000cc9c2b56a\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3706023e Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3706023e@001b336efc42 0x78 0xE8 0xCB 0x04 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3706023e@002483195441 0x90 0x2F 0x84 0x3E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3706023e@001e3acadded 0x41 0xAE 0x10 0xEB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3706023e@c8df7c11d21d 0x4E 0xBD 0x7B 0x4C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x00 0x5F 0xBE 0xDE ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3706023e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3706023e@001b336efc42 0x78 0xE8 0xCB 0x04 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3706023e@002483195441 0x90 0x2F 0x84 0x3E ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3706023e@001e3acadded 0x41 0xAE 0x10 0xEB ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3706023e@c8df7c11d21d 0x4E 0xBD 0x7B 0x4C ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x00 0x5F 0xBE 0xDE ... Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ... Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ... Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ... Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ... Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0x50 0x93 0xE5 0xAB ... Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ... Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ... Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ... Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ... Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ... Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ... ---- EOF - GMER 1.0.15 ----