GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-03-17 17:03:23 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.DL03 149,05GB Running: zhpcxx4c.exe; Driver: C:\Users\Ania\AppData\Local\Temp\uxldypod.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x8FCE66E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x8FCE6800] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x8FCE6010] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0x8FCE64D0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0x8FCE6300] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0x8FCE63E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0x8FCE6120] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x8FCE6210] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x8FCE65E0] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetEvent + 3BD 828B8A08 8 Bytes [E0, 66, CE, 8F, 00, 68, CE, ...] .text ntkrnlpa.exe!KeSetEvent + 3F1 828B8A3C 4 Bytes [10, 60, CE, 8F] .text ntkrnlpa.exe!KeSetEvent + 40D 828B8A58 4 Bytes [D0, 64, CE, 8F] {SHL BYTE [ESI+ECX*8-0x71], 0x1} .text ntkrnlpa.exe!KeSetEvent + 611 828B8C5C 8 Bytes [00, 63, CE, 8F, E0, 63, CE, ...] .text ntkrnlpa.exe!KeSetEvent + 621 828B8C6C 8 Bytes [20, 61, CE, 8F, 10, 62, CE, ...] .text ... ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[2284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73E07817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[2284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73E4B4F1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[2284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73E0BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[2284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73DFF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[2284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73E075E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[2284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73DFE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[2284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73E373F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[2284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73E0DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[2284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73DFFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[2284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73DFFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[2284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73DF71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[2284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73E8CB00] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[2284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73E2C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[2284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73DFD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[2284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73DF6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[2284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73DF687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[2284] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73E02AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys Device \Driver\BTHUSB \Device\0000007a bthport.sys Device \Driver\BTHUSB \Device\0000007c bthport.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Karta Microsoft ISATAP 1?2?3?4?5?7? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{75D7EAC4-884A-4214-82E8-05B806B1A4F8} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{75D7EAC4-884A-4214-82E8-05B806B1A4F8}\Connection Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{75D7EAC4-884A-4214-82E8-05B806B1A4F8}\Connection@DefaultNameResourceId 1801 Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{75D7EAC4-884A-4214-82E8-05B806B1A4F8}\Connection@DefaultNameIndex 2 Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{75D7EAC4-884A-4214-82E8-05B806B1A4F8}\Connection@Name Po??czenie lokalne* 2 Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{AFCD3C5A-CA3D-46BB-935D-659AAFDC2546}\Linkage@Bind \Device\{75D7EAC4-884A-4214-82E8-05B806B1A4F8}?\Device\{93092459-C319-4311-A331-F34B25DECA80}?\Device\{74437AF4-A3AF-4D37-BF22-6A40885E8575}?\Device\{68287C91-8D6E-404E-9B51-5D2086960235}?\Device\{8C5BA2E2-AAAB-4938-B956-D423061B8CA1}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{AFCD3C5A-CA3D-46BB-935D-659AAFDC2546}\Linkage@Route "{75D7EAC4-884A-4214-82E8-05B806B1A4F8}"?"{93092459-C319-4311-A331-F34B25DECA80}"?"{74437AF4-A3AF-4D37-BF22-6A40885E8575}"?"{68287C91-8D6E-404E-9B51-5D2086960235}"?"{8C5BA2E2-AAAB-4938-B956-D423061B8CA1}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{AFCD3C5A-CA3D-46BB-935D-659AAFDC2546}\Linkage@Export \Device\TCPIP6TUNNEL_{75D7EAC4-884A-4214-82E8-05B806B1A4F8}?\Device\TCPIP6TUNNEL_{93092459-C319-4311-A331-F34B25DECA80}?\Device\TCPIP6TUNNEL_{74437AF4-A3AF-4D37-BF22-6A40885E8575}?\Device\TCPIP6TUNNEL_{68287C91-8D6E-404E-9B51-5D2086960235}?\Device\TCPIP6TUNNEL_{8C5BA2E2-AAAB-4938-B956-D423061B8CA1}? Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6bf3279c Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6bf3279c@cc08e0742933 0x80 0x34 0x20 0xDF ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6bf3279c@2013e0bda8cd 0x7E 0x39 0x9D 0x8F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6bf3279c@000202355cfe 0xEB 0xCE 0x74 0x31 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6bf3279c@f48e095ae424 0xA7 0x65 0x3F 0x68 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Linkage@Bind \Device\NetbiosSmb?\Device\Smb_Tcpip6_{75D7EAC4-884A-4214-82E8-05B806B1A4F8}?\Device\Smb_Tcpip6_{93092459-C319-4311-A331-F34B25DECA80}?\Device\Smb_Tcpip6_{74437AF4-A3AF-4D37-BF22-6A40885E8575}?\Device\Smb_Tcpip6_{68287C91-8D6E-404E-9B51-5D2086960235}?\Device\Smb_Tcpip6_{8C5BA2E2-AAAB-4938-B956-D423061B8CA1}?\Device\Smb_Tcpip6_{142AB6C2-FD3F-46BA-A91C-BCBB24B69F3A}?\Device\Smb_Tcpip6_{317EAAE7-3DF4-43E0-9930-CBFD9268A42C}?\Device\Smb_Tcpip6_{8D944AB6-1F96-49B6-986F-AA2EA579C72B}?\Device\Smb_Tcpip_{142AB6C2-FD3F-46BA-A91C-BCBB24B69F3A}?\Device\Smb_Tcpip_{317EAAE7-3DF4-43E0-9930-CBFD9268A42C}?\Device\Smb_Tcpip_{8D944AB6-1F96-49B6-986F-AA2EA579C72B}?\Device\Tcpip_{142AB6C2-FD3F-46BA-A91C-BCBB24B69F3A}?\Device\Tcpip_{317EAAE7-3DF4-43E0-9930-CBFD9268A42C}?\Device\Tcpip_{8D944AB6-1F96-49B6-986F-AA2EA579C72B}?\Device\Tcpip6_{75D7EAC4-884A-4214-82E8-05B806B1A4F8}?\Device\Tcpip6_{93092459-C319-4311-A331-F34B25DECA80}?\Device\Tcpip6_{74437AF4-A3AF-4D37-BF22-6A40885E8575}?\Device\Tcpip6_{68287C91-8D6E-404E-9B51-5D208696 Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Linkage@Route "NetbiosSmb"?"Smb" "Tcpip6" "{75D7EAC4-884A-4214-82E8-05B806B1A4F8}"?"Smb" "Tcpip6" "{93092459-C319-4311-A331-F34B25DECA80}"?"Smb" "Tcpip6" "{74437AF4-A3AF-4D37-BF22-6A40885E8575}"?"Smb" "Tcpip6" "{68287C91-8D6E-404E-9B51-5D2086960235}"?"Smb" "Tcpip6" "{8C5BA2E2-AAAB-4938-B956-D423061B8CA1}"?"Smb" "Tcpip6" "{142AB6C2-FD3F-46BA-A91C-BCBB24B69F3A}"?"Smb" "Tcpip6" "{317EAAE7-3DF4-43E0-9930-CBFD9268A42C}"?"Smb" "Tcpip6" "{8D944AB6-1F96-49B6-986F-AA2EA579C72B}"?"Smb" "Tcpip" "{142AB6C2-FD3F-46BA-A91C-BCBB24B69F3A}"?"Smb" "Tcpip" "{317EAAE7-3DF4-43E0-9930-CBFD9268A42C}"?"Smb" "Tcpip" "{8D944AB6-1F96-49B6-986F-AA2EA579C72B}"?"Tcpip" "{142AB6C2-FD3F-46BA-A91C-BCBB24B69F3A}"?"Tcpip" "{317EAAE7-3DF4-43E0-9930-CBFD9268A42C}"?"Tcpip" "{8D944AB6-1F96-49B6-986F-AA2EA579C72B}"?"Tcpip6" "{75D7EAC4-884A-4214-82E8-05B806B1A4F8}"?"Tcpip6" "{93092459-C319-4311-A331-F34B25DECA80}"?"Tcpip6" "{74437AF4-A3AF-4D37-BF22-6A40885E8575}"?"Tcpip6" "{68287C91-8D6E-404E-9B51-5D2086960235}"?"Tcpip6" "{8C5BA2E2-AAAB-4938-B956-D423061B8CA1}"? Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Linkage@Export \Device\LanmanServer_NetbiosSmb?\Device\LanmanServer_Smb_Tcpip6_{75D7EAC4-884A-4214-82E8-05B806B1A4F8}?\Device\LanmanServer_Smb_Tcpip6_{93092459-C319-4311-A331-F34B25DECA80}?\Device\LanmanServer_Smb_Tcpip6_{74437AF4-A3AF-4D37-BF22-6A40885E8575}?\Device\LanmanServer_Smb_Tcpip6_{68287C91-8D6E-404E-9B51-5D2086960235}?\Device\LanmanServer_Smb_Tcpip6_{8C5BA2E2-AAAB-4938-B956-D423061B8CA1}?\Device\LanmanServer_Smb_Tcpip6_{142AB6C2-FD3F-46BA-A91C-BCBB24B69F3A}?\Device\LanmanServer_Smb_Tcpip6_{317EAAE7-3DF4-43E0-9930-CBFD9268A42C}?\Device\LanmanServer_Smb_Tcpip6_{8D944AB6-1F96-49B6-986F-AA2EA579C72B}?\Device\LanmanServer_Smb_Tcpip_{142AB6C2-FD3F-46BA-A91C-BCBB24B69F3A}?\Device\LanmanServer_Smb_Tcpip_{317EAAE7-3DF4-43E0-9930-CBFD9268A42C}?\Device\LanmanServer_Smb_Tcpip_{8D944AB6-1F96-49B6-986F-AA2EA579C72B}?\Device\LanmanServer_Tcpip_{142AB6C2-FD3F-46BA-A91C-BCBB24B69F3A}?\Device\LanmanServer_Tcpip_{317EAAE7-3DF4-43E0-9930-CBFD9268A42C}?\Device\LanmanServer_Tcpip_{8D944AB6-1F96-49B6-986F-AA2EA579C72B}?\Device\LanmanS Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Linkage@Bind \Device\NetbiosSmb?\Device\Smb_Tcpip6_{75D7EAC4-884A-4214-82E8-05B806B1A4F8}?\Device\Smb_Tcpip6_{93092459-C319-4311-A331-F34B25DECA80}?\Device\Smb_Tcpip6_{74437AF4-A3AF-4D37-BF22-6A40885E8575}?\Device\Smb_Tcpip6_{68287C91-8D6E-404E-9B51-5D2086960235}?\Device\Smb_Tcpip6_{8C5BA2E2-AAAB-4938-B956-D423061B8CA1}?\Device\Smb_Tcpip6_{142AB6C2-FD3F-46BA-A91C-BCBB24B69F3A}?\Device\Smb_Tcpip6_{317EAAE7-3DF4-43E0-9930-CBFD9268A42C}?\Device\Smb_Tcpip6_{8D944AB6-1F96-49B6-986F-AA2EA579C72B}?\Device\Smb_Tcpip_{142AB6C2-FD3F-46BA-A91C-BCBB24B69F3A}?\Device\Smb_Tcpip_{317EAAE7-3DF4-43E0-9930-CBFD9268A42C}?\Device\Smb_Tcpip_{8D944AB6-1F96-49B6-986F-AA2EA579C72B}?\Device\NetBT_Tcpip6_{75D7EAC4-884A-4214-82E8-05B806B1A4F8}?\Device\NetBT_Tcpip6_{93092459-C319-4311-A331-F34B25DECA80}?\Device\NetBT_Tcpip6_{74437AF4-A3AF-4D37-BF22-6A40885E8575}?\Device\NetBT_Tcpip6_{68287C91-8D6E-404E-9B51-5D2086960235}?\Device\NetBT_Tcpip6_{8C5BA2E2-AAAB-4938-B956-D423061B8CA1}?\Device\NetBT_Tcpip6_{142AB6C2-FD3F-46BA-A91C-BCBB24B69F3A}?\Device\N Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Linkage@Route "NetbiosSmb"?"Smb" "Tcpip6" "{75D7EAC4-884A-4214-82E8-05B806B1A4F8}"?"Smb" "Tcpip6" "{93092459-C319-4311-A331-F34B25DECA80}"?"Smb" "Tcpip6" "{74437AF4-A3AF-4D37-BF22-6A40885E8575}"?"Smb" "Tcpip6" "{68287C91-8D6E-404E-9B51-5D2086960235}"?"Smb" "Tcpip6" "{8C5BA2E2-AAAB-4938-B956-D423061B8CA1}"?"Smb" "Tcpip6" "{142AB6C2-FD3F-46BA-A91C-BCBB24B69F3A}"?"Smb" "Tcpip6" "{317EAAE7-3DF4-43E0-9930-CBFD9268A42C}"?"Smb" "Tcpip6" "{8D944AB6-1F96-49B6-986F-AA2EA579C72B}"?"Smb" "Tcpip" "{142AB6C2-FD3F-46BA-A91C-BCBB24B69F3A}"?"Smb" "Tcpip" "{317EAAE7-3DF4-43E0-9930-CBFD9268A42C}"?"Smb" "Tcpip" "{8D944AB6-1F96-49B6-986F-AA2EA579C72B}"?"NetBT" "Tcpip6" "{75D7EAC4-884A-4214-82E8-05B806B1A4F8}"?"NetBT" "Tcpip6" "{93092459-C319-4311-A331-F34B25DECA80}"?"NetBT" "Tcpip6" "{74437AF4-A3AF-4D37-BF22-6A40885E8575}"?"NetBT" "Tcpip6" "{68287C91-8D6E-404E-9B51-5D2086960235}"?"NetBT" "Tcpip6" "{8C5BA2E2-AAAB-4938-B956-D423061B8CA1}"?"NetBT" "Tcpip6" "{142AB6C2-FD3F-46BA-A91C-BCBB24B69F3A}"?"NetBT" "Tcpip6" "{317EAAE7-3DF4-43E0-9930-CBFD92 Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Linkage@Export \Device\LanmanWorkstation_NetbiosSmb?\Device\LanmanWorkstation_Smb_Tcpip6_{75D7EAC4-884A-4214-82E8-05B806B1A4F8}?\Device\LanmanWorkstation_Smb_Tcpip6_{93092459-C319-4311-A331-F34B25DECA80}?\Device\LanmanWorkstation_Smb_Tcpip6_{74437AF4-A3AF-4D37-BF22-6A40885E8575}?\Device\LanmanWorkstation_Smb_Tcpip6_{68287C91-8D6E-404E-9B51-5D2086960235}?\Device\LanmanWorkstation_Smb_Tcpip6_{8C5BA2E2-AAAB-4938-B956-D423061B8CA1}?\Device\LanmanWorkstation_Smb_Tcpip6_{142AB6C2-FD3F-46BA-A91C-BCBB24B69F3A}?\Device\LanmanWorkstation_Smb_Tcpip6_{317EAAE7-3DF4-43E0-9930-CBFD9268A42C}?\Device\LanmanWorkstation_Smb_Tcpip6_{8D944AB6-1F96-49B6-986F-AA2EA579C72B}?\Device\LanmanWorkstation_Smb_Tcpip_{142AB6C2-FD3F-46BA-A91C-BCBB24B69F3A}?\Device\LanmanWorkstation_Smb_Tcpip_{317EAAE7-3DF4-43E0-9930-CBFD9268A42C}?\Device\LanmanWorkstation_Smb_Tcpip_{8D944AB6-1F96-49B6-986F-AA2EA579C72B}?\Device\LanmanWorkstation_NetBT_Tcpip6_{75D7EAC4-884A-4214-82E8-05B806B1A4F8}?\Device\LanmanWorkstation_NetBT_Tcpip6_{93092459-C319-4311-A331-F34B25DECA8 Reg HKLM\SYSTEM\CurrentControlSet\Services\NetBIOS\Linkage@Bind \Device\NetBT_Tcpip6_{75D7EAC4-884A-4214-82E8-05B806B1A4F8}?\Device\NetBT_Tcpip6_{93092459-C319-4311-A331-F34B25DECA80}?\Device\NetBT_Tcpip6_{74437AF4-A3AF-4D37-BF22-6A40885E8575}?\Device\NetBT_Tcpip6_{68287C91-8D6E-404E-9B51-5D2086960235}?\Device\NetBT_Tcpip6_{8C5BA2E2-AAAB-4938-B956-D423061B8CA1}?\Device\NetBT_Tcpip6_{142AB6C2-FD3F-46BA-A91C-BCBB24B69F3A}?\Device\NetBT_Tcpip6_{317EAAE7-3DF4-43E0-9930-CBFD9268A42C}?\Device\NetBT_Tcpip6_{8D944AB6-1F96-49B6-986F-AA2EA579C72B}?\Device\NetBT_Tcpip_{142AB6C2-FD3F-46BA-A91C-BCBB24B69F3A}?\Device\NetBT_Tcpip_{317EAAE7-3DF4-43E0-9930-CBFD9268A42C}?\Device\NetBT_Tcpip_{8D944AB6-1F96-49B6-986F-AA2EA579C72B}? Reg HKLM\SYSTEM\CurrentControlSet\Services\NetBIOS\Linkage@Route "NetBT" "Tcpip6" "{75D7EAC4-884A-4214-82E8-05B806B1A4F8}"?"NetBT" "Tcpip6" "{93092459-C319-4311-A331-F34B25DECA80}"?"NetBT" "Tcpip6" "{74437AF4-A3AF-4D37-BF22-6A40885E8575}"?"NetBT" "Tcpip6" "{68287C91-8D6E-404E-9B51-5D2086960235}"?"NetBT" "Tcpip6" "{8C5BA2E2-AAAB-4938-B956-D423061B8CA1}"?"NetBT" "Tcpip6" "{142AB6C2-FD3F-46BA-A91C-BCBB24B69F3A}"?"NetBT" "Tcpip6" "{317EAAE7-3DF4-43E0-9930-CBFD9268A42C}"?"NetBT" "Tcpip6" "{8D944AB6-1F96-49B6-986F-AA2EA579C72B}"?"NetBT" "Tcpip" "{142AB6C2-FD3F-46BA-A91C-BCBB24B69F3A}"?"NetBT" "Tcpip" "{317EAAE7-3DF4-43E0-9930-CBFD9268A42C}"?"NetBT" "Tcpip" "{8D944AB6-1F96-49B6-986F-AA2EA579C72B}"? Reg HKLM\SYSTEM\CurrentControlSet\Services\NetBIOS\Linkage@Export \Device\NetBIOS_NetBT_Tcpip6_{75D7EAC4-884A-4214-82E8-05B806B1A4F8}?\Device\NetBIOS_NetBT_Tcpip6_{93092459-C319-4311-A331-F34B25DECA80}?\Device\NetBIOS_NetBT_Tcpip6_{74437AF4-A3AF-4D37-BF22-6A40885E8575}?\Device\NetBIOS_NetBT_Tcpip6_{68287C91-8D6E-404E-9B51-5D2086960235}?\Device\NetBIOS_NetBT_Tcpip6_{8C5BA2E2-AAAB-4938-B956-D423061B8CA1}?\Device\NetBIOS_NetBT_Tcpip6_{142AB6C2-FD3F-46BA-A91C-BCBB24B69F3A}?\Device\NetBIOS_NetBT_Tcpip6_{317EAAE7-3DF4-43E0-9930-CBFD9268A42C}?\Device\NetBIOS_NetBT_Tcpip6_{8D944AB6-1F96-49B6-986F-AA2EA579C72B}?\Device\NetBIOS_NetBT_Tcpip_{142AB6C2-FD3F-46BA-A91C-BCBB24B69F3A}?\Device\NetBIOS_NetBT_Tcpip_{317EAAE7-3DF4-43E0-9930-CBFD9268A42C}?\Device\NetBIOS_NetBT_Tcpip_{8D944AB6-1F96-49B6-986F-AA2EA579C72B}? Reg HKLM\SYSTEM\CurrentControlSet\Services\netbt\Linkage@Bind \Device\Tcpip6_{75D7EAC4-884A-4214-82E8-05B806B1A4F8}?\Device\Tcpip6_{93092459-C319-4311-A331-F34B25DECA80}?\Device\Tcpip6_{74437AF4-A3AF-4D37-BF22-6A40885E8575}?\Device\Tcpip6_{68287C91-8D6E-404E-9B51-5D2086960235}?\Device\Tcpip6_{8C5BA2E2-AAAB-4938-B956-D423061B8CA1}?\Device\Tcpip6_{142AB6C2-FD3F-46BA-A91C-BCBB24B69F3A}?\Device\Tcpip6_{317EAAE7-3DF4-43E0-9930-CBFD9268A42C}?\Device\Tcpip6_{8D944AB6-1F96-49B6-986F-AA2EA579C72B}?\Device\Tcpip_{142AB6C2-FD3F-46BA-A91C-BCBB24B69F3A}?\Device\Tcpip_{317EAAE7-3DF4-43E0-9930-CBFD9268A42C}?\Device\Tcpip_{8D944AB6-1F96-49B6-986F-AA2EA579C72B}? Reg HKLM\SYSTEM\CurrentControlSet\Services\netbt\Linkage@Route "Tcpip6" "{75D7EAC4-884A-4214-82E8-05B806B1A4F8}"?"Tcpip6" "{93092459-C319-4311-A331-F34B25DECA80}"?"Tcpip6" "{74437AF4-A3AF-4D37-BF22-6A40885E8575}"?"Tcpip6" "{68287C91-8D6E-404E-9B51-5D2086960235}"?"Tcpip6" "{8C5BA2E2-AAAB-4938-B956-D423061B8CA1}"?"Tcpip6" "{142AB6C2-FD3F-46BA-A91C-BCBB24B69F3A}"?"Tcpip6" "{317EAAE7-3DF4-43E0-9930-CBFD9268A42C}"?"Tcpip6" "{8D944AB6-1F96-49B6-986F-AA2EA579C72B}"?"Tcpip" "{142AB6C2-FD3F-46BA-A91C-BCBB24B69F3A}"?"Tcpip" "{317EAAE7-3DF4-43E0-9930-CBFD9268A42C}"?"Tcpip" "{8D944AB6-1F96-49B6-986F-AA2EA579C72B}"? Reg HKLM\SYSTEM\CurrentControlSet\Services\netbt\Linkage@Export \Device\NetBT_Tcpip6_{75D7EAC4-884A-4214-82E8-05B806B1A4F8}?\Device\NetBT_Tcpip6_{93092459-C319-4311-A331-F34B25DECA80}?\Device\NetBT_Tcpip6_{74437AF4-A3AF-4D37-BF22-6A40885E8575}?\Device\NetBT_Tcpip6_{68287C91-8D6E-404E-9B51-5D2086960235}?\Device\NetBT_Tcpip6_{8C5BA2E2-AAAB-4938-B956-D423061B8CA1}?\Device\NetBT_Tcpip6_{142AB6C2-FD3F-46BA-A91C-BCBB24B69F3A}?\Device\NetBT_Tcpip6_{317EAAE7-3DF4-43E0-9930-CBFD9268A42C}?\Device\NetBT_Tcpip6_{8D944AB6-1F96-49B6-986F-AA2EA579C72B}?\Device\NetBT_Tcpip_{142AB6C2-FD3F-46BA-A91C-BCBB24B69F3A}?\Device\NetBT_Tcpip_{317EAAE7-3DF4-43E0-9930-CBFD9268A42C}?\Device\NetBT_Tcpip_{8D944AB6-1F96-49B6-986F-AA2EA579C72B}? Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 7609 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{B28EDADF-EAB4-4320-B98F-C3DB22C9495C} v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=49264|Name=Akamai NetSession Interface|Edge=FALSE| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{FEE16AEC-6FEF-4AEA-A171-4673A8EA8F6E} v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|LPort=5000|Name=Akamai NetSession Interface|Edge=FALSE| Reg HKLM\SYSTEM\CurrentControlSet\Services\Smb\Linkage@Bind \Device\Tcpip6_{75D7EAC4-884A-4214-82E8-05B806B1A4F8}?\Device\Tcpip6_{93092459-C319-4311-A331-F34B25DECA80}?\Device\Tcpip6_{74437AF4-A3AF-4D37-BF22-6A40885E8575}?\Device\Tcpip6_{68287C91-8D6E-404E-9B51-5D2086960235}?\Device\Tcpip6_{8C5BA2E2-AAAB-4938-B956-D423061B8CA1}?\Device\Tcpip6_{142AB6C2-FD3F-46BA-A91C-BCBB24B69F3A}?\Device\Tcpip6_{317EAAE7-3DF4-43E0-9930-CBFD9268A42C}?\Device\Tcpip6_{8D944AB6-1F96-49B6-986F-AA2EA579C72B}?\Device\Tcpip_{142AB6C2-FD3F-46BA-A91C-BCBB24B69F3A}?\Device\Tcpip_{317EAAE7-3DF4-43E0-9930-CBFD9268A42C}?\Device\Tcpip_{8D944AB6-1F96-49B6-986F-AA2EA579C72B}? Reg HKLM\SYSTEM\CurrentControlSet\Services\Smb\Linkage@Route "Tcpip6" "{75D7EAC4-884A-4214-82E8-05B806B1A4F8}"?"Tcpip6" "{93092459-C319-4311-A331-F34B25DECA80}"?"Tcpip6" "{74437AF4-A3AF-4D37-BF22-6A40885E8575}"?"Tcpip6" "{68287C91-8D6E-404E-9B51-5D2086960235}"?"Tcpip6" "{8C5BA2E2-AAAB-4938-B956-D423061B8CA1}"?"Tcpip6" "{142AB6C2-FD3F-46BA-A91C-BCBB24B69F3A}"?"Tcpip6" "{317EAAE7-3DF4-43E0-9930-CBFD9268A42C}"?"Tcpip6" "{8D944AB6-1F96-49B6-986F-AA2EA579C72B}"?"Tcpip" "{142AB6C2-FD3F-46BA-A91C-BCBB24B69F3A}"?"Tcpip" "{317EAAE7-3DF4-43E0-9930-CBFD9268A42C}"?"Tcpip" "{8D944AB6-1F96-49B6-986F-AA2EA579C72B}"? Reg HKLM\SYSTEM\CurrentControlSet\Services\Smb\Linkage@Export \Device\Smb_Tcpip6_{75D7EAC4-884A-4214-82E8-05B806B1A4F8}?\Device\Smb_Tcpip6_{93092459-C319-4311-A331-F34B25DECA80}?\Device\Smb_Tcpip6_{74437AF4-A3AF-4D37-BF22-6A40885E8575}?\Device\Smb_Tcpip6_{68287C91-8D6E-404E-9B51-5D2086960235}?\Device\Smb_Tcpip6_{8C5BA2E2-AAAB-4938-B956-D423061B8CA1}?\Device\Smb_Tcpip6_{142AB6C2-FD3F-46BA-A91C-BCBB24B69F3A}?\Device\Smb_Tcpip6_{317EAAE7-3DF4-43E0-9930-CBFD9268A42C}?\Device\Smb_Tcpip6_{8D944AB6-1F96-49B6-986F-AA2EA579C72B}?\Device\Smb_Tcpip_{142AB6C2-FD3F-46BA-A91C-BCBB24B69F3A}?\Device\Smb_Tcpip_{317EAAE7-3DF4-43E0-9930-CBFD9268A42C}?\Device\Smb_Tcpip_{8D944AB6-1F96-49B6-986F-AA2EA579C72B}? Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Linkage@Bind \Device\{75D7EAC4-884A-4214-82E8-05B806B1A4F8}?\Device\{93092459-C319-4311-A331-F34B25DECA80}?\Device\{74437AF4-A3AF-4D37-BF22-6A40885E8575}?\Device\{68287C91-8D6E-404E-9B51-5D2086960235}?\Device\{8C5BA2E2-AAAB-4938-B956-D423061B8CA1}?\Device\{142AB6C2-FD3F-46BA-A91C-BCBB24B69F3A}?\Device\{317EAAE7-3DF4-43E0-9930-CBFD9268A42C}?\Device\{8D944AB6-1F96-49B6-986F-AA2EA579C72B}? Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Linkage@Route "{75D7EAC4-884A-4214-82E8-05B806B1A4F8}"?"{93092459-C319-4311-A331-F34B25DECA80}"?"{74437AF4-A3AF-4D37-BF22-6A40885E8575}"?"{68287C91-8D6E-404E-9B51-5D2086960235}"?"{8C5BA2E2-AAAB-4938-B956-D423061B8CA1}"?"{142AB6C2-FD3F-46BA-A91C-BCBB24B69F3A}"?"{317EAAE7-3DF4-43E0-9930-CBFD9268A42C}"?"{8D944AB6-1F96-49B6-986F-AA2EA579C72B}"? Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Linkage@Export \Device\Tcpip6_{75D7EAC4-884A-4214-82E8-05B806B1A4F8}?\Device\Tcpip6_{93092459-C319-4311-A331-F34B25DECA80}?\Device\Tcpip6_{74437AF4-A3AF-4D37-BF22-6A40885E8575}?\Device\Tcpip6_{68287C91-8D6E-404E-9B51-5D2086960235}?\Device\Tcpip6_{8C5BA2E2-AAAB-4938-B956-D423061B8CA1}?\Device\Tcpip6_{142AB6C2-FD3F-46BA-A91C-BCBB24B69F3A}?\Device\Tcpip6_{317EAAE7-3DF4-43E0-9930-CBFD9268A42C}?\Device\Tcpip6_{8D944AB6-1F96-49B6-986F-AA2EA579C72B}? Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{75d7eac4-884a-4214-82e8-05b806b1a4f8} Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{75d7eac4-884a-4214-82e8-05b806b1a4f8}@Dhcpv6Iaid 385875968 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{75d7eac4-884a-4214-82e8-05b806b1a4f8}@Dhcpv6State 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9@Next_Catalog_Entry_ID 39142 Reg HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9@Num_Catalog_Entries 33 Reg HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9@Serial_Access_Num 2296 Reg HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012@ProtocolName MSAFD NetBIOS [\Device\NetBT_Tcpip6_{75D7EAC4-884A-4214-82E8-05B806B1A4F8}] SEQPACKET 6 Reg HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013@ProtocolName MSAFD NetBIOS [\Device\NetBT_Tcpip6_{75D7EAC4-884A-4214-82E8-05B806B1A4F8}] DATAGRAM 6 Reg HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014@ProtocolName MSAFD NetBIOS [\Device\NetBT_Tcpip6_{93092459-C319-4311-A331-F34B25DECA80}] SEQPACKET 8 Reg HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015@ProtocolName MSAFD NetBIOS [\Device\NetBT_Tcpip6_{93092459-C319-4311-A331-F34B25DECA80}] DATAGRAM 8 Reg HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016@ProtocolName MSAFD NetBIOS [\Device\NetBT_Tcpip6_{74437AF4-A3AF-4D37-BF22-6A40885E8575}] SEQPACKET 14 Reg HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017@ProtocolName MSAFD NetBIOS [\Device\NetBT_Tcpip6_{74437AF4-A3AF-4D37-BF22-6A40885E8575}] DATAGRAM 14 Reg HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018@ProtocolName MSAFD NetBIOS [\Device\NetBT_Tcpip6_{68287C91-8D6E-404E-9B51-5D2086960235}] SEQPACKET 18 Reg HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019@ProtocolName MSAFD NetBIOS [\Device\NetBT_Tcpip6_{68287C91-8D6E-404E-9B51-5D2086960235}] DATAGRAM 18 Reg HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000020@ProtocolName MSAFD NetBIOS [\Device\NetBT_Tcpip6_{8C5BA2E2-AAAB-4938-B956-D423061B8CA1}] SEQPACKET 19 Reg HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021@ProtocolName MSAFD NetBIOS [\Device\NetBT_Tcpip6_{8C5BA2E2-AAAB-4938-B956-D423061B8CA1}] DATAGRAM 19 Reg HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000022@ProtocolName MSAFD NetBIOS [\Device\NetBT_Tcpip6_{142AB6C2-FD3F-46BA-A91C-BCBB24B69F3A}] SEQPACKET 5 Reg HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000023@ProtocolName MSAFD NetBIOS [\Device\NetBT_Tcpip6_{142AB6C2-FD3F-46BA-A91C-BCBB24B69F3A}] DATAGRAM 5 Reg HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000024@ProtocolName MSAFD NetBIOS [\Device\NetBT_Tcpip6_{317EAAE7-3DF4-43E0-9930-CBFD9268A42C}] SEQPACKET 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000025@ProtocolName MSAFD NetBIOS [\Device\NetBT_Tcpip6_{317EAAE7-3DF4-43E0-9930-CBFD9268A42C}] DATAGRAM 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000026@ProtocolName MSAFD NetBIOS [\Device\NetBT_Tcpip6_{8D944AB6-1F96-49B6-986F-AA2EA579C72B}] SEQPACKET 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000027@ProtocolName MSAFD NetBIOS [\Device\NetBT_Tcpip6_{8D944AB6-1F96-49B6-986F-AA2EA579C72B}] DATAGRAM 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000028@ProtocolName MSAFD NetBIOS [\Device\NetBT_Tcpip_{142AB6C2-FD3F-46BA-A91C-BCBB24B69F3A}] SEQPACKET 4 Reg HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000029@ProtocolName MSAFD NetBIOS [\Device\NetBT_Tcpip_{142AB6C2-FD3F-46BA-A91C-BCBB24B69F3A}] DATAGRAM 4 Reg HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000030@ProtocolName MSAFD NetBIOS [\Device\NetBT_Tcpip_{317EAAE7-3DF4-43E0-9930-CBFD9268A42C}] SEQPACKET 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000031@ProtocolName MSAFD NetBIOS [\Device\NetBT_Tcpip_{317EAAE7-3DF4-43E0-9930-CBFD9268A42C}] DATAGRAM 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000032 Reg HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000032@PackedCatalogItem 0x25 0x53 0x79 0x73 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000032@ProtocolName MSAFD NetBIOS [\Device\NetBT_Tcpip_{8D944AB6-1F96-49B6-986F-AA2EA579C72B}] SEQPACKET 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000033 Reg HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000033@PackedCatalogItem 0x25 0x53 0x79 0x73 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000033@ProtocolName MSAFD NetBIOS [\Device\NetBT_Tcpip_{8D944AB6-1F96-49B6-986F-AA2EA579C72B}] DATAGRAM 0 Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001a6bf3279c (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001a6bf3279c@cc08e0742933 0x80 0x34 0x20 0xDF ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001a6bf3279c@2013e0bda8cd 0x7E 0x39 0x9D 0x8F ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001a6bf3279c@000202355cfe 0xEB 0xCE 0x74 0x31 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001a6bf3279c@f48e095ae424 0xA7 0x65 0x3F 0x68 ... ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----