GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-11-18 22:27:43 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 SAMSUNG_HM500JI rev.2AC101C4 465,76GB Running: y78ul51b.exe; Driver: C:\Users\Ola\AppData\Local\Temp\uxriqpow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x892A8AD6] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0x8936583C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x892A95B4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x892B56B8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x892B5704] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x892B589E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x892B5626] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x89365C16] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x892B566E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThread [0x89365EA6] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThreadEx [0x89365F90] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x892B5858] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x892AA3A2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x892A8B3C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwDuplicateObject [0x89366094] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwFreeVirtualMemory [0x89365914] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwLoadDriver [0x89362AA4] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x89365CF6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x892A8BA2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x892ADFE8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x892AAEE6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x892B56E2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x892B5726] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x892B58C2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x892B564C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x892AD4EA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x892B57D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x892B5696] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x892AD8D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x892B587C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x89365A94] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x892AACFE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x892AAA0C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x892A8C08] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x892A8C6E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x89365DF2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x892A87C2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x892A8994] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x892A8922] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x892AA56C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x892AA6CE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x892A8A1C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x89365B62] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x892AA1FC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwUnloadDriver [0x89362AD4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x892A8CD4] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwWriteVirtualMemory [0x893659C6] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwReplaceKey + 1525 82C7EB55 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CB8BB2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82CBFFB0 4 Bytes [D6, 8A, 2A, 89] .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82CBFFD8 4 Bytes [3C, 58, 36, 89] .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82CC0038 4 Bytes [B4, 95, 2A, 89] .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82CC008C 8 Bytes [B8, 56, 2B, 89, 04, 57, 2B, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82CC0098 4 Bytes JMP AE249F1F .text ... ---- User code sections - GMER 2.1 ---- .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1340] kernel32.dll!SetUnhandledExceptionFilter 75FFF5FB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtCreateFile + 6 77A756B6 4 Bytes [28, 00, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtCreateFile + B 77A756BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtMapViewOfSection + 6 77A75D16 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtMapViewOfSection + 6 77A75D16 4 Bytes [28, 03, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtMapViewOfSection + B 77A75D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenFile + 6 77A75DC6 4 Bytes [68, 00, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenFile + B 77A75DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcess + 6 77A75E76 4 Bytes [A8, 01, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcess + B 77A75E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcessToken + 6 77A75E86 4 Bytes CALL 76A8538C C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcessToken + B 77A75E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcessTokenEx + 6 77A75E96 4 Bytes [A8, 02, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcessTokenEx + B 77A75E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThread + 6 77A75EF6 4 Bytes [68, 01, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThread + B 77A75EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThreadToken + 6 77A75F06 4 Bytes [68, 02, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThreadToken + B 77A75F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThreadTokenEx + 6 77A75F16 4 Bytes CALL 76A8541D C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThreadTokenEx + B 77A75F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtQueryAttributesFile + 6 77A76026 4 Bytes [A8, 00, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtQueryAttributesFile + B 77A7602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtQueryFullAttributesFile + 6 77A760D6 4 Bytes CALL 76A855DB C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtQueryFullAttributesFile + B 77A760DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtSetInformationFile + 6 77A76726 4 Bytes [28, 01, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtSetInformationFile + B 77A7672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtSetInformationThread + 6 77A76786 4 Bytes [28, 02, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtSetInformationThread + B 77A7678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtUnmapViewOfSection + 6 77A76AA6 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtUnmapViewOfSection + 6 77A76AA6 4 Bytes [68, 03, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtUnmapViewOfSection + B 77A76AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!LdrUnloadDll 77A8CBCE 5 Bytes JMP 010103FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!LdrLoadDll 77A92576 5 Bytes JMP 010101F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3816] ntdll.dll!NtCreateFile + 6 77A756B6 4 Bytes [28, 6C, D5, 00] {SUB [EBP+EDX*8+0x0], CH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3816] ntdll.dll!NtCreateFile + B 77A756BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3816] ntdll.dll!NtMapViewOfSection + 6 77A75D16 4 Bytes [28, 6F, D5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3816] ntdll.dll!NtMapViewOfSection + B 77A75D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3816] ntdll.dll!NtOpenFile + 6 77A75DC6 4 Bytes [68, 6C, D5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3816] ntdll.dll!NtOpenFile + B 77A75DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3816] ntdll.dll!NtOpenProcess + 6 77A75E76 4 Bytes [A8, 6D, D5, 00] {TEST AL, 0x6d; AAD 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3816] ntdll.dll!NtOpenProcess + B 77A75E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3816] ntdll.dll!NtOpenProcessToken + 6 77A75E86 4 Bytes CALL 76A833F8 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3816] ntdll.dll!NtOpenProcessToken + B 77A75E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3816] ntdll.dll!NtOpenProcessTokenEx + 6 77A75E96 4 Bytes [A8, 6E, D5, 00] {TEST AL, 0x6e; AAD 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3816] ntdll.dll!NtOpenProcessTokenEx + B 77A75E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3816] ntdll.dll!NtOpenThread + 6 77A75EF6 4 Bytes [68, 6D, D5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3816] ntdll.dll!NtOpenThread + B 77A75EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3816] ntdll.dll!NtOpenThreadToken + 6 77A75F06 4 Bytes [68, 6E, D5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3816] ntdll.dll!NtOpenThreadToken + B 77A75F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3816] ntdll.dll!NtOpenThreadTokenEx + 6 77A75F16 4 Bytes CALL 76A83489 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3816] ntdll.dll!NtOpenThreadTokenEx + B 77A75F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3816] ntdll.dll!NtQueryAttributesFile + 6 77A76026 4 Bytes [A8, 6C, D5, 00] {TEST AL, 0x6c; AAD 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3816] ntdll.dll!NtQueryAttributesFile + B 77A7602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3816] ntdll.dll!NtQueryFullAttributesFile + 6 77A760D6 4 Bytes CALL 76A83647 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3816] ntdll.dll!NtQueryFullAttributesFile + B 77A760DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3816] ntdll.dll!NtSetInformationFile + 6 77A76726 4 Bytes [28, 6D, D5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3816] ntdll.dll!NtSetInformationFile + B 77A7672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3816] ntdll.dll!NtSetInformationThread + 6 77A76786 4 Bytes [28, 6E, D5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3816] ntdll.dll!NtSetInformationThread + B 77A7678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3816] ntdll.dll!NtUnmapViewOfSection + 6 77A76AA6 4 Bytes [68, 6F, D5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3816] ntdll.dll!NtUnmapViewOfSection + B 77A76AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3816] ntdll.dll!LdrUnloadDll 77A8CBCE 5 Bytes JMP 00DB03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3816] ntdll.dll!LdrLoadDll 77A92576 5 Bytes JMP 00DB01F8 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3968] kernel32.dll!SetUnhandledExceptionFilter 75FFF5FB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtMapViewOfSection + 6 77A75D16 4 Bytes [18, 20, 73, 69] {SBB [EAX], AH; JAE 0x6d} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtMapViewOfSection + B 77A75D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!LdrUnloadDll 77A8CBCE 5 Bytes JMP 000E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!LdrLoadDll 77A92576 5 Bytes JMP 000E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtCreateFile + 6 77A756B6 4 Bytes [28, 70, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtCreateFile + B 77A756BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtMapViewOfSection + 6 77A75D16 4 Bytes [28, 73, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtMapViewOfSection + B 77A75D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenFile + 6 77A75DC6 4 Bytes [68, 70, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenFile + B 77A75DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenProcess + 6 77A75E76 4 Bytes [A8, 71, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenProcess + B 77A75E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenProcessToken + B 77A75E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenProcessTokenEx + 6 77A75E96 4 Bytes [A8, 72, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenProcessTokenEx + B 77A75E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenThread + 6 77A75EF6 4 Bytes [68, 71, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenThread + B 77A75EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenThreadToken + 6 77A75F06 4 Bytes [68, 72, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenThreadToken + B 77A75F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtOpenThreadTokenEx + B 77A75F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtQueryAttributesFile + 6 77A76026 4 Bytes [A8, 70, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtQueryAttributesFile + B 77A7602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtQueryFullAttributesFile + B 77A760DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtSetInformationFile + 6 77A76726 4 Bytes [28, 71, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtSetInformationFile + B 77A7672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtSetInformationThread + 6 77A76786 4 Bytes [28, 72, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtSetInformationThread + B 77A7678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtUnmapViewOfSection + 6 77A76AA6 4 Bytes [68, 73, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!NtUnmapViewOfSection + B 77A76AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!LdrUnloadDll 77A8CBCE 5 Bytes JMP 003403FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4780] ntdll.dll!LdrLoadDll 77A92576 5 Bytes JMP 003401F8 ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys Device \Driver\BTHUSB \Device\00000082 bthport.sys Device \Driver\BTHUSB \Device\00000084 bthport.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6bbdd14a Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6bbdd14a (not active ControlSet) Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 0x43 0xAE 0x79 0xDC ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\sdiagnhost.exe 0x9A 0xB0 0xAE 0xCF ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe 0x27 0x10 0xB7 0xD4 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe 0xCF 0xD5 0xE5 0xDD ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Users\Ola\Desktop\mbar\mbar.exe 0xDA 0x63 0x96 0x59 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe 0x96 0x7D 0x80 0xDF ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Users\Ola\Downloads\FRST.exe 0x84 0xF9 0x43 0x90 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 0xBA 0x4C 0xBF 0xC9 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\CompatTel\wicainventory.exe 0x3D 0x7C 0x20 0x55 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\rundll32.exe 0xAE 0x90 0xCF 0x7C ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe 0x19 0x99 0x08 0xE5 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\msiexec.exe 0x55 0x20 0x8B 0x2A ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\TechSmith\Camtasia Studio 8\CamtasiaStudio.exe 0x78 0xB3 0xD3 0x41 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\aitstatic.exe 0xD0 0xD3 0xFA 0x3F ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\Ola\Desktop\mbar\mbar.exe 0x8F 0x3B 0x74 0x6C ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\Ola\Downloads\FRST.exe 0xFE 0x5F 0x41 0x92 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@BCA30A06 959 Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{461A29A9-DE38-11E1-A2BB-806E6F6E6963} 17403405872 ---- EOF - GMER 2.1 ----