GMER 1.0.15.15641 - [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2012-03-07 15:43:17 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000054 SAMSUNG_ rev.1AJ1 Running: jfiu0f8x.exe; Driver: C:\Users\oem\AppData\Local\Temp\pwdiqpow.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKey + 13D1 82E82369 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EBBD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2688] USER32.dll!RegisterMessagePumpHook + 2F1 76418B9E 7 Bytes JMP 1004BF70 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2688] USER32.dll!PostMessageW + 43A 764248B5 7 Bytes JMP 1004BE30 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2688] USER32.dll!SetDlgItemTextA + 25 7643709F 7 Bytes JMP 1004BF50 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2688] USER32.dll!MessageBoxIndirectA + F5 7646E95E 7 Bytes JMP 1004BFC0 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2688] USER32.dll!MessageBoxIndirectW + 61 7646E9C4 7 Bytes JMP 1004C090 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2688] USER32.dll!MessageBoxExA + 1F 7646E9E8 7 Bytes JMP 1004C040 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Mozilla Firefox\firefox.exe[3744] ntdll.dll!LdrLoadDll 77BD223E 5 Bytes JMP 61C75B60 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4000] USER32.dll!GetWindowInfo 76424B5E 5 Bytes JMP 61DF0924 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4000] USER32.dll!TrackPopupMenu 76432228 5 Bytes JMP 61DF0ECF C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\0000003f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{DB467EC5-B6CF-11DF-83BB-806E6F6E6963} 4123943766560 ---- Files - GMER 1.0.15 ---- File C:\Users\oem\AppData\Local\Temp\lucene-51fd72d55c3249d2063c70bb411585e1-write.lock 0 bytes ---- EOF - GMER 1.0.15 ----