GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-09-24 07:41:00 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9640320AS rev.0002SDM1 596,17GB Running: 4jppzti8.exe; Driver: C:\Users\user\AppData\Local\Temp\pwryipoc.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 83E5BA15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83E95212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92612000, 0x390B25, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[1400] USER32.dll!RegisterMessagePumpHook + 2F1 75918B9E 7 Bytes JMP 10053C10 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[1400] USER32.dll!PostMessageW + 43A 759248B5 7 Bytes JMP 10053AC0 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[1400] USER32.dll!SetDlgItemTextA + 25 7593709F 7 Bytes JMP 10053BF0 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[1400] USER32.dll!MessageBoxIndirectA + F5 7596E95E 7 Bytes JMP 10053C60 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[1400] USER32.dll!MessageBoxIndirectW + 61 7596E9C4 7 Bytes JMP 10053D30 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[1400] USER32.dll!MessageBoxExA + 1F 7596E9E8 7 Bytes JMP 10053CE0 C:\Program Files\Sony\Sony PC Companion\NewUI.dll ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- EOF - GMER 2.1 ----