GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2008-08-21 09:16:08 Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9250410AS rev.0006HPM1 232,89GB Running: 090nhm96.exe; Driver: X:\windows\TEMP\pxriqpod.sys ---- Kernel code sections - GMER 2.2 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8A85E579 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8A882F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- Devices - GMER 2.2 ---- AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName@ComputerName MINWINPC Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\GenDisk@ClassGUID {4D36E967-E325-11CE-BFC1-08002BE10318} Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\STORAGE#Volume@ClassGUID {71A27CDD-812A-11D0-BEC7-08002BE2092F} Reg HKLM\SYSTEM\CurrentControlSet\Control\IDConfigDB@CurrentConfig 0 Reg HKLM\SYSTEM\CurrentControlSet\services\Disk@DisplayName Disk Driver Reg HKLM\SYSTEM\CurrentControlSet\services\USBSTOR@ImagePath \SystemRoot\system32\DRIVERS\USBSTOR.SYS Reg HKLM\SYSTEM\CurrentControlSet\services\USBSTOR@DisplayName USB Mass Storage Driver Reg HKLM\SYSTEM\CurrentControlSet\services\USBSTOR Reg HKLM\SYSTEM\CurrentControlSet\services\volsnap@DisplayName Storage volumes Reg HKLM\SYSTEM\CurrentControlSet\services\Winmgmt@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\Winmgmt Reg HKLM\SYSTEM\Setup@SetupType 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion@CurrentType Multiprocessor Checked Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion@SystemRoot X:\Windows Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib@Last Counter 2562 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib@Last Help 2563 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit userinit.exe ---- EOF - GMER 2.2 ----