GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-06-01 19:16:44
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST9320421ASG rev.SD13 298,09GB
Running: w9xnz8hm.exe; Driver: C:\Users\666\AppData\Local\Temp\pxriqpow.sys


---- Kernel code sections - GMER 2.1 ----

.text  ntoskrnl.exe!ZwRequestWaitReplyPort + 14B9                                                                                                                                                                   82C83A15 1 Byte  [06]
.text  ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                                                                                                                       82CA3C62 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad2e695                                                                                                                                  
Reg    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch                                                                                                                                              238
Reg    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch                                                                                                                                             91
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad2e695 (not active ControlSet)                                                                                                              
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll                                                                                  
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe  0x7A 0xA0 0xEC 0xA8 ...
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\sdiagnhost.exe                          0x5A 0xCA 0x9C 0xCE ...
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe       0x05 0x62 0xE8 0xCF ...
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\mmc.exe                                 0x2D 0x84 0x77 0x2F ...
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll                                                                                       
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe       0xE5 0x44 0x5C 0xB6 ...
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\rundll32.exe                                 0xBF 0x5D 0x5F 0x94 ...

---- Files - GMER 2.1 ----

File   C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb                                                                                                                                                       524288 bytes executable

---- EOF - GMER 2.1 ----