GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-01-28 23:41:55 Windows 6.0.6002 Service Pack 2 Running: p7mxbmj4.exe; Driver: C:\Users\Arjan\AppData\Local\Temp\kgldiaow.sys ---- System - GMER 1.0.15 ---- SSDT 873A9D68 ZwAlertResumeThread SSDT 873A9E48 ZwAlertThread SSDT 873E4B18 ZwAllocateVirtualMemory SSDT 87296DE0 ZwAlpcConnectPort SSDT 873A9AB8 ZwCreateMutant SSDT 873E4CC8 ZwCreateThread SSDT 873A9738 ZwDebugActiveProcess SSDT 87243AA8 ZwFreeVirtualMemory SSDT 873A9BA8 ZwImpersonateAnonymousToken SSDT 873A9C88 ZwImpersonateThread SSDT 872439A8 ZwMapViewOfSection SSDT 873A99D8 ZwOpenEvent SSDT 873E4C08 ZwOpenProcessToken SSDT 873A9818 ZwOpenSection SSDT 873E84C0 ZwOpenThreadToken SSDT 873E6D48 ZwResumeThread SSDT 873E83E0 ZwSetContextThread SSDT 873E85B0 ZwSetInformationProcess SSDT 873E82F0 ZwSetInformationThread SSDT 873A98F8 ZwSuspendProcess SSDT 873A9F90 ZwSuspendThread SSDT \??\C:\Windows\system32\drivers\CO_Mon.sys ZwTerminateProcess [0xABC75760] SSDT 873E8210 ZwTerminateThread SSDT 873E86A0 ZwUnmapViewOfSection SSDT 87243B78 ZwWriteVirtualMemory ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001167bf2b33 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001167bf2b33@00192d007ffc 0x8E 0x2A 0xB2 0x0B ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001167bf2b33 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001167bf2b33@00192d007ffc 0x8E 0x2A 0xB2 0x0B ... ---- EOF - GMER 1.0.15 ----