GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-04-09 19:37:58 Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\00000058 WDC_WD25 rev.10.0 232,89GB Running: gmer.exe; Driver: C:\Users\Grzegorz\AppData\Local\Temp\kwldqpog.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 82E8D8D9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EB2312 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x94E38000, 0x349D76, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[2948] ntdll.dll!wcsncmp + 33B 7720F420 7 Bytes JMP 6F781FD9 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2948] kernel32.dll!K32GetDeviceDriverBaseNameW + 16F 7641C0A7 7 Bytes JMP 6BD040E1 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2948] kernel32.dll!CloseHandle + 38 764205CF 7 Bytes JMP 6BD04104 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2948] kernel32.dll!GetExitCodeProcess + 2C 7642311D 7 Bytes JMP 6B3D3255 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2948] GDI32.dll!GetViewportOrgEx + 21C 773785EB 7 Bytes JMP 6BD04062 C:\Program Files\Mozilla Firefox\xul.dll ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_6.1.7600.16385_231e86ec3ea39a1b8d8ba713437db5db371372_cab_098c824f ---- Files - GMER 2.1 ---- ADS C:\FRST\Quarantine\C\Windows\1299978628.xBAD:2078704562.exe 816 bytes executable ---- EOF - GMER 2.1 ----