GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-03-14 20:51:34 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000031 ST320LT020-9YG142 rev.0003LVM1 298,09GB Running: 0ftt3i1l.exe; Driver: C:\Users\AGNIES~1\AppData\Local\Temp\awtdrpoc.sys ---- User code sections - GMER 2.1 ---- .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[5564] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffb5420169a 4 bytes [20, 54, FB, 7F] .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[5564] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffb542016a2 4 bytes [20, 54, FB, 7F] .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[5564] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffb5420181a 4 bytes [20, 54, FB, 7F] .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[5564] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffb54201832 4 bytes [20, 54, FB, 7F] .text C:\WINDOWS\Explorer.EXE[3676] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffb5420169a 4 bytes [20, 54, FB, 7F] .text C:\WINDOWS\Explorer.EXE[3676] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffb542016a2 4 bytes [20, 54, FB, 7F] .text C:\WINDOWS\Explorer.EXE[3676] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffb5420181a 4 bytes [20, 54, FB, 7F] .text C:\WINDOWS\Explorer.EXE[3676] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffb54201832 4 bytes [20, 54, FB, 7F] .text C:\Windows\System32\igfxpers.exe[5888] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffb5420169a 4 bytes [20, 54, FB, 7F] .text C:\Windows\System32\igfxpers.exe[5888] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffb542016a2 4 bytes [20, 54, FB, 7F] .text C:\Windows\System32\igfxpers.exe[5888] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffb5420181a 4 bytes [20, 54, FB, 7F] .text C:\Windows\System32\igfxpers.exe[5888] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffb54201832 4 bytes [20, 54, FB, 7F] .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4520] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffb5420169a 4 bytes [20, 54, FB, 7F] .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4520] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffb542016a2 4 bytes [20, 54, FB, 7F] .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4520] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffb5420181a 4 bytes [20, 54, FB, 7F] .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4520] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffb54201832 4 bytes [20, 54, FB, 7F] .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4520] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffb4f871f6a 4 bytes [87, 4F, FB, 7F] .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[4520] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffb4f871f82 4 bytes [87, 4F, FB, 7F] .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[3224] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffb5420169a 4 bytes [20, 54, FB, 7F] .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[3224] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffb542016a2 4 bytes [20, 54, FB, 7F] .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[3224] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffb5420181a 4 bytes [20, 54, FB, 7F] .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[3224] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffb54201832 4 bytes [20, 54, FB, 7F] .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[3224] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffb4f871f6a 4 bytes [87, 4F, FB, 7F] .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[3224] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffb4f871f82 4 bytes [87, 4F, FB, 7F] .text C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe[5688] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffb5420169a 4 bytes [20, 54, FB, 7F] .text C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe[5688] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffb542016a2 4 bytes [20, 54, FB, 7F] .text C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe[5688] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffb5420181a 4 bytes [20, 54, FB, 7F] .text C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe[5688] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffb54201832 4 bytes [20, 54, FB, 7F] ---- Threads - GMER 2.1 ---- Thread [1324:1460] 0000000077b24b50 Thread [1324:1464] 00000000751ef28e Thread [1324:1472] 0000000075b478a0 Thread [1324:1496] 0000000074607390 Thread [1324:1500] 0000000074662240 Thread [1324:1600] 00000000744c6780 Thread [1324:1604] 00000000744c5c30 Thread [1324:1740] 00000000751ef28e Thread [1324:1752] 00000000744ae070 Thread [1324:1756] 00000000744ae070 Thread [1324:1760] 00000000744ae070 Thread [1324:1764] 00000000744af630 Thread [1324:1768] 00000000744af630 Thread [1324:1772] 00000000744ae7d0 Thread [1324:1776] 000000007451c860 Thread [1324:1780] 000000007451ad70 Thread [1324:1784] 000000007451b2d0 Thread [1324:1788] 00000000744b23a0 Thread [1324:1792] 00000000744b23a0 Thread [1324:1796] 00000000744b23a0 Thread [1324:1800] 00000000744b20e0 Thread [1324:1804] 0000000073811080 Thread [1324:1808] 00000000737e14b0 Thread [1324:1816] 00000000744c7700 Thread [1324:1820] 00000000744b1830 Thread [1324:1844] 00000000751ef28e Thread [1324:1848] 00000000735fbf19 Thread [1324:1852] 00000000745385f0 Thread [1324:1864] 0000000074447740 Thread [1324:1868] 00000000738116d0 Thread [1324:1876] 00000000732f9a90 Thread [1324:1904] 00000000751ef28e Thread [1324:1908] 00000000751ef28e Thread [1324:1912] 00000000751ef28e Thread [1324:1916] 00000000751ef28e Thread [1324:1920] 00000000751ef28e Thread [1324:1924] 00000000751ef28e Thread [1324:1928] 00000000731e8670 Thread [1324:1932] 00000000731e8670 Thread [1324:1936] 00000000731e8670 Thread [1324:1940] 00000000731e8670 Thread [1324:1944] 00000000731e8670 Thread [1324:1948] 00000000743d0480 Thread [1324:1956] 00000000751ef28e Thread [1324:1964] 00000000746665e0 Thread [1324:1968] 0000000074669850 Thread [1324:1972] 00000000751ef28e Thread [1324:2760] 00000000751ef28e Thread [1324:2780] 000000007455bae0 Thread [1324:2784] 00000000751ef28e Thread [1324:2812] 00000000751ef28e Thread [1324:2820] 0000000077586241 Thread [1324:2352] 00000000751ef28e Thread [1324:6416] 00000000751ef28e Thread [1324:1264] 00000000751ef28e Thread [1324:684] 0000000077b24b50 Thread [1324:772] 0000000077b24b50 Thread [1324:6632] 00000000751ef28e Thread [1324:5444] 0000000077b24b50 Thread [1324:3660] 00000000736fa4c5 Thread [1324:5364] 0000000077b24b50 Thread [1324:3600] 00000000751ef28e Thread [1324:2476] 0000000077b24b50 Thread [1324:5032] 0000000077b24b50 Thread C:\WINDOWS\system32\csrss.exe [6680:2816] fffff960008a0b90 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----