GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-03-14 22:20:31 Windows 6.1.7600 Running: wfv7lgql.exe; Driver: X:\windows\TEMP\awrorpob.sys ---- Kernel code sections - GMER 2.2 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8AC5C579 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8AC80F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- Devices - GMER 2.2 ---- AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName@ComputerName MINWINPC Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\GenDisk@ClassGUID {4D36E967-E325-11CE-BFC1-08002BE10318} Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\HID_DEVICE_SYSTEM_KEYBOARD@ClassGUID {4D36E96B-E325-11CE-BFC1-08002BE10318} Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\HID_DEVICE_SYSTEM_MOUSE@ClassGUID {4D36E96F-E325-11CE-BFC1-08002BE10318} Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\STORAGE#Volume@ClassGUID {71A27CDD-812A-11D0-BEC7-08002BE2092F} Reg HKLM\SYSTEM\CurrentControlSet\Control\IDConfigDB@CurrentConfig 0 Reg HKLM\SYSTEM\CurrentControlSet\services\HidUsb@ImagePath \SystemRoot\system32\DRIVERS\hidusb.sys Reg HKLM\SYSTEM\CurrentControlSet\services\HidUsb Reg HKLM\SYSTEM\CurrentControlSet\services\kbdclass@ImagePath \SystemRoot\system32\DRIVERS\kbdclass.sys Reg HKLM\SYSTEM\CurrentControlSet\services\kbdclass Reg HKLM\SYSTEM\CurrentControlSet\services\kbdhid@ImagePath \SystemRoot\system32\DRIVERS\kbdhid.sys Reg HKLM\SYSTEM\CurrentControlSet\services\kbdhid Reg HKLM\SYSTEM\CurrentControlSet\services\mouclass@ImagePath \SystemRoot\system32\DRIVERS\mouclass.sys Reg HKLM\SYSTEM\CurrentControlSet\services\mouclass Reg HKLM\SYSTEM\CurrentControlSet\services\mouhid@ImagePath \SystemRoot\system32\DRIVERS\mouhid.sys Reg HKLM\SYSTEM\CurrentControlSet\services\mouhid Reg HKLM\SYSTEM\CurrentControlSet\services\usbccgp@ImagePath \SystemRoot\system32\DRIVERS\usbccgp.sys Reg HKLM\SYSTEM\CurrentControlSet\services\usbccgp Reg HKLM\SYSTEM\CurrentControlSet\services\USBSTOR@ImagePath \SystemRoot\system32\DRIVERS\USBSTOR.SYS Reg HKLM\SYSTEM\CurrentControlSet\services\USBSTOR Reg HKLM\SYSTEM\CurrentControlSet\services\Winmgmt@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\Winmgmt Reg HKLM\SYSTEM\Setup@SetupType 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion@CurrentType Multiprocessor Checked Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion@SystemRoot X:\Windows Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit userinit.exe ---- EOF - GMER 2.2 ----