GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-12-26 15:54:06
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3320613AS rev.SD22 298,09GB
Running: od6cr2xu.exe; Driver: C:\Users\Marcin\AppData\Local\Temp\awrdrpoc.sys


---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwReplaceKey + 1525                                                                  82E8BB55 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                            82EC5BB2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User code sections - GMER 2.1 ----

.text           C:\Program Files\Mozilla Firefox\firefox.exe[1620] ntdll.dll!NtCreateFile                         771356B0 5 Bytes  JMP 5F9F7C66 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1620] ntdll.dll!NtFlushBuffersFile                   77135A40 5 Bytes  JMP 5F9F79A6 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1620] ntdll.dll!NtQueryFullAttributesFile            771360D0 5 Bytes  JMP 5F9F7B59 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1620] ntdll.dll!NtReadFile                           771363A0 5 Bytes  JMP 5F9F79E0 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1620] ntdll.dll!NtReadFileScatter                    771363B0 5 Bytes  JMP 5FD61796 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1620] ntdll.dll!NtWriteFile                          77136B50 5 Bytes  JMP 5F9F7E0A C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1620] ntdll.dll!NtWriteFileGather                    77136B60 5 Bytes  JMP 5FD617E6 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1620] ntdll.dll!LdrLoadDll                           77152576 5 Bytes  JMP 61EBA790 C:\Program Files\Mozilla Firefox\mozglue.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1620] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D  7575952E 7 Bytes  JMP 5FD4ADD0 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1620] kernel32.dll!QueryPerformanceCounter + 13      7575C535 1 Byte  [E9]
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1620] kernel32.dll!QueryPerformanceCounter + 13      7575C535 7 Bytes  JMP 5FD4B7CA C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1620] kernel32.dll!LoadAppInitDlls + 355             7575F5F6 7 Bytes  JMP 5FAC91FA C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1620] USER32.dll!GetWindowInfo                       75C84B66 5 Bytes  JMP 6084A471 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1620] GDI32.dll!GetViewportOrgEx + 26C               772F87DB 7 Bytes  JMP 5FD4A735 C:\Program Files\Mozilla Firefox\xul.dll

---- Devices - GMER 2.1 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                                          fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active                
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@5B131E4A       594

---- EOF - GMER 2.1 ----