GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2016-06-25 13:10:42
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000037 PLEXTOR_PX-256M6V rev.1.01 238,47GB
Running: 4hs0652r.exe; Driver: C:\Users\Damian\AppData\Local\Temp\awndqpog.sys


---- User code sections - GMER 2.2 ----

?        C:\Windows\system32\apphelp.dll [2184] entry point in ".rdata" section               0000000068490380
?        C:\Windows\SYSTEM32\NTASN1.dll [2236] entry point in ".rdata" section                000000007356bb10
?        C:\Windows\SYSTEM32\NTASN1.dll [1932] entry point in ".rdata" section                000000007356bb10
?        C:\Windows\system32\apphelp.dll [524] entry point in ".rdata" section                0000000068490380

---- Threads - GMER 2.2 ----

Thread   C:\Windows\system32\csrss.exe [616:768]                                              fffff960c7314030
Thread   C:\Windows\Explorer.EXE [3692:4492]                                                  00007ff9726c0250
Thread   C:\Windows\Explorer.EXE [3692:4824]                                                  00007ff97f700250

---- Services - GMER 2.2 ----

Service  C:\Windows\system32\Drivers\iqvw64e.sys (*** hidden *** )                            [MANUAL] NAL                                  <-- ROOTKIT !!!

---- Registry - GMER 2.2 ----

Reg      HKLM\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings@StringCacheGeneration  50
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed    812436487
Reg      HKLM\SYSTEM\CurrentControlSet\Services\NAL                                           
Reg      HKLM\SYSTEM\CurrentControlSet\Services\NAL@Type                                      1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\NAL@Start                                     3
Reg      HKLM\SYSTEM\CurrentControlSet\Services\NAL@ErrorControl                              1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\NAL@ImagePath                                 \??\C:\Windows\system32\Drivers\iqvw64e.sys
Reg      HKLM\SYSTEM\CurrentControlSet\Services\NAL@DisplayName                               Nal Service 
Reg      HKLM\SYSTEM\CurrentControlSet\Services\NAL                                           
Reg      HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated  0x79 0x75 0x1F 0x2E ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh       0x79 0xDD 0xE3 0x8F ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow        0x79 0x0D 0x5B 0xCC ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeTickCount  0xBD 0x1F 0x00 0x00 ...

---- Disk sectors - GMER 2.2 ----

Disk     \Device\Harddisk0\DR0                                                                unknown MBR code

---- EOF - GMER 2.2 ----