GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-08-28 12:23:25
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0001 465,76GB
Running: gmer.exe; Driver: C:\Users\HURTOW~1\AppData\Local\Temp\awrdypow.sys


---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwReplaceKey + 1525                                                                 83881B55 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           838BBBB2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                          Wdf01000.sys
AttachedDevice  \FileSystem\fastfat \Fat                                                                         fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654edff                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654f493                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654f652                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b65515d7                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b65515d7@18879671cbb2         0x72 0x83 0x21 0x8B ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b65515d7@a0f4504f4804         0xE8 0x28 0x00 0xCC ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654edff (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654f493 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654f652 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b65515d7 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b65515d7@18879671cbb2             0x72 0x83 0x21 0x8B ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b65515d7@a0f4504f4804             0xE8 0x28 0x00 0xCC ...
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active               
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@216F771E      966