how Rootkit.Avatar looks like in wincheck logs

Many thanks to Anton Cherepanov for wincheck log from infected machine
Detailed description of avatar can be found here

1) FS Change notifiers
FS Change notifiers: 3 (actual 3)
DriverObj 8B6A31B8 addr 8362CBDA \SystemRoot\system32\drivers\fltmgr.sys
DriverObj 8BEC91B8 addr 8C477D40 UNKNOWN
DriverObj 8B6A31B8 addr 8362CBDA \SystemRoot\system32\drivers\fltmgr.sys

2) Pnp Notifiers
Pnp Notifiers: total 19, readed 19
...
 Pnp[6] CategoryHardwareProfileChange DEVINTERFACE_MT_COMPOSITE addr 92FE793A \SystemRoot\system32\DRIVERS\CompositeBus.sys
 Pnp[7] CategoryHardwareProfileChange DEVINTERFACE_DISK addr 8B618180 UNKNOWN
 Pnp[8] CategoryHardwareProfileChange DEVINTERFACE_HIDDEN_VOLUME addr 8356D3E0 \SystemRoot\system32\DRIVERS\volmgr.sys
 
3) numerous driver patches

Driver C:\Windows\system32\drivers\fltmgr.sys!.text has 8A patched bytes !
Patched FltGetRequestorProcessIdEx + 7F90
Patched FltAttachVolume
Patched FltAttachVolumeAtAltitude
Patched FltDetachVolume
Patched FltGetTransactionContext
Patched FltSetTransactionContext
Patched FltNotifyFilterChangeDirectory + 1D0
Driver C:\Windows\system32\drivers\fltmgr.sys!PAGE has 182A patched bytes !
Patched FltNotifyFilterChangeDirectory + 4E4F
Driver C:\Windows\system32\drivers\fltmgr.sys!PAGEVRF1 has 18B patched bytes !
Driver C:\Windows\system32\drivers\Ntfs.sys!.text has 1995 patched bytes !
Driver C:\Windows\system32\drivers\Ntfs.sys!PAGE has DE patched bytes !
Patched NetDmaIsDmaCopyComplete + 119F
Driver C:\Windows\system32\drivers\ndis.sys!.text has 40 patched bytes !
Patched NetDmaIsDmaCopyComplete + 7DFD
Patched NdisCloseAdapterEx
Patched NdisIMNotifyPnPEvent + 3C08
Driver C:\Windows\system32\drivers\ndis.sys!PAGE has 18AC patched bytes !
Patched NdisMSynchronizeWithInterrupt + 1410
Driver C:\Windows\system32\drivers\ndis.sys!PAGENDSM has 19 patched bytes !
Patched NdisCompletePnPEvent + 650
Driver C:\Windows\system32\drivers\ndis.sys!PAGENDSP has 81 patched bytes !
Patched TrFilterDprIndicateReceiveComplete + 886
Driver C:\Windows\system32\drivers\ndis.sys!PAGENDST has C9 patched bytes !
Patched NdisMRegisterInterrupt + 864
Driver C:\Windows\system32\drivers\ndis.sys!PAGENPNP has 103 patched bytes !
Patched EthFilterDprIndicateReceive + D29
Driver C:\Windows\system32\drivers\ndis.sys!PAGENDSE has 7B patched bytes !
Patched NdisMCoSendComplete + 68
Driver C:\Windows\system32\drivers\ndis.sys!PAGENDCO has 55 patched bytes !
Driver C:\Windows\system32\drivers\volsnap.sys!.text has 1876 patched bytes !
Driver C:\Windows\system32\drivers\volsnap.sys!PAGELK has B6 patched bytes !