GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-11-09 16:32:04 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST250DM000-1BD141 rev.KC45 232,89GB Running: qdf829ds.exe; Driver: C:\Users\Mistgun\AppData\Local\Temp\ffdoifow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075971465 2 bytes [97, 75] .text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759714bb 2 bytes [97, 75] .text ... * 2 .text C:\Program Files (x86)\PingPlotter Standard\PingPlotter.exe[4816] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 0000000076f7000c 1 byte [C3] .text C:\Program Files (x86)\PingPlotter Standard\PingPlotter.exe[4816] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 0000000076fff8ea 5 bytes JMP 0000000176fad5c1 .text C:\Program Files (x86)\PingPlotter Standard\PingPlotter.exe[4816] C:\Windows\syswow64\kernel32.dll!CreateThread + 28 00000000760b34b1 4 bytes {CALL 0xffffffff8a3a4a04} .text C:\Users\Mistgun\Downloads\OTL.exe[1520] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69 0000000075971465 2 bytes [97, 75] .text C:\Users\Mistgun\Downloads\OTL.exe[1520] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155 00000000759714bb 2 bytes [97, 75] .text ... * 2 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff88001005e94] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88001005c38] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff88001006614] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88001006a10] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff8800100686c] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[2596] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!CreateDirectoryW] [0] IAT C:\Windows\Explorer.EXE[2596] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [0] IAT C:\Windows\Explorer.EXE[2596] @ C:\Windows\system32\acppage.dll[USER32.dll!SetWindowLongPtrW] [0] IAT C:\Windows\Explorer.EXE[2596] @ C:\Windows\system32\acppage.dll[USER32.dll!GetSystemMetrics] [0] IAT C:\Windows\Explorer.EXE[2596] @ C:\Windows\system32\acppage.dll[ole32.dll!HWND_UserUnmarshal64] [0] IAT C:\Windows\Explorer.EXE[2596] @ C:\Windows\system32\acppage.dll[VERSION.dll!GetFileVersionInfoSizeW] [0] ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa8006ff92c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa8006ff92c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa8006ff92c0 Device \Driver\atapi \Device\Ide\IdePort2 fffffa8006ff92c0 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 fffffa8006ff92c0 Device \Driver\atapi \Device\Ide\IdePort3 fffffa8006ff92c0 Device \Driver\apbskaxf \Device\Scsi\apbskaxf1Port4Path0Target0Lun0 fffffa8007ea82c0 Device \Driver\apbskaxf \Device\Scsi\apbskaxf1 fffffa8007ea82c0 Device \FileSystem\Ntfs \Ntfs fffffa8006ffd2c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa8007d052c0 Device \Driver\cdrom \Device\CdRom0 fffffa800c6992c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa8007d052c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa8007d052c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{E137BFF6-2546-42EE-817B-F34C22AF3268} fffffa8007ae22c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8007ae22c0 Device \Driver\atapi \Device\ScsiPort0 fffffa8006ff92c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa8007d052c0 Device \Driver\atapi \Device\ScsiPort1 fffffa8006ff92c0 Device \Driver\atapi \Device\ScsiPort2 fffffa8006ff92c0 Device \Driver\atapi \Device\ScsiPort3 fffffa8006ff92c0 Device \Driver\apbskaxf \Device\ScsiPort4 fffffa8007ea82c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8006ff92c0]<< sptd.sys ataport.SYS pciide.sys fffffa8006ff92c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007703790] fffffa8007703790 Trace 3 CLASSPNP.SYS[fffff88000c0143f] -> nt!IofCallDriver -> [0xfffffa8007102520] fffffa8007102520 Trace 5 ACPI.sys[fffff8800112c7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007104060] fffffa8007104060 Trace \Driver\atapi[0xfffffa80070f0a70] -> IRP_MJ_CREATE -> 0xfffffa8006ff92c0 fffffa8006ff92c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\apbskaxf.SYS fffff88004d72000-fffff88004dc3000 (331776 bytes) ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3652:4068] 000007fefafa2bf8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3652:4092] 000007fef0454830 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3652:2324] 000007fef8815124 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Teredo\PreviousState\88-43-e1-6c-9f-d9@TeredoAddress 2001:0:5ef5:79fb:81c:4dd8:e049:7d69 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFA 0xF7 0xE4 0xB2 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x26 0x33 0x93 0x4F ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x39 0x4E 0x07 0xDC ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFA 0xF7 0xE4 0xB2 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x26 0x33 0x93 0x4F ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x39 0x4E 0x07 0xDC ... ---- EOF - GMER 2.1 ----