GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-01-29 21:46:57 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000070 Hitachi_ rev.JE4O 698,64GB Running: icn5tsph.exe; Driver: C:\Users\mirra\AppData\Local\Temp\uglyipog.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2668] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000767d1465 2 bytes [7D, 76] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2668] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767d14bb 2 bytes [7D, 76] .text ... * 2 .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3912] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000767d1465 2 bytes [7D, 76] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3912] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767d14bb 2 bytes [7D, 76] .text ... * 2 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff880010c2e94] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff880010c2c38] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff880010c3614] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff880010c3a10] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010c386c] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs fffffa8007c162c0 Device \Driver\usbohci \Device\USBFDO-3 fffffa80088fa2c0 Device \Driver\usbohci \Device\USBPDO-1 fffffa80088fa2c0 Device \Driver\amd_sata \Device\00000070 fffffa8007c102c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{2FBFB984-430F-4C6D-A990-AA4E981BC560} fffffa80087ab2c0 Device \Driver\amd_sata \Device\RaidPort0 fffffa8007c102c0 Device \Driver\cdrom \Device\CdRom0 fffffa80084702c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{E0CCBB37-D2F2-4B73-AEE2-97B9831BE08C} fffffa80087ab2c0 Device \Driver\usbohci \Device\USBPDO-2 fffffa80088fa2c0 Device \Driver\usbohci \Device\USBFDO-0 fffffa80088fa2c0 Device \Driver\amd_sata \Device\00000071 fffffa8007c102c0 Device \Driver\usbohci \Device\USBPDO-3 fffffa80088fa2c0 Device \Driver\usbohci \Device\USBFDO-1 fffffa80088fa2c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa80087ab2c0 Device \Driver\usbohci \Device\USBFDO-2 fffffa80088fa2c0 Device \Driver\amd_sata \Device\ScsiPort0 fffffa8007c102c0 Device \Driver\usbohci \Device\USBPDO-0 fffffa80088fa2c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8007c122c0]<< sptd.sys amd_xata.sys storport.sys hal.dll amd_sata.sys fffffa8007c122c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800838d060] fffffa800838d060 Trace 3 CLASSPNP.SYS[fffff88001a3e43f] -> nt!IofCallDriver -> [0xfffffa80080d2ac0] fffffa80080d2ac0 Trace \Driver\amd_xata[0xfffffa80080b9390] -> IRP_MJ_CREATE -> 0xfffffa8007c122c0 fffffa8007c122c0 Trace 5 amd_xata.sys[fffff88000fce8f7] -> nt!IofCallDriver -> \Device\00000070[0xfffffa80080cf6f0] fffffa80080cf6f0 Trace \Driver\amd_sata[0xfffffa80080b9ac0] -> IRP_MJ_CREATE -> 0xfffffa8007c102c0 fffffa8007c102c0 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002454f1df78 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002454f1e156 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002454f1e15c Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002454f1e15e Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002454f1e1b6 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002454f1e214 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b4749f593214 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b4749f593a15 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca9710724e2 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e81132e07bf2 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e81132e07bf2@bc4760a3bd87 0x50 0x75 0xE7 0x07 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e81132e07bf2@001ddfc53aa4 0xE9 0x91 0x5A 0xE6 ... Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 30767 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002454f1df78 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002454f1e156 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002454f1e15c (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002454f1e15e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002454f1e1b6 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002454f1e214 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b4749f593214 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b4749f593a15 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca9710724e2 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e81132e07bf2 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e81132e07bf2@bc4760a3bd87 0x50 0x75 0xE7 0x07 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e81132e07bf2@001ddfc53aa4 0xE9 0x91 0x5A 0xE6 ... ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----