GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-09-06 23:22:36 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST964042 rev.0001 596,17GB Running: mticfw0q.exe; Driver: C:\Users\SigmaAZ\AppData\Local\Temp\uwloypoc.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000145000 7 bytes [C0, 82, F3, FF, C1, 91, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000145008 3 bytes [C0, 06, 02] ---- User code sections - GMER 2.1 ---- .text C:\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE[4876] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000074e91401 2 bytes JMP 000000010579a47a .text C:\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE[4876] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000074e91419 2 bytes JMP 000000010579a492 .text C:\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE[4876] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000074e91431 2 bytes JMP 000000010579a4aa .text C:\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE[4876] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000074e9144a 2 bytes JMP 0000000074f5fcc3 .text ... * 9 .text C:\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE[4876] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000074e914dd 2 bytes JMP 000000010579a556 .text C:\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE[4876] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000074e914f5 2 bytes JMP 000000010579a56e .text C:\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE[4876] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000074e9150d 2 bytes JMP 000000010579a586 .text C:\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE[4876] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000074e91525 2 bytes JMP 000000010579a59e .text C:\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE[4876] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000074e9153d 2 bytes JMP 000000010579a5b6 .text C:\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE[4876] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000074e91555 2 bytes JMP 000000010579a5ce .text C:\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE[4876] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000074e9156d 2 bytes JMP 000000010579a5e6 .text C:\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE[4876] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000074e91585 2 bytes JMP 000000010579a5fe .text C:\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE[4876] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000074e9159d 2 bytes JMP 000000010579a616 .text C:\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE[4876] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000074e915b5 2 bytes JMP 000000010579a62e .text C:\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE[4876] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000074e915cd 2 bytes JMP 000000015b37ce46 .text C:\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE[4876] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000074e916b2 2 bytes JMP 000000010579a72b .text C:\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE[4876] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000074e916bd 2 bytes JMP 000000010579a736 ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs fffffa80042a42c0 Device \FileSystem\fastfat \Fat fffffa8004b3a2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{61B33E24-C3FC-4A36-B684-4B6ABBBE0795} fffffa8007a022c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{F2CFCDF5-874E-4A8A-9B65-0AF8CE06BCBF} fffffa8007a022c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{30E936BA-AD19-4228-BC63-2DAF5BF27351} fffffa8007a022c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa80077a72c0 Device \Driver\cdrom \Device\CdRom0 fffffa80077132c0 Device \Driver\dtsoftbus01 \Device\00000080 fffffa80077482c0 Device \Driver\cdrom \Device\CdRom1 fffffa80077132c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{4E90281E-A197-4959-B890-03BDA9195A21} fffffa8007a022c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa80077a72c0 Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl fffffa80077482c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{5B4D3E9D-3704-4068-9B3C-B8EB10E11A22} fffffa8007a022c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa80077a72c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8007a022c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa80077a72c0 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [2880:2148] 000007fef1819688 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... ---- EOF - GMER 2.1 ----