GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-05-14 22:37:42 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.80.0 931,51GB Running: bw7qpvyv.exe; Driver: C:\Users\Rohandar\AppData\Local\Temp\awldikow.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1948] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076ee87b1 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1948] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000077de1465 2 bytes [DE, 77] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1948] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000077de14bb 2 bytes [DE, 77] .text ... * 2 .text C:\Users\Rohandar\AppData\Local\THORN\Thorn.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077de1465 2 bytes [DE, 77] .text C:\Users\Rohandar\AppData\Local\THORN\Thorn.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077de14bb 2 bytes [DE, 77] .text ... * 2 .text C:\Users\Rohandar\AppData\Local\THORN\ThornHelper.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077de1465 2 bytes [DE, 77] .text C:\Users\Rohandar\AppData\Local\THORN\ThornHelper.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077de14bb 2 bytes [DE, 77] .text ... * 2 .text C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RTLDHCP.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077de1465 2 bytes [DE, 77] .text C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RTLDHCP.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077de14bb 2 bytes [DE, 77] .text ... * 2 ---- Kernel IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff880010c2e94] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff880010c2c38] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff880010c3614] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff880010c3a10] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010c386c] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.2 ---- Device \Driver\atapi \Device\Ide\IdePort0 fffffa8006fed2c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa8006fed2c0 Device \Driver\a0n25d5n \Device\Scsi\a0n25d5n1 fffffa800a4d02c0 Device \FileSystem\Ntfs \Ntfs fffffa8006ff72c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa800a4a72c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{855E9A21-D03B-4776-B3D7-A70B67E9116D} fffffa8009f5a2c0 Device \Driver\cdrom \Device\CdRom0 fffffa8009d542c0 Device \Driver\cdrom \Device\CdRom1 fffffa8009d542c0 Device \Driver\dtsoftbus01 \Device\00000075 fffffa8009ac52c0 Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl fffffa8009ac52c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa800a4a72c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8009f5a2c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa800a4a72c0 Device \Driver\atapi \Device\ScsiPort1 fffffa8006fed2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{7AAD64E9-D3AE-4244-AEAB-5BFA1294DAE6} fffffa8009f5a2c0 Device \Driver\atapi \Device\ScsiPort2 fffffa8006fed2c0 Device \Driver\a0n25d5n \Device\ScsiPort3 fffffa800a4d02c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{1FD37682-6F94-437A-9ADA-2032798C6736} fffffa8009f5a2c0 ---- Modules - GMER 2.2 ---- Module \SystemRoot\System32\Drivers\a0n25d5n.SYS fffff8800c1ab000-fffff8800c1fc000 (331776 bytes) ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 47574 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 12086 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5F 0x14 0x55 0x69 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD5 0x42 0x7B 0x71 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xCD 0xD2 0xEB 0x04 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB0 0xED 0x30 0xE0 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5F 0x14 0x55 0x69 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD5 0x42 0x7B 0x71 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xCD 0xD2 0xEB 0x04 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB0 0xED 0x30 0xE0 ... ---- EOF - GMER 2.2 ----