GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-07-28 01:27:15 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS725032A9A364 rev.PC3OC72E 298,09GB Running: m8on87tl.exe; Driver: C:\Users\HP\AppData\Local\Temp\uwrdqpow.sys ---- User code sections - GMER 2.2 ---- .text C:\Windows\SysWOW64\PnkBstrA.exe[2044] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073971a22 2 bytes [97, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2044] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073971ad0 2 bytes [97, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2044] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073971b08 2 bytes [97, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2044] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073971bba 2 bytes [97, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2044] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073971bda 2 bytes [97, 73] ---- Kernel IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff88001026e94] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88001026c38] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff88001027614] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88001027a10] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff8800102786c] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.2 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa80024972c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa80024972c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa80024972c0 Device \Driver\atapi \Device\Ide\IdePort2 fffffa80024972c0 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 fffffa80024972c0 Device \FileSystem\fastfat \Fat fffffa8003b3e2c0 Device \Driver\usbohci \Device\USBFDO-3 fffffa8003b4e2c0 Device \Driver\usbehci \Device\USBPDO-5 fffffa8003b502c0 Device \Driver\usbohci \Device\USBPDO-1 fffffa8003b4e2c0 Device \Driver\cdrom \Device\CdRom0 fffffa80038e92c0 Device \Driver\cdrom \Device\CdRom1 fffffa80038e92c0 Device \Driver\atapi \Device\Dev_fffffa800343e5f0 fffffa8005f18878 Device \Driver\usbohci \Device\USBFDO-4 fffffa8003b4e2c0 Device \Driver\usbehci \Device\USBPDO-2 fffffa8003b502c0 Device \Driver\usbohci \Device\USBFDO-0 fffffa8003b4e2c0 Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl fffffa80037d42c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{316E7B86-D6CA-4CA2-A0D8-785B753B848E} fffffa80038562c0 Device \Driver\dtsoftbus01 \Device\00000095 fffffa80037d42c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{8732D14C-78C7-4559-ABA1-6E838480810F} fffffa80038562c0 Device \Driver\usbehci \Device\USBFDO-5 fffffa8003b502c0 Device \Driver\usbohci \Device\USBFDO-1 fffffa8003b4e2c0 Device \Driver\usbohci \Device\USBPDO-3 fffffa8003b4e2c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa80038562c0 Device \Driver\atapi \Device\ScsiPort0 fffffa80024972c0 Device \Driver\usbehci \Device\USBFDO-2 fffffa8003b502c0 Device \Driver\usbohci \Device\USBPDO-4 fffffa8003b4e2c0 Device \Driver\atapi \Device\ScsiPort1 fffffa80024972c0 Device \Driver\usbohci \Device\USBPDO-0 fffffa8003b4e2c0 Device \Driver\atapi \Device\ScsiPort2 fffffa80024972c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{FE7EA34F-25CD-458B-BD56-79FA387D9A5D} fffffa80038562c0 ---- Trace I/O - GMER 2.2 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys >>UNKNOWN [0xfffffa80024972c0]<< sptd.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys fffffa80024972c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80034aa060] fffffa80034aa060 Trace 3 CLASSPNP.SYS[fffff88000c2943f] -> nt!IofCallDriver -> [0xfffffa80034a9040] fffffa80034a9040 Trace 5 hpdskflt.sys[fffff88001fae289] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800343e5f0] fffffa800343e5f0 Trace \Driver\atapi[0xfffffa8003292610] -> IRP_MJ_CREATE -> 0xfffffa80024972c0 fffffa80024972c0 ---- Threads - GMER 2.2 ---- Thread C:\Windows\System32\svchost.exe [4504:552] 000007feebe69688 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application@Sources MSDMine?STacSV?DfSdk Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 19559 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x42 0x70 0x95 0x9D ... Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8732D14C-78C7-4559-ABA1-6E838480810F}@LeaseObtainedTime 1469659039 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8732D14C-78C7-4559-ABA1-6E838480810F}@T1 1469659317 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8732D14C-78C7-4559-ABA1-6E838480810F}@T2 1469659542 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8732D14C-78C7-4559-ABA1-6E838480810F}@LeaseTerminatesTime 1469659639 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{FE7EA34F-25CD-458B-BD56-79FA387D9A5D}@LeaseObtainedTime 1469659006 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{FE7EA34F-25CD-458B-BD56-79FA387D9A5D}@T1 1469659283 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{FE7EA34F-25CD-458B-BD56-79FA387D9A5D}@T2 1469659508 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{FE7EA34F-25CD-458B-BD56-79FA387D9A5D}@LeaseTerminatesTime 1469659606 Reg HKLM\SYSTEM\ControlSet002\services\eventlog\Application@Sources MSDMine?STacSV?DfSdk Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x42 0x70 0x95 0x9D ... ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----