GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-03 17:30:26 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST3250620AS rev.3.AAK 232,89GB Running: gmer.exe; Driver: C:\Users\Storm\AppData\Local\Temp\fxldypow.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff88006e3ed24 12 bytes {MOV RAX, 0xfffffa80059342a0; JMP RAX} ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\svchost.exe[1080] c:\windows\system32\DNSAPI.dll!Query_Main 000007fefcb83038 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Program Files (x86)\uTorrent\uTorrent.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075531465 2 bytes [53, 75] .text C:\Program Files (x86)\uTorrent\uTorrent.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755314bb 2 bytes [53, 75] .text ... * 2 .text \\.\globalroot\systemroot\svchost.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 00000000777ff918 5 bytes JMP 0000000100013aa9 .text \\.\globalroot\systemroot\svchost.exe[2916] C:\Windows\SysWOW64\ntdll.dll!RtlRaiseException 0000000077826e68 5 bytes JMP 0000000100013cc9 .text \\.\globalroot\systemroot\svchost.exe[2916] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076c287c9 5 bytes [33, C0, C2, 04, 00] .text \\.\globalroot\systemroot\svchost.exe[2916] C:\Windows\syswow64\USER32.dll!IsWindowVisible 0000000075ba112d 5 bytes JMP 00000001000146ba .text \\.\globalroot\systemroot\svchost.exe[2916] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000075ba1218 5 bytes JMP 00000001000145b6 .text \\.\globalroot\systemroot\svchost.exe[2916] C:\Windows\syswow64\USER32.dll!GetForegroundWindow 0000000075ba2320 5 bytes JMP 0000000100014687 .text \\.\globalroot\systemroot\svchost.exe[2916] C:\Windows\syswow64\USER32.dll!WindowFromPoint 0000000075bbed12 5 bytes JMP 0000000100014617 .text \\.\globalroot\systemroot\svchost.exe[2916] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000075befc9d 6 bytes [33, C0, 40, C2, 04, 00] .text \\.\globalroot\systemroot\svchost.exe[2916] C:\Windows\syswow64\ole32.dll!CoGetClassObject 00000000771c54ad 5 bytes JMP 00000001000147f6 .text \\.\globalroot\systemroot\svchost.exe[2916] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000771d9d0b 5 bytes JMP 0000000100014820 .text \\.\globalroot\systemroot\svchost.exe[2916] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 00000000753d4889 5 bytes JMP 0000000100014518 .text \\.\globalroot\systemroot\svchost.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075531465 2 bytes [53, 75] .text \\.\globalroot\systemroot\svchost.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755314bb 2 bytes [53, 75] .text ... * 2 .text C:\Windows\system32\svchost.exe[3340] C:\Windows\system32\dnsapi.dll!Query_Main 000007fefcb83038 14 bytes {JMP QWORD [RIP+0x0]} ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\ntoskrnl.exe[KDCOM.dll!KdD3Transition] [fffff80000ba978c] \SystemRoot\system32\kdcom.dll [.text] IAT C:\Windows\system32\ntoskrnl.exe[KDCOM.dll!KdD0Transition] [fffff80000ba9780] \SystemRoot\system32\kdcom.dll [.text] IAT C:\Windows\system32\ntoskrnl.exe[KDCOM.dll!KdReceivePacket] [fffff80000ba98b4] \SystemRoot\system32\kdcom.dll [.text] IAT C:\Windows\system32\ntoskrnl.exe[KDCOM.dll!KdSendPacket] [fffff80000ba98ac] \SystemRoot\system32\kdcom.dll [.text] IAT C:\Windows\system32\ntoskrnl.exe[KDCOM.dll!KdRestore] [fffff80000ba98a0] \SystemRoot\system32\kdcom.dll [.text] IAT C:\Windows\system32\ntoskrnl.exe[KDCOM.dll!KdSave] [fffff80000ba9894] \SystemRoot\system32\kdcom.dll [.text] IAT C:\Windows\system32\ntoskrnl.exe[KDCOM.dll!KdDebuggerInitialize0] [fffff80000ba9878] \SystemRoot\system32\kdcom.dll [.text] IAT C:\Windows\system32\ntoskrnl.exe[KDCOM.dll!KdDebuggerInitialize1] [fffff80000ba9884] \SystemRoot\system32\kdcom.dll [.text] IAT C:\Windows\system32\hal.dll[KDCOM.dll!KdRestore] [fffff80000ba98a0] \SystemRoot\system32\kdcom.dll [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff88001054f1c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88001054cc0] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff8800105569c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88001055a98] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010558f4] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!IoAcquireRemoveLockEx] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!IoWMIRegistrationControl] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!ExFreePoolWithTag] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!IoWMIWriteEvent] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!IoRegisterDeviceInterface] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!IoSetDeviceInterfaceState] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!IoStartPacket] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!IoStartTimer] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!RtlInitUnicodeString] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!IoDeleteDevice] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!KeSetEvent] [f80348078bc87218] [unknown section] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!IoFreeWorkItem] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!MmGetSystemRoutineAddress] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!KeInitializeEvent] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!RtlQueryRegistryValues] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!RtlInitAnsiString] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!RtlGetVersion] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!IoDetachDevice] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!PoRequestPowerIrp] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!IoCancelIrp] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!IoStopTimer] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!IoStartNextPacket] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!IoAllocateWorkItem] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!_vsnwprintf] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!PoStartNextPowerIrp] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!_vsnprintf] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!ZwClose] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!IofCompleteRequest] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!IoReleaseRemoveLockAndWaitEx] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!IoInitializeTimer] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!IoFreeIrp] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!IoSetCompletionRoutineEx] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!PoCallDriver] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!IoAllocateIrp] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!RtlCompareMemory] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!ObfReferenceObject] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!IoSetStartIoAttributes] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!IoInitializeRemoveLockEx] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!IoCreateDevice] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!IofCallDriver] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!KeAcquireInStackQueuedSpinLockAtDpcLevel] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!KeReleaseInStackQueuedSpinLock] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!IoBuildPartialMdl] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!IoReleaseRemoveLockEx] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!KeAcquireInStackQueuedSpinLock] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!IoFreeMdl] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!KeDelayExecutionThread] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!IoGetSfioStreamIdentifier] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!KeRemoveEntryDeviceQueue] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!IoQueueWorkItem] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!IoReleaseCancelSpinLock] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!IoAcquireCancelSpinLock] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!IoAllocateMdl] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!KeReleaseInStackQueuedSpinLockFromDpcLevel] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!ZwEnumerateValueKey] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!IoGetDeviceInterfaces] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!ZwOpenKey] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!KeBugCheckEx] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!KeWaitForSingleObject] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!NlsMbCodePageTag] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!IoIs32bitProcess] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!MmProbeAndLockPages] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!MmUnlockPages] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!IoAllocateSfioStreamIdentifier] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!IoFreeSfioStreamIdentifier] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!IoGetIoPriorityHint] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!EtwUnregister] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!EtwRegister] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!EtwEventEnabled] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!EtwWrite] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!EtwProviderEnabled] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[ntoskrnl.exe!__C_specific_handler] [?] IAT C:\Windows\System32\Drivers\au5xruxc.SYS[USBD.SYS!USBD_CreateConfigurationRequestEx] [?] ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdePort4 fffffa80039a92c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa80039a92c0 Device \Driver\atapi \Device\Ide\IdePort5 fffffa80039a92c0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-9 fffffa80039a92c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa80039a92c0 Device \Driver\atapi \Device\Ide\IdePort2 fffffa80039a92c0 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 fffffa8004abd5c4 Device \Driver\atapi \Device\Ide\IdePort3 fffffa80039a92c0 Device \FileSystem\Ntfs \Ntfs fffffa80039ad2c0 Device \Driver\usbehci \Device\USBFDO-7 fffffa8005ad22c0 Device \Driver\usbuhci \Device\USBPDO-5 fffffa80059cf2c0 Device \Driver\usbehci \Device\USBFDO-3 fffffa8005ad22c0 Device \Driver\USBSTOR \Device\00000088 fffffa8004ad62c0 Device \Driver\usbuhci \Device\USBPDO-1 fffffa80059cf2c0 Device \Driver\cdrom \Device\CdRom0 fffffa8004f012c0 Device \Driver\cdrom \Device\CdRom1 fffffa8004f012c0 Device \Driver\dtsoftbus01 \Device\0000006f fffffa8004a862c0 Device \Driver\usbuhci \Device\USBPDO-6 fffffa80059cf2c0 Device \Driver\usbuhci \Device\USBFDO-4 fffffa80059cf2c0 Device \Driver\usbuhci \Device\USBFDO-0 fffffa80059cf2c0 Device \Driver\usbuhci \Device\USBPDO-2 fffffa80059cf2c0 Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl fffffa8004a862c0 Device \Driver\USBSTOR \Device\0000008c fffffa8004ad62c0 Device \Driver\usbehci \Device\USBPDO-7 fffffa8005ad22c0 Device \Driver\usbuhci \Device\USBFDO-5 fffffa80059cf2c0 Device \Driver\usbehci \Device\USBPDO-3 fffffa8005ad22c0 Device \Driver\usbuhci \Device\USBFDO-1 fffffa80059cf2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{ADB9650E-B90C-4418-AF7B-31212BA5BCB8} fffffa8004e972c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8004e972c0 Device \Driver\usbuhci \Device\USBFDO-6 fffffa80059cf2c0 Device \Driver\usbuhci \Device\USBPDO-4 fffffa80059cf2c0 Device \Driver\atapi \Device\ScsiPort0 fffffa80039a92c0 Device \Driver\usbuhci \Device\USBFDO-2 fffffa80059cf2c0 Device \Driver\usbuhci \Device\USBPDO-0 fffffa80059cf2c0 Device \Driver\atapi \Device\ScsiPort1 fffffa80039a92c0 Device \Driver\atapi \Device\ScsiPort2 fffffa80039a92c0 Device \Driver\atapi \Device\ScsiPort3 fffffa80039a92c0 Device \Driver\atapi \Device\ScsiPort4 fffffa80039a92c0 Device \Driver\atapi \Device\ScsiPort5 fffffa80039a92c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8004abd5c4]<< fffffa8004abd5c4 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800493c060] fffffa800493c060 Trace 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> [0xfffffa800440a520] fffffa800440a520 Trace 5 ACPI.sys[fffff880011a47a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8004406680] fffffa8004406680 Trace \Driver\atapi[0xfffffa8004a8e2e0] -> IRP_MJ_CREATE -> 0xfffffa8004abd5c4 fffffa8004abd5c4 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\au5xruxc.SYS (USB Mass Storage Class Driver/Microsoft Corporation SIGNED)(2010-11-21 03:23:47) fffff88006ba2000-fffff88006bf3000 (331776 bytes) ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\svchost.exe [968:988] 0000000000061d78 ---- Processes - GMER 2.1 ---- Library \\.\globalroot\systemroot\svchost.exe (*** suspicious ***) @ \\.\globalroot\systemroot\svchost.exe [2916] 0000000000950000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\111111111111 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\111111111111@002378b9b31f 0x6F 0xC8 0x8C 0xDB ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x67 0x2D 0x77 0x95 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3B 0xE0 0x3A 0xF2 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB8 0x9E 0xEB 0x63 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x30 0xBF 0x26 0xA8 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x08 0xCD 0xB4 0x6F ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\111111111111 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\111111111111@002378b9b31f 0x6F 0xC8 0x8C 0xDB ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x67 0x2D 0x77 0x95 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3B 0xE0 0x3A 0xF2 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x0C 0x32 0xE2 0xF8 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x30 0xBF 0x26 0xA8 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x08 0xCD 0xB4 0x6F ... ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!! Disk \Device\Harddisk0\DR0 Windows 7 default MBR code found via API Disk \Device\Harddisk0\DR0 sector 0: rootkit-like behavior ---- EOF - GMER 2.1 ----