GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-08-13 10:55:30 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 SAMSUNG_HD502HI rev.1AG01118 465,76GB Running: 5lcg9boe.exe; Driver: C:\Users\Adrian\AppData\Local\Temp\uxldrpod.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff88004311d8c 12 bytes {MOV RAX, 0xfffffa80030342a0; JMP RAX} ---- User code sections - GMER 2.1 ---- .text C:\Users\Adrian\Desktop\OTL.com[3464] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69 0000000074a11465 2 bytes [A1, 74] .text C:\Users\Adrian\Desktop\OTL.com[3464] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155 0000000074a114bb 2 bytes [A1, 74] .text ... * 2 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff880010b0f1c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff880010b0cc0] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff880010b169c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff880010b1a98] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010b18f4] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa800187e2c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa800187e2c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa800187e2c0 Device \Driver\atapi \Device\Ide\IdePort2 fffffa800187e2c0 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3 fffffa800187e2c0 Device \Driver\atapi \Device\Ide\IdePort3 fffffa800187e2c0 Device \FileSystem\Ntfs \Ntfs fffffa80018822c0 Device \Driver\usbehci \Device\USBFDO-3 fffffa800304c2c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa800304c2c0 Device \Driver\cdrom \Device\CdRom0 fffffa8002c022c0 Device \Driver\usbohci \Device\USBFDO-0 fffffa80030422c0 Device \Driver\usbohci \Device\USBPDO-2 fffffa80030422c0 Device \Driver\usbehci \Device\USBPDO-3 fffffa800304c2c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa800304c2c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8002da72c0 Device \Driver\atapi \Device\ScsiPort0 fffffa800187e2c0 Device \Driver\usbohci \Device\USBFDO-2 fffffa80030422c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{125C4FAF-8776-4E90-A306-1BB7AC348470} fffffa8002da72c0 Device \Driver\usbohci \Device\USBPDO-0 fffffa80030422c0 Device \Driver\atapi \Device\ScsiPort1 fffffa800187e2c0 Device \Driver\atapi \Device\ScsiPort2 fffffa800187e2c0 Device \Driver\atapi \Device\ScsiPort3 fffffa800187e2c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800187e2c0]<< sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys fffffa800187e2c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002620620] fffffa8002620620 Trace 3 CLASSPNP.SYS[fffff880013b243f] -> nt!IofCallDriver -> [0xfffffa800230c520] fffffa800230c520 Trace 5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0xfffffa8002308680] fffffa8002308680 Trace \Driver\atapi[0xfffffa80022e74b0] -> IRP_MJ_CREATE -> 0xfffffa800187e2c0 fffffa800187e2c0 ---- Processes - GMER 2.1 ---- Library C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{126930FF-83E8-4423-B418-C04D35AAD763}\offreg.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [2244](2014-08-10 14:46:25) 000007fef42a0000 ---- Registry - GMER 2.1 ---- Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3531A543-B57D-3BC6-DCA3-B9E41B275812} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3531A543-B57D-3BC6-DCA3-B9E41B275812}@maildnacpdpeldolcojpcadfnp 0x6F 0x61 0x62 0x65 ... ---- Files - GMER 2.1 ---- File C:\Program Files (x86)\IObit\Game Booster 3\Autoupdate.exe 0 bytes File C:\Program Files (x86)\IObit\Game Booster 3\Boost.exe 263512 bytes File C:\Program Files (x86)\IObit\Game Booster 3\Cus.dbd 0 bytes File C:\Program Files (x86)\IObit\Game Booster 3\diskhelper.dll 0 bytes File C:\Program Files (x86)\IObit\Game Booster 3\Driver 0 bytes File C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0.License.txt 1274 bytes File C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0.sys 14416 bytes executable File C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys 14544 bytes executable <-- ROOTKIT !!! File C:\Program Files (x86)\IObit\Game Booster 3\dxhelper.dll 0 bytes File C:\Program Files (x86)\IObit\Game Booster 3\EULA.rtf 0 bytes File C:\Program Files (x86)\IObit\Game Booster 3\GameBooster.exe 2485080 bytes File C:\Program Files (x86)\IObit\Game Booster 3\GForum.ico 0 bytes File C:\Program Files (x86)\IObit\Game Booster 3\IObitCommunities.exe 445784 bytes File C:\Program Files (x86)\IObit\Game Booster 3\Language 0 bytes File C:\ProgramData\IObit\Game Booster 3\ApplicationList.txt 0 bytes File C:\ProgramData\IObit\Game Booster 3\DriverData.db 0 bytes File C:\ProgramData\IObit\Game Booster 3\Games.db 0 bytes File C:\ProgramData\IObit\Game Booster 3\Opt 0 bytes ---- Services - GMER 2.1 ---- Service C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [MANUAL] WinRing0_1_2_0 <-- ROOTKIT !!! ---- EOF - GMER 2.1 ----