GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-10-23 14:27:42 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 ST3500320AS rev.SD15 465,76GB Running: 95fqbsvs.exe; Driver: D:\Users\Mateusz\AppData\Local\Temp\uwldqpog.sys ---- Kernel code sections - GMER 2.1 ---- .text D:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff88002da5d64 12 bytes {MOV RAX, 0xfffffa8004fbf2a0; JMP RAX} ---- User code sections - GMER 2.1 ---- .text D:\Windows\SysWOW64\PnkBstrA.exe[1856] D:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 00000000727b1a22 2 bytes [7B, 72] .text D:\Windows\SysWOW64\PnkBstrA.exe[1856] D:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 00000000727b1ad0 2 bytes [7B, 72] .text D:\Windows\SysWOW64\PnkBstrA.exe[1856] D:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 00000000727b1b08 2 bytes [7B, 72] .text D:\Windows\SysWOW64\PnkBstrA.exe[1856] D:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 00000000727b1bba 2 bytes [7B, 72] .text D:\Windows\SysWOW64\PnkBstrA.exe[1856] D:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 00000000727b1bda 2 bytes [7B, 72] .text D:\Windows\SysWOW64\PnkBstrA.exe[1856] D:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ca1465 2 bytes [CA, 76] .text D:\Windows\SysWOW64\PnkBstrA.exe[1856] D:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ca14bb 2 bytes [CA, 76] .text ... * 2 .text D:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2544] D:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ca1465 2 bytes [CA, 76] .text D:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2544] D:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ca14bb 2 bytes [CA, 76] .text ... * 2 .text D:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3184] D:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ca1465 2 bytes [CA, 76] .text D:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3184] D:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ca14bb 2 bytes [CA, 76] .text ... * 2 .text D:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe[932] D:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ca1465 2 bytes [CA, 76] .text D:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe[932] D:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ca14bb 2 bytes [CA, 76] .text ... * 2 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT D:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff88001036f1c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT D:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88001036cc0] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT D:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff8800103769c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT D:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88001037a98] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT D:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010378f4] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdePort0 fffffa80039a42c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa80039a42c0 Device \Driver\atapi \Device\Ide\IdePort2 fffffa80039a42c0 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3 fffffa80039a42c0 Device \Driver\atapi \Device\Ide\IdePort3 fffffa80039a42c0 Device \Driver\afln61tm \Device\Scsi\afln61tm1 fffffa80051422c0 Device \Driver\afln61tm \Device\Scsi\afln61tm1Port4Path0Target0Lun0 fffffa80051422c0 Device \FileSystem\Ntfs \Ntfs fffffa80039a82c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa8004fdb2c0 Device \Driver\cdrom \Device\CdRom1 fffffa8005dcf2c0 Device \Driver\usbohci \Device\USBFDO-0 fffffa8004fc12c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa8004fdb2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{3F87C53C-2AA4-40A0-A66F-03B809392553} fffffa8004dae2c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8004dae2c0 Device \Driver\atapi \Device\ScsiPort0 fffffa80039a42c0 Device \Driver\usbohci \Device\USBPDO-0 fffffa8004fc12c0 Device \Driver\atapi \Device\ScsiPort1 fffffa80039a42c0 Device \Driver\atapi \Device\ScsiPort2 fffffa80039a42c0 Device \Driver\atapi \Device\ScsiPort3 fffffa80039a42c0 Device \Driver\afln61tm \Device\ScsiPort4 fffffa80051422c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80039a42c0]<< sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys fffffa80039a42c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800452c060] fffffa800452c060 Trace 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa80043cc580] fffffa80043cc580 Trace 5 ACPI.sys[fffff880011867a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0xfffffa80043d3060] fffffa80043d3060 Trace \Driver\atapi[0xfffffa80043b4060] -> IRP_MJ_CREATE -> 0xfffffa80039a42c0 fffffa80039a42c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\afln61tm.SYS fffff88006d03000-fffff88006d54000 (331776 bytes) ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3A 0xA4 0x31 0xB8 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x73 0x92 0xA7 0xF4 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@d0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x78 0xC4 0xD5 0x78 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3A 0xA4 0x31 0xB8 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x73 0x92 0xA7 0xF4 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x78 0xC4 0xD5 0x78 ... ---- Files - GMER 2.1 ---- File D:\Users\Mateusz\AppData\Local\Mozilla\Firefox\Profiles\l3lp86ep.default-1411724205287\cache2\entries\3AC0EF3C6AF9ED8E3CDDED06ECA630DF4F3FF4B3 0 bytes File D:\Users\Mateusz\AppData\Local\Mozilla\Firefox\Profiles\l3lp86ep.default-1411724205287\cache2\entries\58993B9797131F8C60C955234923B9D7115524C0 0 bytes File D:\Users\Mateusz\AppData\Local\Mozilla\Firefox\Profiles\l3lp86ep.default-1411724205287\cache2\entries\D15E1AC6643469D7E7E7B8C10F74A94E61AA0131 0 bytes File D:\Users\Mateusz\AppData\Local\Mozilla\Firefox\Profiles\l3lp86ep.default-1411724205287\cache2\entries\05A244E927002D6EFD0027C7A5ADA20955D6934C 0 bytes File D:\Users\Mateusz\AppData\Local\Mozilla\Firefox\Profiles\l3lp86ep.default-1411724205287\cache2\entries\4452F6F3B731E2A066260FC249584EEEEB12D776 3866 bytes File D:\Users\Mateusz\AppData\Local\Mozilla\Firefox\Profiles\l3lp86ep.default-1411724205287\cache2\entries\9B2B22F89EBCB99503B84E20B2CF73E8176C4431 7361 bytes File D:\Users\Mateusz\AppData\Local\Mozilla\Firefox\Profiles\l3lp86ep.default-1411724205287\cache2\entries\C8673A302E5EA84BEEB69F1066DC2CA2173D60F8 4052 bytes File D:\Users\Mateusz\AppData\Local\Temp\acro_rd_dir\flaE5B0.tmp 0 bytes ---- EOF - GMER 2.1 ----