GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-10-13 23:18:05 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST3200021A rev.3.01 186,31GB Running: h057ot9v.exe; Driver: C:\Users\LOCKERZ\AppData\Local\Temp\awtdqpow.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff88006a28d64 12 bytes {MOV RAX, 0xfffffa8003a092a0; JMP RAX} ---- User code sections - GMER 2.2 ---- .text C:\Windows\Explorer.EXE[2548] C:\Windows\system32\WS2_32.dll!WSASend 000007fefec913b0 7 bytes {MOV EAX, 0x335e9a0; JMP RAX} .text C:\Windows\Explorer.EXE[2548] C:\Windows\system32\WS2_32.dll!closesocket 000007fefec918e0 7 bytes {MOV EAX, 0x335e030; JMP RAX} .text C:\Windows\Explorer.EXE[2548] C:\Windows\system32\WS2_32.dll!send 000007fefec98000 7 bytes {MOV EAX, 0x335e950; JMP RAX} .text C:\Users\LOCKERZ\AppData\Local\Akamai\netsession_win.exe[356] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075a51401 2 bytes JMP 7628b223 C:\Windows\syswow64\kernel32.dll .text C:\Users\LOCKERZ\AppData\Local\Akamai\netsession_win.exe[356] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075a51419 2 bytes JMP 7628b34e C:\Windows\syswow64\kernel32.dll .text C:\Users\LOCKERZ\AppData\Local\Akamai\netsession_win.exe[356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075a51431 2 bytes JMP 76308979 C:\Windows\syswow64\kernel32.dll .text C:\Users\LOCKERZ\AppData\Local\Akamai\netsession_win.exe[356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075a5144a 2 bytes CALL 762648cd C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\LOCKERZ\AppData\Local\Akamai\netsession_win.exe[356] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075a514dd 2 bytes JMP 76308272 C:\Windows\syswow64\kernel32.dll .text C:\Users\LOCKERZ\AppData\Local\Akamai\netsession_win.exe[356] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075a514f5 2 bytes JMP 76308448 C:\Windows\syswow64\kernel32.dll .text C:\Users\LOCKERZ\AppData\Local\Akamai\netsession_win.exe[356] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075a5150d 2 bytes JMP 76308168 C:\Windows\syswow64\kernel32.dll .text C:\Users\LOCKERZ\AppData\Local\Akamai\netsession_win.exe[356] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075a51525 2 bytes JMP 76308532 C:\Windows\syswow64\kernel32.dll .text C:\Users\LOCKERZ\AppData\Local\Akamai\netsession_win.exe[356] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075a5153d 2 bytes JMP 7627fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\LOCKERZ\AppData\Local\Akamai\netsession_win.exe[356] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075a51555 2 bytes JMP 76286907 C:\Windows\syswow64\kernel32.dll .text C:\Users\LOCKERZ\AppData\Local\Akamai\netsession_win.exe[356] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075a5156d 2 bytes JMP 76308a31 C:\Windows\syswow64\kernel32.dll .text C:\Users\LOCKERZ\AppData\Local\Akamai\netsession_win.exe[356] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075a51585 2 bytes JMP 76308592 C:\Windows\syswow64\kernel32.dll .text C:\Users\LOCKERZ\AppData\Local\Akamai\netsession_win.exe[356] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075a5159d 2 bytes JMP 7630812c C:\Windows\syswow64\kernel32.dll .text C:\Users\LOCKERZ\AppData\Local\Akamai\netsession_win.exe[356] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075a515b5 2 bytes JMP 7627fd59 C:\Windows\syswow64\kernel32.dll .text C:\Users\LOCKERZ\AppData\Local\Akamai\netsession_win.exe[356] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075a515cd 2 bytes JMP 7628b2e4 C:\Windows\syswow64\kernel32.dll .text C:\Users\LOCKERZ\AppData\Local\Akamai\netsession_win.exe[356] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075a516b2 2 bytes JMP 763088f4 C:\Windows\syswow64\kernel32.dll .text C:\Users\LOCKERZ\AppData\Local\Akamai\netsession_win.exe[356] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075a516bd 2 bytes JMP 763080c1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\svchost.exe[720] C:\Windows\system32\ws2_32.dll!GetAddrInfoW 000007fefec923c0 7 bytes {MOV EAX, 0x7ee30; JMP RAX} .text C:\Windows\system32\svchost.exe[720] C:\Windows\system32\ws2_32.dll!getaddrinfo 000007fefec92720 7 bytes {MOV EAX, 0x7f4c0; JMP RAX} .text C:\Windows\system32\svchost.exe[720] C:\Windows\system32\ws2_32.dll!connect 000007fefec945c0 7 bytes {MOV EAX, 0x7eb30; JMP RAX} .text C:\Windows\system32\svchost.exe[720] C:\Windows\system32\ws2_32.dll!gethostbyname 000007fefec98df0 7 bytes {MOV EAX, 0x7f5d0; JMP RAX} .text C:\Windows\system32\svchost.exe[720] C:\Windows\system32\ws2_32.dll!GetAddrInfoExW 000007fefec9c090 7 bytes {MOV EAX, 0x7efe0; JMP RAX} .text C:\Windows\system32\svchost.exe[720] C:\Windows\system32\ws2_32.dll!WSAAsyncGetHostByName 000007fefecbb540 7 bytes {MOV EAX, 0x7f680; JMP RAX} .text C:\Windows\system32\svchost.exe[720] C:\Windows\system32\ws2_32.dll!WSAConnect 000007fefecbe0f0 7 bytes {MOV EAX, 0x7edf0; JMP RAX} .text D:\Program Files (x86)\System Explorer\SystemExplorer.exe[4984] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075a51401 2 bytes JMP 7628b223 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\System Explorer\SystemExplorer.exe[4984] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075a51419 2 bytes JMP 7628b34e C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\System Explorer\SystemExplorer.exe[4984] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075a51431 2 bytes JMP 76308979 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\System Explorer\SystemExplorer.exe[4984] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000075a5144a 2 bytes CALL 762648cd C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Program Files (x86)\System Explorer\SystemExplorer.exe[4984] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000075a514dd 2 bytes JMP 76308272 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\System Explorer\SystemExplorer.exe[4984] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075a514f5 2 bytes JMP 76308448 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\System Explorer\SystemExplorer.exe[4984] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000075a5150d 2 bytes JMP 76308168 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\System Explorer\SystemExplorer.exe[4984] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075a51525 2 bytes JMP 76308532 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\System Explorer\SystemExplorer.exe[4984] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000075a5153d 2 bytes JMP 7627fcc0 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\System Explorer\SystemExplorer.exe[4984] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075a51555 2 bytes JMP 76286907 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\System Explorer\SystemExplorer.exe[4984] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000075a5156d 2 bytes JMP 76308a31 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\System Explorer\SystemExplorer.exe[4984] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075a51585 2 bytes JMP 76308592 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\System Explorer\SystemExplorer.exe[4984] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000075a5159d 2 bytes JMP 7630812c C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\System Explorer\SystemExplorer.exe[4984] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000075a515b5 2 bytes JMP 7627fd59 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\System Explorer\SystemExplorer.exe[4984] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000075a515cd 2 bytes JMP 7628b2e4 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\System Explorer\SystemExplorer.exe[4984] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000075a516b2 2 bytes JMP 763088f4 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\System Explorer\SystemExplorer.exe[4984] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000075a516bd 2 bytes JMP 763080c1 C:\Windows\syswow64\kernel32.dll ---- Kernel IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff88001047f1c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88001047cc0] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff8800104869c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88001048a98] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010488f4] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.2 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-5 fffffa80024932c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa80024932c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa80024932c0 Device \Driver\atapi \Device\Ide\IdePort2 fffffa80024932c0 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 fffffa80024932c0 Device \Driver\atapi \Device\Ide\IdePort3 fffffa80024932c0 Device \Driver\asbks2kf \Device\Scsi\asbks2kf1Port4Path0Target0Lun0 fffffa8003a6b2c0 Device \Driver\asbks2kf \Device\Scsi\asbks2kf1 fffffa8003a6b2c0 Device \FileSystem\Ntfs \Ntfs fffffa80024972c0 Device \FileSystem\fastfat \Fat fffffa80027f72c0 Device \Driver\usbehci \Device\USBPDO-5 fffffa8003c5f2c0 Device \Driver\usbohci \Device\USBFDO-3 fffffa8003a9c2c0 Device \Driver\usbohci \Device\USBPDO-1 fffffa8003a9c2c0 Device \Driver\cdrom \Device\CdRom0 fffffa800368a2c0 Device \Driver\cdrom \Device\CdRom1 fffffa800368a2c0 Device \Driver\cdrom \Device\CdRom2 fffffa800368a2c0 Device \Driver\cdrom \Device\CdRom3 fffffa800368a2c0 Device \Driver\cdrom \Device\CdRom4 fffffa800368a2c0 Device \Driver\usbohci \Device\USBFDO-4 fffffa8003a9c2c0 Device \Driver\usbohci \Device\USBFDO-0 fffffa8003a9c2c0 Device \Driver\usbohci \Device\USBPDO-2 fffffa8003a9c2c0 Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl fffffa80035da2c0 Device \Driver\dtsoftbus01 \Device\0000006c fffffa80035da2c0 Device \Driver\usbehci \Device\USBFDO-5 fffffa8003c5f2c0 Device \Driver\usbohci \Device\USBPDO-3 fffffa8003a9c2c0 Device \Driver\usbohci \Device\USBFDO-1 fffffa8003a9c2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{530E10A7-028C-4E4A-936D-384CD9E40A95} fffffa80036a42c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{1AB29958-5B9E-4F92-82B2-81AC839C935E} fffffa80036a42c0 Device \Driver\dtsoftbus01 \Device\0000006d fffffa80035da2c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa80036a42c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{48EEEC7F-D128-4D28-A7A4-793274CE076D} fffffa80036a42c0 Device \Driver\usbohci \Device\USBPDO-4 fffffa8003a9c2c0 Device \Driver\atapi \Device\ScsiPort0 fffffa80024932c0 Device \Driver\usbohci \Device\USBFDO-2 fffffa8003a9c2c0 Device \Driver\usbohci \Device\USBPDO-0 fffffa8003a9c2c0 Device \Driver\atapi \Device\ScsiPort1 fffffa80024932c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{32E603AE-AFED-449F-B083-76B94D755143} fffffa80036a42c0 Device \Driver\atapi \Device\ScsiPort2 fffffa80024932c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{EB6FF4CE-F27F-4A60-AE5F-4396C776751A} fffffa80036a42c0 Device \Driver\atapi \Device\ScsiPort3 fffffa80024932c0 Device \Driver\asbks2kf \Device\ScsiPort4 fffffa8003a6b2c0 Device \Driver\dtsoftbus01 \Device\0000006e fffffa80035da2c0 ---- Trace I/O - GMER 2.2 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80024932c0]<< sptd.sys ataport.SYS pciide.sys fffffa80024932c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003390060] fffffa8003390060 Trace 3 CLASSPNP.SYS[fffff8800198743f] -> nt!IofCallDriver -> [0xfffffa800339a520] fffffa800339a520 Trace 5 ACPI.sys[fffff880011977a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8003397060] fffffa8003397060 Trace \Driver\atapi[0xfffffa800258d3b0] -> IRP_MJ_CREATE -> 0xfffffa80024932c0 fffffa80024932c0 ---- Modules - GMER 2.2 ---- Module \SystemRoot\System32\Drivers\asbks2kf.SYS fffff88011d63000-fffff88011db4000 (331776 bytes) ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\taskhost.exe [2444:3292] 0000000001fdede0 Thread C:\Windows\system32\taskhost.exe [2444:3336] 0000000001fde410 Thread C:\Windows\system32\taskhost.exe [2444:3356] 0000000001fde620 Thread C:\Windows\system32\taskhost.exe [2444:3376] 0000000001fdecb0 Thread C:\Windows\system32\taskhost.exe [2444:3396] 0000000001fd9280 Thread C:\Windows\system32\taskhost.exe [2444:3416] 0000000001fd7c10 Thread C:\Windows\system32\taskhost.exe [2444:3436] 0000000001fd72a0 Thread C:\Windows\system32\taskhost.exe [2444:3456] 0000000001fd7630 Thread C:\Windows\Explorer.EXE [2548:3196] 000000000335a490 Thread C:\Windows\Explorer.EXE [2548:3200] 00000000033585a0 Thread C:\Windows\Explorer.EXE [2548:3204] 0000000003357b90 Thread C:\Windows\Explorer.EXE [2548:3208] 0000000003357ec0 Thread C:\Windows\Explorer.EXE [2548:3244] 0000000002e0ede0 Thread C:\Windows\Explorer.EXE [2548:3252] 0000000002e0e410 Thread C:\Windows\Explorer.EXE [2548:3264] 0000000002e0e620 Thread C:\Windows\Explorer.EXE [2548:3276] 0000000002e0ecb0 Thread C:\Windows\Explorer.EXE [2548:3284] 0000000002e09280 Thread C:\Windows\Explorer.EXE [2548:3296] 0000000002e07c10 Thread C:\Windows\Explorer.EXE [2548:3300] 0000000002e072a0 Thread C:\Windows\Explorer.EXE [2548:3312] 0000000002e07630 Thread C:\Windows\system32\svchost.exe [720:2612] 0000000000080730 Thread C:\Windows\system32\svchost.exe [720:2632] 000000000007b510 Thread C:\Windows\system32\svchost.exe [720:1824] 000000000007a150 Thread C:\Windows\system32\svchost.exe [720:2876] 00000000000805a0 Thread C:\Windows\system32\svchost.exe [720:2152] 0000000000078f90 Thread C:\Windows\system32\svchost.exe [720:1284] 0000000000079310 Thread C:\Windows\system32\svchost.exe [720:2756] 0000000000079310 Thread C:\Windows\system32\svchost.exe [720:776] 0000000000079310 Thread C:\Windows\system32\svchost.exe [720:2156] 0000000000078f90 Thread C:\Windows\system32\svchost.exe [720:732] 0000000000079310 Thread C:\Windows\system32\svchost.exe [720:2620] 0000000000079310 Thread C:\Windows\system32\svchost.exe [720:2812] 0000000000079310 Thread C:\Windows\system32\svchost.exe [720:2408] 0000000000079310 Thread C:\Windows\system32\svchost.exe [720:1424] 0000000000079310 Thread C:\Windows\system32\svchost.exe [720:2696] 0000000000079310 Thread C:\Windows\system32\svchost.exe [720:2680] 0000000000078f90 Thread C:\Windows\system32\svchost.exe [720:980] 0000000000079310 Thread C:\Windows\system32\svchost.exe [720:1296] 0000000000079310 Thread C:\Windows\system32\svchost.exe [720:1036] 0000000000079310 Thread C:\Windows\system32\svchost.exe [720:112] 0000000000078f90 Thread C:\Windows\system32\svchost.exe [720:232] 0000000000079310 Thread C:\Windows\system32\svchost.exe [720:896] 0000000000078f90 Thread C:\Windows\system32\svchost.exe [720:2688] 0000000000079310 Thread C:\Windows\system32\svchost.exe [720:2772] 0000000000079310 Thread C:\Windows\system32\svchost.exe [720:2132] 0000000000079310 Thread C:\Windows\system32\svchost.exe [720:1596] 0000000000078f90 Thread C:\Windows\system32\svchost.exe [720:2784] 0000000000079310 Thread C:\Windows\system32\svchost.exe [720:2652] 0000000000079310 Thread C:\Windows\system32\svchost.exe [720:2424] 0000000000079310 Thread C:\Windows\system32\svchost.exe [720:2700] 0000000000078f90 Thread C:\Windows\system32\svchost.exe [720:2308] 0000000000079310 Thread C:\Windows\system32\svchost.exe [720:2952] 0000000000079310 Thread C:\Windows\system32\svchost.exe [720:2276] 0000000000079310 Thread C:\Windows\system32\svchost.exe [720:1608] 0000000000078f90 Thread C:\Windows\system32\svchost.exe [720:3056] 0000000000079310 Thread C:\Windows\system32\svchost.exe [720:2196] 0000000000079310 Thread C:\Windows\system32\svchost.exe [720:2148] 0000000000079310 Thread C:\Windows\system32\svchost.exe [720:3080] 0000000000078f90 Thread C:\Windows\system32\svchost.exe [720:3084] 0000000000079310 Thread C:\Windows\system32\svchost.exe [720:3096] 0000000000079310 Thread C:\Windows\system32\svchost.exe [720:3108] 0000000000079310 Thread C:\Windows\system32\svchost.exe [720:3116] 0000000000078f90 Thread C:\Windows\system32\svchost.exe [720:3120] 0000000000079310 Thread C:\Windows\system32\svchost.exe [720:3128] 0000000000078f90 Thread C:\Windows\system32\svchost.exe [720:3132] 0000000000079310 Thread C:\Windows\system32\svchost.exe [720:3140] 0000000000078f90 Thread C:\Windows\system32\svchost.exe [720:3144] 0000000000079310 Thread C:\Windows\system32\svchost.exe [720:3152] 0000000000078f90 Thread C:\Windows\system32\svchost.exe [720:3156] 0000000000079310 Thread C:\Windows\system32\svchost.exe [720:3168] 0000000000079310 Thread C:\Windows\system32\svchost.exe [720:3180] 0000000000079310 Thread C:\Windows\system32\svchost.exe [720:3188] 0000000000078f90 Thread C:\Windows\system32\svchost.exe [720:3192] 0000000000079310 Thread C:\Windows\system32\svchost.exe [720:3216] 000000000360ede0 Thread C:\Windows\system32\svchost.exe [720:3220] 000000000360ecb0 Thread C:\Windows\system32\svchost.exe [720:3224] 0000000003609280 Thread C:\Windows\system32\svchost.exe [720:3228] 0000000003607c10 Thread C:\Windows\system32\svchost.exe [720:3232] 00000000036072a0 Thread C:\Windows\system32\svchost.exe [720:3236] 0000000003607630 Thread C:\Windows\system32\svchost.exe [720:3464] 00000000037d24a0 Thread C:\Windows\system32\svchost.exe [720:3468] 00000000037c9580 Thread C:\Windows\system32\svchost.exe [720:3472] 00000000037c7cb0 Thread C:\Windows\system32\svchost.exe [720:3476] 00000000037c7240 Thread C:\Windows\system32\svchost.exe [720:3480] 00000000037c75d0 Thread C:\Windows\system32\svchost.exe [720:3484] 00000000037f8d00 Thread C:\Windows\system32\svchost.exe [720:3488] 00000000037f7710 Thread C:\Windows\system32\svchost.exe [720:3492] 00000000037f6e00 Thread C:\Windows\system32\svchost.exe [720:3496] 00000000037f7130 Thread C:\Windows\system32\svchost.exe [720:3568] 00000000039fa490 Thread C:\Windows\system32\svchost.exe [720:3572] 00000000039f85a0 Thread C:\Windows\system32\svchost.exe [720:3576] 00000000039f7b90 Thread C:\Windows\system32\svchost.exe [720:3580] 00000000039f7ec0 Thread C:\Windows\system32\svchost.exe [720:3616] 0000000005947b80 Thread C:\Windows\system32\svchost.exe [720:3620] 0000000005946430 Thread C:\Windows\system32\svchost.exe [720:3624] 00000000059460f0 Thread C:\Windows\system32\svchost.exe [720:3628] 0000000005945fc0 Thread C:\Windows\system32\svchost.exe [720:512] 000000000007b340 Thread C:\Windows\system32\svchost.exe [720:1668] 0000000000078f90 Thread C:\Windows\system32\svchost.exe [720:2676] 0000000000079310 Thread C:\Windows\system32\svchost.exe [720:2188] 0000000000079310 Thread C:\Windows\system32\svchost.exe [720:3980] 0000000000079310 Thread C:\Windows\system32\svchost.exe [720:5256] 0000000000079310 Thread C:\Windows\system32\svchost.exe [720:5268] 0000000000079310 Thread C:\Windows\system32\svchost.exe [720:5280] 0000000000079310 Thread C:\Windows\system32\svchost.exe [720:3692] 0000000000078f90 Thread C:\Windows\system32\svchost.exe [720:5360] 0000000000079310 Thread C:\Windows\system32\svchost.exe [720:3876] 0000000000079310 Thread C:\Windows\system32\svchost.exe [720:3720] 0000000000079310 Thread C:\Windows\system32\svchost.exe [720:4048] 00000000000683c0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0F 0xDF 0x18 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFB 0xC8 0xC4 0x48 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x04 0xB5 0x30 0xB1 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x70 0x29 0xEC 0xFA ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFB 0xC8 0xC4 0x48 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x04 0xB5 0x30 0xB1 ... ---- EOF - GMER 2.2 ----