GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-12-12 16:22:06 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST1500DM003-9YN16G rev.CC82 1397,27GB Running: s9bre691.exe; Driver: C:\Users\Nesste\AppData\Local\Temp\uxldqpow.sys ---- User code sections - GMER 2.2 ---- .text C:\Windows\SysWOW64\PnkBstrA.exe[1676] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073db1a22 2 bytes [DB, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1676] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073db1ad0 2 bytes [DB, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1676] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073db1b08 2 bytes [DB, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1676] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073db1bba 2 bytes [DB, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1676] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073db1bda 2 bytes [DB, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075931465 2 bytes [93, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[1676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759314bb 2 bytes [93, 75] .text ... * 2 .text E:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe[1672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075931465 2 bytes [93, 75] .text E:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe[1672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759314bb 2 bytes [93, 75] .text ... * 2 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[2404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075931465 2 bytes [93, 75] .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[2404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759314bb 2 bytes [93, 75] .text ... * 2 .text E:\Gry\WoT\WargamingGameUpdater.exe[2716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075931465 2 bytes [93, 75] .text E:\Gry\WoT\WargamingGameUpdater.exe[2716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759314bb 2 bytes [93, 75] .text ... * 2 .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[3224] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075931465 2 bytes [93, 75] .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[3224] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000759314bb 2 bytes [93, 75] .text ... * 2 ---- Kernel IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff8800109ce94] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff8800109cc38] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff8800109d614] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff8800109da10] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff8800109d86c] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.2 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa8006ce62c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa8006ce62c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa8006ce62c0 Device \Driver\atapi \Device\Ide\IdePort2 fffffa8006ce62c0 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 fffffa8006ce62c0 Device \Driver\atapi \Device\Ide\IdePort3 fffffa8006ce62c0 Device \Driver\a703yn3y \Device\Scsi\a703yn3y1Port4Path0Target1Lun0 fffffa80087242c0 Device \Driver\a703yn3y \Device\Scsi\a703yn3y1Port4Path0Target0Lun0 fffffa80087242c0 Device \Driver\a703yn3y \Device\Scsi\a703yn3y1 fffffa80087242c0 Device \Driver\a703yn3y \Device\Scsi\a703yn3y1Port4Path0Target2Lun0 fffffa80087242c0 Device \FileSystem\Ntfs \Ntfs fffffa8006cea2c0 Device \Driver\usbehci \Device\USBPDO-5 fffffa80086b22c0 Device \Driver\usbohci \Device\USBFDO-3 fffffa800861b2c0 Device \Driver\usbohci \Device\USBPDO-1 fffffa800861b2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{ECF23C1C-01F2-4091-AF4B-472D33120739} fffffa8007e882c0 Device \Driver\cdrom \Device\CdRom0 fffffa8007e822c0 Device \Driver\cdrom \Device\CdRom1 fffffa8007e822c0 Device \Driver\cdrom \Device\CdRom2 fffffa8007e822c0 Device \Driver\cdrom \Device\CdRom3 fffffa8007e822c0 Device \Driver\usbohci \Device\USBPDO-6 fffffa800861b2c0 Device \Driver\usbohci \Device\USBFDO-4 fffffa800861b2c0 Device \Driver\usbohci \Device\USBFDO-0 fffffa800861b2c0 Device \Driver\usbehci \Device\USBPDO-2 fffffa80086b22c0 Device \Driver\usbehci \Device\USBFDO-5 fffffa80086b22c0 Device \Driver\usbohci \Device\USBPDO-3 fffffa800861b2c0 Device \Driver\usbohci \Device\USBFDO-1 fffffa800861b2c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8007e882c0 Device \Driver\usbohci \Device\USBFDO-6 fffffa800861b2c0 Device \Driver\usbohci \Device\USBPDO-4 fffffa800861b2c0 Device \Driver\atapi \Device\ScsiPort0 fffffa8006ce62c0 Device \Driver\usbehci \Device\USBFDO-2 fffffa80086b22c0 Device \Driver\usbohci \Device\USBPDO-0 fffffa800861b2c0 Device \Driver\atapi \Device\ScsiPort1 fffffa8006ce62c0 Device \Driver\atapi \Device\ScsiPort2 fffffa8006ce62c0 Device \Driver\atapi \Device\ScsiPort3 fffffa8006ce62c0 Device \Driver\a703yn3y \Device\ScsiPort4 fffffa80087242c0 ---- Trace I/O - GMER 2.2 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8006ce62c0]<< sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys fffffa8006ce62c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e1a060] fffffa8007e1a060 Trace 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa8007742db0] fffffa8007742db0 Trace 5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007b07060] fffffa8007b07060 Trace \Driver\atapi[0xfffffa8006e66e70] -> IRP_MJ_CREATE -> 0xfffffa8006ce62c0 fffffa8006ce62c0 ---- Modules - GMER 2.2 ---- Module \SystemRoot\System32\Drivers\a703yn3y.SYS fffff88004a11000-fffff88004a5d000 (311296 bytes) ---- Threads - GMER 2.2 ---- Thread C:\Windows\System32\svchost.exe [2112:3052] 000007fef6809688 ---- EOF - GMER 2.2 ----