DDS (Version 1.1.0) - NTFSx86
Run by Twigz at 15:50:43.20 on 21/12/2008
Internet Explorer: 8.0.6001.18241
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2430 [GMT 0:00]
============== Running Processes ===============
E:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
E:\Program Files\Windows Defender\MsMpEng.exe
E:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Analog Devices\Core\smax4pnp.exe
E:\Program Files\Analog Devices\SoundMAX\Smax4.exe
E:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
E:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
E:\WINDOWS\CTHELPER.EXE
E:\WINDOWS\system32\CTXFIHLP.EXE
E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\SYSTEM32\CTXFISPI.EXE
E:\Program Files\XpertVision\TBPanel.exe
E:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
E:\Program Files\Windows Defender\MSASCui.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOE.EXE
E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
E:\Program Files\Electronic Arts\EADM\Core.exe
svchost.exe
E:\WINDOWS\system32\CTsvcCDA.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\System32\svchost.exe -k imgsvc
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
E:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Documents and Settings\Twigz\Desktop\dds.com
E:\Program Files\Alwil Software\Avast4\setup\avast.setup
============== Pseudo HJT Report ===============
uStart Page =
hxxp://www.goggle.com/BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - e:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - e:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: EpsonToolBandKicker Class: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - e:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - e:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
uRun: [EPSON Stylus Photo R360 Series] e:\windows\system32\spool\drivers\w32x86\3\e_fatiboe.exe /fu "e:\windows\temp\E_S1B7.tmp" /EF "HKCU"
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "e:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [SUPERAntiSpyware] e:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [EA Core] e:\program files\electronic arts\eadm\Core.exe -silent
mRun: [SoundMAXPnP] e:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "e:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [VolPanel] "e:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [AudioDrvEmulator] "e:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "e:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [UpdReg] e:\windows\UpdReg.EXE
mRun: [SunJavaUpdateSched] "e:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Gainward] e:\program files\xpertvision\TBPanel.exe /A
mRun: [NvCplDaemon] RUNDLL32.EXE e:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NBKeyScan] "e:\program files\nero\nero 7\nero backitup\NBKeyScan.exe"
mRun: [GrooveMonitor] "e:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NeroFilterCheck] e:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Windows Defender] "e:\program files\windows defender\MSASCui.exe" -hide
mRun: [NvMediaCenter] RUNDLL32.EXE e:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avast!] e:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Adobe Reader Speed Launcher] "e:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "e:\program files\quicktime\qttask.exe" -atboottime
dRun: [CTFMON.EXE] e:\windows\system32\CTFMON.EXE
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - e:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - e:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - e:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - e:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - e:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - e:\program files\superantispyware\SASWINLO.DLL
Notify: b80ef576382 - e:\windows\system32\__c003C9DE.dat
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - e:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - e:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - e:\program files\superantispyware\SASSEH.DLL
============= SERVICES / DRIVERS ===============
R1 aswSP;avast! Self Protection;e:\windows\system32\drivers\aswSP.sys [2008-9-13 111184]
R1 SASDIFSV;SASDIFSV;\??\e:\program files\superantispyware\SASDIFSV.SYS [2008-5-28 8944]
R1 SASKUTIL;SASKUTIL;\??\e:\program files\superantispyware\SASKUTIL.sys [2008-5-28 55024]
R2 aswFsBlk;aswFsBlk;e:\windows\system32\drivers\aswFsBlk.sys [2008-9-13 20560]
R2 avast! Antivirus;avast! Antivirus;"e:\program files\alwil software\avast4\ashServ.exe" [2008-9-13 155160]
R2 WinDefend;Windows Defender;"e:\program files\windows defender\MsMpEng.exe" [2006-11-3 13592]
R3 avast! Mail Scanner;avast! Mail Scanner;"e:\program files\alwil software\avast4\ashMaiSv.exe" /service [2008-9-13 254040]
R3 avast! Web Scanner;avast! Web Scanner;"e:\program files\alwil software\avast4\ashWebSv.exe" /service [2008-9-13 352920]
R3 SASENUM;SASENUM;\??\e:\program files\superantispyware\SASENUM.SYS [2008-5-28 7408]
S3 lredbooo;lredbooo;\??\e:\docume~1\twigz\locals~1\temp\lredbooo.sys [2003-6-26 29696]
S3 NPF;Netgroup Packet Filter;e:\windows\system32\drivers\npf.sys [2008-6-28 42512]
=============== Created Last 30 ================
2008-12-18 14:46 <DIR> --d----- e:\windows\ie8updates
2008-12-15 22:01 3,851,784 a------- e:\windows\system32\D3DX9_39.dll
2008-12-11 17:36 <DIR> --d----- e:\program files\Trend Micro
2008-12-06 13:10 14,591 a------- e:\windows\system32\dummy019file
2008-12-06 13:10 <DIR> --d----- e:\docume~1\alluse~1\applic~1\Software4u
2008-12-06 13:10 <DIR> --d----- e:\docume~1\twigz\applic~1\Software4u
2008-12-06 13:10 <DIR> --d----- e:\program files\S.A.D
2008-12-05 18:46 71,539 -------- e:\windows\system32\drivers\StMp3Rec.sys
2008-12-05 18:46 360 -------- e:\windows\system32\drivers\StMp3Recnt.cat
2008-12-05 18:46 <DIR> --d----- e:\program files\SigmaTel
2008-12-04 17:58 <DIR> --dsh--- e:\documents and settings\twigz\PrivacIE
2008-12-04 17:17 <DIR> -cd-h--- e:\windows\ie8
2008-11-23 16:45 1,024 a------- E:\EPSONCD.Pal
2008-11-23 16:45 71 a------- e:\windows\EPSONCD.INI
==================== Find3M ====================
2008-10-24 11:21 455,296 a------- e:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 a------- e:\windows\system32\gdi32.dll
2008-10-16 14:06 268,648 a------- e:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- e:\windows\system32\muweb.dll
2008-10-10 16:35 43,698 a------- e:\windows\system32\xvid-uninstall.exe
2008-10-03 13:36 1,600 a------- e:\windows\system32\ealregsnapshot1.reg
2008-10-03 10:02 247,326 a------- e:\windows\system32\strmdll.dll
2008-09-30 16:43 1,286,152 a------- e:\windows\system32\msxml4.dll
2008-09-30 15:22 245,760 a------- e:\windows\system32\goalsss.scr
2008-09-30 15:22 53,248 a------- e:\windows\system32\hklspl.dll
2008-03-23 15:23 22,328 a------- e:\docume~1\twigz\applic~1\PnkBstrK.sys
2002-07-01 14:13 243 a--sh--- e:\docume~1\alluse~1\applic~1\system16driver.dat
2008-06-29 17:47 32,768 a--sh--- e:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008062920080630\index.dat
2008-08-11 14:06 16,384 a--sh--- e:\windows\temp\cookies\index.dat
2008-08-11 14:06 16,384 a--sh--- e:\windows\temp\history\history.ie5\index.dat
2008-08-11 14:06 32,768 a--sh--- e:\windows\temp\temporary internet files\content.ie5\index.dat
============= FINISH: 15:51:07.35 ===============
GMER 1.0.14.14536 -
http://www.gmer.netRootkit scan 2008-12-21 17:59:11
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.14 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB2C14576]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB2C14432]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB2C14910]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB2C1400A]
SSDT spss.sys ZwEnumerateKey [0xBA6C8CA2]
SSDT spss.sys ZwEnumerateValueKey [0xBA6C9030]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB2C1450C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB2C13F4A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB2C13FAE]
SSDT spss.sys ZwQueryKey [0xBA6C9108]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB2C1462C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB2C145EC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB2C1476C]
SSDT \??\E:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB2D85F20]
INT 0x62 ? 8AE55BF8
INT 0x63 ? 8AC8ABF8
INT 0x73 ? 8AEC6BF8
INT 0x73 ? 8AEC6BF8
INT 0x83 ? 8AEC6BF8
INT 0x94 ? 8AC8ABF8
---- Kernel code sections - GMER 1.0.14 ----
? spss.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B9F258AC 5 Bytes JMP 8AC8A1D8
.text a93yq1qh.SYS B961E384 1 Byte [ 20 ]
.text a93yq1qh.SYS B961E386 35 Bytes [ 00, 68, 00, 00, 00, 00, 00, ... ]
.text a93yq1qh.SYS B961E3AA 24 Bytes [ 00, 00, 20, 00, 00, E0, 00, ... ]
.text a93yq1qh.SYS B961E3C4 3 Bytes [ 00, 00, 00 ]
.text a93yq1qh.SYS B961E3C9 1 Byte [ 00 ]
.text ...
---- User code sections - GMER 1.0.14 ----
.text E:\Program Files\Internet Explorer\iexplore.exe[2672] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 0112E0B3 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2672] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 011BECEE E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2672] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 0135157B E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2672] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 013514AD E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2672] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 01351518 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2672] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 0135137E E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2672] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 013513E0 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2672] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 013515DE E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2672] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 01351442 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 0112E0B3 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 01351712 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 01351776 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 011BECEE E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 0135175D E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 0135157B E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 013514AD E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 01351518 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 0135137E E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 013513E0 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 013515DE E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2796] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 01351442 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2796] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 01141420 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- Kernel IAT/EAT - GMER 1.0.14 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6AC040] spss.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6AC13C] spss.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6AC0BE] spss.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6AC7FC] spss.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6AC6D2] spss.sys
IAT \SystemRoot\System32\Drivers\a93yq1qh.SYS[HAL.dll!KfAcquireSpinLock] 000000AD
IAT \SystemRoot\System32\Drivers\a93yq1qh.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4
IAT \SystemRoot\System32\Drivers\a93yq1qh.SYS[HAL.dll!KeGetCurrentIrql] 000000A2
IAT \SystemRoot\System32\Drivers\a93yq1qh.SYS[HAL.dll!KfRaiseIrql] 000000AF
IAT \SystemRoot\System32\Drivers\a93yq1qh.SYS[HAL.dll!KfLowerIrql] 0000009C
IAT \SystemRoot\System32\Drivers\a93yq1qh.SYS[HAL.dll!HalGetInterruptVector] 000000A4
IAT \SystemRoot\System32\Drivers\a93yq1qh.SYS[HAL.dll!HalTranslateBusAddress] 00000072
IAT \SystemRoot\System32\Drivers\a93yq1qh.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0
IAT \SystemRoot\System32\Drivers\a93yq1qh.SYS[HAL.dll!KfReleaseSpinLock] 000000B7
IAT \SystemRoot\System32\Drivers\a93yq1qh.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD
IAT \SystemRoot\System32\Drivers\a93yq1qh.SYS[HAL.dll!READ_PORT_USHORT] 00000093
IAT \SystemRoot\System32\Drivers\a93yq1qh.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026
IAT \SystemRoot\System32\Drivers\a93yq1qh.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036
IAT \SystemRoot\System32\Drivers\a93yq1qh.SYS[WMILIB.SYS!WmiSystemControl] 000000F7
IAT \SystemRoot\System32\Drivers\a93yq1qh.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6BBD92] spss.sys
---- User IAT/EAT - GMER 1.0.14 ----
IAT E:\WINDOWS\system32\services.exe[760] @ E:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003A0002
IAT E:\WINDOWS\system32\services.exe[760] @ E:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003A0000
---- Devices - GMER 1.0.14 ----
Device \FileSystem\Ntfs \Ntfs 8AEC51F8
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD6 0xFA 0x43 0xC7 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB7 0xAB 0x54 0xEB ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x72 0x4B 0x06 0xF1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd601265
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd601265@0017d55a61b2 0x57 0x55 0x62 0xA6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd601265@001b59e56330 0x9C 0x3B 0xDE 0x91 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD6 0xFA 0x43 0xC7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB7 0xAB 0x54 0xEB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x72 0x4B 0x06 0xF1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD6 0xFA 0x43 0xC7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB7 0xAB 0x54 0xEB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x90 0xE4 0x6F 0x21 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd601265
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd601265@0017d55a61b2 0x57 0x55 0x62 0xA6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd601265@001b59e56330 0x9C 0x3B 0xDE 0x91 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD6 0xFA 0x43 0xC7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB7 0xAB 0x54 0xEB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE9 0x84 0x13 0xA0 ...
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\0009dd601265
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\0009dd601265@0017d55a61b2 0x57 0x55 0x62 0xA6 ...
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\0009dd601265@001b59e56330 0x9C 0x3B 0xDE 0x91 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD6 0xFA 0x43 0xC7 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB7 0xAB 0x54 0xEB ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE9 0x84 0x13 0xA0 ...
---- Disk sectors - GMER 1.0.14 ----
Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR
---- EOF - GMER 1.0.14 ----
You do not have the required permissions to view the files attached to this post.