GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-08-02 07:42:45 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.14 ---- SSDT spph.sys ZwCreateKey [0xBA6AB0E0] SSDT spph.sys ZwEnumerateKey [0xBA6C8CA2] SSDT spph.sys ZwEnumerateValueKey [0xBA6C9030] SSDT spph.sys ZwOpenKey [0xBA6AB0C0] SSDT spph.sys ZwQueryKey [0xBA6C9108] SSDT spph.sys ZwQueryValueKey [0xBA6C8F88] SSDT spph.sys ZwSetValueKey [0xBA6C919A] INT 0x62 ? 8A7CDBF8 INT 0x63 ? 8A585BF8 INT 0x73 ? 8A7CDBF8 INT 0x73 ? 8A7CDBF8 INT 0x73 ? 8A75FBF8 INT 0x73 ? 8A585BF8 INT 0x73 ? 8A7CDBF8 INT 0x82 ? 8A7CDBF8 INT 0x83 ? 8A585BF8 INT 0x94 ? 8A585BF8 INT 0xB1 ? 8A75FBF8 INT 0xB1 ? 8A75FBF8 INT 0xB4 ? 8A585BF8 INT 0xB4 ? 8A585BF8 INT 0xB4 ? 8A585BF8 INT 0xB4 ? 8A585BF8 ---- Kernel code sections - GMER 1.0.14 ---- ? spph.sys The system cannot find the file specified. ! ? Combo-Fix.sys The system cannot find the file specified. ! .text USBPORT.SYS!DllUnload B9C3F62C 5 Bytes JMP 8A5851D8 .text ajsmty3i.SYS B9A7E384 1 Byte [ 20 ] .text ajsmty3i.SYS B9A7E386 35 Bytes [ 00, 68, 00, 00, 00, 00, 00, ... ] .text ajsmty3i.SYS B9A7E3AA 24 Bytes [ 00, 00, 20, 00, 00, E0, 00, ... ] .text ajsmty3i.SYS B9A7E3C4 3 Bytes [ 00, 00, 00 ] .text ajsmty3i.SYS B9A7E3C9 1 Byte [ 00 ] .text ... .text a1cx1ahn.SYS B9A19384 1 Byte [ 20 ] .text a1cx1ahn.SYS B9A19386 35 Bytes [ 00, 68, 00, 00, 00, 00, 00, ... ] .text a1cx1ahn.SYS B9A193AA 24 Bytes [ 00, 00, 20, 00, 00, E0, 00, ... ] .text a1cx1ahn.SYS B9A193C4 3 Bytes [ 00, 00, 00 ] .text a1cx1ahn.SYS B9A193C9 1 Byte [ 00 ] .text ... ? C:\ComboFix\catchme.sys The system cannot find the path specified. ! ? C:\WINNT\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. ! ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6AC040] spph.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6AC13C] spph.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6AC0BE] spph.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6AC7FC] spph.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6AC6D2] spph.sys IAT \SystemRoot\System32\Drivers\ajsmty3i.SYS[HAL.dll!KfAcquireSpinLock] 0A64D90F IAT \SystemRoot\System32\Drivers\ajsmty3i.SYS[HAL.dll!READ_PORT_UCHAR] 046FD406 IAT \SystemRoot\System32\Drivers\ajsmty3i.SYS[HAL.dll!KeGetCurrentIrql] 1672C31D IAT \SystemRoot\System32\Drivers\ajsmty3i.SYS[HAL.dll!KfRaiseIrql] 1879CE14 IAT \SystemRoot\System32\Drivers\ajsmty3i.SYS[HAL.dll!KfLowerIrql] 3248ED2B IAT \SystemRoot\System32\Drivers\ajsmty3i.SYS[HAL.dll!HalGetInterruptVector] 3C43E022 IAT \SystemRoot\System32\Drivers\ajsmty3i.SYS[HAL.dll!HalTranslateBusAddress] 2E5EF739 IAT \SystemRoot\System32\Drivers\ajsmty3i.SYS[HAL.dll!KeStallExecutionProcessor] 2055FA30 IAT \SystemRoot\System32\Drivers\ajsmty3i.SYS[HAL.dll!KfReleaseSpinLock] EC01B79A IAT \SystemRoot\System32\Drivers\ajsmty3i.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] E20ABA93 IAT \SystemRoot\System32\Drivers\ajsmty3i.SYS[HAL.dll!READ_PORT_USHORT] F017AD88 IAT \SystemRoot\System32\Drivers\ajsmty3i.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] FE1CA081 IAT \SystemRoot\System32\Drivers\ajsmty3i.SYS[HAL.dll!WRITE_PORT_UCHAR] D42D83BE IAT \SystemRoot\System32\Drivers\ajsmty3i.SYS[WMILIB.SYS!WmiSystemControl] C83B99AC IAT \SystemRoot\System32\Drivers\ajsmty3i.SYS[WMILIB.SYS!WmiCompleteRequest] C63094A5 IAT \SystemRoot\System32\Drivers\a1cx1ahn.SYS[HAL.dll!KfAcquireSpinLock] 0A64D90F IAT \SystemRoot\System32\Drivers\a1cx1ahn.SYS[HAL.dll!READ_PORT_UCHAR] 046FD406 IAT \SystemRoot\System32\Drivers\a1cx1ahn.SYS[HAL.dll!KeGetCurrentIrql] 1672C31D IAT \SystemRoot\System32\Drivers\a1cx1ahn.SYS[HAL.dll!KfRaiseIrql] 1879CE14 IAT \SystemRoot\System32\Drivers\a1cx1ahn.SYS[HAL.dll!KfLowerIrql] 3248ED2B IAT \SystemRoot\System32\Drivers\a1cx1ahn.SYS[HAL.dll!HalGetInterruptVector] 3C43E022 IAT \SystemRoot\System32\Drivers\a1cx1ahn.SYS[HAL.dll!HalTranslateBusAddress] 2E5EF739 IAT \SystemRoot\System32\Drivers\a1cx1ahn.SYS[HAL.dll!KeStallExecutionProcessor] 2055FA30 IAT \SystemRoot\System32\Drivers\a1cx1ahn.SYS[HAL.dll!KfReleaseSpinLock] EC01B79A IAT \SystemRoot\System32\Drivers\a1cx1ahn.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] E20ABA93 IAT \SystemRoot\System32\Drivers\a1cx1ahn.SYS[HAL.dll!READ_PORT_USHORT] F017AD88 IAT \SystemRoot\System32\Drivers\a1cx1ahn.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] FE1CA081 IAT \SystemRoot\System32\Drivers\a1cx1ahn.SYS[HAL.dll!WRITE_PORT_UCHAR] D42D83BE IAT \SystemRoot\System32\Drivers\a1cx1ahn.SYS[WMILIB.SYS!WmiSystemControl] C83B99AC IAT \SystemRoot\System32\Drivers\a1cx1ahn.SYS[WMILIB.SYS!WmiCompleteRequest] C63094A5 ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Ntfs \Ntfs 8A75B1F8 AttachedDevice \FileSystem\Ntfs \Ntfs avg7rsw.sys (AVG Resident Shield Unload Helper/GRISOFT, s.r.o.) Device \FileSystem\Fastfat \FatCdrom 884061F8 Device \Driver\Tcpip \Device\Ip sbbotdi.sys (Speedbit Driver/SpeedBit Ltd.) Device \Driver\Tcpip \Device\Ip avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.) Device \Driver\usbuhci \Device\USBPDO-0 8A57F1F8 Device \Driver\usbuhci \Device\USBPDO-1 8A57F1F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A75D1F8 Device \Driver\dmio \Device\DmControl\DmConfig 8A75D1F8 Device \Driver\dmio \Device\DmControl\DmPnP 8A75D1F8 Device \Driver\dmio \Device\DmControl\DmInfo 8A75D1F8 Device \Driver\usbuhci \Device\USBPDO-2 8A57F1F8 Device \Driver\usbehci \Device\USBPDO-3 8A55C1F8 Device \Driver\usbuhci \Device\USBPDO-4 8A57F1F8 Device \Driver\Tcpip \Device\Tcp sbbotdi.sys (Speedbit Driver/SpeedBit Ltd.) Device \Driver\Tcpip \Device\Tcp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.) Device \Driver\usbuhci \Device\USBPDO-5 8A57F1F8 Device \Driver\usbuhci \Device\USBPDO-6 8A57F1F8 Device \Driver\Ftdisk \Device\HarddiskVolume1 8A7CE1F8 AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis) Device \Driver\usbehci \Device\USBPDO-7 8A55C1F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 8A7CE1F8 AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis) Device \Driver\Cdrom \Device\CdRom0 8A550500 Device \Driver\Ftdisk \Device\HarddiskVolume3 8A7CE1F8 AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis) Device \Driver\atapi \Device\Ide\IdePort0 8A7CD1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A7CD1F8 Device \Driver\atapi \Device\Ide\IdePort1 8A7CD1F8 Device \Driver\atapi \Device\Ide\IdePort2 8A7CD1F8 Device \Driver\atapi \Device\Ide\IdePort3 8A7CD1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1b 8A7CD1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 8A7CD1F8 Device \Driver\Cdrom \Device\CdRom1 8A550500 Device \Driver\Ftdisk \Device\HarddiskVolume4 8A7CE1F8 AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 snapman.sys (Acronis Snapshot API/Acronis) Device \Driver\Cdrom \Device\CdRom2 8A550500 Device \Driver\Ftdisk \Device\HarddiskVolume5 8A7CE1F8 AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 snapman.sys (Acronis Snapshot API/Acronis) Device \Driver\NetBT \Device\NetBt_Wins_Export 891101F8 Device \Driver\NetBT \Device\NetbiosSmb 891101F8 Device \Driver\sptd \Device\3558879036 spph.sys Device \Driver\PCI_PNP5286 \Device\0000005b spph.sys Device \Driver\PCI_PNP5286 \Device\0000005c spph.sys Device \Driver\Tcpip \Device\Udp sbbotdi.sys (Speedbit Driver/SpeedBit Ltd.) Device \Driver\Tcpip \Device\Udp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.) Device \Driver\NetBT \Device\NetBT_Tcpip_{D54A328E-8780-4909-9546-AF34E4262E90} 891101F8 Device \Driver\Tcpip \Device\RawIp sbbotdi.sys (Speedbit Driver/SpeedBit Ltd.) Device \Driver\Tcpip \Device\RawIp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-0 8A57F1F8 Device \Driver\usbuhci \Device\USBFDO-1 8A57F1F8 Device \Driver\usbuhci \Device\USBFDO-2 8A57F1F8 Device \Driver\Tcpip \Device\IPMULTICAST sbbotdi.sys (Speedbit Driver/SpeedBit Ltd.) Device \Driver\Tcpip \Device\IPMULTICAST avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.) Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8911B1F8 Device \Driver\usbehci \Device\USBFDO-3 8A55C1F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8911B1F8 Device \Driver\Ftdisk \Device\FtControl 8A7CE1F8 Device \Driver\usbuhci \Device\USBFDO-4 8A57F1F8 Device \Driver\usbuhci \Device\USBFDO-5 8A57F1F8 Device \Driver\usbuhci \Device\USBFDO-6 8A57F1F8 Device \Driver\sptd \Device\3558722786 spph.sys Device \Driver\usbehci \Device\USBFDO-7 8A55C1F8 Device \Driver\ajsmty3i \Device\Scsi\ajsmty3i1 8A50E1F8 Device \Driver\JRAID \Device\Scsi\JRAID1Port4Path0Target0Lun0 8A75C1F8 Device \Driver\a1cx1ahn \Device\Scsi\a1cx1ahn1 8A50D1F8 Device \Driver\a1cx1ahn \Device\Scsi\a1cx1ahn1Port5Path0Target0Lun0 8A50D1F8 Device \Driver\JRAID \Device\Scsi\JRAID1 8A75C1F8 Device \Driver\a1cx1ahn \Device\Scsi\a1cx1ahn1Port5Path0Target1Lun0 8A50D1F8 Device \FileSystem\Fastfat \Fat 884061F8 AttachedDevice \FileSystem\Fastfat \Fat avg7rsw.sys (AVG Resident Shield Unload Helper/GRISOFT, s.r.o.) Device \FileSystem\Cdfs \Cdfs 883E31F8 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF4 0x81 0x7E 0xDD ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB4 0x83 0x14 0x90 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0D 0x42 0x02 0x4B ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xBF 0x0D 0x8D 0x21 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xB5 0x78 0x73 0x5F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1010805413 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 600061037 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF4 0x81 0x7E 0xDD ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB4 0x83 0x14 0x90 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0D 0x42 0x02 0x4B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xBF 0x0D 0x8D 0x21 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xB5 0x78 0x73 0x5F ... ---- EOF - GMER 1.0.14 ----