GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-08 21:35:45
Windows 6.0.6000 


---- System - GMER 1.0.14 ----

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                           ZwDuplicateObject [0x89FE800A]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                           ZwOpenProcess [0x89FE7F4A]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                           ZwOpenThread [0x89FE7FAE]

---- User code sections - GMER 1.0.14 ----

.text           C:\Users\Nikki\AppData\Local\Temp\Temp2_gmer.zip\gmer.exe[2104] ntdll.dll!NtCreateFile + 3                      77CAF417 2 Bytes  [ 3A, FA ]
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3252] kernel32.dll!SetUnhandledExceptionFilter              7661D187 5 Bytes  JMP 0056DBBD C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Windows Live Messenger/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.14 ----

IAT             C:\Windows\system32\services.exe[492] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW]    00720002
IAT             C:\Windows\system32\services.exe[492] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW]          00720000

---- Devices - GMER 1.0.14 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                         Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                         aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                         aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Services - GMER 1.0.14 ----

Service         system32\drivers\gaopdxmeusnteb.sys (*** hidden *** )                                                           [SYSTEM] gaopdxserv.sys                                                                                                             <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@start                                                     1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@type                                                      1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@imagepath                                                 \systemroot\system32\drivers\gaopdxmeusnteb.sys
Reg             HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@group                                                     file system
Reg             HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@start                                                         1
Reg             HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@type                                                          1
Reg             HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@imagepath                                                     \systemroot\system32\drivers\gaopdxmeusnteb.sys
Reg             HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@group                                                         file system

---- Files - GMER 1.0.14 ----

File            C:\Users\Nikki\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P9N1JEF0\videoByTag[2].xml  3769 bytes

---- EOF - GMER 1.0.14 ----