GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-10-18 23:06:55 Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0 Running: gmer.exe; Driver: C:\Users\Pontus\AppData\Local\Temp\uwldqpod.sys ---- System - GMER 1.0.15 ---- INT 0x51 ? 876ACBF8 INT 0x51 ? 876ACBF8 INT 0x51 ? 876ACBF8 INT 0x52 ? 876ACBF8 INT 0x72 ? 876ACBF8 INT 0x82 ? 876ACBF8 INT 0xA2 ? 85924BF8 INT 0xA2 ? 876ACBF8 INT 0xA2 ? 876ACBF8 INT 0xA2 ? 85924BF8 ---- Kernel code sections - GMER 1.0.15 ---- ? System32\Drivers\spuu.sys The system cannot find the path specified. ! .text USBPORT.SYS!DllUnload 8FD2846F 5 Bytes JMP 876AC1D8 .text ahhhffmx.SYS 8FD80000 22 Bytes [26, A2, 7D, 82, 10, A1, 7D, ...] .text ahhhffmx.SYS 8FD80017 159 Bytes [00, 32, 77, 79, 80, 3D, 75, ...] .text ahhhffmx.SYS 8FD800B7 22 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text ahhhffmx.SYS 8FD800CE 80 Bytes [00, 00, 26, 00, 00, 00, E0, ...] .text ahhhffmx.SYS 8FD8011F 194 Bytes [7E, 38, 40, 39, 82, 3B, C4, ...] .text ... C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl entry point in "" section [0xA912E41C] .clc C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl unknown last code section [0xA912F000, 0x1000, 0xE0000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\Explorer.EXE[2416] SHELL32.dll!InitNetworkAddressControl + 2939 7629006C 4 Bytes [00, 26, 00, 10] {ADD [ESI], AH; ADD [EAX], DL} .text C:\Windows\Explorer.EXE[2416] SHELL32.dll!ShellExecuteExW + 121F 762C11DC 4 Bytes [10, 1B, 00, 10] {ADC [EBX], BL; ADD [EAX], DL} .text C:\Program Files\Tunngle\TnglCtrl.exe[3244] ntdll.dll!DbgBreakPoint 77837B0E 1 Byte [90] ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 859261F8 Device \FileSystem\udfs \UdfsCdRom 8775A1F8 Device \FileSystem\udfs \UdfsDisk 8775A1F8 Device \Driver\USBSTOR \Device\0000008e 90BFB1F8 Device \Driver\USBSTOR \Device\0000008f 90BFB1F8 AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) Device \Driver\netbt \Device\NetBT_Tcpip_{013CA52E-7DDA-456E-B7E8-CFBECFB8ED6B} 917A11F8 AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) Device \Driver\volmgr \Device\VolMgrControl 84F901F8 Device \Driver\netbt \Device\NetBT_Tcpip_{B134AF8B-1AC3-4C49-AFDC-B2FB9879329A} 917A11F8 Device \Driver\usbuhci \Device\USBPDO-0 875761F8 Device \Driver\usbuhci \Device\USBPDO-1 875761F8 Device \Driver\usbehci \Device\USBPDO-2 877521F8 Device \Driver\usbuhci \Device\USBPDO-3 875761F8 Device \Driver\usbuhci \Device\USBPDO-4 875761F8 AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBPDO-5 875761F8 Device \Driver\netbt \Device\NetBT_Tcpip_{D7D875F0-2A76-4C9B-AC8A-6020B6E459CD} 917A11F8 Device \Driver\usbuhci \Device\USBPDO-6 875761F8 Device \Driver\volmgr \Device\HarddiskVolume1 84F901F8 Device \Driver\usbehci \Device\USBPDO-7 877521F8 Device \Driver\volmgr \Device\HarddiskVolume2 84F901F8 Device \Driver\cdrom \Device\CdRom0 879221F8 Device \Driver\iaStor \Device\Ide\iaStor0 [82AC6A60] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [82AC6A60] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [82AC6A60] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\volmgr \Device\HarddiskVolume3 84F901F8 Device \Driver\cdrom \Device\CdRom1 879221F8 Device \Driver\cdrom \Device\CdRom2 879221F8 Device \Driver\volmgr \Device\HarddiskVolume4 84F901F8 Device \Driver\volmgr \Device\HarddiskVolume5 84F901F8 Device \Driver\netbt \Device\NetBT_Tcpip_{0FAA85B7-4C67-4C95-8036-02723AB7A771} 917A11F8 Device \Driver\sptd \Device\1267611504 spuu.sys Device \Driver\netbt \Device\NetBt_Wins_Export 917A11F8 Device \Driver\Smb \Device\NetbiosSmb 9171A1F8 Device \Driver\iScsiPrt \Device\RaidPort0 87A6B1F8 AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-0 875761F8 Device \Driver\PCI_PNP1489 \Device\0000006c spuu.sys Device \Driver\usbuhci \Device\USBFDO-1 875761F8 Device \Driver\usbehci \Device\USBFDO-2 877521F8 Device \Driver\usbuhci \Device\USBFDO-3 875761F8 Device \Driver\usbuhci \Device\USBFDO-4 875761F8 Device \Driver\usbuhci \Device\USBFDO-5 875761F8 Device \Driver\usbuhci \Device\USBFDO-6 875761F8 Device \Driver\USBSTOR \Device\0000008c 90BFB1F8 Device \Driver\usbehci \Device\USBFDO-7 877521F8 Device \Driver\USBSTOR \Device\0000008d 90BFB1F8 Device \Driver\ahhhffmx \Device\Scsi\ahhhffmx1Port2Path0Target0Lun0 87A231F8 Device \Driver\ahhhffmx \Device\Scsi\ahhhffmx1 87A231F8 Device \FileSystem\cdfs \Cdfs A25CC1F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\00234ef58211 Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\00234ef58211@30694b9622b0 0x7D 0xA7 0xF9 0x0F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\program files\daemon tools\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE6 0xBD 0x58 0xE2 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD8 0xEF 0x83 0x53 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF6 0xB5 0x76 0x51 ... Reg HKLM\SYSTEM\ControlSet002\Services\BthPort\Parameters\Keys\00234ef58211 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BthPort\Parameters\Keys\00234ef58211@30694b9622b0 0x7D 0xA7 0xF9 0x0F ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\program files\daemon tools\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE6 0xBD 0x58 0xE2 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD8 0xEF 0x83 0x53 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF6 0xB5 0x76 0x51 ... ---- EOF - GMER 1.0.15 ----