Infected Computer. Can't Run DDS or Any Other Program
- Thread starter IamNumber1
- Start date
IamNumber1
New member
Yeah if you don't mind. Because ever since then, I keep getting disconnected from xbox and then this happens to this computer. Thanks
IamNumber1
New member
Thank you. My mom just noticed that her email account has been sending emails to everyone in her contact list. It would only contain a link. I told her to change her pw, anything else I should do?
Also, she said gets disconnected every once in awhile. My thoughts are is the router is getting over heated because it feels really hot. Anything I should do or I should be fine?
Thanks again for the help.
Also, she said gets disconnected every once in awhile. My thoughts are is the router is getting over heated because it feels really hot. Anything I should do or I should be fine?
Thanks again for the help.
IamNumber1
New member
Yes, this computer from this thread is my moms computer. My mom accesses her email from this computer.
Shaba
Security Expert: Emeritus
So then we need further research.
Download gmer.zip and save to your desktop.
alternate download site
Download gmer.zip and save to your desktop.
alternate download site
- Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
- When you have done this, disconnect from the Internet and close all running programs.
There is a small chance this application may crash your computer so save any work you have open. - Double-click on Gmer.exe to start the program.
- Allow the gmer.sys driver to load if asked.
- If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
- Click on the Rootkit tab.
- Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
- Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
- Click on the "Scan" and wait for the scan to finish.
Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. - When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
- Note: If you have any problems, try running GMER in SAFE MODE"
IamNumber1
New member
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-19 23:22:54
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Domanico\LOCALS~1\Temp\pwloapoc.sys
---- System - GMER 1.0.15 ----
SSDT spgq.sys ZwCreateKey [0xF73D10E0]
SSDT spgq.sys ZwEnumerateKey [0xF73EFCA4]
SSDT spgq.sys ZwEnumerateValueKey [0xF73F0032]
SSDT spgq.sys ZwOpenKey [0xF73D10C0]
SSDT spgq.sys ZwQueryKey [0xF73F010A]
SSDT spgq.sys ZwQueryValueKey [0xF73EFF8A]
SSDT spgq.sys ZwSetValueKey [0xF73F019C]
INT 0x62 ? 86F66BF8
INT 0x63 ? 86FD5BF8
INT 0x84 ? 864EEEE0
INT 0x94 ? 864EEEE0
INT 0xA4 ? 864EEEE0
INT 0xB4 ? 864EEEE0
---- Kernel code sections - GMER 1.0.15 ----
? spgq.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF56BC360, 0x20FDBD, 0xE8000020]
.text USBPORT.SYS!DllUnload F567268E 5 Bytes JMP 864EE4C0
.text azjje5ti.SYS F5363386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text azjje5ti.SYS F53633AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text azjje5ti.SYS F53633C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text azjje5ti.SYS F53633C9 1 Byte [30]
.text azjje5ti.SYS F53633C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73D2042] spgq.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73D213E] spgq.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73D20C0] spgq.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73D2800] spgq.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73D26D6] spgq.sys
IAT \SystemRoot\System32\Drivers\azjje5ti.SYS[HAL.dll!KfAcquireSpinLock] 0C8D1C46
IAT \SystemRoot\System32\Drivers\azjje5ti.SYS[HAL.dll!READ_PORT_UCHAR] B08B8932
IAT \SystemRoot\System32\Drivers\azjje5ti.SYS[HAL.dll!KeGetCurrentIrql] 89000001
IAT \SystemRoot\System32\Drivers\azjje5ti.SYS[HAL.dll!KfRaiseIrql] 0001BC83
IAT \SystemRoot\System32\Drivers\azjje5ti.SYS[HAL.dll!KfLowerIrql] 24468B00
IAT \SystemRoot\System32\Drivers\azjje5ti.SYS[HAL.dll!HalGetInterruptVector] 89820C8D
IAT \SystemRoot\System32\Drivers\azjje5ti.SYS[HAL.dll!HalTranslateBusAddress] D18BF84D
IAT \SystemRoot\System32\Drivers\azjje5ti.SYS[HAL.dll!KeStallExecutionProcessor] 860F1639
IAT \SystemRoot\System32\Drivers\azjje5ti.SYS[HAL.dll!KfReleaseSpinLock] 000000BD
IAT \SystemRoot\System32\Drivers\azjje5ti.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 0208B389
IAT \SystemRoot\System32\Drivers\azjje5ti.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\azjje5ti.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 7400067E
IAT \SystemRoot\System32\Drivers\azjje5ti.SYS[HAL.dll!WRITE_PORT_UCHAR] 89D60320
IAT \SystemRoot\System32\Drivers\azjje5ti.SYS[WMILIB.SYS!WmiSystemControl] 8D168B00
IAT \SystemRoot\System32\Drivers\azjje5ti.SYS[WMILIB.SYS!WmiCompleteRequest] F0003284
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 86FD41F8
AttachedDevice \Driver\Tcpip \Device\Ip NEOFLTR_650_15215.SYS (NetBIOS Redirector/Juniper Networks)
Device \Driver\usbuhci \Device\USBPDO-0 864E31F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 86FD61F8
Device \Driver\dmio \Device\DmControl\DmConfig 86FD61F8
Device \Driver\dmio \Device\DmControl\DmPnP 86FD61F8
Device \Driver\dmio \Device\DmControl\DmInfo 86FD61F8
Device \Driver\usbuhci \Device\USBPDO-1 864E31F8
Device \Driver\usbuhci \Device\USBPDO-2 864E31F8
Device \Driver\usbehci \Device\USBPDO-3 8645A1F8
Device \Driver\usbuhci \Device\USBPDO-4 864E31F8
AttachedDevice \Driver\Tcpip \Device\Tcp NEOFLTR_650_15215.SYS (NetBIOS Redirector/Juniper Networks)
Device \Driver\Ftdisk \Device\HarddiskVolume1 86F671F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 86F671F8
Device \Driver\Cdrom \Device\CdRom0 863EA1F8
Device \Driver\USBSTOR \Device\00000072 85E9C500
Device \Driver\Cdrom \Device\CdRom1 863EA1F8
Device \Driver\iastor \Device\Ide\iaStor0 [F7288020] iastor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 86F661F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 86F661F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 86F661F8
Device \Driver\iastor \Device\Ide\IAAStorageDevice-0 [F7288020] iastor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Ftdisk \Device\HarddiskVolume3 86F671F8
Device \Driver\Cdrom \Device\CdRom2 863EA1F8
Device \Driver\USBSTOR \Device\00000074 85E9C500
Device \Driver\NetBT \Device\NetBT_Tcpip_{4FD6CE79-35E6-4069-95D9-210D76523600} 842EC1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 842EC1F8
Device \Driver\NetBT \Device\NetbiosSmb 842EC1F8
Device \Driver\PCI_PNP1792 \Device\0000004e spgq.sys
Device \Driver\PCI_PNP1792 \Device\0000004e spgq.sys
Device \Driver\sptd \Device\2714846792 spgq.sys
AttachedDevice \Driver\Tcpip \Device\Udp NEOFLTR_650_15215.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\RawIp NEOFLTR_650_15215.SYS (NetBIOS Redirector/Juniper Networks)
Device \Driver\usbuhci \Device\USBFDO-0 864E31F8
Device \Driver\usbuhci \Device\USBFDO-1 864E31F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 842E61F8
Device \Driver\usbuhci \Device\USBFDO-2 864E31F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 842E61F8
Device \Driver\usbuhci \Device\USBFDO-3 864E31F8
Device \Driver\usbehci \Device\USBFDO-4 8645A1F8
Device \Driver\Ftdisk \Device\FtControl 86F671F8
Device \Driver\azjje5ti \Device\Scsi\azjje5ti1 863D81F8
Device \Driver\azjje5ti \Device\Scsi\azjje5ti1Port2Path0Target0Lun0 863D81F8
Device \FileSystem\Fastfat \Fat 84112500
Device \FileSystem\Fastfat \Fat ABDD71F9
Device \FileSystem\Cdfs \Cdfs 85E8A500
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5A 0x1B 0xE0 0xE5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x62 0x9D 0xCE 0x46 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCA 0xDD 0x91 0x3C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5A 0x1B 0xE0 0xE5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x62 0x9D 0xCE 0x46 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCA 0xDD 0x91 0x3C ...
---- EOF - GMER 1.0.15 ----
Rootkit scan 2010-07-19 23:22:54
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Domanico\LOCALS~1\Temp\pwloapoc.sys
---- System - GMER 1.0.15 ----
SSDT spgq.sys ZwCreateKey [0xF73D10E0]
SSDT spgq.sys ZwEnumerateKey [0xF73EFCA4]
SSDT spgq.sys ZwEnumerateValueKey [0xF73F0032]
SSDT spgq.sys ZwOpenKey [0xF73D10C0]
SSDT spgq.sys ZwQueryKey [0xF73F010A]
SSDT spgq.sys ZwQueryValueKey [0xF73EFF8A]
SSDT spgq.sys ZwSetValueKey [0xF73F019C]
INT 0x62 ? 86F66BF8
INT 0x63 ? 86FD5BF8
INT 0x84 ? 864EEEE0
INT 0x94 ? 864EEEE0
INT 0xA4 ? 864EEEE0
INT 0xB4 ? 864EEEE0
---- Kernel code sections - GMER 1.0.15 ----
? spgq.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF56BC360, 0x20FDBD, 0xE8000020]
.text USBPORT.SYS!DllUnload F567268E 5 Bytes JMP 864EE4C0
.text azjje5ti.SYS F5363386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text azjje5ti.SYS F53633AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text azjje5ti.SYS F53633C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text azjje5ti.SYS F53633C9 1 Byte [30]
.text azjje5ti.SYS F53633C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73D2042] spgq.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73D213E] spgq.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73D20C0] spgq.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73D2800] spgq.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73D26D6] spgq.sys
IAT \SystemRoot\System32\Drivers\azjje5ti.SYS[HAL.dll!KfAcquireSpinLock] 0C8D1C46
IAT \SystemRoot\System32\Drivers\azjje5ti.SYS[HAL.dll!READ_PORT_UCHAR] B08B8932
IAT \SystemRoot\System32\Drivers\azjje5ti.SYS[HAL.dll!KeGetCurrentIrql] 89000001
IAT \SystemRoot\System32\Drivers\azjje5ti.SYS[HAL.dll!KfRaiseIrql] 0001BC83
IAT \SystemRoot\System32\Drivers\azjje5ti.SYS[HAL.dll!KfLowerIrql] 24468B00
IAT \SystemRoot\System32\Drivers\azjje5ti.SYS[HAL.dll!HalGetInterruptVector] 89820C8D
IAT \SystemRoot\System32\Drivers\azjje5ti.SYS[HAL.dll!HalTranslateBusAddress] D18BF84D
IAT \SystemRoot\System32\Drivers\azjje5ti.SYS[HAL.dll!KeStallExecutionProcessor] 860F1639
IAT \SystemRoot\System32\Drivers\azjje5ti.SYS[HAL.dll!KfReleaseSpinLock] 000000BD
IAT \SystemRoot\System32\Drivers\azjje5ti.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 0208B389
IAT \SystemRoot\System32\Drivers\azjje5ti.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\azjje5ti.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 7400067E
IAT \SystemRoot\System32\Drivers\azjje5ti.SYS[HAL.dll!WRITE_PORT_UCHAR] 89D60320
IAT \SystemRoot\System32\Drivers\azjje5ti.SYS[WMILIB.SYS!WmiSystemControl] 8D168B00
IAT \SystemRoot\System32\Drivers\azjje5ti.SYS[WMILIB.SYS!WmiCompleteRequest] F0003284
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1740] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 86FD41F8
AttachedDevice \Driver\Tcpip \Device\Ip NEOFLTR_650_15215.SYS (NetBIOS Redirector/Juniper Networks)
Device \Driver\usbuhci \Device\USBPDO-0 864E31F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 86FD61F8
Device \Driver\dmio \Device\DmControl\DmConfig 86FD61F8
Device \Driver\dmio \Device\DmControl\DmPnP 86FD61F8
Device \Driver\dmio \Device\DmControl\DmInfo 86FD61F8
Device \Driver\usbuhci \Device\USBPDO-1 864E31F8
Device \Driver\usbuhci \Device\USBPDO-2 864E31F8
Device \Driver\usbehci \Device\USBPDO-3 8645A1F8
Device \Driver\usbuhci \Device\USBPDO-4 864E31F8
AttachedDevice \Driver\Tcpip \Device\Tcp NEOFLTR_650_15215.SYS (NetBIOS Redirector/Juniper Networks)
Device \Driver\Ftdisk \Device\HarddiskVolume1 86F671F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 86F671F8
Device \Driver\Cdrom \Device\CdRom0 863EA1F8
Device \Driver\USBSTOR \Device\00000072 85E9C500
Device \Driver\Cdrom \Device\CdRom1 863EA1F8
Device \Driver\iastor \Device\Ide\iaStor0 [F7288020] iastor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 86F661F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 86F661F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 86F661F8
Device \Driver\iastor \Device\Ide\IAAStorageDevice-0 [F7288020] iastor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Ftdisk \Device\HarddiskVolume3 86F671F8
Device \Driver\Cdrom \Device\CdRom2 863EA1F8
Device \Driver\USBSTOR \Device\00000074 85E9C500
Device \Driver\NetBT \Device\NetBT_Tcpip_{4FD6CE79-35E6-4069-95D9-210D76523600} 842EC1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 842EC1F8
Device \Driver\NetBT \Device\NetbiosSmb 842EC1F8
Device \Driver\PCI_PNP1792 \Device\0000004e spgq.sys
Device \Driver\PCI_PNP1792 \Device\0000004e spgq.sys
Device \Driver\sptd \Device\2714846792 spgq.sys
AttachedDevice \Driver\Tcpip \Device\Udp NEOFLTR_650_15215.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\RawIp NEOFLTR_650_15215.SYS (NetBIOS Redirector/Juniper Networks)
Device \Driver\usbuhci \Device\USBFDO-0 864E31F8
Device \Driver\usbuhci \Device\USBFDO-1 864E31F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 842E61F8
Device \Driver\usbuhci \Device\USBFDO-2 864E31F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 842E61F8
Device \Driver\usbuhci \Device\USBFDO-3 864E31F8
Device \Driver\usbehci \Device\USBFDO-4 8645A1F8
Device \Driver\Ftdisk \Device\FtControl 86F671F8
Device \Driver\azjje5ti \Device\Scsi\azjje5ti1 863D81F8
Device \Driver\azjje5ti \Device\Scsi\azjje5ti1Port2Path0Target0Lun0 863D81F8
Device \FileSystem\Fastfat \Fat 84112500
Device \FileSystem\Fastfat \Fat ABDD71F9
Device \FileSystem\Cdfs \Cdfs 85E8A500
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5A 0x1B 0xE0 0xE5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x62 0x9D 0xCE 0x46 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCA 0xDD 0x91 0x3C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5A 0x1B 0xE0 0xE5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x62 0x9D 0xCE 0x46 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCA 0xDD 0x91 0x3C ...
---- EOF - GMER 1.0.15 ----
Shaba
Security Expert: Emeritus
Please click this link-->Jotti
Copy/paste file on the list into the white Upload a file box and click Submit/Send (depends on which one you are using Jotti or VirusTotal).
c:\windows\System32\Drivers\azjje5ti.SYS
Please post back the results of the scan in your next post.
If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/
Copy/paste file on the list into the white Upload a file box and click Submit/Send (depends on which one you are using Jotti or VirusTotal).
c:\windows\System32\Drivers\azjje5ti.SYS
Please post back the results of the scan in your next post.
If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/
IamNumber1
New member
I tried finding that file and it wasn't there. I tried doing a search but it still wouldn't find it.
Also wanted to mention that when this computer is online, my xbox gets disconnected randomly. But when I take the ethernet cord (or shut the computer down) out of this computer, the xbox doesnt disconnect. I might just make a separate thread for that on the forum you suggested to use.
Also wanted to mention that when this computer is online, my xbox gets disconnected randomly. But when I take the ethernet cord (or shut the computer down) out of this computer, the xbox doesnt disconnect. I might just make a separate thread for that on the forum you suggested to use.
IamNumber1
New member
What about the file you wanted me to find? I couldn't find it. Is it fine then?
Last edited by a moderator: