GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-01-02 09:11:12 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e SAMSUNG_HD753LJ rev.1AA01110 Running: ttsz2uup.exe; Driver: C:\DOCUME~1\Admin\USTAWI~1\Temp\kfecafow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwAddBootEntry [0xABEE59E5] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwAllocateVirtualMemory [0xABEE7963] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwClose [0xABEC3532] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwCreateEvent [0xABEE7FA5] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwCreateEventPair [0xABEE8233] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwCreateFile [0xABEB9DCA] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwCreateKey [0xABEC6D66] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwCreateMutant [0xABEE84B9] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwCreateProcess [0xABECB8D4] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwCreateProcessEx [0xABECBAA8] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwCreateSection [0xABEC3F26] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwCreateSemaphore [0xABEE8743] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwCreateSymbolicLinkObject [0xABEE5D08] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwCreateThread [0xABED82C4] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwDebugActiveProcess [0xABEE6893] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwDeleteBootEntry [0xABEE5A66] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwDeleteFile [0xABEC38D3] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwDeleteKey [0xABEC79A3] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwDeleteValueKey [0xABEC7BC7] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwDeviceIoControlFile [0xABEE50DD] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwDuplicateObject [0xABECDAD3] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwFreeVirtualMemory [0xABEE7C03] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwFsControlFile [0xABECF488] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwInitiatePowerAction [0xABEE8BAF] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwLoadDriver [0xABEE8C4F] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwLoadKey [0xABEC8313] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwLoadKey2 [0xABEC85EA] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwLockFile [0xABEE90F4] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwMakeTemporaryObject [0xABEE5F4F] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwMapViewOfSection [0xABECC863] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwModifyBootEntry [0xABEE5AE3] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwOpenEvent [0xABEE80F0] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwOpenEventPair [0xABEE8376] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwOpenFile [0xABEBD47A] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwOpenKey [0xABEC5DD1] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwOpenMutant [0xABEE8600] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwOpenProcess [0xABECA63A] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwOpenSection [0xABEC48A5] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwOpenSemaphore [0xABEE888E] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwOpenThread [0xABECA969] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwProtectVirtualMemory [0xABEE6F5B] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwQueryValueKey [0xABEC9B0E] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwQueueApcThread [0xABEE6BC7] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwRaiseHardError [0xABEE8B01] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwReadFile [0xABEC293B] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwReadFileScatter [0xABEC309C] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwReadRequestData [0xABED2363] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwReadVirtualMemory [0xABEE7386] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwRenameKey [0xABEC8A2D] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwReplaceKey [0xABEC88D5] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwReplyWaitReceivePort [0xABED5DA4] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwReplyWaitReceivePortEx [0xABED617B] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwRestoreKey [0xABEC7FA4] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwResumeThread [0xABED8EF2] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwSaveKey [0xABEC817E] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwSaveKeyEx [0xABEC918B] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwSaveMergedKeys [0xABEC92F4] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwSetBootEntryOrder [0xABEE5B60] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwSetBootOptions [0xABEE5BE1] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwSetContextThread [0xABEE6A0B] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwSetInformationFile [0xABEC4FBD] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwSetInformationObject [0xABEE8CDD] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwSetInformationProcess [0xABEE6381] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwSetSecurityObject [0xABEE614A] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwSetSystemInformation [0xABED1DDE] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwSetSystemPowerState [0xABEE89D1] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwSetSystemTime [0xABEE7E7D] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwSetValueKey [0xABEC7353] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwShutdownSystem [0xABEE8A6D] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwSuspendProcess [0xABEE94DD] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwSuspendThread [0xABEE93A8] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwSystemDebugControl [0xABEE5C62] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwTerminateProcess [0xABECC4A6] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwTerminateThread [0xABECC1FA] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwUnloadKey [0xABEC945D] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwUnloadKeyEx [0xABEC94DF] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwUnmapViewOfSection [0xABECD85D] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwVdmControl [0xABEE8EA7] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwWriteFile [0xABEBFB10] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwWriteFileGather [0xABEBEB0A] SSDT \SystemRoot\System32\Drivers\dwall.sys (DefenseWall/SoftSphere Technologies) ZwWriteVirtualMemory [0xABEE7576] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2C70 8050450C 12 Bytes [A5, 7F, EE, AB, 33, 82, EE, ...] {MOVSD ; JG 0xfffffffffffffff1; STOSD ; XOR EAX, [EDX-0x62355412]; JMP 0xffffffffffffffb7} .text ntkrnlpa.exe!ZwCallbackReturn + 2CAC 80504548 16 Bytes [26, 3F, EC, AB, 43, 87, EE, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2CD8 80504574 12 Bytes [66, 5A, EE, AB, D3, 38, EC, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2D68 80504604 16 Bytes [4F, 8C, EE, AB, 13, 83, EC, ...] {DEC EDI; MOV ESI, GS; STOSD ; ADC EAX, [EBX-0x7a155414]; IN AL, DX ; STOSD ; HLT ; NOP ; OUT DX, AL ; STOSD } .text ntkrnlpa.exe!ZwCallbackReturn + 2DAC 80504648 12 Bytes [F0, 80, EE, AB, 76, 83, EE, ...] .text ... .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB94C7000, 0x2191E7, 0xE8000020] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\notepad.exe[496] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [00911760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\notepad.exe[496] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [00911760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\notepad.exe[496] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [009118C0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\notepad.exe[496] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00911CD0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\notepad.exe[496] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [00911760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[784] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [00E11760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[784] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [00E11760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[784] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!GetPrivateProfileStringW] [00E118C0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[784] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryW] [00E11CD0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [00E11760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe[920] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [003F1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe[920] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [003F18C0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe[920] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [003F1CD0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe[920] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [003F1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe[920] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [003F1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\RTHDCPL.EXE[948] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [01A61760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\RTHDCPL.EXE[948] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [01A61760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\RTHDCPL.EXE[948] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [01A618C0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\RTHDCPL.EXE[948] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [01A61CD0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\RTHDCPL.EXE[948] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [01A61760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\Ati2evxx.exe[1000] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [003E1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\Ati2evxx.exe[1000] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [003E1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\Ati2evxx.exe[1000] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [003E18C0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\Ati2evxx.exe[1000] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [003E1CD0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\Ati2evxx.exe[1000] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [003E1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\DefenseWall\DefenseWall.exe[1060] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [00C51760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\DefenseWall\DefenseWall.exe[1060] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [00C51760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\DefenseWall\DefenseWall.exe[1060] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [00C518C0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\DefenseWall\DefenseWall.exe[1060] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00C51CD0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\DefenseWall\DefenseWall.exe[1060] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [00C51760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Logitech\SetPointP\SetPoint.exe[1080] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [00B31760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Logitech\SetPointP\SetPoint.exe[1080] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [00B31760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Logitech\SetPointP\SetPoint.exe[1080] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [00B318C0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Logitech\SetPointP\SetPoint.exe[1080] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00B31CD0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Logitech\SetPointP\SetPoint.exe[1080] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [00B31760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[1120] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [00781760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[1120] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [00781760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[1120] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [007818C0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[1120] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00781CD0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[1120] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [00781760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\Ati2evxx.exe[1324] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [003E1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\Ati2evxx.exe[1324] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [003E1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\Ati2evxx.exe[1324] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [003E18C0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\Ati2evxx.exe[1324] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [003E1CD0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\Ati2evxx.exe[1324] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [003E1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\spoolsv.exe[1528] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [00901760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\spoolsv.exe[1528] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [00901760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\spoolsv.exe[1528] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [009018C0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\spoolsv.exe[1528] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00901CD0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\spoolsv.exe[1528] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [00901760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\Explorer.EXE[1856] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [00BC1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\Explorer.EXE[1856] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [00BC1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\Explorer.EXE[1856] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [00BC1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\Explorer.EXE[1856] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [00BC18C0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\Explorer.EXE[1856] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00BC1CD0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Immunet Protect\2.0.17\iptray.exe[1908] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [01071760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Immunet Protect\2.0.17\iptray.exe[1908] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [01071760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Immunet Protect\2.0.17\iptray.exe[1908] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [010718C0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Immunet Protect\2.0.17\iptray.exe[1908] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [01071CD0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Immunet Protect\2.0.17\iptray.exe[1908] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [01071760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Immunet Protect\2.0.17\agent.exe[1924] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [00C61760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Immunet Protect\2.0.17\agent.exe[1924] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [00C618C0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Immunet Protect\2.0.17\agent.exe[1924] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00C61CD0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Immunet Protect\2.0.17\agent.exe[1924] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [00C61760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Immunet Protect\2.0.17\agent.exe[1924] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [00C61760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Java\jre6\bin\jqs.exe[1948] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [006C1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Java\jre6\bin\jqs.exe[1948] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [006C1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Java\jre6\bin\jqs.exe[1948] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [006C18C0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Java\jre6\bin\jqs.exe[1948] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [006C1CD0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Java\jre6\bin\jqs.exe[1948] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [006C1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\ctfmon.exe[2188] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [003A1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\ctfmon.exe[2188] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [003A1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\ctfmon.exe[2188] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [003A18C0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\ctfmon.exe[2188] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [003A1CD0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\WINDOWS\system32\ctfmon.exe[2188] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [003A1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2220] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [00921760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2220] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [009218C0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2220] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00921CD0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2220] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [00921760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2220] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [00921760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Documents and Settings\Admin\Pulpit\ttsz2uup.exe[3032] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [00AA1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Documents and Settings\Admin\Pulpit\ttsz2uup.exe[3032] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [00AA18C0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Documents and Settings\Admin\Pulpit\ttsz2uup.exe[3032] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00AA1CD0] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Documents and Settings\Admin\Pulpit\ttsz2uup.exe[3032] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [00AA1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) IAT C:\Documents and Settings\Admin\Pulpit\ttsz2uup.exe[3032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [00AA1760] C:\WINDOWS\system32\dwall_lnk.dll (dwall_lnk/SoftSphere Technologies) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs dwall.sys (DefenseWall/SoftSphere Technologies) AttachedDevice \Driver\Tcpip \Device\Ip dwall.sys (DefenseWall/SoftSphere Technologies) AttachedDevice \Driver\Tcpip \Device\Tcp dwall.sys (DefenseWall/SoftSphere Technologies) AttachedDevice \Driver\Tcpip \Device\Udp dwall.sys (DefenseWall/SoftSphere Technologies) AttachedDevice \Driver\Tcpip \Device\RawIp dwall.sys (DefenseWall/SoftSphere Technologies) ---- EOF - GMER 1.0.15 ----