Scans Run; Malware and GMER Logs Here
MALWARE:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4289
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928
7/7/2010 5:19:25 PM
mbam-log-2010-07-07 (17-19-25).txt
Scan type: Quick scan
Objects scanned: 132684
Time elapsed: 5 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4289
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928
7/7/2010 5:19:25 PM
mbam-log-2010-07-07 (17-19-25).txt
Scan type: Quick scan
Objects scanned: 132684
Time elapsed: 5 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER
GMER 1.0.15.15281 -
http://www.gmer.net
Rootkit scan 2010-07-07 23:35:02
Windows 6.0.6002 Service Pack 2
Running: lkdw2sld.exe; Driver: C:\Users\Owner\AppData\Local\Temp\uwrcapow.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x8CE3850A]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0x8CE3832E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0x8CE38468]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
PAGE ntkrnlpa.exe!ZwLoadDriver 81FA3DF0 7 Bytes JMP 8CE3846C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 8200F28F 5 Bytes JMP 8CE344AA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 82068038 5 Bytes JMP 8CE3597E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 820698C3 7 Bytes JMP 8CE38332 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 820C9892 7 Bytes JMP 8CE3850E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x87B53480, 0x3C939, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x87B94900, 0x3CA, 0x48000040]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\Explorer.EXE[1904] ntdll.dll!NtProtectVirtualMemory 778E4D34 5 Bytes JMP 0018000A
.text C:\Windows\Explorer.EXE[1904] ntdll.dll!NtWriteVirtualMemory 778E5674 5 Bytes JMP 0019000A
.text C:\Windows\Explorer.EXE[1904] ntdll.dll!KiUserExceptionDispatcher 778E5DC8 5 Bytes JMP 0017000A
.text C:\Windows\system32\svchost.exe[6092] ntdll.dll!NtProtectVirtualMemory 778E4D34 5 Bytes JMP 0081000A
.text C:\Windows\system32\svchost.exe[6092] ntdll.dll!NtWriteVirtualMemory 778E5674 5 Bytes JMP 0082000A
.text C:\Windows\system32\svchost.exe[6092] ntdll.dll!KiUserExceptionDispatcher 778E5DC8 5 Bytes JMP 0080000A
.text C:\Windows\system32\svchost.exe[6092] ole32.dll!CoCreateInstance 76639EA6 5 Bytes JMP 0099000A
.text C:\Windows\system32\svchost.exe[6092] USER32.dll!GetCursorPos 75F60B88 5 Bytes JMP 00EA000A
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\system32\services.exe[692] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00010002
IAT C:\Windows\system32\services.exe[692] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00010000
IAT C:\Windows\Explorer.EXE[1904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73B27817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73B7A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73B2BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73B1F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73B275E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73B1E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73B58395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73B2DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73B1FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73B1FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73B171CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73BACAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73B4C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73B1D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73B16853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73B1687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73B22AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Threads - GMER 1.0.15 ----
Thread System [4:2888] AD5228C8
Thread System [4:2892] AD5228C8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@LazyCheckPointUpdateInterval 604800
---- EOF - GMER 1.0.15 ----