Here are the logs, as requested. However, in Step 3, I could not complete the step for Windows Updates. This infection has disabled all connection requests to Microsoft/Windows sites, both in-browser and via automatic updates.
-----------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4165
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
6/8/2010 9:02:36 AM
mbam-log-2010-06-08 (09-02-36).txt
Scan type: Quick scan
Objects scanned: 124454
Time elapsed: 6 minute(s), 13 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
---------------------------------------------------------------------------------
GMER 1.0.15.15281 -
http://www.gmer.net
Rootkit scan 2010-06-08 09:22:12
Windows 6.0.6002 Service Pack 2
Running: y939wg53.exe; Driver: C:\Users\Don\AppData\Local\Temp\pwldapow.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x8EE1CAC6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0x8EE1C8EA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0x8EE1CA24]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
PAGE ntkrnlpa.exe!ZwLoadDriver 81D72DF0 7 Bytes JMP 8EE1CA28 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 81DDE28F 5 Bytes JMP 8EE18536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 81E37038 5 Bytes JMP 8EE19EC2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 81E388C3 7 Bytes JMP 8EE1C8EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 81E98892 7 Bytes JMP 8EE1CACA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8D804320, 0x3F5147, 0xE8000020]
? system32\drivers\WPRO_40_1340.sys The system cannot find the path specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\Explorer.EXE[816] ntdll.dll!NtProtectVirtualMemory 77CA4D34 5 Bytes JMP 0025000A
.text C:\Windows\Explorer.EXE[816] ntdll.dll!NtWriteVirtualMemory 77CA5674 5 Bytes JMP 0026000A
.text C:\Windows\Explorer.EXE[816] ntdll.dll!KiUserExceptionDispatcher 77CA5DC8 5 Bytes JMP 0024000A
.text C:\PROGRA~1\Raptr\raptr.exe[1708] USER32.dll!WindowFromPoint 7758884F 5 Bytes JMP 07B81A38
.text C:\PROGRA~1\Raptr\raptr.exe[1708] USER32.dll!ShowWindow 7758CA10 5 Bytes JMP 07B84A50
.text C:\PROGRA~1\Raptr\raptr.exe[1708] USER32.dll!SetWindowPos 775935E3 5 Bytes JMP 07B86A60
.text C:\PROGRA~1\Raptr\raptr.exe[1708] USER32.dll!DestroyWindow 77597FB6 5 Bytes JMP 07B85A58
.text C:\PROGRA~1\Raptr\raptr.exe[1708] USER32.dll!DispatchMessageA 77598B6D 5 Bytes JMP 07B82A40
.text C:\PROGRA~1\Raptr\raptr.exe[1708] USER32.dll!DispatchMessageW 775A021C 5 Bytes JMP 07B83A48
.text C:\PROGRA~1\Raptr\raptr.exe[1708] USER32.dll!GetCursorPos 775A0B88 5 Bytes JMP 07B88A70
.text C:\PROGRA~1\Raptr\raptr.exe[1708] USER32.dll!AnimateWindow 775AA52D 5 Bytes JMP 07B87A68
.text C:\PROGRA~1\Raptr\raptr.exe[1708] GDI32.dll!BitBlt 766B70A6 5 Bytes JMP 07B80A30
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\system32\services.exe[612] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00010002
IAT C:\Windows\system32\services.exe[612] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00010000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
Device \FileSystem\fastfat \FatCdrom aswSP.SYS (avast! self protection module/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\BTHUSB \Device\00000070 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000070 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdePort0 dvd43llh.sys (dvd43llh.sys/RIF)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\BTHUSB \Device\0000006e bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000006e bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \FileSystem\fastfat \Fat aswSP.SYS (avast! self protection module/ALWIL Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----
Library C:\Windows\system32\rpcnet.exe (*** hidden *** ) @ C:\Windows\system32\rpcnet.exe [4036] 0x00400000
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1f16272
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1f16272@002568f29ca2 0xB6 0x47 0x1F 0x07 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDC 0xF5 0xD6 0x05 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6D 0x65 0xAA 0x18 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBF 0xEE 0x1F 0x22 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe1f16272 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe1f16272@002568f29ca2 0xB6 0x47 0x1F 0x07 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDC 0xF5 0xD6 0x05 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6D 0x65 0xAA 0x18 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBF 0xEE 0x1F 0x22 ...
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@LogName C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy170.gthr
---- EOF - GMER 1.0.15 ----