After clearing several viruses, I ran Avast! and found these issues:
C:\Windows\explorer.exe (two times)
C:\Windows\System32\Winlogon.exe
Thank you in advance for all your help!
Malwarebytes:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
10/27/2010 8:54:24 PM
mbam-log-2010-10-27 (20-54-24).txt
Scan type: Quick scan
Objects scanned: 133226
Time elapsed: 30 minute(s), 59 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER
GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-10-27 19:36:20
Windows 5.1.2600 Service Pack 3
Running: uiw50t5x.exe; Driver: C:\DOCUME~1\Ken\LOCALS~1\Temp\uwpcrkod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xAC67BCF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xAC67BBAC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xAC67C160]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xAC67C08A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xAC67B782]
SSDT speh.sys ZwEnumerateKey [0xB9ECDDA4]
SSDT speh.sys ZwEnumerateValueKey [0xB9ECE132]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xAC67BC86]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xAC67B6C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xAC67B726]
SSDT speh.sys ZwQueryKey [0xB9ECE20A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xAC67BDA6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xAC67C22E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xAC67BD66]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xAC67BEE6]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAC73F620]
INT 0x62 ? 8B09EBF8
INT 0x73 ? 8B09EBF8
INT 0x73 ? 8B09EBF8
INT 0x73 ? 8B09EBF8
INT 0x73 ? 8B09EBF8
INT 0x73 ? 8AED9DF8
INT 0x73 ? 8B09EBF8
INT 0x82 ? 8B09EBF8
INT 0x83 ? 8AED9DF8
INT 0x84 ? 8AED9DF8
INT 0xA4 ? 8AED9DF8
INT 0xA4 ? 8AED9DF8
INT 0xA4 ? 8AED9DF8
INT 0xA4 ? 8AED9DF8
INT 0xB4 ? 8AED9DF8
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAC688BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xAC6889D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xAC688B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP AC688B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP AC6889D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP AC6845D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP AC685FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP AC688BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? speh.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB9000000, 0x253E67, 0xE8000020]
.text USBPORT.SYS!DllUnload B8FB78AC 5 Bytes JMP 8AED93D8
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\Explorer.EXE[400] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FF000A
.text C:\WINDOWS\Explorer.EXE[400] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0114000A
.text C:\WINDOWS\Explorer.EXE[400] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00FE000C
.text C:\WINDOWS\System32\svchost.exe[1524] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D9000A
.text C:\WINDOWS\System32\svchost.exe[1524] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00DA000A
.text C:\WINDOWS\System32\svchost.exe[1524] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00D8000C
.text C:\WINDOWS\System32\svchost.exe[1524] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00FE000A
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1928] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\WINDOWS\system32\wuauclt.exe[2036] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0163000A
.text C:\WINDOWS\system32\wuauclt.exe[2036] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0164000A
.text C:\WINDOWS\system32\wuauclt.exe[2036] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0162000C
.text C:\Program Files\Mozilla Firefox\firefox.exe[2208] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01D6000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2208] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 01D7000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2208] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 01D5000C
.text C:\Program Files\Mozilla Firefox\firefox.exe[2208] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3844] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A8000A
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3844] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A9000A
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3844] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A7000C
.text C:\WINDOWS\system32\SearchIndexer.exe[4084] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00F61B19 C:\WINDOWS\system32\mssrch.dll (mssrch.lib/Microsoft Corporation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EB6042] speh.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EB613E] speh.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EB60C0] speh.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EB6800] speh.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EB66D6] speh.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[872] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003B0002
IAT C:\WINDOWS\system32\services.exe[872] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003B0000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 8B09D1F8
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\usbuhci \Device\USBPDO-0 8AE3D1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8B0FC1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8B0FC1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8B0FC1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8B0FC1F8
Device \Driver\usbuhci \Device\USBPDO-1 8AE3D1F8
Device \Driver\usbuhci \Device\USBPDO-2 8AE3D1F8
Device \Driver\usbehci \Device\USBPDO-3 8AE2D1F8
Device \Driver\usbuhci \Device\USBPDO-4 8AE3D1F8
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\usbuhci \Device\USBPDO-5 8AE3D1F8
Device \Driver\usbuhci \Device\USBPDO-6 8AE3D1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8B09F1F8
Device \Driver\usbehci \Device\USBPDO-7 8AE2D1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8B09F1F8
Device \Driver\Cdrom \Device\CdRom0 8AE8C360
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8ADBCAEA
Device \Driver\atapi \Device\Ide\IdePort0 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 8ADBCAEA
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8ADBCAEA
Device \Driver\atapi \Device\Ide\IdePort1 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8ADBCAEA
Device \Driver\atapi \Device\Ide\IdePort2 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8ADBCAEA
Device \Driver\atapi \Device\Ide\IdePort3 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort4 8ADBCAEA
Device \Driver\atapi \Device\Ide\IdePort4 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort5 8ADBCAEA
Device \Driver\atapi \Device\Ide\IdePort5 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP3T0L0-10 8ADBCAEA
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\usbuhci \Device\USBFDO-0 8AE3D1F8
Device \Driver\usbuhci \Device\USBFDO-1 8AE3D1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89FEC500
Device \Driver\usbuhci \Device\USBFDO-2 8AE3D1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89FEC500
Device \Driver\usbehci \Device\USBFDO-3 8AE2D1F8
Device \Driver\usbuhci \Device\USBFDO-4 8AE3D1F8
Device \Driver\Ftdisk \Device\FtControl 8B09F1F8
Device \Driver\usbuhci \Device\USBFDO-5 8AE3D1F8
Device \Driver\usbuhci \Device\USBFDO-6 8AE3D1F8
Device \Driver\usbehci \Device\USBFDO-7 8AE2D1F8
Device \FileSystem\Cdfs \Cdfs 8A025500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x98 0x80 0x48 0xF9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6F 0x20 0x51 0x37 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x26 0xFD 0x97 0xB4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x98 0x80 0x48 0xF9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6F 0x20 0x51 0x37 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x26 0xFD 0x97 0xB4 ...
---- EOF - GMER 1.0.15 ----
C:\Windows\explorer.exe (two times)
C:\Windows\System32\Winlogon.exe
Thank you in advance for all your help!
Malwarebytes:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
10/27/2010 8:54:24 PM
mbam-log-2010-10-27 (20-54-24).txt
Scan type: Quick scan
Objects scanned: 133226
Time elapsed: 30 minute(s), 59 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER
GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-10-27 19:36:20
Windows 5.1.2600 Service Pack 3
Running: uiw50t5x.exe; Driver: C:\DOCUME~1\Ken\LOCALS~1\Temp\uwpcrkod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xAC67BCF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xAC67BBAC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xAC67C160]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xAC67C08A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xAC67B782]
SSDT speh.sys ZwEnumerateKey [0xB9ECDDA4]
SSDT speh.sys ZwEnumerateValueKey [0xB9ECE132]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xAC67BC86]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xAC67B6C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xAC67B726]
SSDT speh.sys ZwQueryKey [0xB9ECE20A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xAC67BDA6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xAC67C22E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xAC67BD66]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xAC67BEE6]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAC73F620]
INT 0x62 ? 8B09EBF8
INT 0x73 ? 8B09EBF8
INT 0x73 ? 8B09EBF8
INT 0x73 ? 8B09EBF8
INT 0x73 ? 8B09EBF8
INT 0x73 ? 8AED9DF8
INT 0x73 ? 8B09EBF8
INT 0x82 ? 8B09EBF8
INT 0x83 ? 8AED9DF8
INT 0x84 ? 8AED9DF8
INT 0xA4 ? 8AED9DF8
INT 0xA4 ? 8AED9DF8
INT 0xA4 ? 8AED9DF8
INT 0xA4 ? 8AED9DF8
INT 0xB4 ? 8AED9DF8
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAC688BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xAC6889D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xAC688B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP AC688B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP AC6889D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP AC6845D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP AC685FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP AC688BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? speh.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB9000000, 0x253E67, 0xE8000020]
.text USBPORT.SYS!DllUnload B8FB78AC 5 Bytes JMP 8AED93D8
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\Explorer.EXE[400] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FF000A
.text C:\WINDOWS\Explorer.EXE[400] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0114000A
.text C:\WINDOWS\Explorer.EXE[400] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00FE000C
.text C:\WINDOWS\System32\svchost.exe[1524] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D9000A
.text C:\WINDOWS\System32\svchost.exe[1524] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00DA000A
.text C:\WINDOWS\System32\svchost.exe[1524] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00D8000C
.text C:\WINDOWS\System32\svchost.exe[1524] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00FE000A
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1928] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\WINDOWS\system32\wuauclt.exe[2036] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0163000A
.text C:\WINDOWS\system32\wuauclt.exe[2036] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0164000A
.text C:\WINDOWS\system32\wuauclt.exe[2036] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0162000C
.text C:\Program Files\Mozilla Firefox\firefox.exe[2208] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01D6000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2208] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 01D7000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2208] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 01D5000C
.text C:\Program Files\Mozilla Firefox\firefox.exe[2208] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3844] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A8000A
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3844] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A9000A
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3844] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A7000C
.text C:\WINDOWS\system32\SearchIndexer.exe[4084] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00F61B19 C:\WINDOWS\system32\mssrch.dll (mssrch.lib/Microsoft Corporation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EB6042] speh.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EB613E] speh.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EB60C0] speh.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EB6800] speh.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EB66D6] speh.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[872] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003B0002
IAT C:\WINDOWS\system32\services.exe[872] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003B0000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 8B09D1F8
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\usbuhci \Device\USBPDO-0 8AE3D1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8B0FC1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8B0FC1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8B0FC1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8B0FC1F8
Device \Driver\usbuhci \Device\USBPDO-1 8AE3D1F8
Device \Driver\usbuhci \Device\USBPDO-2 8AE3D1F8
Device \Driver\usbehci \Device\USBPDO-3 8AE2D1F8
Device \Driver\usbuhci \Device\USBPDO-4 8AE3D1F8
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\usbuhci \Device\USBPDO-5 8AE3D1F8
Device \Driver\usbuhci \Device\USBPDO-6 8AE3D1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8B09F1F8
Device \Driver\usbehci \Device\USBPDO-7 8AE2D1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8B09F1F8
Device \Driver\Cdrom \Device\CdRom0 8AE8C360
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8ADBCAEA
Device \Driver\atapi \Device\Ide\IdePort0 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 8ADBCAEA
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8ADBCAEA
Device \Driver\atapi \Device\Ide\IdePort1 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8ADBCAEA
Device \Driver\atapi \Device\Ide\IdePort2 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8ADBCAEA
Device \Driver\atapi \Device\Ide\IdePort3 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort4 8ADBCAEA
Device \Driver\atapi \Device\Ide\IdePort4 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort5 8ADBCAEA
Device \Driver\atapi \Device\Ide\IdePort5 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP3T0L0-10 8ADBCAEA
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\usbuhci \Device\USBFDO-0 8AE3D1F8
Device \Driver\usbuhci \Device\USBFDO-1 8AE3D1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89FEC500
Device \Driver\usbuhci \Device\USBFDO-2 8AE3D1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89FEC500
Device \Driver\usbehci \Device\USBFDO-3 8AE2D1F8
Device \Driver\usbuhci \Device\USBFDO-4 8AE3D1F8
Device \Driver\Ftdisk \Device\FtControl 8B09F1F8
Device \Driver\usbuhci \Device\USBFDO-5 8AE3D1F8
Device \Driver\usbuhci \Device\USBFDO-6 8AE3D1F8
Device \Driver\usbehci \Device\USBFDO-7 8AE2D1F8
Device \FileSystem\Cdfs \Cdfs 8A025500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x98 0x80 0x48 0xF9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6F 0x20 0x51 0x37 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x26 0xFD 0x97 0xB4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x98 0x80 0x48 0xF9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6F 0x20 0x51 0x37 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x26 0xFD 0x97 0xB4 ...
---- EOF - GMER 1.0.15 ----