Jump to content

Recommended Posts

hi i'm having problems updating malware

GMER 1.0.15.15572 - http://www.gmer.net

Rootkit scan 2011-05-03 14:40:45

Windows 5.1.2600 Service Pack 2 Harddisk1\DR1 -> \Device\00000032 SAMSUNG_HD080HJ rev.ZH100-41

Running: ui6xxc57.exe; Driver: C:\DOCUME~1\Walters\LOCALS~1\Temp\fxtdypow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xEEC2A534]

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xEEC24782]

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF73ACE64]

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xEEC2ACC0]

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF738CEEE]

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF738D0E0]

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xEEC2ADF6]

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xEEC25398]

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF73AD652]

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF73AD906]

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xEEC4593C]

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xEEC45B44]

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xEEC24FAA]

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF73ABB64]

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF73ADD72]

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xEEC46208]

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xEEC2A0F4]

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xEEC472A4]

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xEEC2575C]

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xEEC46E12]

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF73AD124]

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF738CB5C]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 23E4 805010E8 12 Bytes [C0, AC, C2, EE, EE, CE, 38, ...] {SHR BYTE [EDX+EAX*8+0x38ceeeee], 0xf7; LOOPNZ 0xffffffffffffffda; CMP BH, DH}

? C:\DOCUME~1\Walters\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\program files\real\realplayer\update\realsched.exe[512] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00B10001

.text C:\program files\real\realplayer\update\realsched.exe[512] kernel32.dll!SetUnhandledExceptionFilter 7C810386 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

.text C:\PROGRA~1\MICROS~3\rapimgr.exe[696] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00B00001

.text C:\WINDOWS\System32\svchost.exe[1204] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 00EF000A

.text C:\WINDOWS\System32\svchost.exe[1204] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 00F0000A

.text C:\WINDOWS\System32\svchost.exe[1204] ntdll.dll!KiUserExceptionDispatcher 7C90EAEC 5 Bytes JMP 00A6000C

.text C:\WINDOWS\System32\svchost.exe[1204] USER32.dll!GetForegroundWindow 77D4C4AE 5 Bytes JMP 019E000A

.text C:\WINDOWS\System32\svchost.exe[1204] USER32.dll!GetCursorPos 77D4C566 5 Bytes JMP 019C000A

.text C:\WINDOWS\System32\svchost.exe[1204] USER32.dll!WindowFromPoint 77D4C57E 5 Bytes JMP 019D000A

.text C:\WINDOWS\System32\svchost.exe[1204] ole32.dll!CoCreateInstance 77526009 5 Bytes JMP 00C5000A

.text C:\WINDOWS\Explorer.EXE[1676] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 0118000A

.text C:\WINDOWS\Explorer.EXE[1676] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 0119000A

.text C:\WINDOWS\Explorer.EXE[1676] ntdll.dll!KiUserExceptionDispatcher 7C90EAEC 5 Bytes JMP 00FF000C

.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2160] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00B10001

.text C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe[2244] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00BF0001

.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2572] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00C20001

.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ADAiO2MUI.exe[2672] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00D90001

.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2840] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00AF0001

.text ...

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice sisidex.sys (FileSpy Filter Driver/Windows ® 2000 DDK provider)

Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

Device \Driver\PCTSDInjDriver32 \Device\PCTSDInjDriver32 PCTSDInj32.sys

Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)

Device \Device\00000077 -> \??\IDE#DiskSAMSUNG_HD080HJ_________________________ZH100-41#30534538314A4C4C343539333238202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000c55f7a4d0

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000c55f7a4d0@001247abcb1f 0xEB 0x97 0x54 0xD7 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000c55f7a4d0@001a1635ca20 0x4E 0x23 0x8A 0x8C ...

Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\000c55f7a4d0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\000c55f7a4d0@001247abcb1f 0xEB 0x97 0x54 0xD7 ...

Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\000c55f7a4d0@001a1635ca20 0x4E 0x23 0x8A 0x8C ...

---- EOF - GMER 1.0.15 ----

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Walters at 13:25:59.59 on 03/05/2011

Internet Explorer: 6.0.2900.2180

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.653 [GMT 1:00]

.

FW: ZoneAlarm Firewall *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Advent\AIO\Center\ADAIOHostService.exe

C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

C:\WINDOWS\system32\svchost.exe -k bthsvcs

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\NetworkService\Local Settings\Application Data\wuj.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ADAiO2MUI.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

I:\dds.scr

C:\WINDOWS\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uWindow Title = Internet Explorer Provided By Sky Broadband

uDefault_Page_URL = hxxp://www.sky.com

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: H - No File

uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBit1.dll

mURLSearchHooks: H - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBit1.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBit1.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

TB: {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No File

TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [NPSStartup]

mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe

mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [Conime] %windir%\system32\conime.exe

mRun: [ADAiO2StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\ADAiO2MUI.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

dRun: [fVlsSOKNPqw] c:\documents and settings\all users\application data\fVlsSOKNPqw.exe

dRun: [AMService] c:\windows\temp\lqqx\setup.exe

dRun: [pCMnAnUyWW] c:\documents and settings\all users\application data\pCMnAnUyWW.exe

dRunOnce: [setDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'

dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe

dPolicies-system: DisableTaskMgr = 1 (0x1)

IE: &Search

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll

DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15030/CTSUEng.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172161266562

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15030/CTPID.cab

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-5-1 217032]

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-11-30 532224]

R2 Advent AIO Network Discovery Service;Advent AIO Network Discovery Service;c:\program files\advent\aio\center\ADAIOHostService.exe [2010-9-30 361904]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2011-5-1 112592]

R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2010-2-8 33792]

R3 rrau0001;rrau0001;c:\windows\system32\drivers\rrau0001.sys [2007-11-1 24576]

R3 rrwd0001;rrwd0001;c:\windows\system32\drivers\rrwd0001.sys [2007-11-1 71936]

S2 AMService;AMService;c:\windows\temp\lqqx\setup.exe run --> c:\windows\temp\lqqx\setup.exe run [?]

S2 gupdate1ca743a417767b0;Google Update Service (gupdate1ca743a417767b0);c:\program files\google\update\GoogleUpdate.exe [2009-12-3 133104]

S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

S3 DSCVc;Video Capture;c:\windows\system32\drivers\coachvc.sys --> c:\windows\system32\drivers\CoachVc.sys [?]

S3 EraserUtilDrvI10;EraserUtilDrvI10;\??\c:\program files\common files\symantec shared\eengine\eraserutildrvi10.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrvI10.sys [?]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-4-9 102448]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-3 133104]

S3 RescueDrv;BT Hub USB Rescue Driver;c:\windows\system32\drivers\resc_dwb.sys [2007-1-27 74828]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2011-5-1 366840]

S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2011-5-1 1142224]

.

=============== File Associations ===============

.

exefile="c:\documents and settings\networkservice\local settings\application data\wuj.exe" -a "%1" %*

.

=============== Created Last 30 ================

.

2011-05-03 11:56:08 -------- d-----w- c:\docume~1\walters\applic~1\Malwarebytes

2011-05-03 11:55:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-03 11:55:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-05-03 11:55:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-03 11:55:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-03 10:52:45 -------- d-----w- c:\docume~1\walters\locals~1\applic~1\Threat Expert

2011-05-03 10:02:28 1409 ----a-w- c:\windows\QTFont.for

2011-05-01 19:23:01 767952 ----a-w- c:\windows\BDTSupport.dll

2011-05-01 19:23:01 165840 ----a-w- c:\windows\PCTBDRes.dll

2011-05-01 19:23:01 1652688 ----a-w- c:\windows\PCTBDCore.dll

2011-05-01 19:23:01 149456 ----a-w- c:\windows\SGDetectionTool.dll

2011-05-01 19:22:37 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2011-05-01 19:22:32 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2011-05-01 19:22:32 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2011-05-01 19:22:22 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2011-05-01 19:22:04 -------- d-----w- c:\program files\Spyware Doctor

2011-05-01 19:22:04 -------- d-----w- c:\program files\common files\PC Tools

2011-05-01 19:22:04 -------- d-----w- c:\docume~1\walters\applic~1\PC Tools

2011-05-01 19:22:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools

2011-05-01 19:08:25 -------- d-----w- c:\program files\AVG

2011-05-01 18:50:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avg8

2011-04-30 21:08:30 13894 -c--a-w- c:\windows\system32\dllcache\zonelibm.dll

2011-04-30 21:08:29 4677 -c--a-w- c:\windows\system32\dllcache\zeeverm.dll

2011-04-30 21:08:29 41029 -c--a-w- c:\windows\system32\dllcache\zcorem.dll

2011-04-30 21:08:29 36937 -c--a-w- c:\windows\system32\dllcache\zclientm.exe

2011-04-30 21:08:29 29760 -c--a-w- c:\windows\system32\dllcache\znetm.dll

2011-04-30 21:08:29 113222 -c--a-w- c:\windows\system32\dllcache\zoneclim.dll

2011-04-30 21:08:22 5632 -c--a-w- c:\windows\system32\dllcache\write.exe

2011-04-30 21:08:21 214528 -c--a-w- c:\windows\system32\dllcache\wordpad.exe

2011-04-30 21:08:02 119808 -c--a-w- c:\windows\system32\dllcache\winmine.exe

2011-04-30 21:08:01 35328 -c--a-w- c:\windows\system32\dllcache\winchat.exe

2011-04-30 21:06:58 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll

2011-04-30 21:05:56 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll

2011-04-30 21:04:55 10129408 -c--a-w- c:\windows\system32\dllcache\hwxkor.dll

2011-04-30 21:03:59 102912 -c--a-w- c:\windows\system32\dllcache\clipbrd.exe

2011-04-30 21:02:47 598071 -c--a-w- c:\windows\system32\dllcache\fpmmc.dll

2011-04-30 20:58:20 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe

2011-04-30 20:58:20 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe

2011-04-30 20:57:37 32768 -c--a-w- c:\windows\system32\dllcache\icwdl.dll

2011-04-30 20:57:37 32768 ----a-w- c:\program files\internet explorer\connection wizard\icwdl.dll

2011-04-30 20:57:36 86016 -c--a-w- c:\windows\system32\dllcache\icwconn2.exe

2011-04-30 20:57:36 86016 ----a-w- c:\program files\internet explorer\connection wizard\icwconn2.exe

2011-04-30 20:57:36 20480 -c--a-w- c:\windows\system32\dllcache\inetwiz.exe

2011-04-30 20:57:36 20480 ----a-w- c:\program files\internet explorer\connection wizard\inetwiz.exe

2011-04-30 20:57:35 214528 -c--a-w- c:\windows\system32\dllcache\icwconn1.exe

2011-04-30 20:57:35 214528 ----a-w- c:\program files\internet explorer\connection wizard\icwconn1.exe

2011-04-30 20:34:40 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll

2011-04-30 20:34:40 13312 ----a-w- c:\windows\system32\irclass.dll

2011-04-30 20:34:39 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll

2011-04-30 20:34:39 24661 ----a-w- c:\windows\system32\spxcoins.dll

2011-04-30 20:33:54 13753 ----a-r- c:\windows\SET13F.tmp

2011-04-30 20:33:46 1086058 ----a-r- c:\windows\SET133.tmp

2011-04-30 20:33:40 1042903 ----a-r- c:\windows\SET130.tmp

2011-04-08 10:06:19 -------- d-----w- c:\docume~1\walters\applic~1\Puar

2011-04-08 10:06:19 -------- d-----w- c:\docume~1\walters\applic~1\Agpi

2011-04-08 09:39:38 -------- d-sh--w- C:\found.001

2011-04-04 08:45:28 548864 ----a-w- c:\docume~1\alluse~1\applic~1\pCMnAnUyWW.exe

2011-04-03 14:15:54 -------- d-----w- C:\Windows Repair

2011-04-03 14:15:51 475136 ----a-w- c:\docume~1\alluse~1\applic~1\18014004.exe

2011-04-03 14:06:42 544768 ----a-w- c:\docume~1\alluse~1\applic~1\fVlsSOKNPqw.exe

.

==================== Find3M ====================

.

2010-01-14 13:59:32 203776 --sha-w- c:\windows\system32\unrar.exe

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: SAMSUNG_HD080HJ rev.ZH100-41 -> Harddisk1\DR1 -> \Device\00000074

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll >>UNKNOWN [0x8730E439]<<

c:\windows\system32\drivers\PCTCore.sys PC Tools Kernel Driver Suite

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x873147d0]; MOV EAX, [0x8731484c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x804EDE00] -> \Device\Harddisk1\DR1[0x87300030]

3 CLASSPNP[0xF760105B] -> ntkrnlpa!IofCallDriver[0x804EDE00] -> [0x872F76C0]

5 PCTCore[0xF738FAC6] -> ntkrnlpa!IofCallDriver[0x804EDE00] -> \Device\00000078[0x872F8A30]

7 ACPI[0xF7448620] -> ntkrnlpa!IofCallDriver[0x804EDE00] -> [0x87354030]

\Driver\nvatabus[0x8732CB20] -> IRP_MJ_CREATE -> 0x8730E439

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

\Device\00000077 -> \??\IDE#DiskSAMSUNG_HD080HJ_________________________ZH100-41#30534538314A4C4C343539333238202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

user != kernel MBR !!!

sectors 156301486 (+255): user != kernel

Warning: possible TDL4 rootkit infection !

TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

.

============= FINISH: 13:26:58.89 ===============

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.