Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help please


  • This topic is locked This topic is locked
18 replies to this topic

#1 cloudz

cloudz

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 08 May 2010 - 02:53 AM

Hi all

can someone please help me with my Hijack this log i am very inexperienced and totally new to forums etc i know i have some major issues but i just cant seem to get rid of them so any assistance would be greatly appreciated.

thanks in advance

CloudZ

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:49:38, on 08/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\3 Mobile Broadband\3Connect\WilogApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

F2 - REG:system.ini: Shell=explorer.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O17 - HKLM\System\CCS\Services\Tcpip\..\{513E0781-F321-4F35-9A9B-4BD785CEF7A4}: NameServer = 217.171.132.5 217.171.132.1
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 3638 bytes


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:04 AM

Posted 10 May 2010 - 04:56 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:04 AM

Posted 15 May 2010 - 11:02 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:04 AM

Posted 17 May 2010 - 05:25 PM

Hi,

topic reopened, please post your logs.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 cloudz

cloudz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 20 May 2010 - 02:48 AM

Thank you will now post them

#6 cloudz

cloudz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 20 May 2010 - 03:30 AM

OTL.Txt Doc

OTL logfile created on: 20/05/2010 08:48:42 - Run 3
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\kevo\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

503.00 Mb Total Physical Memory | 64.00 Mb Available Physical Memory | 13.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 24.42 Gb Free Space | 65.55% Space Free | Partition Type: NTFS
Drive D: | 540.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 25.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-4F4327B81B
Current User Name: kevo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\kevo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Trend Micro\Internet Security\UfUpdUi.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
PRC - C:\Program Files\3 Mobile Broadband\3Connect\WilogApp.exe (Birdstep Technology)
PRC - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe (Trend Micro Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\kevo\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
SRV - (RUBotted) -- C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe (Trend Micro Inc.)
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Driver Services (SafeList) ==========

DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (tmtdi) -- C:\WINDOWS\system32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (tmactmon) -- C:\WINDOWS\system32\drivers\tmactmon.sys (Trend Micro Inc.)
DRV - (tmevtmgr) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV - (fsbts) -- C:\WINDOWS\system32\Drivers\fsbts.sys ()
DRV - (RegGuard) -- C:\WINDOWS\system32\drivers\regguard.sys (Greatis Software)
DRV - (tmxpflt) -- C:\WINDOWS\system32\drivers\tmxpflt.sys (Trend Micro Inc.)
DRV - (tmpreflt) -- C:\WINDOWS\system32\drivers\tmpreflt.sys (Trend Micro Inc.)
DRV - (vsapint) -- C:\WINDOWS\system32\drivers\vsapint.sys (Trend Micro Inc.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (AVRec) -- C:\WINDOWS\system32\drivers\AVRec.sys (PC Tools Research Pty Ltd )
DRV - (AVHook) -- C:\WINDOWS\system32\drivers\AVHook.sys (PC Tools Research Pty Ltd.)
DRV - (AVFilter) -- C:\WINDOWS\system32\drivers\AVFilter.sys (PC Tools Research Pty Ltd)
DRV - (hwusbfake) -- C:\WINDOWS\system32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (TMPassthruMP) -- C:\WINDOWS\system32\drivers\TMPassthru.sys (Trend Micro Inc.)
DRV - (TMPassthru) -- C:\WINDOWS\system32\drivers\TMPassthru.sys (Trend Micro Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (mdvrmng) -- C:\WINDOWS\system32\drivers\mdvrmng.sys ()
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (GTIPCI21) -- C:\WINDOWS\system32\drivers\gtipci21.sys (Texas Instruments)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-507921405-1993962763-839522115-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-507921405-1993962763-839522115-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.4
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010/05/08 20:49:43 | 000,000,000 | ---D | M]

[2010/04/20 11:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kevo\Application Data\Mozilla\Extensions
[2010/05/19 21:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kevo\Application Data\Mozilla\Firefox\Profiles\gc4ut637.default\extensions
[2010/05/10 09:39:12 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\kevo\Application Data\Mozilla\Firefox\Profiles\gc4ut637.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/05/19 21:32:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/05/06 00:30:57 | 000,000,626 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507921405-1993962763-839522115-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-507921405-1993962763-839522115-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop Components:AutorunsDisabled () -
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/17 21:33:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/02/08 19:45:54 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/11/12 18:17:48 | 000,148,960 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/12/08 17:24:46 | 000,027,750 | R--- | M] () - E:\Autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2007/10/29 20:25:38 | 000,000,047 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/11/12 18:17:48 | 000,148,960 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: C:^Documents and Settings^kevo^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpReg: HitmanPro35 - hkey= - key= - C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.)
MsConfig - StartUpReg: McAfee QuickClean Imonitor - hkey= - key= - C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe File not found
MsConfig - StartUpReg: MCAgentExe - hkey= - key= - c:\PROGRA~1\mcafee.com\agent\mcagent.exe File not found
MsConfig - StartUpReg: McRegWiz - hkey= - key= - C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe File not found
MsConfig - StartUpReg: MCUpdateExe - hkey= - key= - C:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc)
MsConfig - StartUpReg: TMRUBottedTray - hkey= - key= - C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe (Trend Micro Inc.)

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PCTAVSvc -
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/12/17 21:32:33 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/05/20 08:21:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\kevo\Recent
[2010/05/16 19:04:14 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\kevo\Desktop\OTL.exe
[2010/05/15 08:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee.com
[2010/05/15 08:54:39 | 000,279,624 | R--- | C] (McAfee, Inc) -- C:\WINDOWS\System32\mcgdmgr.dll
[2010/05/15 08:54:38 | 000,341,064 | R--- | C] (McAfee, Inc) -- C:\WINDOWS\System32\mcinsctl.dll
[2010/05/15 08:54:38 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2010/05/12 22:51:28 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/05/12 19:15:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/05/12 19:14:43 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/05/12 18:37:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/10 09:54:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9 Installer
[2010/05/10 09:39:19 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/05/10 08:49:58 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/10 08:49:57 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/10 08:49:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/10 08:49:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/08 20:29:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kevo\My Documents\ForceField Shared Files
[2010/05/08 20:29:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kevo\Application Data\CheckPoint
[2010/05/08 20:29:22 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/05/08 20:29:06 | 000,058,248 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
[2010/05/08 20:29:01 | 000,103,816 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2010/05/08 20:29:00 | 000,069,000 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2010/05/08 20:28:51 | 000,041,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2010/05/08 20:28:48 | 001,238,408 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2010/05/08 20:28:47 | 000,109,960 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
[2010/05/08 20:28:46 | 000,299,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
[2010/05/08 20:28:46 | 000,107,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2010/05/08 20:28:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2010/05/08 20:28:43 | 000,486,280 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2010/05/08 20:28:42 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/05/08 20:27:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010/05/08 20:27:44 | 000,621,960 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2010/05/08 20:27:44 | 000,227,720 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2010/05/08 20:27:44 | 000,112,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
[2010/05/05 20:09:15 | 000,000,000 | ---D | C] -- C:\Program Files\Organizer
[2010/05/05 13:39:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kevo\My Documents\My Organizer Documents
[2010/05/05 13:39:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kevo\Application Data\Konrad Papala
[2010/05/05 13:11:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kevo\Application Data\InstallShield
[2010/05/05 13:08:11 | 000,206,608 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TMPassthru.sys
[2010/05/05 11:37:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/04/28 19:45:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kevo\Application Data\OpenOffice.org
[2010/04/22 15:23:29 | 000,158,224 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/04/22 15:23:29 | 000,059,920 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2010/04/22 15:23:29 | 000,050,704 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2010/04/22 15:21:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trend Micro
[2010/04/22 15:18:50 | 000,661,808 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\UfWSC.cpl
[2010/04/22 15:18:47 | 001,322,680 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\vsapint.sys
[2010/04/22 15:18:46 | 000,230,928 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmxpflt.sys
[2010/04/22 15:18:46 | 000,089,872 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmtdi.sys
[2010/04/22 15:18:46 | 000,036,368 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmpreflt.sys
[2010/04/20 20:57:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kevo\Application Data\IObit
[2010/04/20 12:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/04/20 12:25:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kevo\My Documents\Downloads
[2010/04/20 11:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kevo\Local Settings\Application Data\Mozilla
[2010/04/20 11:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kevo\Application Data\Mozilla
[2010/04/20 11:08:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kevo\Application Data\Sun
[2010/04/20 11:07:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\kevo\PrivacIE
[2010/04/20 11:06:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kevo\Application Data\Adobe
[2010/04/20 11:06:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kevo\Application Data\Birdstep Technology
[2010/04/20 11:02:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kevo\Application Data\Identities
[2010/04/20 11:02:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\kevo\My Documents\My Music
[2010/04/20 11:02:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\kevo\My Documents\My Pictures
[2010/04/20 11:01:56 | 000,000,000 | --SD | C] -- C:\Documents and Settings\kevo\Application Data\Microsoft
[2010/04/20 11:01:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\kevo\SendTo
[2010/04/20 11:01:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\kevo\Application Data
[2010/04/20 11:01:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\kevo\Start Menu
[2010/04/20 11:01:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\kevo\My Documents
[2010/04/20 11:01:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\kevo\Favorites
[2010/04/20 11:01:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\kevo\IETldCache
[2010/04/20 11:01:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\kevo\Cookies
[2010/04/20 11:01:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\kevo\Templates
[2010/04/20 11:01:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\kevo\PrintHood
[2010/04/20 11:01:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\kevo\NetHood
[2010/04/20 11:01:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\kevo\Local Settings
[2010/04/20 11:01:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kevo\Local Settings\Application Data\Microsoft
[2010/04/20 11:01:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kevo\Application Data\Macromedia
[2010/04/20 11:01:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kevo\Desktop
[2010/04/20 11:01:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kevo\Local Settings\Application Data\Adobe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/20 08:45:29 | 000,000,474 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (USER-4F4327B81B-kevo).job
[2010/05/20 08:41:14 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\kevo\Desktop\HiJackThis.lnk
[2010/05/20 08:41:00 | 000,512,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/20 08:41:00 | 000,438,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/20 08:41:00 | 000,070,368 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/20 08:36:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/20 08:36:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/20 00:21:56 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\kevo\NTUSER.DAT
[2010/05/20 00:21:16 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\kevo\ntuser.ini
[2010/05/19 14:07:41 | 010,140,570 | -H-- | M] () -- C:\Documents and Settings\kevo\Local Settings\Application Data\IconCache.db
[2010/05/17 17:45:17 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/05/16 19:03:44 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kevo\Desktop\OTL.exe
[2010/05/16 18:54:43 | 000,109,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/16 12:59:37 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/15 09:15:51 | 000,000,335 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/05/12 19:23:45 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/05/12 19:20:55 | 000,000,370 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2010/05/12 19:14:45 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/05/10 10:18:07 | 000,884,690 | ---- | M] () -- C:\Documents and Settings\kevo\My Documents\thinkandgrowrich.pdf
[2010/05/10 10:17:18 | 000,744,678 | ---- | M] () -- C:\Documents and Settings\kevo\My Documents\MasterKeySystem.pdf
[2010/05/10 10:15:20 | 000,632,676 | ---- | M] () -- C:\Documents and Settings\kevo\My Documents\Speedwealth.pdf
[2010/05/10 09:57:47 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/05/09 07:35:07 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\kevo\My Documents\Various fit outs I Worked[1].doc
[2010/05/09 07:32:51 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\kevo\My Documents\kevin CURICULUM VITAE jan.doc
[2010/05/08 20:30:53 | 000,422,437 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/05/08 20:29:19 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/05/08 20:29:10 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\kevo\Desktop\ZoneAlarm Security.lnk
[2010/05/06 22:58:40 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\kevo\Desktop\Shortcut to autoruns.lnk
[2010/05/06 00:30:57 | 000,000,626 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/05 20:09:18 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\kevo\Desktop\Total Organizer.lnk
[2010/05/05 13:20:51 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\kevo\My Documents\Default.rdp
[2010/05/05 11:33:59 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/25 21:05:17 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\kevo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/22 15:22:13 | 000,001,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Trend Micro AntiVirus plus AntiSpyware.lnk
[2010/04/22 15:18:50 | 000,661,808 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\UfWSC.cpl
[2010/04/22 15:18:46 | 000,158,224 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/04/22 15:18:46 | 000,089,872 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmtdi.sys
[2010/04/22 15:18:46 | 000,059,920 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2010/04/22 15:18:46 | 000,050,704 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2010/04/21 21:14:26 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\kevo\Desktop\Shortcut to CCleaner.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/20 08:45:28 | 000,000,474 | ---- | C] () -- C:\WINDOWS\tasks\McAfee.com Update Check (USER-4F4327B81B-kevo).job
[2010/05/12 19:20:55 | 000,000,370 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2010/05/12 19:15:32 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/05/12 19:14:45 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/05/12 18:38:32 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/12 18:38:28 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/10 10:17:59 | 000,884,690 | ---- | C] () -- C:\Documents and Settings\kevo\My Documents\thinkandgrowrich.pdf
[2010/05/10 10:16:43 | 000,744,678 | ---- | C] () -- C:\Documents and Settings\kevo\My Documents\MasterKeySystem.pdf
[2010/05/10 10:15:15 | 000,632,676 | ---- | C] () -- C:\Documents and Settings\kevo\My Documents\Speedwealth.pdf
[2010/05/09 07:35:04 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\kevo\My Documents\Various fit outs I Worked[1].doc
[2010/05/09 07:32:40 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\kevo\My Documents\kevin CURICULUM VITAE jan.doc
[2010/05/08 20:29:19 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/05/08 20:29:10 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\kevo\Desktop\ZoneAlarm Security.lnk
[2010/05/08 20:28:43 | 000,422,437 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/05/06 22:58:40 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\kevo\Desktop\Shortcut to autoruns.lnk
[2010/05/05 20:09:18 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\kevo\Desktop\Total Organizer.lnk
[2010/05/05 13:20:51 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\kevo\My Documents\Default.rdp
[2010/05/05 13:01:08 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\kevo\Desktop\HiJackThis.lnk
[2010/04/25 21:05:17 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\kevo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/22 15:22:12 | 000,001,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Trend Micro AntiVirus plus AntiSpyware.lnk
[2010/04/21 21:14:26 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\kevo\Desktop\Shortcut to CCleaner.lnk
[2010/04/20 11:02:24 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\kevo\ntuser.ini
[2010/04/20 11:02:23 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\kevo\ntuser.dat.LOG
[2010/04/20 11:01:56 | 002,883,584 | -H-- | C] () -- C:\Documents and Settings\kevo\NTUSER.DAT
[2010/04/19 19:14:02 | 000,000,204 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/03/13 14:44:20 | 000,033,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2010/02/11 16:04:30 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\mdvrmng.sys
[2010/02/08 23:53:19 | 000,000,142 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/01/27 15:34:44 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2010/01/15 17:17:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:AGP440.sys
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/01/15 17:17:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/01/15 17:17:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2010/01/15 17:17:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:atapi.sys
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/01/15 17:17:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/01/15 17:17:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2010/05/12 19:23:45 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2010/05/12 19:23:45 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 19:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 19:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[1980/03/13 21:18:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[1980/03/13 21:18:19 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[1980/03/13 21:18:19 | 000,901,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/05/12 19:23:45 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys
[2010/04/19 19:56:20 | 000,033,408 | ---- | M] () -- C:\WINDOWS\system32\drivers\fsbts.sys
[2010/05/17 17:45:17 | 000,015,944 | ---- | M] () -- C:\WINDOWS\system32\drivers\hitmanpro35.sys
[2010/02/24 14:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/04/22 15:18:46 | 000,059,920 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmactmon.sys
[2010/04/22 15:18:46 | 000,158,224 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys
[2010/04/22 15:18:46 | 000,050,704 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys
[2010/04/22 15:18:46 | 000,089,872 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmtdi.sys
< End of report >


#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:04 AM

Posted 20 May 2010 - 04:50 AM

Hi,

please try running gmer next:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 cloudz

cloudz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 20 May 2010 - 11:07 AM

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-20 16:45:30
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\kevo\LOCALS~1\Temp\kfqcraoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xAAE8A630]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xAAE83D80]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF83DCD72]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xAAE8AE40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xAAEA1D30]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xAAEA2150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xAAE8AFB0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xAAE84C60]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF83DD568]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF83DD820]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xAAEAA080]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xAAEAA2B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xAAE84750]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF83DBA80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xAAEA4450]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF83DDC8A]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xAAEAAA40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xAAE8A180]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xAAEAB0D0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xAAE85080]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xAAEAB8E0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF83DD036]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xAAEA2A50]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2424 80501C5C 12 Bytes CALL 6A6D4D0B
.text ntkrnlpa.exe!ZwCallbackReturn + 2464 80501C9C 8 Bytes CALL BE25854B
.text ntkrnlpa.exe!ZwCallbackReturn + 24F4 80501D2C 8 Bytes JMP EAA2B0AA

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [AAE90080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [AAE8FE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [AAE907C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [AAE8E3D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [AAE8E3D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [AAE90080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [AAE8FE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [AAE907C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [AAE90080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [AAE8E3D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [AAE907C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [AAE8FE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [AAE907C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [AAE8FE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [AAE90080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [AAE8E3D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [AAE90080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [AAE8FE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [AAE907C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisOpenAdapter] [AAE8FE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisRegisterProtocol] [AAE90080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisCloseAdapter] [AAE907C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisDeregisterProtocol] [AAE8E3D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [AAE90080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [AAE8E3D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [AAE907C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [AAE8FE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVRec.sys (PC Tools Recognizer Driver for Windows 2000/XP/PC Tools Research Pty Ltd )

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Ip mdvrmng.sys
AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mdvrmng.sys

Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mdvrmng.sys

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mdvrmng.sys

Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2
Reg HKLM\SYSTEM\ControlSet001\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet001\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\ControlSet001\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet001\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 35
Reg HKLM\SYSTEM\ControlSet001\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet001\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\ControlSet001\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet001\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\ControlSet001\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet001\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\ControlSet001\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet001\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\ControlSet001\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet002\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2
Reg HKLM\SYSTEM\ControlSet002\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet002\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\ControlSet002\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet002\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 35
Reg HKLM\SYSTEM\ControlSet002\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet002\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\ControlSet002\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet002\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\ControlSet002\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet002\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\ControlSet002\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet002\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\ControlSet002\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 35
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@NoPopUpsOnBoot 1

---- EOF - GMER 1.0.15 ----


#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:04 AM

Posted 20 May 2010 - 12:08 PM

Hi,

what problems are you currently still having?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 cloudz

cloudz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 20 May 2010 - 01:10 PM

Hi Myrti

My system acts rather erratic sometimes it is really slow on boot up then just completely freezes when it finally does start and nothing responds so i have to restart again. Other times it is as if its brand new and goes at hyper speed

i keep having internet problems in that i keep getting server not found warning when i open firefox.

I have tried to install the XP recovery console and when unpacking I get a warning to say access is denied cannot intall at this moment.

I did recently install Kaperrksy TDS Killer that informed me I had the recent TDS virus that was redirecting web searches however it could not clean it and so i did some research on here and used Hitman and this cleared that problem.

In all the system jus doesnt seem right oh and also sometimes on boot up when my desktop first comes on the screen goes black for a split second but this doesnt happen all the time.

many thanks for looking at this with me as it is getting very frustrating now

Regards

Cloudz

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:04 AM

Posted 20 May 2010 - 05:43 PM

Hi,

TDSSKiller recently got updated, I would like you to try and run the updated version please:
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:04 AM

Posted 26 May 2010 - 10:44 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:04 AM

Posted 30 May 2010 - 12:04 PM

Hi,

topic has been reopened, please post your TDSSKiller log. How is your PC doing now?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 cloudz

cloudz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 01 June 2010 - 03:59 AM

Thanks Myrti

Here is the TDDSKiller Log

09:52:00:421 0740 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
09:52:00:421 0740 ================================================================================
09:52:00:421 0740 SystemInfo:

09:52:00:421 0740 OS Version: 5.1.2600 ServicePack: 3.0
09:52:00:421 0740 Product type: Workstation
09:52:00:421 0740 ComputerName: USER-4F4327B81B
09:52:00:421 0740 UserName: kevo
09:52:00:421 0740 Windows directory: C:\WINDOWS
09:52:00:421 0740 Processor architecture: Intel x86
09:52:00:421 0740 Number of processors: 1
09:52:00:421 0740 Page size: 0x1000
09:52:00:421 0740 Boot type: Normal boot
09:52:00:421 0740 ================================================================================
09:52:00:500 0740 UnloadDriverW: NtUnloadDriver error 2
09:52:00:500 0740 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
09:52:00:921 0740 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
09:52:00:921 0740 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
09:52:00:921 0740 wfopen_ex: Trying to KLMD file open
09:52:00:921 0740 wfopen_ex: File opened ok (Flags 2)
09:52:00:921 0740 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
09:52:00:921 0740 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
09:52:00:921 0740 wfopen_ex: Trying to KLMD file open
09:52:00:921 0740 wfopen_ex: File opened ok (Flags 2)
09:52:00:921 0740 Initialize success
09:52:00:921 0740
09:52:00:921 0740 Scanning Services ...
09:52:01:578 0740 Raw services enum returned 325 services
09:52:01:593 0740
09:52:01:593 0740 Scanning Kernel memory ...
09:52:01:593 0740 Devices to scan: 4
09:52:01:593 0740
09:52:01:593 0740 Driver Name: Disk
09:52:01:593 0740 IRP_MJ_CREATE : F85F8BB0
09:52:01:593 0740 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
09:52:01:593 0740 IRP_MJ_CLOSE : F85F8BB0
09:52:01:593 0740 IRP_MJ_READ : F85F2D1F
09:52:01:593 0740 IRP_MJ_WRITE : F85F2D1F
09:52:01:593 0740 IRP_MJ_QUERY_INFORMATION : 804F355A
09:52:01:593 0740 IRP_MJ_SET_INFORMATION : 804F355A
09:52:01:593 0740 IRP_MJ_QUERY_EA : 804F355A
09:52:01:593 0740 IRP_MJ_SET_EA : 804F355A
09:52:01:593 0740 IRP_MJ_FLUSH_BUFFERS : F85F32E2
09:52:01:593 0740 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
09:52:01:593 0740 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
09:52:01:593 0740 IRP_MJ_DIRECTORY_CONTROL : 804F355A
09:52:01:593 0740 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
09:52:01:593 0740 IRP_MJ_DEVICE_CONTROL : F85F33BB
09:52:01:593 0740 IRP_MJ_INTERNAL_DEVICE_CONTROL : F85F6F28
09:52:01:593 0740 IRP_MJ_SHUTDOWN : F85F32E2
09:52:01:593 0740 IRP_MJ_LOCK_CONTROL : 804F355A
09:52:01:593 0740 IRP_MJ_CLEANUP : 804F355A
09:52:01:593 0740 IRP_MJ_CREATE_MAILSLOT : 804F355A
09:52:01:593 0740 IRP_MJ_QUERY_SECURITY : 804F355A
09:52:01:593 0740 IRP_MJ_SET_SECURITY : 804F355A
09:52:01:593 0740 IRP_MJ_POWER : F85F4C82
09:52:01:593 0740 IRP_MJ_SYSTEM_CONTROL : F85F999E
09:52:01:593 0740 IRP_MJ_DEVICE_CHANGE : 804F355A
09:52:01:593 0740 IRP_MJ_QUERY_QUOTA : 804F355A
09:52:01:593 0740 IRP_MJ_SET_QUOTA : 804F355A
09:52:01:640 0740 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
09:52:01:640 0740
09:52:01:640 0740 Driver Name: USBSTOR
09:52:01:640 0740 IRP_MJ_CREATE : F886F218
09:52:01:640 0740 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
09:52:01:640 0740 IRP_MJ_CLOSE : F886F218
09:52:01:640 0740 IRP_MJ_READ : F886F23C
09:52:01:640 0740 IRP_MJ_WRITE : F886F23C
09:52:01:640 0740 IRP_MJ_QUERY_INFORMATION : 804F355A
09:52:01:640 0740 IRP_MJ_SET_INFORMATION : 804F355A
09:52:01:640 0740 IRP_MJ_QUERY_EA : 804F355A
09:52:01:640 0740 IRP_MJ_SET_EA : 804F355A
09:52:01:640 0740 IRP_MJ_FLUSH_BUFFERS : 804F355A
09:52:01:640 0740 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
09:52:01:640 0740 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
09:52:01:640 0740 IRP_MJ_DIRECTORY_CONTROL : 804F355A
09:52:01:640 0740 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
09:52:01:640 0740 IRP_MJ_DEVICE_CONTROL : F886F180
09:52:01:640 0740 IRP_MJ_INTERNAL_DEVICE_CONTROL : F886A9E6
09:52:01:640 0740 IRP_MJ_SHUTDOWN : 804F355A
09:52:01:640 0740 IRP_MJ_LOCK_CONTROL : 804F355A
09:52:01:640 0740 IRP_MJ_CLEANUP : 804F355A
09:52:01:640 0740 IRP_MJ_CREATE_MAILSLOT : 804F355A
09:52:01:640 0740 IRP_MJ_QUERY_SECURITY : 804F355A
09:52:01:640 0740 IRP_MJ_SET_SECURITY : 804F355A
09:52:01:640 0740 IRP_MJ_POWER : F886E5F0
09:52:01:640 0740 IRP_MJ_SYSTEM_CONTROL : F886CA6E
09:52:01:640 0740 IRP_MJ_DEVICE_CHANGE : 804F355A
09:52:01:640 0740 IRP_MJ_QUERY_QUOTA : 804F355A
09:52:01:640 0740 IRP_MJ_SET_QUOTA : 804F355A
09:52:01:687 0740 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
09:52:01:687 0740
09:52:01:687 0740 Driver Name: Disk
09:52:01:687 0740 IRP_MJ_CREATE : F85F8BB0
09:52:01:687 0740 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
09:52:01:687 0740 IRP_MJ_CLOSE : F85F8BB0
09:52:01:687 0740 IRP_MJ_READ : F85F2D1F
09:52:01:687 0740 IRP_MJ_WRITE : F85F2D1F
09:52:01:687 0740 IRP_MJ_QUERY_INFORMATION : 804F355A
09:52:01:687 0740 IRP_MJ_SET_INFORMATION : 804F355A
09:52:01:687 0740 IRP_MJ_QUERY_EA : 804F355A
09:52:01:687 0740 IRP_MJ_SET_EA : 804F355A
09:52:01:687 0740 IRP_MJ_FLUSH_BUFFERS : F85F32E2
09:52:01:687 0740 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
09:52:01:687 0740 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
09:52:01:687 0740 IRP_MJ_DIRECTORY_CONTROL : 804F355A
09:52:01:687 0740 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
09:52:01:687 0740 IRP_MJ_DEVICE_CONTROL : F85F33BB
09:52:01:687 0740 IRP_MJ_INTERNAL_DEVICE_CONTROL : F85F6F28
09:52:01:687 0740 IRP_MJ_SHUTDOWN : F85F32E2
09:52:01:687 0740 IRP_MJ_LOCK_CONTROL : 804F355A
09:52:01:687 0740 IRP_MJ_CLEANUP : 804F355A
09:52:01:687 0740 IRP_MJ_CREATE_MAILSLOT : 804F355A
09:52:01:687 0740 IRP_MJ_QUERY_SECURITY : 804F355A
09:52:01:687 0740 IRP_MJ_SET_SECURITY : 804F355A
09:52:01:687 0740 IRP_MJ_POWER : F85F4C82
09:52:01:687 0740 IRP_MJ_SYSTEM_CONTROL : F85F999E
09:52:01:687 0740 IRP_MJ_DEVICE_CHANGE : 804F355A
09:52:01:687 0740 IRP_MJ_QUERY_QUOTA : 804F355A
09:52:01:687 0740 IRP_MJ_SET_QUOTA : 804F355A
09:52:01:703 0740 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
09:52:01:703 0740
09:52:01:703 0740 Driver Name: atapi
09:52:01:703 0740 IRP_MJ_CREATE : F84076F2
09:52:01:703 0740 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
09:52:01:703 0740 IRP_MJ_CLOSE : F84076F2
09:52:01:703 0740 IRP_MJ_READ : 804F355A
09:52:01:703 0740 IRP_MJ_WRITE : 804F355A
09:52:01:703 0740 IRP_MJ_QUERY_INFORMATION : 804F355A
09:52:01:703 0740 IRP_MJ_SET_INFORMATION : 804F355A
09:52:01:703 0740 IRP_MJ_QUERY_EA : 804F355A
09:52:01:703 0740 IRP_MJ_SET_EA : 804F355A
09:52:01:703 0740 IRP_MJ_FLUSH_BUFFERS : 804F355A
09:52:01:703 0740 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
09:52:01:703 0740 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
09:52:01:703 0740 IRP_MJ_DIRECTORY_CONTROL : 804F355A
09:52:01:703 0740 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
09:52:01:703 0740 IRP_MJ_DEVICE_CONTROL : F8407712
09:52:01:703 0740 IRP_MJ_INTERNAL_DEVICE_CONTROL : F8403852
09:52:01:703 0740 IRP_MJ_SHUTDOWN : 804F355A
09:52:01:703 0740 IRP_MJ_LOCK_CONTROL : 804F355A
09:52:01:703 0740 IRP_MJ_CLEANUP : 804F355A
09:52:01:703 0740 IRP_MJ_CREATE_MAILSLOT : 804F355A
09:52:01:703 0740 IRP_MJ_QUERY_SECURITY : 804F355A
09:52:01:703 0740 IRP_MJ_SET_SECURITY : 804F355A
09:52:01:703 0740 IRP_MJ_POWER : F840773C
09:52:01:703 0740 IRP_MJ_SYSTEM_CONTROL : F840E336
09:52:01:703 0740 IRP_MJ_DEVICE_CHANGE : 804F355A
09:52:01:703 0740 IRP_MJ_QUERY_QUOTA : 804F355A
09:52:01:703 0740 IRP_MJ_SET_QUOTA : 804F355A
09:52:01:718 0740 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
09:52:01:718 0740
09:52:01:718 0740 Completed
09:52:01:718 0740
09:52:01:718 0740 Results:
09:52:01:718 0740 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
09:52:01:718 0740 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
09:52:01:718 0740 File objects infected / cured / cured on reboot: 0 / 0 / 0
09:52:01:718 0740
09:52:01:718 0740 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
09:52:01:718 0740 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
09:52:02:031 0740 KLMD(ARK) unloaded successfully


My pc is still eratic and very slow most the time and certain programs keep trying 2 access internet Zone alarm is blocking a lot of incoming traffic it is slightly better but still doesn't seem right

regards

CloudZ



#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:04 AM

Posted 05 June 2010 - 03:05 PM

Hi,

you ran an outdated version of TDSSKiller, could you please download a fresh copy and run the scan again.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users