Search Engine Redirection

April 18, 2010 at 06:41:14
Specs: Windows XP
I seem to have this pesky Search Engine Redirection virus. I first ran the MalWareBytes program and it found two problems. I zapped them and it seemed to do the trick for a few hours, then it came back. I then did a full scan and it found nothing.

Somebody please help me! Thank you!


See More: Search Engine Redirection

Report •


#1
April 18, 2010 at 07:54:50
Download DDS and save it to your desktop.
DDS.scr


Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt (do not zip just copy/paste)

Save both reports to your desktop then post them please.You may need to post in segments to get all the info to us as the logs may be to large to fit in one post.

Download TDSSKiller to your Desktop from the following link.

TDSSKiller

1. Extract the contents of TDSSKiller.zip to your Desktop.

2. Double click on TDSSKiller.exe to run it.

3. If it finds something and asks you what to do, follow the instructions to type in "delete".

4. When done, a log file should be created on your C: drive called TDSSKiller.txt(with time+date appended) please post this log in your next reply.


Report •

#2
April 18, 2010 at 09:02:30
This is Attach.txt:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/27/2009 10:42:11 AM
System Uptime: 4/18/2010 11:41:13 AM (0 hours ago)

Motherboard: First International Computer, Inc. | | KTBC51G
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket 939 | 2210/201mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 183 GiB total, 68.074 GiB free.
D: is FIXED (FAT32) - 3 GiB total, 0.508 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_11C1&DEV_0620&SUBSYS_062111C1&REV_00\4&DC268A3&0&3880
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_11C1&DEV_0620&SUBSYS_062111C1&REV_00\4&DC268A3&0&3880
Service:

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart Plus B209a-m
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart Plus B209a-m
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

==== System Restore Points ===================

RP53: 1/19/2010 5:04:09 PM - System Checkpoint
RP54: 1/20/2010 5:40:40 PM - System Checkpoint
RP55: 1/22/2010 6:55:42 AM - Software Distribution Service 3.0
RP56: 1/23/2010 8:18:11 AM - System Checkpoint
RP57: 1/24/2010 2:13:21 PM - System Checkpoint
RP58: 1/25/2010 3:01:04 PM - System Checkpoint
RP59: 1/26/2010 5:39:08 PM - System Checkpoint
RP60: 1/29/2010 6:06:43 PM - System Checkpoint
RP61: 1/30/2010 7:34:27 PM - System Checkpoint
RP62: 2/2/2010 6:54:07 AM - System Checkpoint
RP63: 2/4/2010 6:58:03 PM - System Checkpoint
RP64: 2/6/2010 8:54:48 AM - System Checkpoint
RP65: 2/8/2010 7:04:58 AM - System Checkpoint
RP66: 2/10/2010 6:21:19 AM - Software Distribution Service 3.0
RP67: 2/11/2010 7:09:47 AM - System Checkpoint
RP68: 2/13/2010 12:07:17 PM - System Checkpoint
RP69: 2/14/2010 3:02:43 PM - Software Distribution Service 3.0
RP70: 2/15/2010 3:10:02 PM - System Checkpoint
RP71: 2/16/2010 3:14:51 PM - System Checkpoint
RP72: 2/17/2010 3:37:12 PM - System Checkpoint
RP73: 2/20/2010 12:05:31 PM - System Checkpoint
RP74: 2/24/2010 3:25:46 PM - System Checkpoint
RP75: 2/24/2010 5:23:51 PM - Software Distribution Service 3.0
RP76: 2/28/2010 12:02:07 PM - System Checkpoint
RP77: 3/1/2010 7:37:58 PM - System Checkpoint
RP78: 3/8/2010 7:37:12 AM - System Checkpoint
RP79: 3/9/2010 7:58:52 AM - System Checkpoint
RP80: 3/10/2010 8:26:12 AM - System Checkpoint
RP81: 3/11/2010 3:00:24 AM - Software Distribution Service 3.0
RP82: 3/13/2010 6:53:43 PM - Unsigned driver install
RP83: 3/13/2010 7:14:35 PM - Unsigned driver install
RP84: 3/14/2010 2:33:25 PM - Installed Belkin F5D8053 N Wireless USB Adapter
RP85: 3/16/2010 7:41:02 AM - System Checkpoint
RP86: 3/18/2010 7:05:09 AM - System Checkpoint
RP87: 3/19/2010 7:17:51 AM - System Checkpoint
RP88: 3/20/2010 11:35:15 AM - System Checkpoint
RP89: 3/21/2010 12:25:53 PM - System Checkpoint
RP90: 3/22/2010 1:08:42 PM - System Checkpoint
RP91: 3/24/2010 7:13:03 AM - System Checkpoint
RP92: 3/27/2010 8:55:17 AM - System Checkpoint
RP93: 3/28/2010 11:49:09 AM - System Checkpoint
RP94: 3/29/2010 8:52:01 PM - System Checkpoint
RP95: 3/31/2010 7:02:20 AM - System Checkpoint
RP96: 3/31/2010 4:45:13 PM - Software Distribution Service 3.0
RP97: 4/1/2010 5:46:49 PM - System Checkpoint
RP98: 4/1/2010 6:13:42 PM - Removed QuickTime
RP99: 4/1/2010 6:49:57 PM - Installed iTunes
RP100: 4/3/2010 10:48:44 AM - System Checkpoint
RP101: 4/4/2010 12:23:15 PM - System Checkpoint
RP102: 4/4/2010 4:58:05 PM - Removed Adobe Reader 7.0
RP103: 4/4/2010 4:58:41 PM - Installed Adobe Reader 9.3.
RP104: 4/5/2010 5:47:53 PM - System Checkpoint
RP105: 4/6/2010 6:44:11 PM - System Checkpoint
RP106: 4/7/2010 6:53:37 PM - System Checkpoint
RP107: 4/9/2010 7:15:12 AM - System Checkpoint
RP108: 4/10/2010 3:09:12 PM - System Checkpoint
RP109: 4/12/2010 5:49:47 PM - System Checkpoint
RP110: 4/14/2010 8:16:34 AM - System Checkpoint
RP111: 4/15/2010 6:32:50 PM - Software Distribution Service 3.0
RP112: 4/15/2010 7:10:13 PM - Software Distribution Service 3.0
RP113: 4/15/2010 8:55:09 PM - Software Distribution Service 3.0
RP114: 4/15/2010 8:57:12 PM - Software Distribution Service 3.0
RP115: 4/15/2010 9:03:34 PM - Software Distribution Service 3.0
RP116: 4/16/2010 4:28:25 PM - Software Distribution Service 3.0
RP117: 4/16/2010 6:36:10 PM - Software Distribution Service 3.0
RP118: 4/16/2010 6:42:37 PM - Software Distribution Service 3.0
RP119: 4/16/2010 6:50:59 PM - Software Distribution Service 3.0
RP120: 4/16/2010 7:00:26 PM - Software Distribution Service 3.0
RP121: 4/16/2010 8:15:23 PM - Software Distribution Service 3.0
RP122: 4/17/2010 11:19:35 AM - Software Distribution Service 3.0
RP123: 4/17/2010 11:29:15 AM - Installed Microsoft Fix it 50202
RP124: 4/17/2010 11:52:14 AM - Software Distribution Service 3.0
RP125: 4/17/2010 12:17:52 PM - Software Distribution Service 3.0
RP126: 4/17/2010 1:56:07 PM - Software Distribution Service 3.0
RP127: 4/17/2010 6:55:55 PM - Installed HiJackThis
RP128: 4/17/2010 7:00:24 PM - Software Distribution Service 3.0
RP129: 4/17/2010 7:27:14 PM - Installed Microsoft Fix it 50202
RP130: 4/17/2010 8:03:03 PM - Software Distribution Service 3.0
RP131: 4/17/2010 9:13:00 PM - Software Distribution Service 3.0

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
AIM 7
AIM Toolbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
B209a-m
Belkin F5D8053 N Wireless USB Adapter
Bonjour
Browser Address Error Redirector
Browser Defender 2.0.6.15
BufferChm
CA Anti-Spam
CA Anti-Virus
CA Internet Security Suite
CCleaner
ConvertHelper 2.2
Destinations
DeviceDiscovery
Digital Media Reader
Download Updater (AOL LLC)
DVD Solution
Facebook Plug-In
Fallout Collection
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart Plus B209a-m All-In-One Driver Software 13.0 Rel .6
HP Print Projects 1.0
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
iTunes
J2SE Runtime Environment 5.0 Update 2
K-Lite Codec Pack 5.4.4 (Basic)
Last.fm 1.5.4.24567
leafdigital leafDrums 2.1
Magic DVD Ripper V5.4.2
MAGIX music maker 2005 deLuxe
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Morrowind
Mozilla Firefox (3.6.3)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Napster Burn Engine
Network
NoteWorthy Composer
NVIDIA Drivers
Power2Go 4.0
PowerDVD
PS_AIO_06_B209a-m_SW_Min
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
Recovery Software Suite Gateway
Registry Mechanic 9.0
Ringtone Expressions 1.6.0
Scan
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB980232)
Segoe UI
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Sonic Encoders
Sony ACID Music Studio 7.0
SoulSeek 157 NS 13e
Spyware Doctor 7.0
Status
Sweet MIDI Arpeggiator 32 (remove only)
TES Construction Set
Toolbox
TrayApp
Uno
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
WebFldrs XP
WebReg
Windows Backup Utility
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows System Scanner
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
Yahoo! BrowserPlus 2.7.0
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

4/17/2010 8:57:29 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
4/17/2010 7:40:54 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
4/17/2010 7:40:54 PM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/17/2010 11:49:53 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service HPSLPSVC with arguments "" in order to run the server: {10DA4F3C-CC99-4190-BE4D-58330754E882}
4/17/2010 1:47:12 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp iaStor ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
4/15/2010 7:47:52 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Security Update for Windows XP (KB979683).
4/15/2010 7:32:07 PM, error: Service Control Manager [7034] - The HP Network Devices Support service terminated unexpectedly. It has done this 1 time(s).
4/15/2010 7:10:44 PM, error: Service Control Manager [7000] - The COM+ System Application service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/15/2010 7:10:43 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the COM+ System Application service to connect.
4/15/2010 7:10:43 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service COMSysApp with arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}
4/15/2010 7:10:10 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
4/15/2010 7:10:10 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/15/2010 7:09:52 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the sdCoreService service.
4/15/2010 7:09:45 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
4/15/2010 7:06:15 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Net Driver HPZ12 service to connect.
4/15/2010 7:06:15 PM, error: Service Control Manager [7000] - The Net Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/15/2010 7:02:59 PM, error: Dhcp [1002] - The IP address lease 192.168.1.103 for the Network Card with network address 002275909E89 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
4/15/2010 6:36:45 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Software Updater service to connect.
4/15/2010 6:36:45 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
4/15/2010 6:35:55 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
4/15/2010 6:35:55 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/15/2010 6:34:56 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/15/2010 6:34:55 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
4/15/2010 6:34:47 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
4/14/2010 6:42:15 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HP Network Devices Support service to connect.
4/14/2010 6:42:15 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HP CUE DeviceDiscovery Service service to connect.
4/14/2010 6:42:15 AM, error: Service Control Manager [7000] - The HP Network Devices Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/14/2010 6:42:15 AM, error: Service Control Manager [7000] - The HP CUE DeviceDiscovery Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/13/2010 7:27:55 PM, error: Service Control Manager [7000] - The hpqcxs08 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/13/2010 7:27:52 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the hpqcxs08 service to connect.
4/13/2010 7:27:52 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service hpqcxs08 with arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}
4/13/2010 2:02:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PC Tools Security Service service to connect.
4/13/2010 2:02:32 PM, error: Service Control Manager [7000] - The PC Tools Security Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/13/2010 1:47:14 PM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
4/12/2010 6:37:24 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the NVIDIA Display Driver Service service to connect.
4/12/2010 6:37:24 AM, error: Service Control Manager [7000] - The NVIDIA Display Driver Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/12/2010 6:33:41 AM, error: Dhcp [1002] - The IP address lease 192.168.1.103 for the Network Card with network address 002275909E89 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
4/11/2010 6:18:31 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
4/11/2010 6:18:27 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the CaCCProvSP service to connect.
4/11/2010 6:18:27 PM, error: Service Control Manager [7000] - The CaCCProvSP service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/11/2010 6:18:23 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service CaCCProvSP with arguments "" in order to run the server: {AACF4A1C-BC69-4359-9518-DF3F77E462BF}
4/11/2010 6:11:09 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Yahoo! Updater service to connect.
4/11/2010 6:11:09 PM, error: Service Control Manager [7000] - The Yahoo! Updater service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/11/2010 5:56:06 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

==== End Of File ===========================


Report •

#3
April 18, 2010 at 09:03:13
This is DDS.txt:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 11:52:21.50 on Sun 04/18/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.52 [GMT -4:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Belkin\F5D8053\Belkinwcui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\M-Audio Uno\UnoInst.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=Product Name
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=Product Name
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: FireShot: {6e6e744e-4d20-4ce3-9a7a-26dfffe22f68} - c:\documents and settings\owner\application data\mozilla\firefox\profiles\19zefhxs.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.80.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: Google Side Bar: {32004b8a-44a9-43e7-84e9-808838809519} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /S
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [readericon] c:\program files\digital media reader\readericon45G.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-5.1.18.0\QOELoader.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
dRun: [Power2GoExpress] NA
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\f5d8053\Belkinwcui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\windows\system32\VetRedir.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\19zefhxs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\19zefhxs.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
FF - plugin: c:\documents and settings\owner\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\19zefhxs.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\yahoo!\browserplus\2.7.0\plugins\npybrowserplus_2.7.0.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-2-13 207792]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2009-11-27 26352]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2009-11-27 21104]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2009-11-27 739696]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2009-11-27 21488]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2009-11-27 32240]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-2-13 112592]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2009-11-27 144960]
R3 EVOLUSB;%EVOL_USB_SvcDesc%;c:\windows\system32\drivers\evolusb.sys [2009-11-28 21984]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2007-7-28 517632]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2009-11-27 133520]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-13 135664]

=============== Created Last 30 ================

2010-04-18 00:27:22 0 d-----w- c:\windows\system32\CatRoot2
2010-04-17 23:57:01 0 d-----w- c:\program files\CCleaner
2010-04-17 22:55:58 0 d-----w- c:\program files\TrendMicro
2010-04-17 16:03:50 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-04-17 16:03:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-17 16:03:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-04-17 16:03:06 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-17 16:03:05 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-15 23:45:08 204 ----a-w- c:\windows\system32\MRT.INI
2010-04-14 23:09:20 0 d-----w- c:\docume~1\owner\applic~1\Ringtone Expressions
2010-04-14 23:09:11 0 d-----w- c:\program files\Ringtone Expressions
2010-04-13 00:43:45 0 d-----w- c:\docume~1\owner\applic~1\HpUpdate
2010-04-13 00:42:52 0 d-----w- c:\windows\Hewlett-Packard
2010-04-11 21:54:45 0 d-----w- C:\spoolerlogs
2010-04-11 17:12:13 0 d-----w- c:\program files\NoteWorthy Composer
2010-04-11 02:24:57 0 d-----w- c:\docume~1\owner\applic~1\Facebook
2010-04-01 23:03:35 0 d-----w- c:\program files\iPod
2010-04-01 23:03:12 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-01 00:39:09 0 d-----w- c:\program files\Bonjour
2010-03-29 23:37:20 23110 ----a-w- c:\windows\hpqins15.dat
2010-03-28 23:56:13 0 d-----w- c:\docume~1\alluse~1\applic~1\WEBREG
2010-03-28 23:49:59 123904 ----a-w- c:\windows\system32\hpf3l70v.dll
2010-03-28 23:49:57 452408 ----a-r- c:\windows\system32\hpzids01.dll
2010-03-28 23:48:50 309760 ----a-r- c:\windows\system32\difxapi.dll
2010-03-28 23:48:49 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2010-03-28 23:48:49 315392 ----a-r- c:\windows\system32\hposc_p02a.dll
2010-03-28 23:48:48 966656 ----a-r- c:\windows\system32\hpost_p02d.dll
2010-03-28 23:48:48 712704 ----a-r- c:\windows\system32\hposwia_p02d.dll
2010-03-28 23:48:44 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2010-03-28 23:48:44 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2010-03-28 22:47:55 992 ------w- c:\windows\hpomdl40.dat.temp
2010-03-28 21:41:53 0 d-----w- c:\program files\common files\HP
2010-03-28 21:40:32 0 d-----w- c:\program files\common files\Hewlett-Packard
2010-03-28 21:19:30 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-03-28 21:19:30 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-03-28 21:19:20 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-03-28 21:19:20 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-03-28 21:14:15 0 d-----w- c:\program files\HP
2010-03-28 21:11:13 992 ------w- c:\windows\hpomdl40.dat
2010-03-28 21:11:13 201549 ----a-w- c:\windows\hpoins40.dat
2010-03-27 23:26:38 0 d-----w- c:\program files\Roni Music

==================== Find3M ====================

2010-03-14 18:34:32 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11:07 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-12 15:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 15:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-01-21 23:21:07 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-01-21 23:21:07 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-01-21 23:21:06 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-01-21 23:21:05 767952 ----a-w- c:\windows\BDTSupport.dll
2009-11-29 00:52:19 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009112820091129\index.dat

============= FINISH: 11:56:10.84 ===============


Report •

Related Solutions

#4
April 18, 2010 at 09:20:46
This is the TDSSKiller logfile:

12:04:08:906 2784 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
12:04:08:906 2784 ================================================================================
12:04:08:906 2784 SystemInfo:

12:04:08:906 2784 OS Version: 5.1.2600 ServicePack: 3.0
12:04:08:906 2784 Product type: Workstation
12:04:08:906 2784 ComputerName: SADAKO
12:04:08:906 2784 UserName: Owner
12:04:08:906 2784 Windows directory: C:\WINDOWS
12:04:08:906 2784 Processor architecture: Intel x86
12:04:08:906 2784 Number of processors: 2
12:04:08:906 2784 Page size: 0x1000
12:04:08:937 2784 Boot type: Normal boot
12:04:08:937 2784 ================================================================================
12:04:08:984 2784 UnloadDriverW: NtUnloadDriver error 2
12:04:08:984 2784 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
12:04:09:203 2784 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
12:04:09:203 2784 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
12:04:09:203 2784 wfopen_ex: Trying to KLMD file open
12:04:09:203 2784 wfopen_ex: File opened ok (Flags 2)
12:04:09:203 2784 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
12:04:09:203 2784 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
12:04:09:203 2784 wfopen_ex: Trying to KLMD file open
12:04:09:203 2784 wfopen_ex: File opened ok (Flags 2)
12:04:09:203 2784 Initialize success
12:04:09:203 2784
12:04:09:203 2784 Scanning Services ...
12:04:09:656 2784 Raw services enum returned 366 services
12:04:09:656 2784
12:04:09:656 2784 Scanning Kernel memory ...
12:04:09:656 2784 Devices to scan: 12
12:04:09:656 2784
12:04:09:671 2784 Driver Name: Disk
12:04:09:671 2784 IRP_MJ_CREATE : F75D6BB0
12:04:09:671 2784 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
12:04:09:671 2784 IRP_MJ_CLOSE : F75D6BB0
12:04:09:671 2784 IRP_MJ_READ : F75D0D1F
12:04:09:671 2784 IRP_MJ_WRITE : F75D0D1F
12:04:09:671 2784 IRP_MJ_QUERY_INFORMATION : 804F4562
12:04:09:671 2784 IRP_MJ_SET_INFORMATION : 804F4562
12:04:09:671 2784 IRP_MJ_QUERY_EA : 804F4562
12:04:09:671 2784 IRP_MJ_SET_EA : 804F4562
12:04:09:671 2784 IRP_MJ_FLUSH_BUFFERS : F75D12E2
12:04:09:671 2784 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
12:04:09:671 2784 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
12:04:09:671 2784 IRP_MJ_DIRECTORY_CONTROL : 804F4562
12:04:09:671 2784 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
12:04:09:671 2784 IRP_MJ_DEVICE_CONTROL : F75D13BB
12:04:09:671 2784 IRP_MJ_INTERNAL_DEVICE_CONTROL : F75D4F28
12:04:09:671 2784 IRP_MJ_SHUTDOWN : F75D12E2
12:04:09:671 2784 IRP_MJ_LOCK_CONTROL : 804F4562
12:04:09:671 2784 IRP_MJ_CLEANUP : 804F4562
12:04:09:671 2784 IRP_MJ_CREATE_MAILSLOT : 804F4562
12:04:09:671 2784 IRP_MJ_QUERY_SECURITY : 804F4562
12:04:09:671 2784 IRP_MJ_SET_SECURITY : 804F4562
12:04:09:671 2784 IRP_MJ_POWER : F75D2C82
12:04:09:671 2784 IRP_MJ_SYSTEM_CONTROL : F75D799E
12:04:09:671 2784 IRP_MJ_DEVICE_CHANGE : 804F4562
12:04:09:671 2784 IRP_MJ_QUERY_QUOTA : 804F4562
12:04:09:671 2784 IRP_MJ_SET_QUOTA : 804F4562
12:04:09:671 2784 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
12:04:09:671 2784
12:04:09:671 2784 Driver Name: Disk
12:04:09:671 2784 IRP_MJ_CREATE : F75D6BB0
12:04:09:671 2784 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
12:04:09:671 2784 IRP_MJ_CLOSE : F75D6BB0
12:04:09:671 2784 IRP_MJ_READ : F75D0D1F
12:04:09:671 2784 IRP_MJ_WRITE : F75D0D1F
12:04:09:671 2784 IRP_MJ_QUERY_INFORMATION : 804F4562
12:04:09:671 2784 IRP_MJ_SET_INFORMATION : 804F4562
12:04:09:671 2784 IRP_MJ_QUERY_EA : 804F4562
12:04:09:671 2784 IRP_MJ_SET_EA : 804F4562
12:04:09:671 2784 IRP_MJ_FLUSH_BUFFERS : F75D12E2
12:04:09:671 2784 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
12:04:09:671 2784 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
12:04:09:671 2784 IRP_MJ_DIRECTORY_CONTROL : 804F4562
12:04:09:671 2784 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
12:04:09:671 2784 IRP_MJ_DEVICE_CONTROL : F75D13BB
12:04:09:671 2784 IRP_MJ_INTERNAL_DEVICE_CONTROL : F75D4F28
12:04:09:671 2784 IRP_MJ_SHUTDOWN : F75D12E2
12:04:09:671 2784 IRP_MJ_LOCK_CONTROL : 804F4562
12:04:09:671 2784 IRP_MJ_CLEANUP : 804F4562
12:04:09:671 2784 IRP_MJ_CREATE_MAILSLOT : 804F4562
12:04:09:671 2784 IRP_MJ_QUERY_SECURITY : 804F4562
12:04:09:671 2784 IRP_MJ_SET_SECURITY : 804F4562
12:04:09:671 2784 IRP_MJ_POWER : F75D2C82
12:04:09:671 2784 IRP_MJ_SYSTEM_CONTROL : F75D799E
12:04:09:671 2784 IRP_MJ_DEVICE_CHANGE : 804F4562
12:04:09:671 2784 IRP_MJ_QUERY_QUOTA : 804F4562
12:04:09:671 2784 IRP_MJ_SET_QUOTA : 804F4562
12:04:09:671 2784 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
12:04:09:671 2784
12:04:09:671 2784 Driver Name: Disk
12:04:09:671 2784 IRP_MJ_CREATE : F75D6BB0
12:04:09:671 2784 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
12:04:09:671 2784 IRP_MJ_CLOSE : F75D6BB0
12:04:09:671 2784 IRP_MJ_READ : F75D0D1F
12:04:09:671 2784 IRP_MJ_WRITE : F75D0D1F
12:04:09:671 2784 IRP_MJ_QUERY_INFORMATION : 804F4562
12:04:09:671 2784 IRP_MJ_SET_INFORMATION : 804F4562
12:04:09:671 2784 IRP_MJ_QUERY_EA : 804F4562
12:04:09:671 2784 IRP_MJ_SET_EA : 804F4562
12:04:09:671 2784 IRP_MJ_FLUSH_BUFFERS : F75D12E2
12:04:09:671 2784 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
12:04:09:671 2784 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
12:04:09:671 2784 IRP_MJ_DIRECTORY_CONTROL : 804F4562
12:04:09:671 2784 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
12:04:09:671 2784 IRP_MJ_DEVICE_CONTROL : F75D13BB
12:04:09:671 2784 IRP_MJ_INTERNAL_DEVICE_CONTROL : F75D4F28
12:04:09:671 2784 IRP_MJ_SHUTDOWN : F75D12E2
12:04:09:671 2784 IRP_MJ_LOCK_CONTROL : 804F4562
12:04:09:671 2784 IRP_MJ_CLEANUP : 804F4562
12:04:09:671 2784 IRP_MJ_CREATE_MAILSLOT : 804F4562
12:04:09:671 2784 IRP_MJ_QUERY_SECURITY : 804F4562
12:04:09:671 2784 IRP_MJ_SET_SECURITY : 804F4562
12:04:09:671 2784 IRP_MJ_POWER : F75D2C82
12:04:09:671 2784 IRP_MJ_SYSTEM_CONTROL : F75D799E
12:04:09:671 2784 IRP_MJ_DEVICE_CHANGE : 804F4562
12:04:09:671 2784 IRP_MJ_QUERY_QUOTA : 804F4562
12:04:09:671 2784 IRP_MJ_SET_QUOTA : 804F4562
12:04:09:687 2784 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
12:04:09:687 2784
12:04:09:687 2784 Driver Name: Disk
12:04:09:687 2784 IRP_MJ_CREATE : F75D6BB0
12:04:09:687 2784 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
12:04:09:687 2784 IRP_MJ_CLOSE : F75D6BB0
12:04:09:687 2784 IRP_MJ_READ : F75D0D1F
12:04:09:687 2784 IRP_MJ_WRITE : F75D0D1F
12:04:09:687 2784 IRP_MJ_QUERY_INFORMATION : 804F4562
12:04:09:687 2784 IRP_MJ_SET_INFORMATION : 804F4562
12:04:09:687 2784 IRP_MJ_QUERY_EA : 804F4562
12:04:09:687 2784 IRP_MJ_SET_EA : 804F4562
12:04:09:687 2784 IRP_MJ_FLUSH_BUFFERS : F75D12E2
12:04:09:687 2784 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
12:04:09:687 2784 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
12:04:09:687 2784 IRP_MJ_DIRECTORY_CONTROL : 804F4562
12:04:09:687 2784 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
12:04:09:687 2784 IRP_MJ_DEVICE_CONTROL : F75D13BB
12:04:09:687 2784 IRP_MJ_INTERNAL_DEVICE_CONTROL : F75D4F28
12:04:09:687 2784 IRP_MJ_SHUTDOWN : F75D12E2
12:04:09:687 2784 IRP_MJ_LOCK_CONTROL : 804F4562
12:04:09:687 2784 IRP_MJ_CLEANUP : 804F4562
12:04:09:687 2784 IRP_MJ_CREATE_MAILSLOT : 804F4562
12:04:09:687 2784 IRP_MJ_QUERY_SECURITY : 804F4562
12:04:09:687 2784 IRP_MJ_SET_SECURITY : 804F4562
12:04:09:687 2784 IRP_MJ_POWER : F75D2C82
12:04:09:687 2784 IRP_MJ_SYSTEM_CONTROL : F75D799E
12:04:09:687 2784 IRP_MJ_DEVICE_CHANGE : 804F4562
12:04:09:687 2784 IRP_MJ_QUERY_QUOTA : 804F4562
12:04:09:687 2784 IRP_MJ_SET_QUOTA : 804F4562
12:04:09:687 2784 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
12:04:09:687 2784
12:04:09:687 2784 Driver Name: usbstor
12:04:09:687 2784 IRP_MJ_CREATE : F788D218
12:04:09:687 2784 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
12:04:09:687 2784 IRP_MJ_CLOSE : F788D218
12:04:09:687 2784 IRP_MJ_READ : F788D23C
12:04:09:687 2784 IRP_MJ_WRITE : F788D23C
12:04:09:687 2784 IRP_MJ_QUERY_INFORMATION : 804F4562
12:04:09:687 2784 IRP_MJ_SET_INFORMATION : 804F4562
12:04:09:687 2784 IRP_MJ_QUERY_EA : 804F4562
12:04:09:687 2784 IRP_MJ_SET_EA : 804F4562
12:04:09:687 2784 IRP_MJ_FLUSH_BUFFERS : 804F4562
12:04:09:687 2784 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
12:04:09:687 2784 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
12:04:09:687 2784 IRP_MJ_DIRECTORY_CONTROL : 804F4562
12:04:09:687 2784 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
12:04:09:687 2784 IRP_MJ_DEVICE_CONTROL : F788D180
12:04:09:687 2784 IRP_MJ_INTERNAL_DEVICE_CONTROL : F78889E6
12:04:09:687 2784 IRP_MJ_SHUTDOWN : 804F4562
12:04:09:687 2784 IRP_MJ_LOCK_CONTROL : 804F4562
12:04:09:687 2784 IRP_MJ_CLEANUP : 804F4562
12:04:09:687 2784 IRP_MJ_CREATE_MAILSLOT : 804F4562
12:04:09:687 2784 IRP_MJ_QUERY_SECURITY : 804F4562
12:04:09:687 2784 IRP_MJ_SET_SECURITY : 804F4562
12:04:09:687 2784 IRP_MJ_POWER : F788C5F0
12:04:09:687 2784 IRP_MJ_SYSTEM_CONTROL : F788AA6E
12:04:09:687 2784 IRP_MJ_DEVICE_CHANGE : 804F4562
12:04:09:687 2784 IRP_MJ_QUERY_QUOTA : 804F4562
12:04:09:687 2784 IRP_MJ_SET_QUOTA : 804F4562
12:04:09:718 2784 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
12:04:09:718 2784
12:04:09:718 2784 Driver Name: usbstor
12:04:09:718 2784 IRP_MJ_CREATE : F788D218
12:04:09:718 2784 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
12:04:09:718 2784 IRP_MJ_CLOSE : F788D218
12:04:09:718 2784 IRP_MJ_READ : F788D23C
12:04:09:718 2784 IRP_MJ_WRITE : F788D23C
12:04:09:718 2784 IRP_MJ_QUERY_INFORMATION : 804F4562
12:04:09:718 2784 IRP_MJ_SET_INFORMATION : 804F4562
12:04:09:718 2784 IRP_MJ_QUERY_EA : 804F4562
12:04:09:718 2784 IRP_MJ_SET_EA : 804F4562
12:04:09:718 2784 IRP_MJ_FLUSH_BUFFERS : 804F4562
12:04:09:718 2784 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
12:04:09:718 2784 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
12:04:09:718 2784 IRP_MJ_DIRECTORY_CONTROL : 804F4562
12:04:09:718 2784 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
12:04:09:718 2784 IRP_MJ_DEVICE_CONTROL : F788D180
12:04:09:718 2784 IRP_MJ_INTERNAL_DEVICE_CONTROL : F78889E6
12:04:09:718 2784 IRP_MJ_SHUTDOWN : 804F4562
12:04:09:718 2784 IRP_MJ_LOCK_CONTROL : 804F4562
12:04:09:718 2784 IRP_MJ_CLEANUP : 804F4562
12:04:09:718 2784 IRP_MJ_CREATE_MAILSLOT : 804F4562
12:04:09:718 2784 IRP_MJ_QUERY_SECURITY : 804F4562
12:04:09:718 2784 IRP_MJ_SET_SECURITY : 804F4562
12:04:09:718 2784 IRP_MJ_POWER : F788C5F0
12:04:09:718 2784 IRP_MJ_SYSTEM_CONTROL : F788AA6E
12:04:09:718 2784 IRP_MJ_DEVICE_CHANGE : 804F4562
12:04:09:718 2784 IRP_MJ_QUERY_QUOTA : 804F4562
12:04:09:718 2784 IRP_MJ_SET_QUOTA : 804F4562
12:04:09:734 2784 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
12:04:09:734 2784
12:04:09:734 2784 Driver Name: usbstor
12:04:09:734 2784 IRP_MJ_CREATE : F788D218
12:04:09:734 2784 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
12:04:09:734 2784 IRP_MJ_CLOSE : F788D218
12:04:09:734 2784 IRP_MJ_READ : F788D23C
12:04:09:734 2784 IRP_MJ_WRITE : F788D23C
12:04:09:734 2784 IRP_MJ_QUERY_INFORMATION : 804F4562
12:04:09:734 2784 IRP_MJ_SET_INFORMATION : 804F4562
12:04:09:734 2784 IRP_MJ_QUERY_EA : 804F4562
12:04:09:734 2784 IRP_MJ_SET_EA : 804F4562
12:04:09:734 2784 IRP_MJ_FLUSH_BUFFERS : 804F4562
12:04:09:734 2784 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
12:04:09:734 2784 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
12:04:09:734 2784 IRP_MJ_DIRECTORY_CONTROL : 804F4562
12:04:09:734 2784 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
12:04:09:734 2784 IRP_MJ_DEVICE_CONTROL : F788D180
12:04:09:734 2784 IRP_MJ_INTERNAL_DEVICE_CONTROL : F78889E6
12:04:09:734 2784 IRP_MJ_SHUTDOWN : 804F4562
12:04:09:734 2784 IRP_MJ_LOCK_CONTROL : 804F4562
12:04:09:734 2784 IRP_MJ_CLEANUP : 804F4562
12:04:09:734 2784 IRP_MJ_CREATE_MAILSLOT : 804F4562
12:04:09:734 2784 IRP_MJ_QUERY_SECURITY : 804F4562
12:04:09:734 2784 IRP_MJ_SET_SECURITY : 804F4562
12:04:09:734 2784 IRP_MJ_POWER : F788C5F0
12:04:09:734 2784 IRP_MJ_SYSTEM_CONTROL : F788AA6E
12:04:09:734 2784 IRP_MJ_DEVICE_CHANGE : 804F4562
12:04:09:734 2784 IRP_MJ_QUERY_QUOTA : 804F4562
12:04:09:734 2784 IRP_MJ_SET_QUOTA : 804F4562
12:04:09:734 2784 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
12:04:09:734 2784
12:04:09:734 2784 Driver Name: usbstor
12:04:09:734 2784 IRP_MJ_CREATE : F788D218
12:04:09:734 2784 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
12:04:09:734 2784 IRP_MJ_CLOSE : F788D218
12:04:09:734 2784 IRP_MJ_READ : F788D23C
12:04:09:734 2784 IRP_MJ_WRITE : F788D23C
12:04:09:734 2784 IRP_MJ_QUERY_INFORMATION : 804F4562
12:04:09:734 2784 IRP_MJ_SET_INFORMATION : 804F4562
12:04:09:734 2784 IRP_MJ_QUERY_EA : 804F4562
12:04:09:734 2784 IRP_MJ_SET_EA : 804F4562
12:04:09:734 2784 IRP_MJ_FLUSH_BUFFERS : 804F4562
12:04:09:734 2784 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
12:04:09:734 2784 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
12:04:09:734 2784 IRP_MJ_DIRECTORY_CONTROL : 804F4562
12:04:09:734 2784 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
12:04:09:734 2784 IRP_MJ_DEVICE_CONTROL : F788D180
12:04:09:734 2784 IRP_MJ_INTERNAL_DEVICE_CONTROL : F78889E6
12:04:09:734 2784 IRP_MJ_SHUTDOWN : 804F4562
12:04:09:734 2784 IRP_MJ_LOCK_CONTROL : 804F4562
12:04:09:734 2784 IRP_MJ_CLEANUP : 804F4562
12:04:09:734 2784 IRP_MJ_CREATE_MAILSLOT : 804F4562
12:04:09:734 2784 IRP_MJ_QUERY_SECURITY : 804F4562
12:04:09:734 2784 IRP_MJ_SET_SECURITY : 804F4562
12:04:09:734 2784 IRP_MJ_POWER : F788C5F0
12:04:09:734 2784 IRP_MJ_SYSTEM_CONTROL : F788AA6E
12:04:09:734 2784 IRP_MJ_DEVICE_CHANGE : 804F4562
12:04:09:734 2784 IRP_MJ_QUERY_QUOTA : 804F4562
12:04:09:734 2784 IRP_MJ_SET_QUOTA : 804F4562
12:04:09:734 2784 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
12:04:09:734 2784
12:04:09:734 2784 Driver Name: Disk
12:04:09:734 2784 IRP_MJ_CREATE : F75D6BB0
12:04:09:734 2784 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
12:04:09:734 2784 IRP_MJ_CLOSE : F75D6BB0
12:04:09:734 2784 IRP_MJ_READ : F75D0D1F
12:04:09:734 2784 IRP_MJ_WRITE : F75D0D1F
12:04:09:734 2784 IRP_MJ_QUERY_INFORMATION : 804F4562
12:04:09:734 2784 IRP_MJ_SET_INFORMATION : 804F4562
12:04:09:734 2784 IRP_MJ_QUERY_EA : 804F4562
12:04:09:734 2784 IRP_MJ_SET_EA : 804F4562
12:04:09:734 2784 IRP_MJ_FLUSH_BUFFERS : F75D12E2
12:04:09:734 2784 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
12:04:09:734 2784 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
12:04:09:734 2784 IRP_MJ_DIRECTORY_CONTROL : 804F4562
12:04:09:734 2784 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
12:04:09:734 2784 IRP_MJ_DEVICE_CONTROL : F75D13BB
12:04:09:734 2784 IRP_MJ_INTERNAL_DEVICE_CONTROL : F75D4F28
12:04:09:734 2784 IRP_MJ_SHUTDOWN : F75D12E2
12:04:09:734 2784 IRP_MJ_LOCK_CONTROL : 804F4562
12:04:09:734 2784 IRP_MJ_CLEANUP : 804F4562
12:04:09:734 2784 IRP_MJ_CREATE_MAILSLOT : 804F4562
12:04:09:734 2784 IRP_MJ_QUERY_SECURITY : 804F4562
12:04:09:734 2784 IRP_MJ_SET_SECURITY : 804F4562
12:04:09:734 2784 IRP_MJ_POWER : F75D2C82
12:04:09:734 2784 IRP_MJ_SYSTEM_CONTROL : F75D799E
12:04:09:734 2784 IRP_MJ_DEVICE_CHANGE : 804F4562
12:04:09:734 2784 IRP_MJ_QUERY_QUOTA : 804F4562
12:04:09:734 2784 IRP_MJ_SET_QUOTA : 804F4562
12:04:09:750 2784 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
12:04:09:750 2784
12:04:09:750 2784 Driver Name: Disk
12:04:09:750 2784 IRP_MJ_CREATE : F75D6BB0
12:04:09:750 2784 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
12:04:09:750 2784 IRP_MJ_CLOSE : F75D6BB0
12:04:09:750 2784 IRP_MJ_READ : F75D0D1F
12:04:09:750 2784 IRP_MJ_WRITE : F75D0D1F
12:04:09:750 2784 IRP_MJ_QUERY_INFORMATION : 804F4562
12:04:09:750 2784 IRP_MJ_SET_INFORMATION : 804F4562
12:04:09:750 2784 IRP_MJ_QUERY_EA : 804F4562
12:04:09:750 2784 IRP_MJ_SET_EA : 804F4562
12:04:09:750 2784 IRP_MJ_FLUSH_BUFFERS : F75D12E2
12:04:09:750 2784 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
12:04:09:750 2784 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
12:04:09:750 2784 IRP_MJ_DIRECTORY_CONTROL : 804F4562
12:04:09:750 2784 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
12:04:09:750 2784 IRP_MJ_DEVICE_CONTROL : F75D13BB
12:04:09:750 2784 IRP_MJ_INTERNAL_DEVICE_CONTROL : F75D4F28
12:04:09:750 2784 IRP_MJ_SHUTDOWN : F75D12E2
12:04:09:750 2784 IRP_MJ_LOCK_CONTROL : 804F4562
12:04:09:750 2784 IRP_MJ_CLEANUP : 804F4562
12:04:09:750 2784 IRP_MJ_CREATE_MAILSLOT : 804F4562
12:04:09:750 2784 IRP_MJ_QUERY_SECURITY : 804F4562
12:04:09:750 2784 IRP_MJ_SET_SECURITY : 804F4562
12:04:09:750 2784 IRP_MJ_POWER : F75D2C82
12:04:09:750 2784 IRP_MJ_SYSTEM_CONTROL : F75D799E
12:04:09:750 2784 IRP_MJ_DEVICE_CHANGE : 804F4562
12:04:09:750 2784 IRP_MJ_QUERY_QUOTA : 804F4562
12:04:09:750 2784 IRP_MJ_SET_QUOTA : 804F4562
12:04:09:750 2784 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
12:04:09:750 2784
12:04:09:750 2784 Driver Name: atapi
12:04:09:750 2784 IRP_MJ_CREATE : F726EB3A
12:04:09:750 2784 IRP_MJ_CREATE_NAMED_PIPE : F726EB3A
12:04:09:750 2784 IRP_MJ_CLOSE : F726EB3A
12:04:09:750 2784 IRP_MJ_READ : F726EB3A
12:04:09:750 2784 IRP_MJ_WRITE : F726EB3A
12:04:09:750 2784 IRP_MJ_QUERY_INFORMATION : F726EB3A
12:04:09:750 2784 IRP_MJ_SET_INFORMATION : F726EB3A
12:04:09:750 2784 IRP_MJ_QUERY_EA : F726EB3A
12:04:09:750 2784 IRP_MJ_SET_EA : F726EB3A
12:04:09:750 2784 IRP_MJ_FLUSH_BUFFERS : F726EB3A
12:04:09:750 2784 IRP_MJ_QUERY_VOLUME_INFORMATION : F726EB3A
12:04:09:750 2784 IRP_MJ_SET_VOLUME_INFORMATION : F726EB3A
12:04:09:750 2784 IRP_MJ_DIRECTORY_CONTROL : F726EB3A
12:04:09:750 2784 IRP_MJ_FILE_SYSTEM_CONTROL : F726EB3A
12:04:09:750 2784 IRP_MJ_DEVICE_CONTROL : F726EB3A
12:04:09:750 2784 IRP_MJ_INTERNAL_DEVICE_CONTROL : F726EB3A
12:04:09:750 2784 IRP_MJ_SHUTDOWN : F726EB3A
12:04:09:750 2784 IRP_MJ_LOCK_CONTROL : F726EB3A
12:04:09:750 2784 IRP_MJ_CLEANUP : F726EB3A
12:04:09:750 2784 IRP_MJ_CREATE_MAILSLOT : F726EB3A
12:04:09:750 2784 IRP_MJ_QUERY_SECURITY : F726EB3A
12:04:09:750 2784 IRP_MJ_SET_SECURITY : F726EB3A
12:04:09:750 2784 IRP_MJ_POWER : F726EB3A
12:04:09:750 2784 IRP_MJ_SYSTEM_CONTROL : F726EB3A
12:04:09:750 2784 IRP_MJ_DEVICE_CHANGE : F726EB3A
12:04:09:750 2784 IRP_MJ_QUERY_QUOTA : F726EB3A
12:04:09:750 2784 IRP_MJ_SET_QUOTA : F726EB3A
12:04:09:750 2784 Driver "atapi" infected by TDSS rootkit!
12:04:09:765 2784 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
12:04:09:765 2784 File "C:\WINDOWS\system32\DRIVERS\atapi.sys" infected by TDSS rootkit ... 12:04:09:765 2784 Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
12:04:09:765 2784 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3
12:04:10:187 2784 vfvi6
12:04:10:375 2784 !dsvbh1
12:04:12:359 2784 dsvbh2
12:04:12:359 2784 fdfb2
12:04:12:359 2784 Backup copy found, using it..
12:04:12:406 2784 will be cured on next reboot
12:04:12:406 2784
12:04:12:406 2784 Driver Name: atapi
12:04:12:406 2784 IRP_MJ_CREATE : F726EB3A
12:04:12:406 2784 IRP_MJ_CREATE_NAMED_PIPE : F726EB3A
12:04:12:406 2784 IRP_MJ_CLOSE : F726EB3A
12:04:12:406 2784 IRP_MJ_READ : F726EB3A
12:04:12:406 2784 IRP_MJ_WRITE : F726EB3A
12:04:12:406 2784 IRP_MJ_QUERY_INFORMATION : F726EB3A
12:04:12:406 2784 IRP_MJ_SET_INFORMATION : F726EB3A
12:04:12:406 2784 IRP_MJ_QUERY_EA : F726EB3A
12:04:12:406 2784 IRP_MJ_SET_EA : F726EB3A
12:04:12:406 2784 IRP_MJ_FLUSH_BUFFERS : F726EB3A
12:04:12:406 2784 IRP_MJ_QUERY_VOLUME_INFORMATION : F726EB3A
12:04:12:406 2784 IRP_MJ_SET_VOLUME_INFORMATION : F726EB3A
12:04:12:406 2784 IRP_MJ_DIRECTORY_CONTROL : F726EB3A
12:04:12:406 2784 IRP_MJ_FILE_SYSTEM_CONTROL : F726EB3A
12:04:12:406 2784 IRP_MJ_DEVICE_CONTROL : F726EB3A
12:04:12:406 2784 IRP_MJ_INTERNAL_DEVICE_CONTROL : F726EB3A
12:04:12:406 2784 IRP_MJ_SHUTDOWN : F726EB3A
12:04:12:406 2784 IRP_MJ_LOCK_CONTROL : F726EB3A
12:04:12:406 2784 IRP_MJ_CLEANUP : F726EB3A
12:04:12:406 2784 IRP_MJ_CREATE_MAILSLOT : F726EB3A
12:04:12:406 2784 IRP_MJ_QUERY_SECURITY : F726EB3A
12:04:12:406 2784 IRP_MJ_SET_SECURITY : F726EB3A
12:04:12:406 2784 IRP_MJ_POWER : F726EB3A
12:04:12:406 2784 IRP_MJ_SYSTEM_CONTROL : F726EB3A
12:04:12:406 2784 IRP_MJ_DEVICE_CHANGE : F726EB3A
12:04:12:406 2784 IRP_MJ_QUERY_QUOTA : F726EB3A
12:04:12:406 2784 IRP_MJ_SET_QUOTA : F726EB3A
12:04:12:406 2784 Driver "atapi" infected by TDSS rootkit!
12:04:12:406 2784 C:\WINDOWS\system32\drivers\tskA6.tmp - Verdict: 3
12:04:12:406 2784 Reboot required for cure complete..
12:04:12:437 2784 Cure on reboot scheduled successfully
12:04:12:437 2784
12:04:12:437 2784 Completed
12:04:12:437 2784
12:04:12:437 2784 Results:
12:04:12:437 2784 Memory objects infected / cured / cured on reboot: 2 / 0 / 0
12:04:12:437 2784 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
12:04:12:437 2784 File objects infected / cured / cured on reboot: 1 / 0 / 1
12:04:12:437 2784
12:04:12:437 2784 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
12:04:12:437 2784 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
12:04:12:453 2784 UnloadDriverW: NtUnloadDriver error 1
12:04:12:453 2784 KLMD(ARK) unloaded successfully


Report •

#5
April 25, 2010 at 03:53:04
Hi,

I seem to have exactly the same problem with mine and its a real pain!
It is also preventing me from installing the windows security update. Will following the same instructions fix my machine?
Any help greatly appreciated.


Report •

#6
June 14, 2010 at 14:11:49
I just resolved my redirect and windows update problem after weeks of trying different things. Adaware, Malwarebytes, spybot S&D, etc.. - nothing was fixing it. My problem was the results5.google redirector and not being able to connect to MS Windows Update. To save you the agony of my story - my router got hacked - despite being secured and having a super secret admin password. Check your router DHCP Server settings. In my Static DNS 1 setting, there was the IP Address 85.255.116.149. I opened a command prompt and did an nslookup and it returned that IP with a name server from the Ukrain. I deleted the DNS 1 IP Address and my problem went away.

I'm guessing that my pc was hacked and a logger installed - my super secret password for my router is also the password I log into my pc with (stupid right). Anyway, I changed all my passwords and made them different. Hope this helps.


Report •


Ask Question