Cannot access Anti Virus Websites

April 14, 2010 at 05:33:29
Specs: Windows XP, 1.6GHz Dual Core/1GB Ram
OK, a user has brought me there home notebook and it is riddled with viruses/spyware.

Originally I cleaned up Security Tool using this guide http://www.bleepingcomputer.com/vir...

I then ran various different Anti-Virus scans (avast) and Anti-Spyware/Malware (Malware Bytes, Spybot S&D and Ad-aware). All apps found problems and supposedly cleaned them up.

However I still cannot access certain AV websites (e.g. AVG) or other security based sites (cannot download I.E 8). I also have noticed that when using a flash drive to transfer security products my Kaspersky protected PC is noticing that the flash drive is always becoming infected with Net-Worm.Win32.Kido.ir

Please help, I really want to avoid a re-install since I’ve spent so long on the problem already!

I have run various tools, after reading through various posts on this (and other) websites. I successfully ran Combofix.exe but this has not resolved my problem. Here are my log files, apologies if I’m making an newbie mistakes:

Comboxfix:

ComboFix 10-04-13.03 - Anthony Bailey 14/04/2010 10:22:23.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1014.492 [GMT 1:00]
Running from: c:\documents and settings\Anthony Bailey\Desktop\toolb.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((( Files Created from 2010-03-14 to 2010-04-14 )))))))))))))))))))))))))))))))
.

2010-04-13 12:32 . 2010-04-14 07:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-13 12:32 . 2010-04-13 12:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-08 14:48 . 2010-03-09 10:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-08 14:48 . 2010-03-09 10:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-08 14:48 . 2010-03-09 10:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-08 14:48 . 2010-03-09 10:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-08 14:48 . 2010-03-09 10:08 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-04-08 14:48 . 2010-03-09 10:08 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-04-08 14:48 . 2010-03-09 10:08 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-04-08 14:48 . 2010-03-09 10:24 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-08 14:48 . 2010-03-09 10:24 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-08 14:48 . 2010-04-08 14:48 -------- d-----w- c:\program files\Alwil Software
2010-04-08 14:48 . 2010-04-08 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-04-08 13:29 . 2010-04-14 07:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-04-07 13:28 . 2010-04-07 10:19 134 ----a-w- C:\hostsperm.bat
2010-04-07 10:37 . 2010-04-07 10:37 -------- d-----w- c:\documents and settings\Anthony Bailey\Application Data\Malwarebytes
2010-04-07 10:27 . 2010-04-12 13:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-07 10:27 . 2010-04-07 10:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-07 10:23 . 2010-04-07 10:16 363520 ----a-w- C:\rkill.com
2010-03-23 23:17 . 2010-03-23 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-13 20:25 . 2010-03-13 19:23 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-03-13 19:23 . 2010-03-13 19:23 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-02-26 22:26 . 2006-09-13 14:35 -------- d-----w- c:\program files\Java
2010-02-26 19:14 . 2010-02-26 19:14 57656 ---ha-w- c:\windows\system32\mlfcache.dat
2009-03-21 14:18 . 2006-09-13 12:42 154406 --sha-r- c:\windows\system32\rmweu.dll
2009-11-30 21:21 . 2009-11-21 21:39 3483680 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-30 21:21 . 2009-11-21 21:39 75552 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2008-09-02 14:05 398776 ----a-w- c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-24 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-05 16206848]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 88204]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 356352]
"TPSMain"="TPSMain.exe" [2005-08-03 266240]
"NDSTray.exe"="NDSTray.exe" [BU]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 73728]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 118784]
"TFncKy"="TFncKy.exe" [BU]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_17\bin\jusched.exe" [2008-11-10 75264]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]

c:\documents and settings\Pauline Bailey\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-3-26 257752]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9509:TCP"= 9509:TCP:cmmldri

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [08/04/2010 15:48 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [08/04/2010 15:48 19024]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [14/09/2006 12:10 7040]
S2 bvahajnzv;Boot Update;c:\windows\system32\svchost.exe -k netsvcs [13/09/2006 13:42 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [03/02/2010 18:21 135664]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
bvahajnzv
.
Contents of the 'Scheduled Tasks' folder

2009-08-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2010-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 17:21]

2010-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 17:21]
.
.
------- Supplementary Scan -------
.
uStart Page = https://virginmedia.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &MSN Search - c:\program files\MSN Toolbar Suite\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Open in new background tab - c:\program files\MSN Toolbar Suite\en-gb\msntabres.dll.mui/229?95313124e5994561b0b22a57295b4ca
IE: Open in new foreground tab - c:\program files\MSN Toolbar Suite\en-gb\msntabres.dll.mui/230?95313124e5994561b0b22a57295b4ca
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bvahajnzv]
"ServiceDll"="c:\windows\system32\rmweu.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1380)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\program files\Windows Desktop Search\wds_slps.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
Completion time: 2010-04-14 10:28:07
ComboFix-quarantined-files.txt 2010-04-14 09:28
ComboFix2.txt 2010-04-14 09:16

Pre-Run: 22,008,172,544 bytes free
Post-Run: 21,997,268,992 bytes free

- - End Of File - - 86E6329327C815C6175252769974F470


See More: Cannot access Anti Virus Websites

Report •

#1
April 14, 2010 at 05:34:19
DDS.txt


DDS (Ver_10-03-17.01) - NTFSx86
Run by Anthony Bailey at 12:28:42.57 on 14/04/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.5.0_17
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1014.564 [GMT 1:00]

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_17\bin\jusched.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
E:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://virginmedia.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: dsWebAllowBHO Class: {2f85d76c-0569-466f-a488-493e6bd0e955} - c:\program files\windows desktop search\dsWebAllow.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - c:\program files\bearshare applications\bearshare mediabar\BearShareIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_17\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: BearShare MediaBar: {d3dee18f-db64-4beb-9ff1-e1f0a5033e4a} - c:\program files\bearshare applications\bearshare mediabar\BearShareMediaBar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [TPSMain] TPSMain.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [TFncKy] TFncKy.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [fssui] "c:\program files\windows live\family safety\fsui.exe" -autorun
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_17\bin\jusched.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &MSN Search - c:\program files\msn toolbar suite\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Open in new background tab - c:\program files\msn toolbar suite\en-gb\msntabres.dll.mui/229?95313124e5994561b0b22a57295b4ca
IE: Open in new foreground tab - c:\program files\msn toolbar suite\en-gb\msntabres.dll.mui/230?95313124e5994561b0b22a57295b4ca
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_17\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BADA82CB-BF48-4D76-9611-78E2C6F49F03} - hxxp://217.23.14.26/cont_/Bol.CAB
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-8 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-8 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-8 40384]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-5-17 54752]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2006-9-14 7040]
S2 bvahajnzv;Boot Update;c:\windows\system32\svchost.exe -k netsvcs [2006-9-13 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-8 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-8 40384]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

=============== Created Last 30 ================

2010-04-14 09:21:33 0 d-----w- C:\toolb
2010-04-14 08:27:02 0 d-sha-r- C:\cmdcons
2010-04-14 08:21:39 98816 ----a-w- c:\windows\sed.exe
2010-04-14 08:21:39 77312 ----a-w- c:\windows\MBR.exe
2010-04-14 08:21:39 261632 ----a-w- c:\windows\PEV.exe
2010-04-14 08:21:39 161792 ----a-w- c:\windows\SWREG.exe
2010-04-13 12:32:41 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-04-13 12:32:41 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-04-08 14:48:15 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-04-07 13:28:39 134 ----a-w- C:\hostsperm.bat
2010-04-07 10:37:13 0 d-----w- c:\docume~1\anthon~1\applic~1\Malwarebytes
2010-04-07 10:27:02 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-07 10:27:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-04-07 10:23:08 363520 ----a-w- C:\rkill.com

==================== Find3M ====================

2010-02-26 19:14:45 57656 ---ha-w- c:\windows\system32\mlfcache.dat
2009-03-21 14:18:57 154406 --sha-r- c:\windows\system32\rmweu.dll
2009-11-30 21:21:17 3483680 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-30 21:21:17 75552 --sha-w- c:\windows\system32\drivers\fidbox2.dat

============= FINISH: 12:28:50.71 ===============


Attach.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/12/2008 10:55:32
System Uptime: 14/04/2010 11:09:43 (1 hours ago)

Motherboard: Intel Corporation | | MPAD-MSAE Customer Reference Boards
Processor: Genuine Intel(R) CPU T2050 @ 1.60GHz | U1 | 1596/mhz
Processor: Genuine Intel(R) CPU T2050 @ 1.60GHz | U1 | 1596/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 56 GiB total, 20.507 GiB free.
D: is CDROM (CDFS)
E: is Removable

==== Disabled Device Manager Items =============

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6280
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

==== System Restore Points ===================

RP1: 14/02/2010 10:49:37 - System Checkpoint
RP2: 26/02/2010 22:23:33 - Installed J2SE Runtime Environment 5.0 Update 17
RP3: 06/03/2010 20:36:17 - System Checkpoint
RP4: 20/03/2010 11:48:13 - System Checkpoint
RP5: 21/03/2010 15:40:25 - System Checkpoint
RP6: 07/04/2010 17:40:32 - System Checkpoint
RP7: 08/04/2010 15:48:15 - avast! Free Antivirus Setup
RP8: 14/04/2010 09:21:54 - ComboFix created restore point

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Bengal 2
Bluetooth Stack for Windows by Toshiba
Bonjour
CD/DVD Drive Acoustic Silencer
Critical Update for Windows Media Player 11 (KB959772)
Google Toolbar for Internet Explorer
Google Update Helper
Guitar Pro 5.2
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB894871)
Hotfix for Windows XP (KB895200)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896243)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB917332)
Hotfix for Windows XP (KB918997)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
InterVideo WinDVD for TOSHIBA
iTunes
J2SE Runtime Environment 5.0 Update 17
Junk Mail filter update
Luxor - Quest For The Afterlife
Macromedia Flash Player
mCore
mDrWiFi
MediaBar 2.0
mHelp
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote 2003
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
mIWA
mLogView
mMHouse
mPfMgr
mPfWiz
mProSafe
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
mWlsSafe
mXML
mZConfig
Nokia Connectivity Cable Driver
Nokia PC Suite
PC Connectivity Solution
PKR
QuickTime
Realtek High Definition Audio Driver
RPS CRT
SD Secure Module
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
Sonic DLA
Sonic Encoders
Sonic RecordNow!
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Hotkey Utility
TOSHIBA Manuals
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA TouchPad ON/Off Utility
TOSHIBA Utilities
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Update for Windows XP (KB925720)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update Rollup 2 for Windows XP Media Center Edition 2005
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WCreator2
WebFldrs XP
Windows Desktop Search
Windows Driver Package - Nokia Modem (03/05/2008 3.7)
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
Windows Driver Package - Nokia Modem (06/01/2009 4.1)
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.3)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884018
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888622
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890546
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893056
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB894553
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
X10 Hardware(TM)

==== Event Viewer Messages From Past Week ========

14/04/2010 12:17:53, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}
13/04/2010 15:13:06, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
12/04/2010 13:59:56, error: Service Control Manager [7000] - The Security Services Driver (x86) service failed to start due to the following error: The system cannot find the file specified.
12/04/2010 13:59:55, error: Service Control Manager [7023] - The Boot Update service terminated with the following error: A dynamic link library (DLL) initialization routine failed.
12/04/2010 13:59:31, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
07/04/2010 14:32:09, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

==== End Of File ===========================


Report •

#2
April 14, 2010 at 05:34:45
TDSSKiller

12:31:21:093 2436 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
12:31:21:093 2436 ================================================================================
12:31:21:093 2436 SystemInfo:

12:31:21:093 2436 OS Version: 5.1.2600 ServicePack: 2.0
12:31:21:093 2436 Product type: Workstation
12:31:21:093 2436 ComputerName: YOUR-E659457A65
12:31:21:093 2436 UserName: Anthony Bailey
12:31:21:093 2436 Windows directory: C:\WINDOWS
12:31:21:093 2436 Processor architecture: Intel x86
12:31:21:093 2436 Number of processors: 2
12:31:21:093 2436 Page size: 0x1000
12:31:21:093 2436 Boot type: Normal boot
12:31:21:093 2436 ================================================================================
12:31:21:093 2436 UnloadDriverW: NtUnloadDriver error 2
12:31:21:093 2436 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
12:31:21:093 2436 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
12:31:21:093 2436 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
12:31:21:093 2436 wfopen_ex: Trying to KLMD file open
12:31:21:093 2436 wfopen_ex: File opened ok (Flags 2)
12:31:21:093 2436 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
12:31:21:093 2436 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
12:31:21:093 2436 wfopen_ex: Trying to KLMD file open
12:31:21:093 2436 wfopen_ex: File opened ok (Flags 2)
12:31:21:093 2436 Initialize success
12:31:21:093 2436
12:31:21:093 2436 Scanning Services ...
12:31:21:625 2436 Raw services enum returned 380 services
12:31:21:640 2436 Suspicious serv bvahajnzv (h: 0, b: 1)
12:31:21:640 2436
12:31:21:640 2436 Scanning Kernel memory ...
12:31:21:640 2436 Devices to scan: 7
12:31:21:640 2436
12:31:21:640 2436 Driver Name: Disk
12:31:21:640 2436 IRP_MJ_CREATE : F7864C30
12:31:21:640 2436 IRP_MJ_CREATE_NAMED_PIPE : 804F9749
12:31:21:640 2436 IRP_MJ_CLOSE : F7864C30
12:31:21:640 2436 IRP_MJ_READ : F785ED9B
12:31:21:640 2436 IRP_MJ_WRITE : F785ED9B
12:31:21:640 2436 IRP_MJ_QUERY_INFORMATION : 804F9749
12:31:21:640 2436 IRP_MJ_SET_INFORMATION : 804F9749
12:31:21:640 2436 IRP_MJ_QUERY_EA : 804F9749
12:31:21:640 2436 IRP_MJ_SET_EA : 804F9749
12:31:21:640 2436 IRP_MJ_FLUSH_BUFFERS : F785F366
12:31:21:640 2436 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9749
12:31:21:640 2436 IRP_MJ_SET_VOLUME_INFORMATION : 804F9749
12:31:21:640 2436 IRP_MJ_DIRECTORY_CONTROL : 804F9749
12:31:21:640 2436 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9749
12:31:21:640 2436 IRP_MJ_DEVICE_CONTROL : F785F44D
12:31:21:640 2436 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7862FC3
12:31:21:640 2436 IRP_MJ_SHUTDOWN : F785F366
12:31:21:640 2436 IRP_MJ_LOCK_CONTROL : 804F9749
12:31:21:640 2436 IRP_MJ_CLEANUP : 804F9749
12:31:21:640 2436 IRP_MJ_CREATE_MAILSLOT : 804F9749
12:31:21:640 2436 IRP_MJ_QUERY_SECURITY : 804F9749
12:31:21:640 2436 IRP_MJ_SET_SECURITY : 804F9749
12:31:21:640 2436 IRP_MJ_POWER : F7860EF3
12:31:21:640 2436 IRP_MJ_SYSTEM_CONTROL : F7865A24
12:31:21:640 2436 IRP_MJ_DEVICE_CHANGE : 804F9749
12:31:21:640 2436 IRP_MJ_QUERY_QUOTA : 804F9749
12:31:21:640 2436 IRP_MJ_SET_QUOTA : 804F9749
12:31:21:640 2436 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
12:31:21:640 2436
12:31:21:640 2436 Driver Name: USBSTOR
12:31:21:640 2436 IRP_MJ_CREATE : F7BAB218
12:31:21:640 2436 IRP_MJ_CREATE_NAMED_PIPE : 804F9749
12:31:21:640 2436 IRP_MJ_CLOSE : F7BAB218
12:31:21:640 2436 IRP_MJ_READ : F7BAB23C
12:31:21:640 2436 IRP_MJ_WRITE : F7BAB23C
12:31:21:640 2436 IRP_MJ_QUERY_INFORMATION : 804F9749
12:31:21:640 2436 IRP_MJ_SET_INFORMATION : 804F9749
12:31:21:640 2436 IRP_MJ_QUERY_EA : 804F9749
12:31:21:640 2436 IRP_MJ_SET_EA : 804F9749
12:31:21:640 2436 IRP_MJ_FLUSH_BUFFERS : 804F9749
12:31:21:640 2436 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9749
12:31:21:640 2436 IRP_MJ_SET_VOLUME_INFORMATION : 804F9749
12:31:21:640 2436 IRP_MJ_DIRECTORY_CONTROL : 804F9749
12:31:21:640 2436 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9749
12:31:21:640 2436 IRP_MJ_DEVICE_CONTROL : F7BAB180
12:31:21:640 2436 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7BA69E6
12:31:21:640 2436 IRP_MJ_SHUTDOWN : 804F9749
12:31:21:640 2436 IRP_MJ_LOCK_CONTROL : 804F9749
12:31:21:640 2436 IRP_MJ_CLEANUP : 804F9749
12:31:21:640 2436 IRP_MJ_CREATE_MAILSLOT : 804F9749
12:31:21:640 2436 IRP_MJ_QUERY_SECURITY : 804F9749
12:31:21:640 2436 IRP_MJ_SET_SECURITY : 804F9749
12:31:21:640 2436 IRP_MJ_POWER : F7BAA5F0
12:31:21:640 2436 IRP_MJ_SYSTEM_CONTROL : F7BA8A6E
12:31:21:640 2436 IRP_MJ_DEVICE_CHANGE : 804F9749
12:31:21:640 2436 IRP_MJ_QUERY_QUOTA : 804F9749
12:31:21:640 2436 IRP_MJ_SET_QUOTA : 804F9749
12:31:21:640 2436 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
12:31:21:640 2436
12:31:21:640 2436 Driver Name: Disk
12:31:21:640 2436 IRP_MJ_CREATE : F7864C30
12:31:21:640 2436 IRP_MJ_CREATE_NAMED_PIPE : 804F9749
12:31:21:640 2436 IRP_MJ_CLOSE : F7864C30
12:31:21:640 2436 IRP_MJ_READ : F785ED9B
12:31:21:640 2436 IRP_MJ_WRITE : F785ED9B
12:31:21:640 2436 IRP_MJ_QUERY_INFORMATION : 804F9749
12:31:21:640 2436 IRP_MJ_SET_INFORMATION : 804F9749
12:31:21:640 2436 IRP_MJ_QUERY_EA : 804F9749
12:31:21:640 2436 IRP_MJ_SET_EA : 804F9749
12:31:21:640 2436 IRP_MJ_FLUSH_BUFFERS : F785F366
12:31:21:640 2436 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9749
12:31:21:640 2436 IRP_MJ_SET_VOLUME_INFORMATION : 804F9749
12:31:21:640 2436 IRP_MJ_DIRECTORY_CONTROL : 804F9749
12:31:21:640 2436 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9749
12:31:21:640 2436 IRP_MJ_DEVICE_CONTROL : F785F44D
12:31:21:640 2436 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7862FC3
12:31:21:640 2436 IRP_MJ_SHUTDOWN : F785F366
12:31:21:640 2436 IRP_MJ_LOCK_CONTROL : 804F9749
12:31:21:640 2436 IRP_MJ_CLEANUP : 804F9749
12:31:21:640 2436 IRP_MJ_CREATE_MAILSLOT : 804F9749
12:31:21:640 2436 IRP_MJ_QUERY_SECURITY : 804F9749
12:31:21:640 2436 IRP_MJ_SET_SECURITY : 804F9749
12:31:21:640 2436 IRP_MJ_POWER : F7860EF3
12:31:21:640 2436 IRP_MJ_SYSTEM_CONTROL : F7865A24
12:31:21:640 2436 IRP_MJ_DEVICE_CHANGE : 804F9749
12:31:21:640 2436 IRP_MJ_QUERY_QUOTA : 804F9749
12:31:21:640 2436 IRP_MJ_SET_QUOTA : 804F9749
12:31:21:640 2436 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
12:31:21:640 2436
12:31:21:640 2436 Driver Name: Disk
12:31:21:640 2436 IRP_MJ_CREATE : F7864C30
12:31:21:640 2436 IRP_MJ_CREATE_NAMED_PIPE : 804F9749
12:31:21:640 2436 IRP_MJ_CLOSE : F7864C30
12:31:21:640 2436 IRP_MJ_READ : F785ED9B
12:31:21:640 2436 IRP_MJ_WRITE : F785ED9B
12:31:21:640 2436 IRP_MJ_QUERY_INFORMATION : 804F9749
12:31:21:640 2436 IRP_MJ_SET_INFORMATION : 804F9749
12:31:21:640 2436 IRP_MJ_QUERY_EA : 804F9749
12:31:21:640 2436 IRP_MJ_SET_EA : 804F9749
12:31:21:640 2436 IRP_MJ_FLUSH_BUFFERS : F785F366
12:31:21:640 2436 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9749
12:31:21:640 2436 IRP_MJ_SET_VOLUME_INFORMATION : 804F9749
12:31:21:640 2436 IRP_MJ_DIRECTORY_CONTROL : 804F9749
12:31:21:640 2436 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9749
12:31:21:640 2436 IRP_MJ_DEVICE_CONTROL : F785F44D
12:31:21:640 2436 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7862FC3
12:31:21:640 2436 IRP_MJ_SHUTDOWN : F785F366
12:31:21:640 2436 IRP_MJ_LOCK_CONTROL : 804F9749
12:31:21:640 2436 IRP_MJ_CLEANUP : 804F9749
12:31:21:640 2436 IRP_MJ_CREATE_MAILSLOT : 804F9749
12:31:21:640 2436 IRP_MJ_QUERY_SECURITY : 804F9749
12:31:21:640 2436 IRP_MJ_SET_SECURITY : 804F9749
12:31:21:640 2436 IRP_MJ_POWER : F7860EF3
12:31:21:640 2436 IRP_MJ_SYSTEM_CONTROL : F7865A24
12:31:21:640 2436 IRP_MJ_DEVICE_CHANGE : 804F9749
12:31:21:640 2436 IRP_MJ_QUERY_QUOTA : 804F9749
12:31:21:640 2436 IRP_MJ_SET_QUOTA : 804F9749
12:31:21:640 2436 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
12:31:21:640 2436
12:31:21:640 2436 Driver Name: Disk
12:31:21:640 2436 IRP_MJ_CREATE : F7864C30
12:31:21:640 2436 IRP_MJ_CREATE_NAMED_PIPE : 804F9749
12:31:21:640 2436 IRP_MJ_CLOSE : F7864C30
12:31:21:640 2436 IRP_MJ_READ : F785ED9B
12:31:21:640 2436 IRP_MJ_WRITE : F785ED9B
12:31:21:640 2436 IRP_MJ_QUERY_INFORMATION : 804F9749
12:31:21:640 2436 IRP_MJ_SET_INFORMATION : 804F9749
12:31:21:640 2436 IRP_MJ_QUERY_EA : 804F9749
12:31:21:640 2436 IRP_MJ_SET_EA : 804F9749
12:31:21:640 2436 IRP_MJ_FLUSH_BUFFERS : F785F366
12:31:21:640 2436 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9749
12:31:21:640 2436 IRP_MJ_SET_VOLUME_INFORMATION : 804F9749
12:31:21:640 2436 IRP_MJ_DIRECTORY_CONTROL : 804F9749
12:31:21:640 2436 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9749
12:31:21:640 2436 IRP_MJ_DEVICE_CONTROL : F785F44D
12:31:21:640 2436 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7862FC3
12:31:21:640 2436 IRP_MJ_SHUTDOWN : F785F366
12:31:21:640 2436 IRP_MJ_LOCK_CONTROL : 804F9749
12:31:21:640 2436 IRP_MJ_CLEANUP : 804F9749
12:31:21:640 2436 IRP_MJ_CREATE_MAILSLOT : 804F9749
12:31:21:640 2436 IRP_MJ_QUERY_SECURITY : 804F9749
12:31:21:640 2436 IRP_MJ_SET_SECURITY : 804F9749
12:31:21:640 2436 IRP_MJ_POWER : F7860EF3
12:31:21:640 2436 IRP_MJ_SYSTEM_CONTROL : F7865A24
12:31:21:640 2436 IRP_MJ_DEVICE_CHANGE : 804F9749
12:31:21:640 2436 IRP_MJ_QUERY_QUOTA : 804F9749
12:31:21:640 2436 IRP_MJ_SET_QUOTA : 804F9749
12:31:21:640 2436 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
12:31:21:640 2436
12:31:21:640 2436 Driver Name: Disk
12:31:21:640 2436 IRP_MJ_CREATE : F7864C30
12:31:21:656 2436 IRP_MJ_CREATE_NAMED_PIPE : 804F9749
12:31:21:656 2436 IRP_MJ_CLOSE : F7864C30
12:31:21:656 2436 IRP_MJ_READ : F785ED9B
12:31:21:656 2436 IRP_MJ_WRITE : F785ED9B
12:31:21:656 2436 IRP_MJ_QUERY_INFORMATION : 804F9749
12:31:21:656 2436 IRP_MJ_SET_INFORMATION : 804F9749
12:31:21:656 2436 IRP_MJ_QUERY_EA : 804F9749
12:31:21:656 2436 IRP_MJ_SET_EA : 804F9749
12:31:21:656 2436 IRP_MJ_FLUSH_BUFFERS : F785F366
12:31:21:656 2436 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9749
12:31:21:656 2436 IRP_MJ_SET_VOLUME_INFORMATION : 804F9749
12:31:21:656 2436 IRP_MJ_DIRECTORY_CONTROL : 804F9749
12:31:21:656 2436 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9749
12:31:21:656 2436 IRP_MJ_DEVICE_CONTROL : F785F44D
12:31:21:656 2436 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7862FC3
12:31:21:656 2436 IRP_MJ_SHUTDOWN : F785F366
12:31:21:656 2436 IRP_MJ_LOCK_CONTROL : 804F9749
12:31:21:656 2436 IRP_MJ_CLEANUP : 804F9749
12:31:21:656 2436 IRP_MJ_CREATE_MAILSLOT : 804F9749
12:31:21:656 2436 IRP_MJ_QUERY_SECURITY : 804F9749
12:31:21:656 2436 IRP_MJ_SET_SECURITY : 804F9749
12:31:21:656 2436 IRP_MJ_POWER : F7860EF3
12:31:21:656 2436 IRP_MJ_SYSTEM_CONTROL : F7865A24
12:31:21:656 2436 IRP_MJ_DEVICE_CHANGE : 804F9749
12:31:21:656 2436 IRP_MJ_QUERY_QUOTA : 804F9749
12:31:21:656 2436 IRP_MJ_SET_QUOTA : 804F9749
12:31:21:656 2436 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
12:31:21:656 2436
12:31:21:656 2436 Driver Name: atapi
12:31:21:656 2436 IRP_MJ_CREATE : F772D572
12:31:21:656 2436 IRP_MJ_CREATE_NAMED_PIPE : 804F9749
12:31:21:656 2436 IRP_MJ_CLOSE : F772D572
12:31:21:656 2436 IRP_MJ_READ : 804F9749
12:31:21:656 2436 IRP_MJ_WRITE : 804F9749
12:31:21:656 2436 IRP_MJ_QUERY_INFORMATION : 804F9749
12:31:21:656 2436 IRP_MJ_SET_INFORMATION : 804F9749
12:31:21:656 2436 IRP_MJ_QUERY_EA : 804F9749
12:31:21:656 2436 IRP_MJ_SET_EA : 804F9749
12:31:21:656 2436 IRP_MJ_FLUSH_BUFFERS : 804F9749
12:31:21:656 2436 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9749
12:31:21:656 2436 IRP_MJ_SET_VOLUME_INFORMATION : 804F9749
12:31:21:656 2436 IRP_MJ_DIRECTORY_CONTROL : 804F9749
12:31:21:656 2436 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9749
12:31:21:656 2436 IRP_MJ_DEVICE_CONTROL : F772D592
12:31:21:656 2436 IRP_MJ_INTERNAL_DEVICE_CONTROL : F77297B4
12:31:21:656 2436 IRP_MJ_SHUTDOWN : 804F9749
12:31:21:656 2436 IRP_MJ_LOCK_CONTROL : 804F9749
12:31:21:656 2436 IRP_MJ_CLEANUP : 804F9749
12:31:21:656 2436 IRP_MJ_CREATE_MAILSLOT : 804F9749
12:31:21:656 2436 IRP_MJ_QUERY_SECURITY : 804F9749
12:31:21:656 2436 IRP_MJ_SET_SECURITY : 804F9749
12:31:21:656 2436 IRP_MJ_POWER : F772D5BC
12:31:21:656 2436 IRP_MJ_SYSTEM_CONTROL : F7734164
12:31:21:656 2436 IRP_MJ_DEVICE_CHANGE : 804F9749
12:31:21:656 2436 IRP_MJ_QUERY_QUOTA : 804F9749
12:31:21:656 2436 IRP_MJ_SET_QUOTA : 804F9749
12:31:21:656 2436 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
12:31:21:656 2436
12:31:21:656 2436 Completed
12:31:21:656 2436
12:31:21:656 2436 Results:
12:31:21:656 2436 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
12:31:21:656 2436 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
12:31:21:656 2436 File objects infected / cured / cured on reboot: 0 / 0 / 0
12:31:21:656 2436
12:31:21:656 2436 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
12:31:21:656 2436 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
12:31:21:656 2436 KLMD(ARK) unloaded successfully


Report •
Related Solutions


Ask Question