Search Engine Redirect Virus?

February 12, 2010 at 16:57:32
Specs: Windows XP
I keep having issues with what I believe is a search engine redirect virus. I have Avast Free and Spybot search and destroy and neither is picking this up. I can clear my internet history and get one or two searches, then it starts to redirect me again.

See More: Search Engine Redirect Virus?

Report •


#1
February 12, 2010 at 18:36:08
You may need to use the backward/forward arrow in your browser to get to the correct site. It may take several attempts to get there.

Download DDS and save it to your desktop.
DDS.scr


Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt

* Save both reports to your desktop then post them please.


Report •

#2
February 12, 2010 at 18:45:05
I REALLY appreciate your help!

Here they are:

First one:

DDS (Ver_09-12-01.01) - NTFSx86
Run by User at 21:42:37.37 on Fri 02/12/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1331 [GMT -5:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PSIService.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [windpipe] "c:\documents and settings\user\application data\google\fhexj6825097.exe" 2
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Aim6]
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [Corel Photo Downloader] c:\program files\cvs\cvs photo editor plus\Corel Photo Downloader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://www.facebook.com/fbplugin/win32/axfbootloader.cab?1265903714875
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184323226734
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?AuthParam=1209587960_e119c2917fb8d0fdc27b84e0c1b66b2e&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} - hxxp://cvs.pnimedia.com/upload/activex/v2_0_0_11/PCAXSetupv2.0.0.11.cab?
TCP: NameServer = 93.188.163.39,93.188.161.101
TCP: {4FA7BB70-D7FB-45BD-99C7-80A6C8368283} = 93.188.163.39,93.188.161.101
TCP: {55436224-6DA2-4BB6-9988-9E90659546F2} = 93.188.163.39,93.188.161.101
AppInit_DLLs: ,
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-12 162512]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-12 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-12 40384]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-28 24652]
R3 ADM851x;ADMtek ADM8513 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\ADM851x.SYS [2007-7-16 26493]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-12 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-12 40384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]

=============== Created Last 30 ================

2010-02-12 21:49:24 0 d-----w- c:\windows\pss
2010-02-12 21:21:40 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-02-12 21:21:40 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-02-12 18:24:44 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-02-12 14:40:26 347 ----a-w- c:\windows\CTWave32.INI
2010-02-12 14:39:38 29 ----a-w- c:\windows\sfbm.INI
2010-02-11 15:55:26 0 d-----w- c:\docume~1\user\applic~1\Facebook
2010-02-11 03:18:09 0 d-----w- c:\windows\system32\appmgmt
2010-02-10 21:13:52 935 ----a-w- c:\documents and settings\user\.recently-used.xbel
2010-02-10 21:13:38 0 d-----w- c:\documents and settings\user\.thumbnails
2010-02-09 21:17:49 0 d-----w- c:\documents and settings\user\.gimp-2.6
2010-02-09 21:17:43 0 d-----w- c:\documents and settings\user\.gegl-0.0
2010-02-09 21:16:19 0 d-----w- c:\program files\Freeze.com
2010-02-09 21:16:11 0 d-----w- c:\program files\Yahoo!
2010-01-30 12:25:20 0 d-----w- c:\docume~1\user\applic~1\E-centives
2010-01-26 03:59:29 230808 ----a-r- c:\windows\system32\cpnprt2.cid
2010-01-26 03:58:33 0 d-----w- c:\windows\Cache
2010-01-26 03:58:30 0 d-----w- c:\program files\Coupons

==================== Find3M ====================

2010-02-13 01:36:19 139759 ----a-w- c:\windows\hpoins15.dat
2010-02-10 21:22:30 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-02-03 15:48:00 2964 ----a-w- c:\docume~1\user\applic~1\wklnhst.dat
2009-12-26 14:40:44 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLdw.DAT
2009-12-26 14:39:35 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT
2009-12-26 14:14:50 106496 ----a-w- c:\windows\system32\ATL71.DLL
2009-12-23 00:48:27 31284 ---ha-w- c:\windows\system32\mlfcache.dat
2009-06-25 18:22:53 8 --sh--r- c:\windows\system32\66FF78EEEB.sys

============= FINISH: 21:43:28.90 ===============


Report •

#3
February 12, 2010 at 18:45:50
Second one:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/13/2007 12:33:27 AM
System Uptime: 2/12/2010 8:20:55 PM (1 hours ago)

Motherboard: Dell Inc | | 0UW457
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket M2 | 2204/1000mhz
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket M2 | 2204/1000mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 105.414 GiB free.
D: is CDROM (CDFS)
E: is Removable

==== Disabled Device Manager Items =============

Class GUID:
Description: Multimedia Audio Controller
Device ID: PCI\VEN_1102&DEV_0005&SUBSYS_10031102&REV_00\4&DC268A3&0&4080
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_1102&DEV_0005&SUBSYS_10031102&REV_00\4&DC268A3&0&4080
Service:

==== System Restore Points ===================

RP858: 11/15/2009 3:27:32 PM - System Checkpoint
RP859: 11/16/2009 3:42:03 PM - System Checkpoint
RP860: 11/17/2009 3:48:05 PM - System Checkpoint
RP861: 11/18/2009 4:35:07 PM - System Checkpoint
RP862: 11/19/2009 4:37:11 PM - System Checkpoint
RP863: 11/20/2009 5:58:13 PM - System Checkpoint
RP864: 11/21/2009 6:20:11 PM - System Checkpoint
RP865: 11/22/2009 8:18:27 PM - System Checkpoint
RP866: 11/23/2009 9:12:39 PM - System Checkpoint
RP867: 11/24/2009 10:30:34 PM - System Checkpoint
RP868: 11/25/2009 10:44:10 PM - System Checkpoint
RP869: 11/26/2009 9:22:39 AM - Avg8 Update
RP870: 11/27/2009 9:31:11 AM - System Checkpoint
RP871: 11/28/2009 10:30:59 AM - System Checkpoint
RP872: 11/29/2009 11:18:02 AM - System Checkpoint
RP873: 11/30/2009 11:54:36 AM - System Checkpoint
RP874: 12/1/2009 11:55:03 AM - System Checkpoint
RP875: 12/2/2009 12:59:43 PM - System Checkpoint
RP876: 12/3/2009 1:57:04 PM - System Checkpoint
RP877: 12/4/2009 3:27:08 PM - System Checkpoint
RP878: 12/5/2009 3:59:57 PM - System Checkpoint
RP879: 12/6/2009 4:47:40 PM - System Checkpoint
RP880: 12/7/2009 5:16:46 PM - System Checkpoint
RP881: 12/8/2009 11:31:53 PM - System Checkpoint
RP882: 12/9/2009 8:24:29 AM - Avg8 Update
RP883: 12/10/2009 9:00:33 AM - System Checkpoint
RP884: 12/11/2009 9:30:25 AM - System Checkpoint
RP885: 12/12/2009 8:18:08 AM - Avg8 Update
RP886: 12/12/2009 8:18:46 AM - Avg8 Update
RP887: 12/13/2009 9:37:26 AM - System Checkpoint
RP888: 12/14/2009 9:45:29 AM - System Checkpoint
RP889: 12/15/2009 10:24:56 AM - System Checkpoint
RP890: 12/16/2009 10:28:31 AM - System Checkpoint
RP891: 12/17/2009 10:44:14 AM - System Checkpoint
RP892: 12/18/2009 11:45:20 AM - System Checkpoint
RP893: 12/19/2009 11:47:38 AM - System Checkpoint
RP894: 12/20/2009 12:33:18 PM - System Checkpoint
RP895: 12/21/2009 12:45:15 PM - System Checkpoint
RP896: 12/22/2009 9:00:33 AM - Avg8 Update
RP897: 12/22/2009 7:25:03 PM - Installed iTunes
RP898: 12/23/2009 8:09:30 PM - System Checkpoint
RP899: 12/24/2009 8:45:47 PM - System Checkpoint
RP900: 12/25/2009 9:38:41 PM - System Checkpoint
RP901: 12/26/2009 9:15:22 AM - Installed Nikon Transfer
RP902: 12/26/2009 9:16:26 AM - Installed ViewNX
RP903: 12/26/2009 9:17:06 AM - Installed Picture Control Utility
RP904: 12/26/2009 9:17:35 AM - Installed File Uploader
RP905: 12/26/2009 9:17:57 AM - Installed Nikon Message Center
RP906: 12/26/2009 9:19:56 AM - Installed Nikon RAW Codec
RP907: 12/27/2009 9:41:59 AM - System Checkpoint
RP908: 12/28/2009 8:53:27 AM - Avg8 Update
RP909: 12/29/2009 8:56:38 AM - System Checkpoint
RP910: 12/30/2009 9:44:05 AM - System Checkpoint
RP911: 12/31/2009 10:44:56 AM - System Checkpoint
RP912: 1/1/2010 11:50:26 AM - System Checkpoint
RP913: 1/2/2010 11:56:41 AM - System Checkpoint
RP914: 1/3/2010 12:48:31 PM - System Checkpoint
RP915: 1/4/2010 8:44:37 AM - Avg8 Update
RP916: 1/5/2010 10:42:19 AM - System Checkpoint
RP917: 1/6/2010 10:56:11 AM - System Checkpoint
RP918: 1/7/2010 11:17:50 AM - System Checkpoint
RP919: 1/8/2010 11:25:29 AM - System Checkpoint
RP920: 1/9/2010 11:44:50 AM - System Checkpoint
RP921: 1/10/2010 2:19:08 PM - System Checkpoint
RP922: 1/11/2010 2:25:09 PM - System Checkpoint
RP923: 1/12/2010 3:09:38 PM - System Checkpoint
RP924: 1/13/2010 4:21:08 PM - System Checkpoint
RP925: 1/14/2010 4:57:05 PM - System Checkpoint
RP926: 1/15/2010 6:29:53 PM - System Checkpoint
RP927: 1/16/2010 7:39:08 PM - System Checkpoint
RP928: 1/17/2010 8:10:38 PM - System Checkpoint
RP929: 1/18/2010 8:11:35 PM - System Checkpoint
RP930: 1/19/2010 8:44:53 PM - System Checkpoint
RP931: 1/20/2010 11:25:04 PM - System Checkpoint
RP932: 1/21/2010 11:58:58 PM - System Checkpoint
RP933: 1/23/2010 12:58:59 AM - System Checkpoint
RP934: 1/24/2010 1:37:18 AM - System Checkpoint
RP935: 1/25/2010 2:08:11 AM - System Checkpoint
RP936: 1/26/2010 3:08:18 AM - System Checkpoint
RP937: 1/27/2010 4:08:09 AM - System Checkpoint
RP938: 1/28/2010 5:06:04 AM - System Checkpoint
RP939: 1/29/2010 5:17:00 AM - System Checkpoint
RP940: 1/30/2010 5:47:08 AM - System Checkpoint
RP941: 1/31/2010 6:40:53 AM - System Checkpoint
RP942: 2/1/2010 8:30:15 AM - System Checkpoint
RP943: 2/2/2010 8:30:41 AM - System Checkpoint
RP944: 2/3/2010 9:01:53 AM - System Checkpoint
RP945: 2/3/2010 9:42:43 AM - Avg8 Update
RP946: 2/4/2010 10:36:52 AM - System Checkpoint
RP947: 2/5/2010 11:35:42 AM - System Checkpoint
RP948: 2/6/2010 11:58:49 AM - System Checkpoint
RP949: 2/7/2010 12:36:47 PM - System Checkpoint
RP950: 2/8/2010 1:33:36 PM - System Checkpoint
RP951: 2/9/2010 2:34:43 PM - System Checkpoint
RP952: 2/10/2010 3:07:28 PM - System Checkpoint
RP953: 2/10/2010 10:17:57 PM - Removed Sonic Encoders
RP954: 2/10/2010 10:22:35 PM - Removed ATI Catalyst Control Center
RP955: 2/11/2010 10:33:42 PM - System Checkpoint
RP956: 2/12/2010 9:38:18 AM - Removed Creative Audio Creation Mode console
RP957: 2/12/2010 9:38:25 AM - Configured Engine Installer
RP958: 2/12/2010 9:38:31 AM - Removed Creative Entertainment Mode console
RP959: 2/12/2010 9:38:37 AM - Removed Creative Game Mode console
RP960: 2/12/2010 9:38:42 AM - Removed Creative Console Launcher Component
RP961: 2/12/2010 9:38:46 AM - Configured Engine Installer
RP962: 2/12/2010 9:38:53 AM - Removed Mode Switcher
RP963: 2/12/2010 9:38:57 AM - Configured Engine Installer
RP964: 2/12/2010 9:39:03 AM - Removed Creative Audio Console
RP965: 2/12/2010 9:39:08 AM - Removed Creative 3DMIDI Player
RP966: 2/12/2010 9:39:14 AM - Removed Creative Diagnostics 4
RP967: 2/12/2010 9:39:19 AM - Removed Creative MediaSource DVD-Audio Player
RP968: 2/12/2010 9:39:23 AM - Configured Engine Installer
RP969: 2/12/2010 9:39:30 AM - Removed Creative Speaker Connection Wizard
RP970: 2/12/2010 9:39:35 AM - Removed THX Setup Console
RP971: 2/12/2010 9:39:41 AM - Removed SoundFont Bank Manager
RP972: 2/12/2010 9:39:46 AM - Removed Creative Karaoke Player
RP973: 2/12/2010 9:39:50 AM - Configured Engine Installer
RP974: 2/12/2010 9:39:57 AM - Removed Creative Smart Recorder
RP975: 2/12/2010 9:40:01 AM - Configured Engine Installer
RP976: 2/12/2010 9:40:07 AM - Removed Creative Vienna SoundFont Studio
RP977: 2/12/2010 9:40:14 AM - Removed Creative Volume Panel
RP978: 2/12/2010 9:40:18 AM - Configured Engine Installer
RP979: 2/12/2010 9:40:23 AM - Removed Creative Audio Device Selection
RP980: 2/12/2010 9:40:29 AM - Removed Creative WaveStudio
RP981: 2/12/2010 9:40:35 AM - Removed X-Fi Splash
RP982: 2/12/2010 9:40:40 AM - Configured Engine Installer
RP983: 2/12/2010 9:40:46 AM - Removed On Screen Display
RP984: 2/12/2010 9:41:08 AM - Removed Sound Blaster X-Fi
RP985: 2/12/2010 10:13:56 AM - Removed EzTune
RP986: 2/12/2010 10:14:04 AM - Removed EzTune
RP987: 2/12/2010 10:14:11 AM - Removed Pivot Software
RP988: 2/12/2010 10:14:14 AM - Removed Pivot Software
RP989: 2/12/2010 1:01:42 PM - Removed AVG Free 8.5
RP990: 2/12/2010 1:02:47 PM - Installed AVG Free 8.5
RP991: 2/12/2010 1:24:44 PM - avast! Free Antivirus Setup

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.4
Adobe® Photoshop® Album Starter Edition 3.2
AIM 6
AIO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Display Driver
avast! Free Antivirus
Bonjour
Broadcom 440x 10/100 Integrated Controller
BufferChm
C4200
C4200_doccd
c4200_Help
Compatibility Pack for the 2007 Office system
Copy
Corel Paint Shop Pro Photo XI
Coupon Printer for Windows
Creative MediaSource
CustomerResearchQFolder
CVS Photo Editor Plus
Dell Resource CD
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
ESPNMotion
eSupportQFolder
Facebook Plug-In
File Uploader
GemMaster Mystic
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 9.0
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPProductAssistant
HPSSupply
iTunes
Java(TM) 6 Update 5
Logitech MouseWare 9.76
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
My.Freeze.com NetAssistant
Nikon Message Center
Nikon RAW Codec
Nikon Transfer
NVIDIA Drivers
Otto
Picture Control Utility
PS_AIO_ProductContext
PS_AIO_Software
PS_AIO_Software_min
PSSWCORE
QuickTime
Scan
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Shop for HP Supplies
SolutionCenter
Spybot - Search & Destroy
Status
Toolbox
TrayApp
Try Corel Snapfire muvee autoProducer add on
UnloadSupport
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update Rollup 2 for Windows XP Media Center Edition 2005
VideoToolkit01
ViewNX
Viewpoint Media Player
WebFldrs XP
WebReg
Windows Communication Foundation
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB839210
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Media Center Edition 2005 KB925766
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

2/6/2010 6:52:40 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

==== End Of File ===========================


Report •

Related Solutions

#4
February 12, 2010 at 20:17:17
Remember..your Avast antivirus, Spybot's TeaTimer, and Ad-Aware must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.

Please download ComboFix to the desktop from one of the following links:

ComboFix

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.

Your java is out of date and may have been exploited.
Download the latest version of java from this link Java
Click on the JRE 6 Update 18 download button.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed
Then from your desktop double-click on jre-6u178-windows-i586-p.exe to install the newest version.


Report •

#5
February 13, 2010 at 04:00:45
I'm trying to disable them, but it's telling me to right click on avast and "stop on-access protection" but I don't see that option anywhere.

Report •

#6
February 13, 2010 at 04:23:06
There also isn't a link about disabling malwarebytes. I don't know how to do any of this.

Report •

#7
February 13, 2010 at 05:57:52
Malwarebytes does not need to be disabled. I don't run avast but I see these options, I'm sure the disabling process is version specific.

To temporarily disable the avast self defense module:
1. Right click the 'a' blue icon on system tray.
2. Programs settings > Troubleshooting (tab)
3. Disable self defense module
4. Turn off (kill) any process that you want...

To disable avast!'s shields, right click the avast! icon in the system tray, then shields control, pick one for ur needs


Report •

#8
February 13, 2010 at 07:04:24
ComboFix 10-02-12.01 - User 02/13/2010 9:54.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1622 [GMT -5:00]
Running from: c:\documents and settings\User\Desktop\Combo-Fix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AutoRun.inf
c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\system32\Data

.
((((((((((((((((((((((((( Files Created from 2010-01-13 to 2010-02-13 )))))))))))))))))))))))))))))))
.

2010-02-13 14:16 . 2010-02-13 14:19 -------- d-----w- C:\Combo-Fix
2010-02-12 21:21 . 2010-02-12 21:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-12 21:21 . 2010-02-12 21:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-12 18:25 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-12 18:25 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-12 18:25 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-12 18:25 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-12 18:25 . 2010-02-11 18:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-12 18:25 . 2010-02-11 18:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-12 18:25 . 2010-02-11 18:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-12 18:24 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-12 18:24 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-12 18:24 . 2010-02-12 18:24 -------- d-----w- c:\program files\Alwil Software
2010-02-12 18:24 . 2010-02-12 18:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-02-11 15:55 . 2010-02-11 15:55 50354 ----a-w- c:\documents and settings\User\Application Data\Facebook\uninstall.exe
2010-02-11 15:55 . 2010-02-11 15:55 2107696 ----a-w- c:\documents and settings\User\Application Data\Facebook\Install_Facebook_Plug-In_1.0.1.exe
2010-02-11 15:55 . 2010-02-11 15:55 -------- d-----w- c:\documents and settings\User\Application Data\Facebook
2010-02-10 21:13 . 2010-02-10 21:13 -------- d-----w- c:\documents and settings\User\Application Data\gtk-2.0
2010-02-10 21:13 . 2010-02-10 21:13 -------- d-----w- c:\documents and settings\User\.thumbnails
2010-02-09 21:17 . 2010-02-10 21:17 -------- d-----w- c:\documents and settings\User\.gimp-2.6
2010-02-09 21:17 . 2010-02-09 21:17 -------- d-----w- c:\documents and settings\User\.gegl-0.0
2010-02-09 21:16 . 2010-02-09 21:16 14534 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{E7B100D8-98A5-42AA-830F-16D6BD5351F1}\SystemFolder_msiexec.exe
2010-02-09 21:16 . 2010-02-09 21:16 -------- d-----w- c:\program files\Freeze.com
2010-02-09 21:16 . 2010-02-09 21:16 -------- d-----w- c:\documents and settings\User\Application Data\Yahoo!
2010-02-09 21:16 . 2010-02-11 03:26 -------- d-----w- c:\program files\Yahoo!
2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\documents and settings\User\Application Data\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\documents and settings\User\Application Data\Facebook\npfbplugin_1_0_1.dll
2010-01-30 12:25 . 2010-01-30 12:25 423464 ----a-w- c:\documents and settings\User\Application Data\E-centives\BSTIEPrintCtl1.dll
2010-01-30 12:25 . 2010-01-30 12:25 -------- d-----w- c:\documents and settings\User\Application Data\E-centives
2010-01-26 03:58 . 2010-01-26 03:58 -------- d-----w- c:\windows\Cache
2010-01-26 03:58 . 2010-01-31 04:04 -------- d-----w- c:\program files\Coupons
2010-01-14 22:11 . 2010-01-14 22:11 79488 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-13 14:24 . 2009-12-30 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\OfficeGuardianV2
2010-02-13 05:23 . 2008-06-07 01:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-02-13 01:36 . 2008-03-02 17:12 139759 ----a-w- c:\windows\hpoins15.dat
2010-02-12 18:02 . 2009-07-01 14:20 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-02-12 15:14 . 2007-07-13 09:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-12 15:13 . 2008-02-03 03:45 -------- d-----w- c:\program files\DivX
2010-02-12 14:41 . 2007-07-13 09:21 -------- d-----w- c:\program files\Creative
2010-02-12 14:41 . 2007-07-13 09:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2010-02-12 14:40 . 2007-07-13 09:27 -------- d-----w- c:\documents and settings\User\Application Data\Creative
2010-02-11 03:22 . 2007-07-13 09:36 -------- d-----w- c:\documents and settings\User\Application Data\ATI
2010-02-10 23:31 . 2008-11-23 02:25 -------- d-----w- c:\documents and settings\User\Application Data\Corel
2010-02-10 21:22 . 2008-11-23 02:25 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-02-08 09:53 . 2007-11-04 01:58 -------- d-----w- c:\program files\Google
2010-02-03 15:48 . 2008-04-25 01:17 2964 ----a-w- c:\documents and settings\User\Application Data\wklnhst.dat
2010-02-01 17:56 . 2009-12-30 15:06 5158792 ----a-r- c:\documents and settings\All Users\Application Data\OfficeGuardianV2\OfficeGuardian.exe
2010-02-01 17:31 . 2009-12-30 15:06 1466368 ----a-r- c:\documents and settings\All Users\Application Data\OfficeGuardianV2\ResourceDll.dll
2009-12-30 15:06 . 2009-12-30 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\DvdTransformerV2
2009-12-29 16:34 . 2009-12-30 15:06 423816 ----a-r- c:\documents and settings\All Users\Application Data\OfficeGuardianV2\HDDUtility.exe
2009-12-26 14:40 . 2009-12-26 14:16 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
2009-12-26 14:39 . 2009-12-26 14:14 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-12-26 14:35 . 2009-12-26 14:26 -------- d-----w- c:\documents and settings\User\Application Data\Nikon
2009-12-26 14:17 . 2009-12-26 14:17 49152 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
2009-12-26 14:17 . 2009-12-26 14:15 -------- d-----w- c:\program files\Common Files\Nikon
2009-12-26 14:17 . 2009-12-26 14:17 335872 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe
2009-12-26 14:17 . 2009-12-26 14:17 57344 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2009-12-26 14:16 . 2009-12-26 14:15 -------- d-----w- c:\program files\Nikon
2009-12-26 14:16 . 2009-12-26 14:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Ultima_T15
2009-12-26 14:16 . 2009-12-26 14:14 -------- d-----w- c:\documents and settings\All Users\Application Data\EnterNHelp
2009-12-26 14:15 . 2009-12-26 14:15 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-12-26 14:15 . 2009-12-26 14:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Nikon
2009-12-26 14:14 . 2003-03-19 00:05 106496 ----a-w- c:\windows\system32\ATL71.DLL
2009-12-23 00:48 . 2009-12-23 00:48 31284 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-23 00:41 . 2009-07-11 13:01 -------- d-----w- c:\documents and settings\User\Application Data\Apple Computer
2009-12-23 00:38 . 2009-12-23 00:38 -------- d-----w- c:\program files\iTunes
2009-12-23 00:38 . 2009-12-23 00:38 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-23 00:38 . 2009-12-23 00:38 -------- d-----w- c:\program files\iPod
2009-12-23 00:38 . 2009-07-11 12:59 -------- d-----w- c:\program files\Common Files\Apple
2009-12-23 00:24 . 2009-12-23 00:24 -------- d-----w- c:\program files\QuickTime
2009-11-23 10:56 . 2009-12-30 15:06 591680 ----a-r- c:\documents and settings\All Users\Application Data\OfficeGuardianV2\SacReminder.exe
2009-11-23 10:54 . 2009-12-30 15:06 321344 ----a-r- c:\documents and settings\All Users\Application Data\OfficeGuardianV2\PartitionHDD.exe
2009-06-25 18:22 . 2009-06-25 18:22 8 --sh--r- c:\windows\system32\66FF78EEEB.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-07 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Logitech Utility"="Logi_MwX.Exe" [2003-03-04 19968]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-02-24 479232]
"Corel Photo Downloader"="c:\program files\CVS\CVS Photo Editor Plus\Corel Photo Downloader.exe" [2007-02-06 478800]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dllhost.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/12/2010 1:25 PM 162512]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/12/2010 1:25 PM 19024]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/28/2007 6:15 PM 24652]
R3 ADM851x;ADMtek ADM8513 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\ADM851x.SYS [7/16/2007 3:17 PM 26493]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 11:45 AM 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-02-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-04 01:30]

2010-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 16:45]

2010-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 16:45]

2010-02-13 c:\windows\Tasks\WebReg Photosmart C4200 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-12 02:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: {4FA7BB70-D7FB-45BD-99C7-80A6C8368283} = 93.188.163.39,93.188.161.101
TCP: {55436224-6DA2-4BB6-9988-9E90659546F2} = 93.188.163.39,93.188.161.101
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://www.facebook.com/fbplugin/win32/axfbootloader.cab?1265903714875
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-windpipe - c:\documents and settings\User\Application Data\Google\fhexj6825097.exe
HKCU-Run-Aim6 - (no file)
HKLM-Run-AudioDrvEmulator - c:\program files\Creative\Shared Files\Module Loader\DLLML.exe

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_046d&Pid_c506\6&1c5fb30d&0&0000\LogConf]
@DACL=(02 0000)
.
Completion time: 2010-02-13 10:02:21
ComboFix-quarantined-files.txt 2010-02-13 15:02

Pre-Run: 112,884,199,424 bytes free
Post-Run: 114,921,893,888 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - E9C09FBFC48F59FBD268AE7281708C83


Report •

#9
February 13, 2010 at 12:24:33
Download TDSSKiller to your Desktop from the following link.

TDSSKiller


1. Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop. It will extract to an unzipped folder, drag TDSSKiller.exe out of that folder onto the desktop.
2. Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v


3. If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
4. When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.


Report •

#10
February 13, 2010 at 12:36:33
I don't know why it's not letting me submit my reply.

When I copy and paste it into my reply I am just getting a white screen when I submit it.


Report •

#11
February 13, 2010 at 12:54:28
May be it is to large. Try posting it in two post, in each post.

Report •

#12
February 13, 2010 at 13:00:53
15:31:26:140 2740 TDSS rootkit removing tool 2.2.3 Feb 4 2010 14:34:00
15:31:26:140 2740 ================================================================================
15:31:26:140 2740 SystemInfo:

15:31:26:140 2740 OS Version: 5.1.2600 ServicePack: 2.0
15:31:26:140 2740 Product type: Workstation
15:31:26:140 2740 ComputerName: USER-DEDF3A5995
15:31:26:140 2740 UserName: User
15:31:26:140 2740 Windows directory: C:\WINDOWS
15:31:26:140 2740 Processor architecture: Intel x86
15:31:26:140 2740 Number of processors: 2
15:31:26:140 2740 Page size: 0x1000
15:31:26:140 2740 Boot type: Normal boot
15:31:26:140 2740 ================================================================================
15:31:26:140 2740 UnloadDriverW: NtUnloadDriver error 2
15:31:26:140 2740 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
15:31:26:140 2740 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
15:31:26:140 2740 UtilityInit: KLMD drop and load success
15:31:26:140 2740 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201010)
15:31:26:140 2740 UtilityInit: KLMD open success
15:31:26:140 2740 UtilityInit: Initialize success
15:31:26:140 2740
15:31:26:140 2740 Scanning Services ...
15:31:26:140 2740 CreateRegParser: Registry parser init started
15:31:26:140 2740 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127
15:31:26:156 2740 CreateRegParser: DisableWow64Redirection error
15:31:26:156 2740 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
15:31:26:156 2740 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043
15:31:26:156 2740 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
15:31:26:156 2740 wfopen_ex: Trying to KLMD file open
15:31:26:156 2740 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system
15:31:26:156 2740 wfopen_ex: File opened ok (Flags 2)
15:31:26:156 2740 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: 9C4B68
15:31:26:156 2740 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
15:31:26:156 2740 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043
15:31:26:156 2740 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
15:31:26:156 2740 wfopen_ex: Trying to KLMD file open
15:31:26:156 2740 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software
15:31:26:156 2740 wfopen_ex: File opened ok (Flags 2)
15:31:26:156 2740 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: 9C4A58
15:31:26:156 2740 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127
15:31:26:156 2740 CreateRegParser: EnableWow64Redirection error
15:31:26:156 2740 CreateRegParser: RegParser init completed
15:31:26:656 2740 GetAdvancedServicesInfo: Raw services enum returned 342 services
15:31:26:656 2740 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
15:31:26:656 2740 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
15:31:26:656 2740
15:31:26:656 2740 Scanning Kernel memory ...
15:31:26:656 2740 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
15:31:26:656 2740 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 89D08910
15:31:26:656 2740 DetectCureTDL3: KLMD_GetDeviceObjectList returned 13 DevObjects
15:31:26:656 2740
15:31:26:656 2740 DetectCureTDL3: DEVICE_OBJECT: 88D18B68
15:31:26:656 2740 KLMD_GetLowerDeviceObject: Trying to get lower device object for 88D18B68
15:31:26:656 2740 KLMD_ReadMem: Trying to ReadMemory 0x88D18B68[0x38]
15:31:26:656 2740 DetectCureTDL3: DRIVER_OBJECT: 89D08910
15:31:26:656 2740 KLMD_ReadMem: Trying to ReadMemory 0x89D08910[0xA8]
15:31:26:656 2740 KLMD_ReadMem: Trying to ReadMemory 0xE15FA738[0x18]
15:31:26:656 2740 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
15:31:26:656 2740 DetectCureTDL3: IrpHandler (0) addr: BA8EEC30
15:31:26:656 2740 DetectCureTDL3: IrpHandler (1) addr: 804F4544
15:31:26:656 2740 DetectCureTDL3: IrpHandler (2) addr: BA8EEC30
15:31:26:656 2740 DetectCureTDL3: IrpHandler (3) addr: BA8E8D9B
15:31:26:656 2740 DetectCureTDL3: IrpHandler (4) addr: BA8E8D9B
15:31:26:656 2740 DetectCureTDL3: IrpHandler (5) addr: 804F4544
15:31:26:656 2740 DetectCureTDL3: IrpHandler (6) addr: 804F4544
15:31:26:656 2740 DetectCureTDL3: IrpHandler (7) addr: 804F4544
15:31:26:656 2740 DetectCureTDL3: IrpHandler (8) addr: 804F4544
15:31:26:656 2740 DetectCureTDL3: IrpHandler (9) addr: BA8E9366
15:31:26:656 2740 DetectCureTDL3: IrpHandler (10) addr: 804F4544
15:31:26:656 2740 DetectCureTDL3: IrpHandler (11) addr: 804F4544
15:31:26:656 2740 DetectCureTDL3: IrpHandler (12) addr: 804F4544
15:31:26:656 2740 DetectCureTDL3: IrpHandler (13) addr: 804F4544
15:31:26:656 2740 DetectCureTDL3: IrpHandler (14) addr: BA8E944D
15:31:26:656 2740 DetectCureTDL3: IrpHandler (15) addr: BA8ECFC3
15:31:26:656 2740 DetectCureTDL3: IrpHandler (16) addr: BA8E9366
15:31:26:656 2740 DetectCureTDL3: IrpHandler (17) addr: 804F4544
15:31:26:656 2740 DetectCureTDL3: IrpHandler (18) addr: 804F4544
15:31:26:656 2740 DetectCureTDL3: IrpHandler (19) addr: 804F4544
15:31:26:656 2740 DetectCureTDL3: IrpHandler (20) addr: 804F4544
15:31:26:656 2740 DetectCureTDL3: IrpHandler (21) addr: 804F4544
15:31:26:656 2740 DetectCureTDL3: IrpHandler (22) addr: BA8EAEF3
15:31:26:656 2740 DetectCureTDL3: IrpHandler (23) addr: BA8EFA24
15:31:26:656 2740 DetectCureTDL3: IrpHandler (24) addr: 804F4544
15:31:26:656 2740 DetectCureTDL3: IrpHandler (25) addr: 804F4544
15:31:26:656 2740 DetectCureTDL3: IrpHandler (26) addr: 804F4544
15:31:26:656 2740 TDL3_FileDetect: Processing driver: Disk
15:31:26:656 2740 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
15:31:26:656 2740 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
15:31:26:687 2740 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
15:31:26:687 2740
15:31:26:687 2740 DetectCureTDL3: DEVICE_OBJECT: 88CC9310
15:31:26:687 2740 KLMD_GetLowerDeviceObject: Trying to get lower device object for 88CC9310
15:31:26:687 2740 DetectCureTDL3: DEVICE_OBJECT: 88B10400
15:31:26:687 2740 KLMD_GetLowerDeviceObject: Trying to get lower device object for 88B10400
15:31:26:687 2740 KLMD_ReadMem: Trying to ReadMemory 0x88B10400[0x38]
15:31:26:687 2740 DetectCureTDL3: DRIVER_OBJECT: 89A0C838
15:31:26:687 2740 KLMD_ReadMem: Trying to ReadMemory 0x89A0C838[0xA8]
15:31:26:687 2740 KLMD_ReadMem: Trying to ReadMemory 0xE1A3E4D8[0x1E]
15:31:26:687 2740 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor
15:31:26:687 2740 DetectCureTDL3: IrpHandler (0) addr: BAC7D218
15:31:26:687 2740 DetectCureTDL3: IrpHandler (1) addr: 804F4544
15:31:26:687 2740 DetectCureTDL3: IrpHandler (2) addr: BAC7D218
15:31:26:687 2740 DetectCureTDL3: IrpHandler (3) addr: BAC7D23C
15:31:26:687 2740 DetectCureTDL3: IrpHandler (4) addr: BAC7D23C
15:31:26:687 2740 DetectCureTDL3: IrpHandler (5) addr: 804F4544
15:31:26:687 2740 DetectCureTDL3: IrpHandler (6) addr: 804F4544
15:31:26:687 2740 DetectCureTDL3: IrpHandler (7) addr: 804F4544
15:31:26:687 2740 DetectCureTDL3: IrpHandler (8) addr: 804F4544
15:31:26:687 2740 DetectCureTDL3: IrpHandler (9) addr: 804F4544
15:31:26:687 2740 DetectCureTDL3: IrpHandler (10) addr: 804F4544
15:31:26:687 2740 DetectCureTDL3: IrpHandler (11) addr: 804F4544
15:31:26:687 2740 DetectCureTDL3: IrpHandler (12) addr: 804F4544
15:31:26:687 2740 DetectCureTDL3: IrpHandler (13) addr: 804F4544
15:31:26:687 2740 DetectCureTDL3: IrpHandler (14) addr: BAC7D180
15:31:26:687 2740 DetectCureTDL3: IrpHandler (15) addr: BAC789E6
15:31:26:687 2740 DetectCureTDL3: IrpHandler (16) addr: 804F4544
15:31:26:687 2740 DetectCureTDL3: IrpHandler (17) addr: 804F4544
15:31:26:687 2740 DetectCureTDL3: IrpHandler (18) addr: 804F4544
15:31:26:687 2740 DetectCureTDL3: IrpHandler (19) addr: 804F4544
15:31:26:687 2740 DetectCureTDL3: IrpHandler (20) addr: 804F4544
15:31:26:687 2740 DetectCureTDL3: IrpHandler (21) addr: 804F4544
15:31:26:687 2740 DetectCureTDL3: IrpHandler (22) addr: BAC7C5F0
15:31:26:687 2740 DetectCureTDL3: IrpHandler (23) addr: BAC7AA6E
15:31:26:687 2740 DetectCureTDL3: IrpHandler (24) addr: 804F4544
15:31:26:687 2740 DetectCureTDL3: IrpHandler (25) addr: 804F4544
15:31:26:687 2740 DetectCureTDL3: IrpHandler (26) addr: 804F4544
15:31:26:687 2740 KLMD_ReadMem: Trying to ReadMemory 0xBAC79F26[0x400]
15:31:26:687 2740 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
15:31:26:687 2740 TDL3_FileDetect: Processing driver: usbstor
15:31:26:687 2740 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:31:26:687 2740 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:31:26:703 2740 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
15:31:26:703 2740
15:31:26:703 2740 DetectCureTDL3: DEVICE_OBJECT: 88D45308
15:31:26:703 2740 KLMD_GetLowerDeviceObject: Trying to get lower device object for 88D45308
15:31:26:703 2740 KLMD_ReadMem: Trying to ReadMemory 0x88D45308[0x38]
15:31:26:703 2740 DetectCureTDL3: DRIVER_OBJECT: 89D08910
15:31:26:703 2740 KLMD_ReadMem: Trying to ReadMemory 0x89D08910[0xA8]
15:31:26:703 2740 KLMD_ReadMem: Trying to ReadMemory 0xE15FA738[0x18]
15:31:26:703 2740 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
15:31:26:703 2740 DetectCureTDL3: IrpHandler (0) addr: BA8EEC30
15:31:26:703 2740 DetectCureTDL3: IrpHandler (1) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (2) addr: BA8EEC30
15:31:26:703 2740 DetectCureTDL3: IrpHandler (3) addr: BA8E8D9B
15:31:26:703 2740 DetectCureTDL3: IrpHandler (4) addr: BA8E8D9B
15:31:26:703 2740 DetectCureTDL3: IrpHandler (5) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (6) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (7) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (8) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (9) addr: BA8E9366
15:31:26:703 2740 DetectCureTDL3: IrpHandler (10) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (11) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (12) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (13) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (14) addr: BA8E944D
15:31:26:703 2740 DetectCureTDL3: IrpHandler (15) addr: BA8ECFC3
15:31:26:703 2740 DetectCureTDL3: IrpHandler (16) addr: BA8E9366
15:31:26:703 2740 DetectCureTDL3: IrpHandler (17) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (18) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (19) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (20) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (21) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (22) addr: BA8EAEF3
15:31:26:703 2740 DetectCureTDL3: IrpHandler (23) addr: BA8EFA24
15:31:26:703 2740 DetectCureTDL3: IrpHandler (24) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (25) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (26) addr: 804F4544
15:31:26:703 2740 TDL3_FileDetect: Processing driver: Disk
15:31:26:703 2740 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
15:31:26:703 2740 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
15:31:26:703 2740 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
15:31:26:703 2740
15:31:26:703 2740 DetectCureTDL3: DEVICE_OBJECT: 89995230
15:31:26:703 2740 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89995230
15:31:26:703 2740 KLMD_ReadMem: Trying to ReadMemory 0x89995230[0x38]
15:31:26:703 2740 DetectCureTDL3: DRIVER_OBJECT: 89D08910
15:31:26:703 2740 KLMD_ReadMem: Trying to ReadMemory 0x89D08910[0xA8]
15:31:26:703 2740 KLMD_ReadMem: Trying to ReadMemory 0xE15FA738[0x18]
15:31:26:703 2740 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
15:31:26:703 2740 DetectCureTDL3: IrpHandler (0) addr: BA8EEC30
15:31:26:703 2740 DetectCureTDL3: IrpHandler (1) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (2) addr: BA8EEC30
15:31:26:703 2740 DetectCureTDL3: IrpHandler (3) addr: BA8E8D9B
15:31:26:703 2740 DetectCureTDL3: IrpHandler (4) addr: BA8E8D9B
15:31:26:703 2740 DetectCureTDL3: IrpHandler (5) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (6) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (7) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (8) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (9) addr: BA8E9366
15:31:26:703 2740 DetectCureTDL3: IrpHandler (10) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (11) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (12) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (13) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (14) addr: BA8E944D
15:31:26:703 2740 DetectCureTDL3: IrpHandler (15) addr: BA8ECFC3
15:31:26:703 2740 DetectCureTDL3: IrpHandler (16) addr: BA8E9366
15:31:26:703 2740 DetectCureTDL3: IrpHandler (17) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (18) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (19) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (20) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (21) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (22) addr: BA8EAEF3
15:31:26:703 2740 DetectCureTDL3: IrpHandler (23) addr: BA8EFA24
15:31:26:703 2740 DetectCureTDL3: IrpHandler (24) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (25) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (26) addr: 804F4544
15:31:26:703 2740 TDL3_FileDetect: Processing driver: Disk
15:31:26:703 2740 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
15:31:26:703 2740 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
15:31:26:703 2740 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
15:31:26:703 2740
15:31:26:703 2740 DetectCureTDL3: DEVICE_OBJECT: 89A0D450
15:31:26:703 2740 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89A0D450
15:31:26:703 2740 KLMD_ReadMem: Trying to ReadMemory 0x89A0D450[0x38]
15:31:26:703 2740 DetectCureTDL3: DRIVER_OBJECT: 89D08910
15:31:26:703 2740 KLMD_ReadMem: Trying to ReadMemory 0x89D08910[0xA8]
15:31:26:703 2740 KLMD_ReadMem: Trying to ReadMemory 0xE15FA738[0x18]
15:31:26:703 2740 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
15:31:26:703 2740 DetectCureTDL3: IrpHandler (0) addr: BA8EEC30
15:31:26:703 2740 DetectCureTDL3: IrpHandler (1) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (2) addr: BA8EEC30
15:31:26:703 2740 DetectCureTDL3: IrpHandler (3) addr: BA8E8D9B
15:31:26:703 2740 DetectCureTDL3: IrpHandler (4) addr: BA8E8D9B
15:31:26:703 2740 DetectCureTDL3: IrpHandler (5) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (6) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (7) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (8) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (9) addr: BA8E9366
15:31:26:703 2740 DetectCureTDL3: IrpHandler (10) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (11) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (12) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (13) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (14) addr: BA8E944D
15:31:26:703 2740 DetectCureTDL3: IrpHandler (15) addr: BA8ECFC3
15:31:26:703 2740 DetectCureTDL3: IrpHandler (16) addr: BA8E9366
15:31:26:703 2740 DetectCureTDL3: IrpHandler (17) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (18) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (19) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (20) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (21) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (22) addr: BA8EAEF3
15:31:26:703 2740 DetectCureTDL3: IrpHandler (23) addr: BA8EFA24
15:31:26:703 2740 DetectCureTDL3: IrpHandler (24) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (25) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (26) addr: 804F4544
15:31:26:703 2740 TDL3_FileDetect: Processing driver: Disk
15:31:26:703 2740 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
15:31:26:703 2740 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
15:31:26:703 2740 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
15:31:26:703 2740
15:31:26:703 2740 DetectCureTDL3: DEVICE_OBJECT: 89A55480
15:31:26:703 2740 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89A55480
15:31:26:703 2740 KLMD_ReadMem: Trying to ReadMemory 0x89A55480[0x38]
15:31:26:703 2740 DetectCureTDL3: DRIVER_OBJECT: 89D08910
15:31:26:703 2740 KLMD_ReadMem: Trying to ReadMemory 0x89D08910[0xA8]
15:31:26:703 2740 KLMD_ReadMem: Trying to ReadMemory 0xE15FA738[0x18]
15:31:26:703 2740 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
15:31:26:703 2740 DetectCureTDL3: IrpHandler (0) addr: BA8EEC30
15:31:26:703 2740 DetectCureTDL3: IrpHandler (1) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (2) addr: BA8EEC30
15:31:26:703 2740 DetectCureTDL3: IrpHandler (3) addr: BA8E8D9B
15:31:26:703 2740 DetectCureTDL3: IrpHandler (4) addr: BA8E8D9B
15:31:26:703 2740 DetectCureTDL3: IrpHandler (5) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (6) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (7) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (8) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (9) addr: BA8E9366
15:31:26:703 2740 DetectCureTDL3: IrpHandler (10) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (11) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (12) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (13) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (14) addr: BA8E944D
15:31:26:703 2740 DetectCureTDL3: IrpHandler (15) addr: BA8ECFC3
15:31:26:703 2740 DetectCureTDL3: IrpHandler (16) addr: BA8E9366
15:31:26:703 2740 DetectCureTDL3: IrpHandler (17) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (18) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (19) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (20) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (21) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (22) addr: BA8EAEF3
15:31:26:703 2740 DetectCureTDL3: IrpHandler (23) addr: BA8EFA24
15:31:26:703 2740 DetectCureTDL3: IrpHandler (24) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (25) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (26) addr: 804F4544
15:31:26:703 2740 TDL3_FileDetect: Processing driver: Disk
15:31:26:703 2740 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
15:31:26:703 2740 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
15:31:26:703 2740 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean


Report •

#13
February 13, 2010 at 13:01:18
15:31:26:703 2740
15:31:26:703 2740 DetectCureTDL3: DEVICE_OBJECT: 89902680
15:31:26:703 2740 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89902680
15:31:26:703 2740 KLMD_ReadMem: Trying to ReadMemory 0x89902680[0x38]
15:31:26:703 2740 DetectCureTDL3: DRIVER_OBJECT: 89D08910
15:31:26:703 2740 KLMD_ReadMem: Trying to ReadMemory 0x89D08910[0xA8]
15:31:26:703 2740 KLMD_ReadMem: Trying to ReadMemory 0xE15FA738[0x18]
15:31:26:703 2740 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
15:31:26:703 2740 DetectCureTDL3: IrpHandler (0) addr: BA8EEC30
15:31:26:703 2740 DetectCureTDL3: IrpHandler (1) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (2) addr: BA8EEC30
15:31:26:703 2740 DetectCureTDL3: IrpHandler (3) addr: BA8E8D9B
15:31:26:703 2740 DetectCureTDL3: IrpHandler (4) addr: BA8E8D9B
15:31:26:703 2740 DetectCureTDL3: IrpHandler (5) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (6) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (7) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (8) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (9) addr: BA8E9366
15:31:26:703 2740 DetectCureTDL3: IrpHandler (10) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (11) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (12) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (13) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (14) addr: BA8E944D
15:31:26:703 2740 DetectCureTDL3: IrpHandler (15) addr: BA8ECFC3
15:31:26:703 2740 DetectCureTDL3: IrpHandler (16) addr: BA8E9366
15:31:26:703 2740 DetectCureTDL3: IrpHandler (17) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (18) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (19) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (20) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (21) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (22) addr: BA8EAEF3
15:31:26:703 2740 DetectCureTDL3: IrpHandler (23) addr: BA8EFA24
15:31:26:703 2740 DetectCureTDL3: IrpHandler (24) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (25) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (26) addr: 804F4544
15:31:26:703 2740 TDL3_FileDetect: Processing driver: Disk
15:31:26:703 2740 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
15:31:26:703 2740 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
15:31:26:703 2740 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
15:31:26:703 2740
15:31:26:703 2740 DetectCureTDL3: DEVICE_OBJECT: 898F4AB8
15:31:26:703 2740 KLMD_GetLowerDeviceObject: Trying to get lower device object for 898F4AB8
15:31:26:703 2740 DetectCureTDL3: DEVICE_OBJECT: 8997D6F0
15:31:26:703 2740 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8997D6F0
15:31:26:703 2740 KLMD_ReadMem: Trying to ReadMemory 0x8997D6F0[0x38]
15:31:26:703 2740 DetectCureTDL3: DRIVER_OBJECT: 89A0C838
15:31:26:703 2740 KLMD_ReadMem: Trying to ReadMemory 0x89A0C838[0xA8]
15:31:26:703 2740 KLMD_ReadMem: Trying to ReadMemory 0xE1A3E4D8[0x1E]
15:31:26:703 2740 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor
15:31:26:703 2740 DetectCureTDL3: IrpHandler (0) addr: BAC7D218
15:31:26:703 2740 DetectCureTDL3: IrpHandler (1) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (2) addr: BAC7D218
15:31:26:703 2740 DetectCureTDL3: IrpHandler (3) addr: BAC7D23C
15:31:26:703 2740 DetectCureTDL3: IrpHandler (4) addr: BAC7D23C
15:31:26:703 2740 DetectCureTDL3: IrpHandler (5) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (6) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (7) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (8) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (9) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (10) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (11) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (12) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (13) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (14) addr: BAC7D180
15:31:26:703 2740 DetectCureTDL3: IrpHandler (15) addr: BAC789E6
15:31:26:703 2740 DetectCureTDL3: IrpHandler (16) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (17) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (18) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (19) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (20) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (21) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (22) addr: BAC7C5F0
15:31:26:703 2740 DetectCureTDL3: IrpHandler (23) addr: BAC7AA6E
15:31:26:703 2740 DetectCureTDL3: IrpHandler (24) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (25) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (26) addr: 804F4544
15:31:26:703 2740 KLMD_ReadMem: Trying to ReadMemory 0xBAC79F26[0x400]
15:31:26:703 2740 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
15:31:26:703 2740 TDL3_FileDetect: Processing driver: usbstor
15:31:26:703 2740 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:31:26:703 2740 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:31:26:703 2740 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
15:31:26:703 2740
15:31:26:703 2740 DetectCureTDL3: DEVICE_OBJECT: 89A6AAB8
15:31:26:703 2740 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89A6AAB8
15:31:26:703 2740 DetectCureTDL3: DEVICE_OBJECT: 89BA2468
15:31:26:703 2740 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89BA2468
15:31:26:703 2740 KLMD_ReadMem: Trying to ReadMemory 0x89BA2468[0x38]
15:31:26:703 2740 DetectCureTDL3: DRIVER_OBJECT: 89A0C838
15:31:26:703 2740 KLMD_ReadMem: Trying to ReadMemory 0x89A0C838[0xA8]
15:31:26:703 2740 KLMD_ReadMem: Trying to ReadMemory 0xE1A3E4D8[0x1E]
15:31:26:703 2740 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor
15:31:26:703 2740 DetectCureTDL3: IrpHandler (0) addr: BAC7D218
15:31:26:703 2740 DetectCureTDL3: IrpHandler (1) addr: 804F4544
15:31:26:703 2740 DetectCureTDL3: IrpHandler (2) addr: BAC7D218
15:31:26:703 2740 DetectCureTDL3: IrpHandler (3) addr: BAC7D23C
15:31:26:703 2740 DetectCureTDL3: IrpHandler (4) addr: BAC7D23C
15:31:26:718 2740 DetectCureTDL3: IrpHandler (5) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (6) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (7) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (8) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (9) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (10) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (11) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (12) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (13) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (14) addr: BAC7D180
15:31:26:718 2740 DetectCureTDL3: IrpHandler (15) addr: BAC789E6
15:31:26:718 2740 DetectCureTDL3: IrpHandler (16) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (17) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (18) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (19) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (20) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (21) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (22) addr: BAC7C5F0
15:31:26:718 2740 DetectCureTDL3: IrpHandler (23) addr: BAC7AA6E
15:31:26:718 2740 DetectCureTDL3: IrpHandler (24) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (25) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (26) addr: 804F4544
15:31:26:718 2740 KLMD_ReadMem: Trying to ReadMemory 0xBAC79F26[0x400]
15:31:26:718 2740 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
15:31:26:718 2740 TDL3_FileDetect: Processing driver: usbstor
15:31:26:718 2740 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:31:26:718 2740 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:31:26:718 2740 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
15:31:26:718 2740
15:31:26:718 2740 DetectCureTDL3: DEVICE_OBJECT: 89A09AB8
15:31:26:718 2740 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89A09AB8
15:31:26:718 2740 DetectCureTDL3: DEVICE_OBJECT: 89850468
15:31:26:718 2740 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89850468
15:31:26:718 2740 KLMD_ReadMem: Trying to ReadMemory 0x89850468[0x38]
15:31:26:718 2740 DetectCureTDL3: DRIVER_OBJECT: 89A0C838
15:31:26:718 2740 KLMD_ReadMem: Trying to ReadMemory 0x89A0C838[0xA8]
15:31:26:718 2740 KLMD_ReadMem: Trying to ReadMemory 0xE1A3E4D8[0x1E]
15:31:26:718 2740 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor
15:31:26:718 2740 DetectCureTDL3: IrpHandler (0) addr: BAC7D218
15:31:26:718 2740 DetectCureTDL3: IrpHandler (1) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (2) addr: BAC7D218
15:31:26:718 2740 DetectCureTDL3: IrpHandler (3) addr: BAC7D23C
15:31:26:718 2740 DetectCureTDL3: IrpHandler (4) addr: BAC7D23C
15:31:26:718 2740 DetectCureTDL3: IrpHandler (5) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (6) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (7) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (8) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (9) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (10) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (11) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (12) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (13) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (14) addr: BAC7D180
15:31:26:718 2740 DetectCureTDL3: IrpHandler (15) addr: BAC789E6
15:31:26:718 2740 DetectCureTDL3: IrpHandler (16) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (17) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (18) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (19) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (20) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (21) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (22) addr: BAC7C5F0
15:31:26:718 2740 DetectCureTDL3: IrpHandler (23) addr: BAC7AA6E
15:31:26:718 2740 DetectCureTDL3: IrpHandler (24) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (25) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (26) addr: 804F4544
15:31:26:718 2740 KLMD_ReadMem: Trying to ReadMemory 0xBAC79F26[0x400]
15:31:26:718 2740 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
15:31:26:718 2740 TDL3_FileDetect: Processing driver: usbstor
15:31:26:718 2740 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:31:26:718 2740 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:31:26:718 2740 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
15:31:26:718 2740
15:31:26:718 2740 DetectCureTDL3: DEVICE_OBJECT: 89A67030
15:31:26:718 2740 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89A67030
15:31:26:718 2740 DetectCureTDL3: DEVICE_OBJECT: 89972C10
15:31:26:718 2740 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89972C10
15:31:26:718 2740 KLMD_ReadMem: Trying to ReadMemory 0x89972C10[0x38]
15:31:26:718 2740 DetectCureTDL3: DRIVER_OBJECT: 89A0C838
15:31:26:718 2740 KLMD_ReadMem: Trying to ReadMemory 0x89A0C838[0xA8]
15:31:26:718 2740 KLMD_ReadMem: Trying to ReadMemory 0xE1A3E4D8[0x1E]
15:31:26:718 2740 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor
15:31:26:718 2740 DetectCureTDL3: IrpHandler (0) addr: BAC7D218
15:31:26:718 2740 DetectCureTDL3: IrpHandler (1) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (2) addr: BAC7D218
15:31:26:718 2740 DetectCureTDL3: IrpHandler (3) addr: BAC7D23C
15:31:26:718 2740 DetectCureTDL3: IrpHandler (4) addr: BAC7D23C
15:31:26:718 2740 DetectCureTDL3: IrpHandler (5) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (6) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (7) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (8) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (9) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (10) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (11) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (12) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (13) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (14) addr: BAC7D180
15:31:26:718 2740 DetectCureTDL3: IrpHandler (15) addr: BAC789E6
15:31:26:718 2740 DetectCureTDL3: IrpHandler (16) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (17) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (18) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (19) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (20) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (21) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (22) addr: BAC7C5F0
15:31:26:718 2740 DetectCureTDL3: IrpHandler (23) addr: BAC7AA6E
15:31:26:718 2740 DetectCureTDL3: IrpHandler (24) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (25) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (26) addr: 804F4544
15:31:26:718 2740 KLMD_ReadMem: Trying to ReadMemory 0xBAC79F26[0x400]
15:31:26:718 2740 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
15:31:26:718 2740 TDL3_FileDetect: Processing driver: usbstor
15:31:26:718 2740 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:31:26:718 2740 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:31:26:718 2740 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
15:31:26:718 2740
15:31:26:718 2740 DetectCureTDL3: DEVICE_OBJECT: 89CEFC68
15:31:26:718 2740 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89CEFC68
15:31:26:718 2740 KLMD_ReadMem: Trying to ReadMemory 0x89CEFC68[0x38]
15:31:26:718 2740 DetectCureTDL3: DRIVER_OBJECT: 89D08910
15:31:26:718 2740 KLMD_ReadMem: Trying to ReadMemory 0x89D08910[0xA8]
15:31:26:718 2740 KLMD_ReadMem: Trying to ReadMemory 0xE15FA738[0x18]
15:31:26:718 2740 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
15:31:26:718 2740 DetectCureTDL3: IrpHandler (0) addr: BA8EEC30
15:31:26:718 2740 DetectCureTDL3: IrpHandler (1) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (2) addr: BA8EEC30
15:31:26:718 2740 DetectCureTDL3: IrpHandler (3) addr: BA8E8D9B
15:31:26:718 2740 DetectCureTDL3: IrpHandler (4) addr: BA8E8D9B
15:31:26:718 2740 DetectCureTDL3: IrpHandler (5) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (6) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (7) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (8) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (9) addr: BA8E9366
15:31:26:718 2740 DetectCureTDL3: IrpHandler (10) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (11) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (12) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (13) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (14) addr: BA8E944D
15:31:26:718 2740 DetectCureTDL3: IrpHandler (15) addr: BA8ECFC3
15:31:26:718 2740 DetectCureTDL3: IrpHandler (16) addr: BA8E9366
15:31:26:718 2740 DetectCureTDL3: IrpHandler (17) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (18) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (19) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (20) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (21) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (22) addr: BA8EAEF3
15:31:26:718 2740 DetectCureTDL3: IrpHandler (23) addr: BA8EFA24
15:31:26:718 2740 DetectCureTDL3: IrpHandler (24) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (25) addr: 804F4544
15:31:26:718 2740 DetectCureTDL3: IrpHandler (26) addr: 804F4544
15:31:26:718 2740 TDL3_FileDetect: Processing driver: Disk
15:31:26:718 2740 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
15:31:26:718 2740 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
15:31:26:718 2740 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
15:31:26:718 2740
15:31:26:718 2740 DetectCureTDL3: DEVICE_OBJECT: 89D06AB8
15:31:26:718 2740 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89D06AB8
15:31:26:718 2740 DetectCureTDL3: DEVICE_OBJECT: 89CC8F18
15:31:26:718 2740 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89CC8F18
15:31:26:718 2740 DetectCureTDL3: DEVICE_OBJECT: 89D71D98
15:31:26:718 2740 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89D71D98
15:31:26:718 2740 KLMD_ReadMem: Trying to ReadMemory 0x89D71D98[0x38]
15:31:26:718 2740 DetectCureTDL3: DRIVER_OBJECT: 89CCB788
15:31:26:718 2740 KLMD_ReadMem: Trying to ReadMemory 0x89CCB788[0xA8]
15:31:26:718 2740 KLMD_ReadMem: Trying to ReadMemory 0xE15C5578[0x1A]
15:31:26:718 2740 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
15:31:26:718 2740 DetectCureTDL3: IrpHandler (0) addr: BA7149F2
15:31:26:718 2740 DetectCureTDL3: IrpHandler (1) addr: BA7149F2
15:31:26:718 2740 DetectCureTDL3: IrpHandler (2) addr: BA7149F2
15:31:26:718 2740 DetectCureTDL3: IrpHandler (3) addr: BA7149F2
15:31:26:718 2740 DetectCureTDL3: IrpHandler (4) addr: BA7149F2
15:31:26:718 2740 DetectCureTDL3: IrpHandler (5) addr: BA7149F2
15:31:26:718 2740 DetectCureTDL3: IrpHandler (6) addr: BA7149F2
15:31:26:718 2740 DetectCureTDL3: IrpHandler (7) addr: BA7149F2
15:31:26:718 2740 DetectCureTDL3: IrpHandler (8) addr: BA7149F2
15:31:26:718 2740 DetectCureTDL3: IrpHandler (9) addr: BA7149F2
15:31:26:718 2740 DetectCureTDL3: IrpHandler (10) addr: BA7149F2
15:31:26:718 2740 DetectCureTDL3: IrpHandler (11) addr: BA7149F2
15:31:26:718 2740 DetectCureTDL3: IrpHandler (12) addr: BA7149F2
15:31:26:718 2740 DetectCureTDL3: IrpHandler (13) addr: BA7149F2
15:31:26:718 2740 DetectCureTDL3: IrpHandler (14) addr: BA7149F2
15:31:26:718 2740 DetectCureTDL3: IrpHandler (15) addr: BA7149F2
15:31:26:718 2740 DetectCureTDL3: IrpHandler (16) addr: BA7149F2
15:31:26:718 2740 DetectCureTDL3: IrpHandler (17) addr: BA7149F2
15:31:26:718 2740 DetectCureTDL3: IrpHandler (18) addr: BA7149F2
15:31:26:718 2740 DetectCureTDL3: IrpHandler (19) addr: BA7149F2
15:31:26:718 2740 DetectCureTDL3: IrpHandler (20) addr: BA7149F2
15:31:26:718 2740 DetectCureTDL3: IrpHandler (21) addr: BA7149F2
15:31:26:718 2740 DetectCureTDL3: IrpHandler (22) addr: BA7149F2
15:31:26:718 2740 DetectCureTDL3: IrpHandler (23) addr: BA7149F2
15:31:26:718 2740 DetectCureTDL3: IrpHandler (24) addr: BA7149F2
15:31:26:718 2740 DetectCureTDL3: IrpHandler (25) addr: BA7149F2
15:31:26:718 2740 DetectCureTDL3: IrpHandler (26) addr: BA7149F2
15:31:26:718 2740 DetectCureTDL3: All IRP handlers pointed to one addr: BA7149F2
15:31:26:718 2740 KLMD_ReadMem: Trying to ReadMemory 0xBA7149F2[0x400]
15:31:26:718 2740 TDL3_IrpHookDetect: TDL3 Stub signature found, trying to get hook true addr
15:31:26:718 2740 KLMD_ReadMem: Trying to ReadMemory 0xFFDF0308[0x4]
15:31:26:718 2740 KLMD_ReadMem: Trying to ReadMemory 0x89CCA0B4[0x4]
15:31:26:718 2740 TDL3_IrpHookDetect: New IrpHandler addr: 89D188C8
15:31:26:718 2740 KLMD_ReadMem: Trying to ReadMemory 0x89D188C8[0x400]
15:31:26:718 2740 TDL3_IrpHookDetect: CheckParameters: 10, FFDF0308, 510, 134, 3, 120
15:31:26:718 2740 Driver "atapi" Irp handler infected by TDSS rootkit ... 15:31:26:718 2740 KLMD_WriteMem: Trying to WriteMemory 0x89D1894E[0xD]
15:31:26:718 2740 cured
15:31:26:718 2740 KLMD_ReadMem: Trying to ReadMemory 0xBA7127C6[0x400]
15:31:26:718 2740 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
15:31:26:718 2740 TDL3_FileDetect: Processing driver: atapi
15:31:26:718 2740 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
15:31:26:718 2740 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys
15:31:26:750 2740 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Infected
15:31:26:750 2740 File C:\WINDOWS\system32\DRIVERS\atapi.sys infected by TDSS rootkit ... 15:31:26:750 2740 TDL3_FileCure: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
15:31:26:750 2740 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3
15:31:26:750 2740 CABFileCallback: Processing cab-file: C:\WINDOWS\Driver Cache\i386\driver.cab
15:31:26:796 2740 CABFileCallback: Processing cab-file: C:\WINDOWS\Driver Cache\i386\sp2.cab
15:31:26:828 2740 CabinetCallback: Backup candidate found: atapi.sys:95360, extracting..
15:31:27:281 2740 CabinetCallback: File extracted successfully: C:\DOCUME~1\User\LOCALS~1\Temp\bckED.tmp
15:31:27:281 2740 ValidateDriverFile: Stage 1 passed
15:31:27:281 2740 ValidateDriverFile: Stage 2 passed
15:31:27:281 2740 DigitalSignVerifyByHandle: Embedded DS result: 800B0100
15:31:27:515 2740 DigitalSignVerifyByHandle: Cat DS result: 00000000
15:31:27:531 2740 ValidateDriverFile: Stage 3 passed
15:31:27:531 2740 CabinetCallback: File validated successfully, restore information prepared
15:31:27:531 2740 FindDriverFileBackup: Backup copy found in cab-file
15:31:27:531 2740 TDL3_FileCure: Backup copy found, using it..
15:31:27:531 2740 TDL3_FileCure: Dumping cured buffer to file C:\WINDOWS\system32\drivers\tskEE.tmp
15:31:27:562 2740 TDL3_FileCure: New / Old Image paths: (system32\drivers\tskEE.tmp, system32\drivers\atapi.sys)
15:31:27:562 2740 TDL3_FileCure: KLMD jobs schedule success
15:31:27:562 2740 will be cured on next reboot
15:31:27:562 2740 UtilityBootReinit: Reboot required for cure complete..
15:31:27:562 2740 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmdb.sys) returned status 00000000
15:31:27:562 2740 UtilityBootReinit: KLMD drop success
15:31:27:562 2740 KLMD_ApplyPendList: Pending buffer(1AC_4C1D, 608) dropped successfully
15:31:27:562 2740 UtilityBootReinit: Cure on reboot scheduled successfully
15:31:27:562 2740
15:31:27:562 2740 Completed
15:31:27:562 2740
15:31:27:562 2740 Results:
15:31:27:562 2740 Memory objects infected / cured / cured on reboot: 1 / 1 / 0
15:31:27:562 2740 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
15:31:27:562 2740 File objects infected / cured / cured on reboot: 1 / 0 / 1
15:31:27:562 2740
15:31:27:562 2740 UnloadDriverW: NtUnloadDriver error 1
15:31:27:562 2740 KLMD_Unload: UnloadDriverW(klmd21) error 1
15:31:27:562 2740 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
15:31:27:562 2740 UtilityDeinit: KLMD(ARK) unloaded successfully

Report •

#14
February 13, 2010 at 13:34:17
Looks like TDSS killed the baddie, are you still being redirected?

If not do the following:

A little clean-up to do.

Delete DDS TDSSkiller from the desktop.

Go to start> run> type in ComboFix /Uninstall (note the space after ComboFix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next create a new restore point. Go to start> run> type in msconfig> ok> click launch system restore> check the circle beside "create a restore point> next> name it today's date> create > click home > exit the system configuration utility> restart the computer.

You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.


Report •

#15
February 13, 2010 at 13:37:18
Thank you so much! It's not redirecting now.

I can't thank you enough.


Report •

#16
February 13, 2010 at 13:54:19
Glad we could help.

Report •


Ask Question