Search engine's links re-directed, computer running slow!
-
Search engine's links re-directed, computer running slow!
ESET smart security scans and Ad-Aware scans find nothing, this is getting pretty damn frustrating!
New to the forum, just did the Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 11:47:14 AM, on 3/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\EloSrvce.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: &Security Update - {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TS_Mapper] C:\Documents and Settings\Rodrigo\Desktop\multimonitor\tsmapper.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PersonalSec] C:\Program Files\PersonalSec\psecurity.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix:
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} (Enlite 2.x Simulation Engine Installer) - http://myitlab.pearsoned.com/Pegasus...es/ax/stub.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EloSystemService - Elo Touchsystems - C:\WINDOWS\system32\EloSrvce.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 7788 bytes
please help!
edit:
Forgot the uninstall list!
Sorry about that, new here
7-Zip 4.65
Ad-Aware
Ad-Aware
Adobe AIR
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Alt-Tab Task Switcher Powertoy for Windows XP
Brother MFL-Pro Suite
CDBurnerXP
Creative ZEN X-Fi Video Converter
Creative ZEN X-Fi Video Converter
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
DriverMax 5
Elo Universal Driver 4.8.7
ESET Smart Security
Foxit Reader
Guitar Pro 5.2
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
IrfanView (remove only)
Java(TM) 6 Update 17
Magic M4A to MP3 Converter 3.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 1.1 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft AppLocale
Microsoft Calculator Plus
Microsoft Choice Guard
Microsoft Corporation
Microsoft LifeCam
Microsoft VC9 runtime libraries
Microsoft Windows Application Compatibility Database
Mozilla Firefox (3.5.8)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
msxml4
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
OpenOffice.org 3.1
Project64 1.6
QuickTime
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
Sony USB Driver
TabIt version 2.01
Unlocker 1.8.7
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
User Profile Hive Cleanup Service
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
World of Warcraft
Last edited by Rawd; 02-03-2010 at 05:01 PM.
Reason: un-install list
-
ps. I have downloaded combofix as well
-
Print these instructions out.
NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe
***VERY IMPORTANT! Make sure, you update Malwarebytes before running the scans.***
STEP 1. Download Malwarebytes' Anti-Malware: Malwarebytes.org to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
RESTART COMPUTER!
STEP 2. Download GMER: GMER - Rootkit Detector and Remover, by clicking on Download EXE button.
Alternative downloads:
- |MG| GMER 1.0.15.15281 Download
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.
RESTART COMPUTER
STEP 3. Download HijackThis:
HijackThis - Trend Micro USA
by clicking on Installer under Version 2.0.2
[DO NOT download version 2.0.3 (beta)]
Install, and run it.
Post HijackThis log.
NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator
Do NOT attempt to "fix" anything!
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
-
Here's the Malwarebytes' log:
Malwarebytes' Anti-Malware 1.44
Database version: 3815
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
3/2/2010 12:55:40 PM
mbam-log-2010-03-02 (12-55-40).txt
Scan type: Quick Scan
Objects scanned: 121297
Time elapsed: 9 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 21
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 10
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servis es (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\W MPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\personalsec (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\Explorer\forceclassiccontrolpa nel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\PersonalSec (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\PersonalSec (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\PersonalSecUninstall (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\Rodrigo\My Documents\downloads\MyFunCardsSetup2.3.50.56.ZUfox 000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\PersonalSec\Computer Scan.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\PersonalSec\Help.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\PersonalSec\Personal Security.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\PersonalSec\Registration.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\PersonalSec\Security Center.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\PersonalSec\Settings.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\PersonalSec\Update.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\PersonalSecUninstall\Uninstall.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodrigo\Application Data\Microsoft\Internet Explorer\Quick Launch\PersonalSec.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
restarting computer after this post, then proceeding to step 2
-
Ok 
-
here's the GMER log:
GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-03-02 13:11:44
Windows 5.1.2600 Service Pack 3
Running: mlokslro.exe; Driver: C:\DOCUME~1\Rodrigo\LOCALS~1\Temp\pxtdrpob.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xA2B8E6D0]
---- Kernel code sections - GMER 1.0.15 ----
? bfvf.sys The system cannot find the file specified. !
.rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xB7F217A4]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB66A8360, 0x32E00D, 0xE8000020]
? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\Explorer.EXE[536] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[536] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C1000A
.text C:\WINDOWS\Explorer.EXE[536] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[908] kernel32.dll!SetUnhandledExceptionFilter 7C844935 4 Bytes [C2, 04, 00, 00]
.text C:\WINDOWS\System32\svchost.exe[1456] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006D000A
.text C:\WINDOWS\System32\svchost.exe[1456] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 006E000A
.text C:\WINDOWS\System32\svchost.exe[1456] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 006C000C
.text C:\WINDOWS\System32\svchost.exe[1456] ole32.dll!CoCreateInstance 774FF1C4 5 Bytes JMP 028B000A
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 01: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification
---- EOF - GMER 1.0.15 ----
-
I already have Hijackthis downloaded!
Step 3 finished, does this mean my computer is safe to lurk the internets!? 
-
Not at all. You have a rootkit.
Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.
"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
When it is done, a log file should be created on your C: drive called TDSSKiller.txt please copy and paste the contents of that file here.
-
it's asking me to restart my computer y/n ?
-
oops, sorry about that, I didn't read the part about the log being made in my C: drive
here it is!
13:34:03:515 4048 TDSS rootkit removing tool 2.2.7.1 Feb 27 2010 13:29:25
13:34:03:515 4048 ================================================== ==============================
13:34:03:515 4048 SystemInfo:
13:34:03:515 4048 OS Version: 5.1.2600 ServicePack: 3.0
13:34:03:515 4048 Product type: Workstation
13:34:03:515 4048 ComputerName: Rawd
13:34:03:515 4048 UserName: Rodrigo
13:34:03:515 4048 Windows directory: C:\WINDOWS
13:34:03:515 4048 Processor architecture: Intel x86
13:34:03:515 4048 Number of processors: 4
13:34:03:515 4048 Page size: 0x1000
13:34:03:515 4048 Boot type: Normal boot
13:34:03:515 4048 ================================================== ==============================
13:34:03:515 4048 UnloadDriverW: NtUnloadDriver error 1
13:34:03:515 4048 ForceUnloadDriverW: UnloadDriverW(klmd21) error 1
13:34:03:609 4048 LoadDriverW: Driver already loaded
13:34:03:609 4048 KLMD_DropNLoadW: LoadDriverW(klmd21) error 1056
13:34:03:609 4048 Initialize success
13:34:03:609 4048
13:34:03:609 4048 Scanning Services ...
13:34:03:609 4048 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
13:34:03:609 4048 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
13:34:03:609 4048 wfopen_ex: Trying to KLMD file open
13:34:03:609 4048 wfopen_ex: File opened ok (Flags 2)
13:34:03:609 4048 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
13:34:03:609 4048 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
13:34:03:609 4048 wfopen_ex: Trying to KLMD file open
13:34:03:609 4048 wfopen_ex: File opened ok (Flags 2)
13:34:04:015 4048 GetAdvancedServicesInfo: Raw services enum returned 345 services
13:34:04:015 4048 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
13:34:04:015 4048 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
13:34:04:015 4048
13:34:04:015 4048 Scanning Kernel memory ...
13:34:04:015 4048 Devices to scan: 11
13:34:04:015 4048
13:34:04:015 4048 Driver Name: Disk
13:34:04:015 4048 IRP_MJ_CREATE : B811EBB0
13:34:04:015 4048 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
13:34:04:015 4048 IRP_MJ_CLOSE : B811EBB0
13:34:04:015 4048 IRP_MJ_READ : B8118D1F
13:34:04:015 4048 IRP_MJ_WRITE : B8118D1F
13:34:04:015 4048 IRP_MJ_QUERY_INFORMATION : 804F4562
13:34:04:015 4048 IRP_MJ_SET_INFORMATION : 804F4562
13:34:04:015 4048 IRP_MJ_QUERY_EA : 804F4562
13:34:04:015 4048 IRP_MJ_SET_EA : 804F4562
13:34:04:015 4048 IRP_MJ_FLUSH_BUFFERS : B81192E2
13:34:04:015 4048 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
13:34:04:015 4048 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
13:34:04:015 4048 IRP_MJ_DIRECTORY_CONTROL : 804F4562
13:34:04:015 4048 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
13:34:04:015 4048 IRP_MJ_DEVICE_CONTROL : B81193BB
13:34:04:015 4048 IRP_MJ_INTERNAL_DEVICE_CONTROL : B811CF28
13:34:04:015 4048 IRP_MJ_SHUTDOWN : B81192E2
13:34:04:015 4048 IRP_MJ_LOCK_CONTROL : 804F4562
13:34:04:015 4048 IRP_MJ_CLEANUP : 804F4562
13:34:04:015 4048 IRP_MJ_CREATE_MAILSLOT : 804F4562
13:34:04:015 4048 IRP_MJ_QUERY_SECURITY : 804F4562
13:34:04:015 4048 IRP_MJ_SET_SECURITY : 804F4562
13:34:04:015 4048 IRP_MJ_POWER : B811AC82
13:34:04:015 4048 IRP_MJ_SYSTEM_CONTROL : B811F99E
13:34:04:015 4048 IRP_MJ_DEVICE_CHANGE : 804F4562
13:34:04:015 4048 IRP_MJ_QUERY_QUOTA : 804F4562
13:34:04:015 4048 IRP_MJ_SET_QUOTA : 804F4562
13:34:04:015 4048 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
13:34:04:015 4048 sion
13:34:04:015 4048 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
13:34:04:015 4048
13:34:04:015 4048 Driver Name: Disk
13:34:04:015 4048 IRP_MJ_CREATE : B811EBB0
13:34:04:015 4048 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
13:34:04:015 4048 IRP_MJ_CLOSE : B811EBB0
13:34:04:015 4048 IRP_MJ_READ : B8118D1F
13:34:04:015 4048 IRP_MJ_WRITE : B8118D1F
13:34:04:015 4048 IRP_MJ_QUERY_INFORMATION : 804F4562
13:34:04:015 4048 IRP_MJ_SET_INFORMATION : 804F4562
13:34:04:015 4048 IRP_MJ_QUERY_EA : 804F4562
13:34:04:015 4048 IRP_MJ_SET_EA : 804F4562
13:34:04:015 4048 IRP_MJ_FLUSH_BUFFERS : B81192E2
13:34:04:015 4048 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
13:34:04:015 4048 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
13:34:04:015 4048 IRP_MJ_DIRECTORY_CONTROL : 804F4562
13:34:04:015 4048 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
13:34:04:015 4048 IRP_MJ_DEVICE_CONTROL : B81193BB
13:34:04:015 4048 IRP_MJ_INTERNAL_DEVICE_CONTROL : B811CF28
13:34:04:015 4048 IRP_MJ_SHUTDOWN : B81192E2
13:34:04:015 4048 IRP_MJ_LOCK_CONTROL : 804F4562
13:34:04:015 4048 IRP_MJ_CLEANUP : 804F4562
13:34:04:015 4048 IRP_MJ_CREATE_MAILSLOT : 804F4562
13:34:04:015 4048 IRP_MJ_QUERY_SECURITY : 804F4562
13:34:04:015 4048 IRP_MJ_SET_SECURITY : 804F4562
13:34:04:015 4048 IRP_MJ_POWER : B811AC82
13:34:04:015 4048 IRP_MJ_SYSTEM_CONTROL : B811F99E
13:34:04:015 4048 IRP_MJ_DEVICE_CHANGE : 804F4562
13:34:04:015 4048 IRP_MJ_QUERY_QUOTA : 804F4562
13:34:04:015 4048 IRP_MJ_SET_QUOTA : 804F4562
13:34:04:015 4048 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
13:34:04:015 4048 sion
13:34:04:015 4048 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
13:34:04:015 4048
13:34:04:015 4048 Driver Name: Disk
13:34:04:015 4048 IRP_MJ_CREATE : B811EBB0
13:34:04:015 4048 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
13:34:04:015 4048 IRP_MJ_CLOSE : B811EBB0
13:34:04:015 4048 IRP_MJ_READ : B8118D1F
13:34:04:015 4048 IRP_MJ_WRITE : B8118D1F
13:34:04:015 4048 IRP_MJ_QUERY_INFORMATION : 804F4562
13:34:04:015 4048 IRP_MJ_SET_INFORMATION : 804F4562
13:34:04:015 4048 IRP_MJ_QUERY_EA : 804F4562
13:34:04:015 4048 IRP_MJ_SET_EA : 804F4562
13:34:04:015 4048 IRP_MJ_FLUSH_BUFFERS : B81192E2
13:34:04:015 4048 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
13:34:04:015 4048 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
13:34:04:015 4048 IRP_MJ_DIRECTORY_CONTROL : 804F4562
13:34:04:015 4048 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
13:34:04:015 4048 IRP_MJ_DEVICE_CONTROL : B81193BB
13:34:04:015 4048 IRP_MJ_INTERNAL_DEVICE_CONTROL : B811CF28
13:34:04:015 4048 IRP_MJ_SHUTDOWN : B81192E2
13:34:04:015 4048 IRP_MJ_LOCK_CONTROL : 804F4562
13:34:04:015 4048 IRP_MJ_CLEANUP : 804F4562
13:34:04:015 4048 IRP_MJ_CREATE_MAILSLOT : 804F4562
13:34:04:015 4048 IRP_MJ_QUERY_SECURITY : 804F4562
13:34:04:015 4048 IRP_MJ_SET_SECURITY : 804F4562
13:34:04:015 4048 IRP_MJ_POWER : B811AC82
13:34:04:015 4048 IRP_MJ_SYSTEM_CONTROL : B811F99E
13:34:04:015 4048 IRP_MJ_DEVICE_CHANGE : 804F4562
13:34:04:015 4048 IRP_MJ_QUERY_QUOTA : 804F4562
13:34:04:015 4048 IRP_MJ_SET_QUOTA : 804F4562
13:34:04:015 4048 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
13:34:04:015 4048 sion
13:34:04:015 4048 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
13:34:04:015 4048
13:34:04:015 4048 Driver Name: Disk
13:34:04:015 4048 IRP_MJ_CREATE : B811EBB0
13:34:04:015 4048 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
13:34:04:015 4048 IRP_MJ_CLOSE : B811EBB0
13:34:04:015 4048 IRP_MJ_READ : B8118D1F
13:34:04:015 4048 IRP_MJ_WRITE : B8118D1F
13:34:04:015 4048 IRP_MJ_QUERY_INFORMATION : 804F4562
13:34:04:015 4048 IRP_MJ_SET_INFORMATION : 804F4562
13:34:04:015 4048 IRP_MJ_QUERY_EA : 804F4562
13:34:04:015 4048 IRP_MJ_SET_EA : 804F4562
13:34:04:015 4048 IRP_MJ_FLUSH_BUFFERS : B81192E2
13:34:04:015 4048 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
13:34:04:015 4048 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
13:34:04:015 4048 IRP_MJ_DIRECTORY_CONTROL : 804F4562
13:34:04:015 4048 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
13:34:04:015 4048 IRP_MJ_DEVICE_CONTROL : B81193BB
13:34:04:015 4048 IRP_MJ_INTERNAL_DEVICE_CONTROL : B811CF28
13:34:04:015 4048 IRP_MJ_SHUTDOWN : B81192E2
13:34:04:015 4048 IRP_MJ_LOCK_CONTROL : 804F4562
13:34:04:015 4048 IRP_MJ_CLEANUP : 804F4562
13:34:04:015 4048 IRP_MJ_CREATE_MAILSLOT : 804F4562
13:34:04:015 4048 IRP_MJ_QUERY_SECURITY : 804F4562
13:34:04:015 4048 IRP_MJ_SET_SECURITY : 804F4562
13:34:04:015 4048 IRP_MJ_POWER : B811AC82
13:34:04:015 4048 IRP_MJ_SYSTEM_CONTROL : B811F99E
13:34:04:015 4048 IRP_MJ_DEVICE_CHANGE : 804F4562
13:34:04:015 4048 IRP_MJ_QUERY_QUOTA : 804F4562
13:34:04:015 4048 IRP_MJ_SET_QUOTA : 804F4562
13:34:04:015 4048 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
13:34:04:015 4048 sion
13:34:04:031 4048 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
13:34:04:031 4048
13:34:04:031 4048 Driver Name: usbstor
13:34:04:031 4048 IRP_MJ_CREATE : A43B1218
13:34:04:031 4048 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
13:34:04:031 4048 IRP_MJ_CLOSE : A43B1218
13:34:04:031 4048 IRP_MJ_READ : A43B123C
13:34:04:031 4048 IRP_MJ_WRITE : A43B123C
13:34:04:031 4048 IRP_MJ_QUERY_INFORMATION : 804F4562
13:34:04:031 4048 IRP_MJ_SET_INFORMATION : 804F4562
13:34:04:031 4048 IRP_MJ_QUERY_EA : 804F4562
13:34:04:031 4048 IRP_MJ_SET_EA : 804F4562
13:34:04:031 4048 IRP_MJ_FLUSH_BUFFERS : 804F4562
13:34:04:031 4048 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
13:34:04:031 4048 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
13:34:04:031 4048 IRP_MJ_DIRECTORY_CONTROL : 804F4562
13:34:04:031 4048 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
13:34:04:031 4048 IRP_MJ_DEVICE_CONTROL : A43B1180
13:34:04:031 4048 IRP_MJ_INTERNAL_DEVICE_CONTROL : A43AC9E6
13:34:04:031 4048 IRP_MJ_SHUTDOWN : 804F4562
13:34:04:031 4048 IRP_MJ_LOCK_CONTROL : 804F4562
13:34:04:031 4048 IRP_MJ_CLEANUP : 804F4562
13:34:04:031 4048 IRP_MJ_CREATE_MAILSLOT : 804F4562
13:34:04:031 4048 IRP_MJ_QUERY_SECURITY : 804F4562
13:34:04:031 4048 IRP_MJ_SET_SECURITY : 804F4562
13:34:04:031 4048 IRP_MJ_POWER : A43B05F0
13:34:04:031 4048 IRP_MJ_SYSTEM_CONTROL : A43AEA6E
13:34:04:031 4048 IRP_MJ_DEVICE_CHANGE : 804F4562
13:34:04:031 4048 IRP_MJ_QUERY_QUOTA : 804F4562
13:34:04:031 4048 IRP_MJ_SET_QUOTA : 804F4562
13:34:04:031 4048 siohd: 0
13:34:04:031 4048 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
13:34:04:031 4048
13:34:04:031 4048 Driver Name: usbstor
13:34:04:031 4048 IRP_MJ_CREATE : A43B1218
13:34:04:031 4048 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
13:34:04:031 4048 IRP_MJ_CLOSE : A43B1218
13:34:04:031 4048 IRP_MJ_READ : A43B123C
13:34:04:031 4048 IRP_MJ_WRITE : A43B123C
13:34:04:031 4048 IRP_MJ_QUERY_INFORMATION : 804F4562
13:34:04:031 4048 IRP_MJ_SET_INFORMATION : 804F4562
13:34:04:031 4048 IRP_MJ_QUERY_EA : 804F4562
13:34:04:031 4048 IRP_MJ_SET_EA : 804F4562
13:34:04:031 4048 IRP_MJ_FLUSH_BUFFERS : 804F4562
13:34:04:031 4048 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
13:34:04:031 4048 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
13:34:04:031 4048 IRP_MJ_DIRECTORY_CONTROL : 804F4562
13:34:04:031 4048 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
13:34:04:031 4048 IRP_MJ_DEVICE_CONTROL : A43B1180
13:34:04:031 4048 IRP_MJ_INTERNAL_DEVICE_CONTROL : A43AC9E6
13:34:04:031 4048 IRP_MJ_SHUTDOWN : 804F4562
13:34:04:031 4048 IRP_MJ_LOCK_CONTROL : 804F4562
13:34:04:031 4048 IRP_MJ_CLEANUP : 804F4562
13:34:04:031 4048 IRP_MJ_CREATE_MAILSLOT : 804F4562
13:34:04:031 4048 IRP_MJ_QUERY_SECURITY : 804F4562
13:34:04:031 4048 IRP_MJ_SET_SECURITY : 804F4562
13:34:04:031 4048 IRP_MJ_POWER : A43B05F0
13:34:04:031 4048 IRP_MJ_SYSTEM_CONTROL : A43AEA6E
13:34:04:031 4048 IRP_MJ_DEVICE_CHANGE : 804F4562
13:34:04:031 4048 IRP_MJ_QUERY_QUOTA : 804F4562
13:34:04:031 4048 IRP_MJ_SET_QUOTA : 804F4562
13:34:04:031 4048 siohd: 0
13:34:04:031 4048 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
13:34:04:031 4048
13:34:04:031 4048 Driver Name: usbstor
13:34:04:031 4048 IRP_MJ_CREATE : A43B1218
13:34:04:031 4048 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
13:34:04:031 4048 IRP_MJ_CLOSE : A43B1218
13:34:04:031 4048 IRP_MJ_READ : A43B123C
13:34:04:031 4048 IRP_MJ_WRITE : A43B123C
13:34:04:031 4048 IRP_MJ_QUERY_INFORMATION : 804F4562
13:34:04:031 4048 IRP_MJ_SET_INFORMATION : 804F4562
13:34:04:031 4048 IRP_MJ_QUERY_EA : 804F4562
13:34:04:031 4048 IRP_MJ_SET_EA : 804F4562
13:34:04:031 4048 IRP_MJ_FLUSH_BUFFERS : 804F4562
13:34:04:031 4048 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
13:34:04:031 4048 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
13:34:04:031 4048 IRP_MJ_DIRECTORY_CONTROL : 804F4562
13:34:04:031 4048 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
13:34:04:031 4048 IRP_MJ_DEVICE_CONTROL : A43B1180
13:34:04:031 4048 IRP_MJ_INTERNAL_DEVICE_CONTROL : A43AC9E6
13:34:04:031 4048 IRP_MJ_SHUTDOWN : 804F4562
13:34:04:031 4048 IRP_MJ_LOCK_CONTROL : 804F4562
13:34:04:031 4048 IRP_MJ_CLEANUP : 804F4562
13:34:04:031 4048 IRP_MJ_CREATE_MAILSLOT : 804F4562
13:34:04:031 4048 IRP_MJ_QUERY_SECURITY : 804F4562
13:34:04:031 4048 IRP_MJ_SET_SECURITY : 804F4562
13:34:04:031 4048 IRP_MJ_POWER : A43B05F0
13:34:04:031 4048 IRP_MJ_SYSTEM_CONTROL : A43AEA6E
13:34:04:031 4048 IRP_MJ_DEVICE_CHANGE : 804F4562
13:34:04:031 4048 IRP_MJ_QUERY_QUOTA : 804F4562
13:34:04:031 4048 IRP_MJ_SET_QUOTA : 804F4562
13:34:04:031 4048 siohd: 0
13:34:04:031 4048 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
13:34:04:031 4048
13:34:04:031 4048 Driver Name: usbstor
13:34:04:031 4048 IRP_MJ_CREATE : A43B1218
13:34:04:031 4048 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
13:34:04:031 4048 IRP_MJ_CLOSE : A43B1218
13:34:04:031 4048 IRP_MJ_READ : A43B123C
13:34:04:031 4048 IRP_MJ_WRITE : A43B123C
13:34:04:031 4048 IRP_MJ_QUERY_INFORMATION : 804F4562
13:34:04:031 4048 IRP_MJ_SET_INFORMATION : 804F4562
13:34:04:031 4048 IRP_MJ_QUERY_EA : 804F4562
13:34:04:031 4048 IRP_MJ_SET_EA : 804F4562
13:34:04:031 4048 IRP_MJ_FLUSH_BUFFERS : 804F4562
13:34:04:031 4048 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
13:34:04:031 4048 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
13:34:04:031 4048 IRP_MJ_DIRECTORY_CONTROL : 804F4562
13:34:04:031 4048 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
13:34:04:031 4048 IRP_MJ_DEVICE_CONTROL : A43B1180
13:34:04:031 4048 IRP_MJ_INTERNAL_DEVICE_CONTROL : A43AC9E6
13:34:04:031 4048 IRP_MJ_SHUTDOWN : 804F4562
13:34:04:031 4048 IRP_MJ_LOCK_CONTROL : 804F4562
13:34:04:031 4048 IRP_MJ_CLEANUP : 804F4562
13:34:04:031 4048 IRP_MJ_CREATE_MAILSLOT : 804F4562
13:34:04:031 4048 IRP_MJ_QUERY_SECURITY : 804F4562
13:34:04:031 4048 IRP_MJ_SET_SECURITY : 804F4562
13:34:04:031 4048 IRP_MJ_POWER : A43B05F0
13:34:04:031 4048 IRP_MJ_SYSTEM_CONTROL : A43AEA6E
13:34:04:031 4048 IRP_MJ_DEVICE_CHANGE : 804F4562
13:34:04:031 4048 IRP_MJ_QUERY_QUOTA : 804F4562
13:34:04:031 4048 IRP_MJ_SET_QUOTA : 804F4562
13:34:04:031 4048 siohd: 0
13:34:04:031 4048 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
13:34:04:031 4048
13:34:04:031 4048 Driver Name: Disk
13:34:04:031 4048 IRP_MJ_CREATE : B811EBB0
13:34:04:031 4048 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
13:34:04:031 4048 IRP_MJ_CLOSE : B811EBB0
13:34:04:031 4048 IRP_MJ_READ : B8118D1F
13:34:04:031 4048 IRP_MJ_WRITE : B8118D1F
13:34:04:031 4048 IRP_MJ_QUERY_INFORMATION : 804F4562
13:34:04:031 4048 IRP_MJ_SET_INFORMATION : 804F4562
13:34:04:031 4048 IRP_MJ_QUERY_EA : 804F4562
13:34:04:031 4048 IRP_MJ_SET_EA : 804F4562
13:34:04:031 4048 IRP_MJ_FLUSH_BUFFERS : B81192E2
13:34:04:031 4048 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
13:34:04:031 4048 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
13:34:04:031 4048 IRP_MJ_DIRECTORY_CONTROL : 804F4562
13:34:04:031 4048 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
13:34:04:031 4048 IRP_MJ_DEVICE_CONTROL : B81193BB
13:34:04:031 4048 IRP_MJ_INTERNAL_DEVICE_CONTROL : B811CF28
13:34:04:031 4048 IRP_MJ_SHUTDOWN : B81192E2
13:34:04:031 4048 IRP_MJ_LOCK_CONTROL : 804F4562
13:34:04:031 4048 IRP_MJ_CLEANUP : 804F4562
13:34:04:031 4048 IRP_MJ_CREATE_MAILSLOT : 804F4562
13:34:04:031 4048 IRP_MJ_QUERY_SECURITY : 804F4562
13:34:04:031 4048 IRP_MJ_SET_SECURITY : 804F4562
13:34:04:031 4048 IRP_MJ_POWER : B811AC82
13:34:04:031 4048 IRP_MJ_SYSTEM_CONTROL : B811F99E
13:34:04:031 4048 IRP_MJ_DEVICE_CHANGE : 804F4562
13:34:04:031 4048 IRP_MJ_QUERY_QUOTA : 804F4562
13:34:04:031 4048 IRP_MJ_SET_QUOTA : 804F4562
13:34:04:031 4048 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
13:34:04:031 4048 sion
13:34:04:031 4048 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
13:34:04:031 4048
13:34:04:031 4048 Driver Name: Disk
13:34:04:031 4048 IRP_MJ_CREATE : B811EBB0
13:34:04:031 4048 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
13:34:04:031 4048 IRP_MJ_CLOSE : B811EBB0
13:34:04:031 4048 IRP_MJ_READ : B8118D1F
13:34:04:031 4048 IRP_MJ_WRITE : B8118D1F
13:34:04:031 4048 IRP_MJ_QUERY_INFORMATION : 804F4562
13:34:04:031 4048 IRP_MJ_SET_INFORMATION : 804F4562
13:34:04:031 4048 IRP_MJ_QUERY_EA : 804F4562
13:34:04:031 4048 IRP_MJ_SET_EA : 804F4562
13:34:04:031 4048 IRP_MJ_FLUSH_BUFFERS : B81192E2
13:34:04:031 4048 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
13:34:04:031 4048 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
13:34:04:031 4048 IRP_MJ_DIRECTORY_CONTROL : 804F4562
13:34:04:031 4048 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
13:34:04:031 4048 IRP_MJ_DEVICE_CONTROL : B81193BB
13:34:04:031 4048 IRP_MJ_INTERNAL_DEVICE_CONTROL : B811CF28
13:34:04:031 4048 IRP_MJ_SHUTDOWN : B81192E2
13:34:04:031 4048 IRP_MJ_LOCK_CONTROL : 804F4562
13:34:04:031 4048 IRP_MJ_CLEANUP : 804F4562
13:34:04:031 4048 IRP_MJ_CREATE_MAILSLOT : 804F4562
13:34:04:031 4048 IRP_MJ_QUERY_SECURITY : 804F4562
13:34:04:031 4048 IRP_MJ_SET_SECURITY : 804F4562
13:34:04:031 4048 IRP_MJ_POWER : B811AC82
13:34:04:031 4048 IRP_MJ_SYSTEM_CONTROL : B811F99E
13:34:04:031 4048 IRP_MJ_DEVICE_CHANGE : 804F4562
13:34:04:031 4048 IRP_MJ_QUERY_QUOTA : 804F4562
13:34:04:031 4048 IRP_MJ_SET_QUOTA : 804F4562
13:34:04:031 4048 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
13:34:04:031 4048 sion
13:34:04:031 4048 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
13:34:04:031 4048
13:34:04:031 4048 Driver Name: atapi
13:34:04:031 4048 IRP_MJ_CREATE : 8AFFE618
13:34:04:031 4048 IRP_MJ_CREATE_NAMED_PIPE : 8AFFE618
13:34:04:031 4048 IRP_MJ_CLOSE : 8AFFE618
13:34:04:031 4048 IRP_MJ_READ : 8AFFE618
13:34:04:031 4048 IRP_MJ_WRITE : 8AFFE618
13:34:04:031 4048 IRP_MJ_QUERY_INFORMATION : 8AFFE618
13:34:04:031 4048 IRP_MJ_SET_INFORMATION : 8AFFE618
13:34:04:031 4048 IRP_MJ_QUERY_EA : 8AFFE618
13:34:04:031 4048 IRP_MJ_SET_EA : 8AFFE618
13:34:04:031 4048 IRP_MJ_FLUSH_BUFFERS : 8AFFE618
13:34:04:031 4048 IRP_MJ_QUERY_VOLUME_INFORMATION : 8AFFE618
13:34:04:031 4048 IRP_MJ_SET_VOLUME_INFORMATION : 8AFFE618
13:34:04:031 4048 IRP_MJ_DIRECTORY_CONTROL : 8AFFE618
13:34:04:031 4048 IRP_MJ_FILE_SYSTEM_CONTROL : 8AFFE618
13:34:04:031 4048 IRP_MJ_DEVICE_CONTROL : 8AFFE618
13:34:04:031 4048 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8AFFE618
13:34:04:031 4048 IRP_MJ_SHUTDOWN : 8AFFE618
13:34:04:031 4048 IRP_MJ_LOCK_CONTROL : 8AFFE618
13:34:04:031 4048 IRP_MJ_CLEANUP : 8AFFE618
13:34:04:031 4048 IRP_MJ_CREATE_MAILSLOT : 8AFFE618
13:34:04:031 4048 IRP_MJ_QUERY_SECURITY : 8AFFE618
13:34:04:031 4048 IRP_MJ_SET_SECURITY : 8AFFE618
13:34:04:031 4048 IRP_MJ_POWER : 8AFFE618
13:34:04:031 4048 IRP_MJ_SYSTEM_CONTROL : 8AFFE618
13:34:04:031 4048 IRP_MJ_DEVICE_CHANGE : 8AFFE618
13:34:04:031 4048 IRP_MJ_QUERY_QUOTA : 8AFFE618
13:34:04:031 4048 IRP_MJ_SET_QUOTA : 8AFFE618
13:34:04:031 4048 ihd1
13:34:04:031 4048 siolchd1
13:34:04:031 4048 siohd: 0
13:34:04:046 4048 C:\WINDOWS\system32\drivers\tsk142.tmp - Verdict: Clean
13:34:04:046 4048
13:34:04:046 4048 Completed
13:34:04:046 4048
13:34:04:046 4048 Results:
13:34:04:046 4048 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
13:34:04:046 4048 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
13:34:04:046 4048 File objects infected / cured / cured on reboot: 0 / 0 / 0
13:34:04:046 4048
13:34:04:046 4048 UnloadDriverW: NtUnloadDriver error 1
13:34:04:046 4048 KLMD_Unload: UnloadDriverW(klmd21) error 1
13:34:04:046 4048 KLMD(ARK) unloaded successfully
Junior Member
