Jump to content

Iosif

Members
  • Posts

    10
  • Joined

  • Last visited

Reputation

0 Neutral

About Iosif

  • Birthday 03/17/1970

Profile Information

  • Location
    Western Canada
  1. Sorry Maurice, I've noticed, now that I've done the OTL cleanup that my previous question was a dumb one... Shall finish removing SYSCLEAN etc. and hopefully all will be done and fine...
  2. Maurice, I figured out how to get the command box to find and uninstall Combo-fix. One question. I noticed a folder on C: called Qoobox that did not get deleted by the uninstall and it seems to contain Combo-fix-related files...Is it safe for me to simply delete the Qoobox folder? Are there any other remnants of Combo-fix that I ought to looking for to delete? Thanks in advance,
  3. Hi Maurice, Thanks for all the help and I am glad that all of your help led to a good outcome! One problem, however: when I type combo-fix /u into the command box and click ok I get this message: "Windows cannot find "combo-fix". Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search." I don't understand this, as I haven't touched combo-fix since I saved it as "Combo-Fix.exe" to my Desktop...and I can see the file plain as day sitting on my Desktop... !? Please advise so that I can get moving on this final cleanup and removal stage.
  4. Ok, steps 1-5 completed and here are the logs. Everything seems to work as it ought to in the system and the search result redirects don't seem to be occuring anymore... Avenger.txt: Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File move operation "C:\eventlog.dll|C:\WINDOWS\system32\eventlog.dll" completed successfully. Completed script processing. ******************* Finished! Terminate. MBAM scan log: Malwarebytes' Anti-Malware 1.42 Database version: 3362 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 12/14/2009 8:29:35 PM mbam-log-2009-12-14 (20-29-35).txt Scan type: Quick Scan Objects scanned: 101061 Time elapsed: 5 minute(s), 49 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) SYSCLEAN log: /--------------------------------------------------------------\ | Trend Micro System Cleaner | | Copyright 2009-2010, Trend Micro, Inc. | | http://www.trendmicro.com | \--------------------------------------------------------------/ 2009-12-14, 20:35:16, Auto-clean mode specified. 2009-12-14, 20:35:17, Initialized Rootkit Driver version 2.2.0.1004. 2009-12-14, 20:35:17, Running scanner "C:\DCE\TSC.BIN"... 2009-12-14, 20:35:30, Scanner "C:\DCE\TSC.BIN" has finished running. 2009-12-14, 20:35:30, TSC Log:
  5. Unfortunately the execution of fixes.bat is still a no-go! When I follow the instructions and try to run fixes.bat via the command prompt window, I still get the same response: "You are attempting to open a file of type "Application Extension" (.dll) These files are used by the operating system and by various programs. Editing or modifying them could damage your system. If you still want to open the file, click Open With, otherwise, click Cancel." When I click on open with... I get a window saying "Windows cannot open this file: File: eventlog.dll To open this file windows needs to know what program created it..." ???
  6. Maurice, I'm stuck at step one. When I double-click the fixes.bat to run it a window pops up saying "You are attempting to open a file of type "Application Extension" (.dll) These files are used by the operating system and by various programs. Editing or modifying them could damage your system. If you still want to open the file, click Open With, otherwise, click Cancel." What to do?
  7. Hi Maurice, Thanks for your reply. I've followed your instructions and so here is the log from ComboFix.txt : ComboFix 09-12-11.05 - Olijnyk 12/12/2009 12:54:06.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.512.198 [GMT -7:00] Running from: c:\documents and settings\Olijnyk\Desktop\Combo-Fix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Olijnyk\Application Data\inst.exe c:\windows\system32\config\systemprofile\Start Menu\Programs\Security Tool.lnk c:\windows\system32\Data . ((((((((((((((((((((((((( Files Created from 2009-11-12 to 2009-12-12 ))))))))))))))))))))))))))))))) . 2009-12-10 14:30 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2009-12-10 05:13 . 2009-12-10 05:13 96512 ----a-w- c:\windows\system32\drivers\tsk_atapi.sys 2009-12-10 05:13 . 2009-12-10 05:13 16904 ----a-w- c:\windows\system32\drivers\KLMD.sys 2009-12-10 05:10 . 2009-12-10 05:11 -------- d-----w- c:\program files\ERUNT 2009-12-08 20:12 . 2009-12-08 20:12 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-12-03 07:12 . 2009-12-03 07:30 -------- d-----w- c:\documents and settings\Olijnyk\Application Data\REAPER 2009-12-03 07:11 . 2009-12-03 07:11 -------- d-----w- c:\program files\REAPER 2009-11-28 04:44 . 2009-11-28 04:44 -------- d-----w- c:\program files\RootRepeal 2009-11-27 07:45 . 2009-11-27 07:45 1445888 ----a-w- c:\program files\WinsockxpFix.exe 2009-11-21 22:12 . 2009-11-21 22:12 -------- d-----w- c:\program files\Sophos 2009-11-19 07:47 . 2009-11-19 07:47 -------- d-----w- c:\program files\Trend Micro 2009-11-19 01:44 . 2009-11-19 01:44 68168 ----a-w- c:\program files\GooredFix.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-12 02:31 . 2008-10-24 23:17 -------- d-----w- c:\documents and settings\Olijnyk\Application Data\Skype 2009-12-12 02:31 . 2008-10-24 23:19 -------- d-----w- c:\documents and settings\Olijnyk\Application Data\skypePM 2009-12-10 05:15 . 2002-08-29 12:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys 2009-12-08 20:12 . 2009-10-25 18:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-03 23:14 . 2009-10-25 18:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-03 23:13 . 2009-10-25 18:43 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-29 23:19 . 2007-02-14 01:01 -------- d-----w- c:\documents and settings\Olijnyk\Application Data\ImgBurn 2009-11-25 03:50 . 2008-02-18 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-11-25 03:24 . 2009-06-24 04:56 47360 ----a-w- c:\documents and settings\Olijnyk\Application Data\pcouffin.sys 2009-11-25 03:24 . 2009-06-24 04:56 47360 ----a-w- c:\documents and settings\Olijnyk\Application Data\pcouffin.sys 2009-11-25 03:21 . 2006-04-26 21:12 -------- d-----w- c:\program files\CyberLink DVD Solution 2009-11-25 03:17 . 2006-04-26 20:13 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-11-25 03:13 . 2006-06-14 01:13 -------- d-----w- c:\program files\Riva 2009-11-25 00:07 . 2006-04-26 21:29 -------- d-----w- c:\program files\Java 2009-11-25 00:01 . 2009-11-22 01:42 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-11-25 00:01 . 2009-11-25 00:01 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-11-25 00:01 . 2009-11-25 00:01 152576 ----a-w- c:\documents and settings\Olijnyk\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-11-24 23:51 . 2009-11-24 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-11-24 23:51 . 2006-04-26 21:05 -------- d-----w- c:\program files\Common Files\Adobe 2009-11-24 23:47 . 2009-11-24 23:47 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-11-24 23:43 . 2009-11-24 23:43 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe 2009-11-24 23:42 . 2009-11-24 23:42 -------- d-----w- c:\program files\NOS 2009-11-21 15:51 . 2002-08-29 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll 2009-11-20 21:46 . 2009-10-19 17:49 118000 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-11-20 16:58 . 2009-06-22 07:49 -------- d-----w- c:\program files\Avidemux 2.4 2009-11-19 01:56 . 2006-04-26 20:39 -------- d-----w- c:\program files\CCleaner 2009-11-18 20:17 . 2009-10-25 18:34 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-11-18 17:59 . 2006-04-26 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink 2009-11-18 17:29 . 2008-06-03 02:37 -------- d-----w- c:\documents and settings\Olijnyk\Application Data\dvdcss 2009-11-17 05:16 . 2006-08-21 22:18 -------- d-----w- c:\program files\exPressit S.E. 2.1 2009-11-07 05:34 . 2007-10-15 05:10 -------- d-----w- c:\program files\QuickTime 2009-10-29 05:38 . 2002-08-29 12:00 667136 ----a-w- c:\windows\system32\wininet.dll 2009-10-25 18:52 . 2009-06-12 23:59 -------- d-----w- c:\program files\Citrix 2009-10-25 18:43 . 2009-10-25 18:43 -------- d-----w- c:\documents and settings\Olijnyk\Application Data\Malwarebytes 2009-10-25 18:43 . 2009-10-25 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:\windows\system32\drivers\http.sys 2009-10-19 17:50 . 2008-05-31 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-10-17 16:05 . 2009-10-17 16:04 -------- d-----w- c:\program files\AVStoDVD 2009-10-17 16:05 . 2009-10-17 16:05 -------- d-----w- c:\program files\Haali 2009-10-13 10:30 . 2002-08-29 12:00 270336 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:38 . 2002-08-29 12:00 149504 ----a-w- c:\windows\system32\rastls.dll 2009-10-12 13:38 . 2002-08-29 12:00 79872 ----a-w- c:\windows\system32\raschap.dll 2009-10-10 07:07 . 2009-11-24 23:47 38208 ----a-w- c:\documents and settings\Olijnyk\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-10-10 07:07 . 2009-11-24 23:47 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-09-25 05:37 . 2009-07-06 03:38 81920 ----a-w- c:\windows\system32\ieencode.dll 2008-11-16 01:16 . 2008-12-09 22:10 4411392 -c--a-w- c:\program files\mplayerc.exe 2008-06-27 06:29 . 2008-06-27 06:29 2387480 ----a-w- c:\program files\SVGView.exe 2008-04-24 17:25 . 2008-05-29 16:09 3276800 -c--a-w- c:\program files\DiscSpeed.exe 2007-12-17 21:30 . 2007-12-17 21:30 7168 ----a-w- c:\program files\driveinfo22.exe 2006-05-14 03:41 . 2008-07-02 22:18 468 -c--a-w- c:\program files\QuEnc070_diff.txt 2006-05-13 03:47 . 2008-07-02 22:18 3293184 ----a-w- c:\program files\QuEnc.exe 2004-03-11 19:27 . 2006-04-26 21:12 40960 ----a-w- c:\program files\Uninstall_CDS.exe . ------- Sigcheck ------- [-] 2009-12-10 05:15 . A743167B9C03A788E553F61A02E9D83A . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys [7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys [7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys [7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll [7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll c:\windows\System32\eventlog.dll ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTSysVol"="c:\program files\Creative\Sound Blaster\Surround Mixer\CTSysVol.exe" [2003-02-17 53248] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-11 2043160] "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "shicoxp"="c:\windows\shicoxp.exe" [2003-05-14 40960] "SbUsb AudCtrl"="sbusbdll.dll" [2005-05-26 128000] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-08-18 06:58 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/31/2008 1:13 PM 335240] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/31/2008 1:13 PM 108552] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/2/2008 11:16 AM 908056] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/2/2008 11:16 AM 297752] R3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\drivers\sbusb.sys [5/26/2006 11:48 AM 1694592] S0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [8/29/2002 5:00 AM 149376] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [11/21/2006 4:38 PM 16512] S3 ASUSHWIO;ASUSHWIO;\??\c:\windows\system32\drivers\ASUSHWIO.sys --> c:\windows\system32\drivers\ASUSHWIO.sys [?] S3 BS_DEF;BS_DEF;\??\c:\windows\system32\drivers\BS_DEF.sys --> c:\windows\system32\drivers\BS_DEF.sys [?] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\7.tmp --> c:\windows\system32\7.tmp [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bbc.co.uk/ukrainian/index.shtml mWindow Title = uInternet Connection Wizard,ShellNext = iexplore DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Olijnyk\Application Data\Mozilla\Firefox\Profiles\mo456j00.default\ FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/sport FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-12 12:58 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\7.tmp" . Completion time: 2009-12-12 13:01:11 ComboFix-quarantined-files.txt 2009-12-12 20:01 Pre-Run: 42,494,726,144 bytes free Post-Run: 42,458,525,696 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn - - End Of File - - 05C3E04BB52863C43044BBBF192BCB59
  8. O.k. I've gone through steps 1-5 and here are the logs. One problem, though: OTL hangs up at "HKEY_CURRENT_USER\Uninstall List" and so I haven't been able to get an Extras.txt log... Logit.txt: 22:13:28:46 3848 ForceUnloadDriver: NtUnloadDriver error 2 22:13:28:46 3848 ForceUnloadDriver: NtUnloadDriver error 2 22:13:28:46 3848 ForceUnloadDriver: NtUnloadDriver error 2 22:13:28:46 3848 main: Driver KLMD successfully dropped 22:13:28:203 3848 main: Driver KLMD successfully loaded 22:13:28:203 3848 Scanning Registry ... 22:13:28:203 3848 ScanServices: Searching service UACd.sys 22:13:28:203 3848 ScanServices: Open/Create key error 2 22:13:28:203 3848 ScanServices: Searching service TDSSserv.sys 22:13:28:203 3848 ScanServices: Open/Create key error 2 22:13:28:203 3848 ScanServices: Searching service gaopdxserv.sys 22:13:28:203 3848 ScanServices: Open/Create key error 2 22:13:28:203 3848 ScanServices: Searching service gxvxcserv.sys 22:13:28:203 3848 ScanServices: Open/Create key error 2 22:13:28:203 3848 ScanServices: Searching service MSIVXserv.sys 22:13:28:203 3848 ScanServices: Open/Create key error 2 22:13:28:203 3848 UnhookRegistry: Kernel module file name: C:\windows\system32\ntoskrnl.exe, base addr: 804D7000 22:13:28:500 3848 UnhookRegistry: Kernel local addr: CB0000 22:13:28:500 3848 UnhookRegistry: KeServiceDescriptorTable addr: D33220 22:13:28:546 3848 UnhookRegistry: KiServiceTable addr: CBB6A8 22:13:28:546 3848 UnhookRegistry: NtEnumerateKey service number (local): 47 22:13:28:546 3848 UnhookRegistry: NtEnumerateKey local addr: D4C5A4 22:13:28:562 3848 KLMD_OpenDevice: Trying to open KLMD device 22:13:28:562 3848 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey 22:13:28:562 3848 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey 22:13:28:562 3848 KLMD_ReadMem: Trying to ReadMemory 0x804DCC49[0x4] 22:13:28:562 3848 UnhookRegistry: NtEnumerateKey service number (kernel): 47 22:13:28:562 3848 KLMD_ReadMem: Trying to ReadMemory 0x804E27C4[0x4] 22:13:28:562 3848 UnhookRegistry: NtEnumerateKey real addr: 805735A4 22:13:28:562 3848 UnhookRegistry: NtEnumerateKey calc addr: 805735A4 22:13:28:562 3848 UnhookRegistry: No SDT hooks found on NtEnumerateKey 22:13:28:562 3848 KLMD_ReadMem: Trying to ReadMemory 0x805735A4[0xA] 22:13:28:562 3848 UnhookRegistry: No splicing found on NtEnumerateKey 22:13:28:578 3848 Scanning Kernel memory ... 22:13:28:578 3848 KLMD_OpenDevice: Trying to open KLMD device 22:13:28:578 3848 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk 22:13:28:578 3848 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk 22:13:28:578 3848 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 82F928A0 22:13:28:578 3848 DetectCureTDL3: KLMD_GetDeviceObjectList returned 12 DevObjects 22:13:28:578 3848 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 82AA6030 22:13:28:578 3848 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82AA6030 22:13:28:578 3848 KLMD_ReadMem: Trying to ReadMemory 0x82AA6030[0x38] 22:13:28:578 3848 DetectCureTDL3: DRIVER_OBJECT addr: 82F928A0 22:13:28:578 3848 KLMD_ReadMem: Trying to ReadMemory 0x82F928A0[0xA8] 22:13:28:578 3848 KLMD_ReadMem: Trying to ReadMemory 0xE100D210[0x208] 22:13:28:578 3848 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 22:13:28:578 3848 DetectCureTDL3: IrpHandler (0) addr: F853BBB0 22:13:28:578 3848 DetectCureTDL3: IrpHandler (1) addr: 804FA87E 22:13:28:578 3848 DetectCureTDL3: IrpHandler (2) addr: F853BBB0 22:13:28:578 3848 DetectCureTDL3: IrpHandler (3) addr: F8535D1F 22:13:28:578 3848 DetectCureTDL3: IrpHandler (4) addr: F8535D1F 22:13:28:578 3848 DetectCureTDL3: IrpHandler (5) addr: 804FA87E 22:13:28:578 3848 DetectCureTDL3: IrpHandler (6) addr: 804FA87E 22:13:28:578 3848 DetectCureTDL3: IrpHandler (7) addr: 804FA87E 22:13:28:578 3848 DetectCureTDL3: IrpHandler (8) addr: 804FA87E 22:13:28:578 3848 DetectCureTDL3: IrpHandler (9) addr: F85362E2 22:13:28:578 3848 DetectCureTDL3: IrpHandler (10) addr: 804FA87E 22:13:28:578 3848 DetectCureTDL3: IrpHandler (11) addr: 804FA87E 22:13:28:578 3848 DetectCureTDL3: IrpHandler (12) addr: 804FA87E 22:13:28:578 3848 DetectCureTDL3: IrpHandler (13) addr: 804FA87E 22:13:28:578 3848 DetectCureTDL3: IrpHandler (14) addr: F85363BB 22:13:28:578 3848 DetectCureTDL3: IrpHandler (15) addr: F8539F28 22:13:28:578 3848 DetectCureTDL3: IrpHandler (16) addr: F85362E2 22:13:28:578 3848 DetectCureTDL3: IrpHandler (17) addr: 804FA87E 22:13:28:578 3848 DetectCureTDL3: IrpHandler (18) addr: 804FA87E 22:13:28:578 3848 DetectCureTDL3: IrpHandler (19) addr: 804FA87E 22:13:28:578 3848 DetectCureTDL3: IrpHandler (20) addr: 804FA87E 22:13:28:578 3848 DetectCureTDL3: IrpHandler (21) addr: 804FA87E 22:13:28:578 3848 DetectCureTDL3: IrpHandler (22) addr: F8537C82 22:13:28:578 3848 DetectCureTDL3: IrpHandler (23) addr: F853C99E 22:13:28:578 3848 DetectCureTDL3: IrpHandler (24) addr: 804FA87E 22:13:28:578 3848 DetectCureTDL3: IrpHandler (25) addr: 804FA87E 22:13:28:578 3848 DetectCureTDL3: IrpHandler (26) addr: 804FA87E 22:13:28:578 3848 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 22:13:28:578 3848 KLMD_ReadMem: DeviceIoControl error 1 22:13:28:578 3848 TDL3_StartIoHookDetect: Unable to get StartIo handler code 22:13:28:578 3848 TDL3_FileDetect: Processing driver: Disk 22:13:28:578 3848 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys 22:13:28:578 3848 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys 22:13:28:578 3848 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys 22:13:28:609 3848 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 82AF3C68 22:13:28:609 3848 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82AF3C68 22:13:28:609 3848 KLMD_ReadMem: Trying to ReadMemory 0x82AF3C68[0x38] 22:13:28:609 3848 DetectCureTDL3: DRIVER_OBJECT addr: 82F928A0 22:13:28:609 3848 KLMD_ReadMem: Trying to ReadMemory 0x82F928A0[0xA8] 22:13:28:609 3848 KLMD_ReadMem: Trying to ReadMemory 0xE100D210[0x208] 22:13:28:609 3848 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 22:13:28:609 3848 DetectCureTDL3: IrpHandler (0) addr: F853BBB0 22:13:28:609 3848 DetectCureTDL3: IrpHandler (1) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (2) addr: F853BBB0 22:13:28:609 3848 DetectCureTDL3: IrpHandler (3) addr: F8535D1F 22:13:28:609 3848 DetectCureTDL3: IrpHandler (4) addr: F8535D1F 22:13:28:609 3848 DetectCureTDL3: IrpHandler (5) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (6) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (7) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (8) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (9) addr: F85362E2 22:13:28:609 3848 DetectCureTDL3: IrpHandler (10) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (11) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (12) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (13) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (14) addr: F85363BB 22:13:28:609 3848 DetectCureTDL3: IrpHandler (15) addr: F8539F28 22:13:28:609 3848 DetectCureTDL3: IrpHandler (16) addr: F85362E2 22:13:28:609 3848 DetectCureTDL3: IrpHandler (17) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (18) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (19) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (20) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (21) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (22) addr: F8537C82 22:13:28:609 3848 DetectCureTDL3: IrpHandler (23) addr: F853C99E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (24) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (25) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (26) addr: 804FA87E 22:13:28:609 3848 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 22:13:28:609 3848 KLMD_ReadMem: DeviceIoControl error 1 22:13:28:609 3848 TDL3_StartIoHookDetect: Unable to get StartIo handler code 22:13:28:609 3848 TDL3_FileDetect: Processing driver: Disk 22:13:28:609 3848 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys 22:13:28:609 3848 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys 22:13:28:609 3848 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys 22:13:28:609 3848 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 82B1AC68 22:13:28:609 3848 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82B1AC68 22:13:28:609 3848 KLMD_ReadMem: Trying to ReadMemory 0x82B1AC68[0x38] 22:13:28:609 3848 DetectCureTDL3: DRIVER_OBJECT addr: 82F928A0 22:13:28:609 3848 KLMD_ReadMem: Trying to ReadMemory 0x82F928A0[0xA8] 22:13:28:609 3848 KLMD_ReadMem: Trying to ReadMemory 0xE100D210[0x208] 22:13:28:609 3848 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 22:13:28:609 3848 DetectCureTDL3: IrpHandler (0) addr: F853BBB0 22:13:28:609 3848 DetectCureTDL3: IrpHandler (1) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (2) addr: F853BBB0 22:13:28:609 3848 DetectCureTDL3: IrpHandler (3) addr: F8535D1F 22:13:28:609 3848 DetectCureTDL3: IrpHandler (4) addr: F8535D1F 22:13:28:609 3848 DetectCureTDL3: IrpHandler (5) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (6) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (7) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (8) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (9) addr: F85362E2 22:13:28:609 3848 DetectCureTDL3: IrpHandler (10) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (11) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (12) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (13) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (14) addr: F85363BB 22:13:28:609 3848 DetectCureTDL3: IrpHandler (15) addr: F8539F28 22:13:28:609 3848 DetectCureTDL3: IrpHandler (16) addr: F85362E2 22:13:28:609 3848 DetectCureTDL3: IrpHandler (17) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (18) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (19) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (20) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (21) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (22) addr: F8537C82 22:13:28:609 3848 DetectCureTDL3: IrpHandler (23) addr: F853C99E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (24) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (25) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (26) addr: 804FA87E 22:13:28:609 3848 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 22:13:28:609 3848 KLMD_ReadMem: DeviceIoControl error 1 22:13:28:609 3848 TDL3_StartIoHookDetect: Unable to get StartIo handler code 22:13:28:609 3848 TDL3_FileDetect: Processing driver: Disk 22:13:28:609 3848 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys 22:13:28:609 3848 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys 22:13:28:609 3848 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys 22:13:28:609 3848 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 82AB95D8 22:13:28:609 3848 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82AB95D8 22:13:28:609 3848 KLMD_ReadMem: Trying to ReadMemory 0x82AB95D8[0x38] 22:13:28:609 3848 DetectCureTDL3: DRIVER_OBJECT addr: 82F928A0 22:13:28:609 3848 KLMD_ReadMem: Trying to ReadMemory 0x82F928A0[0xA8] 22:13:28:609 3848 KLMD_ReadMem: Trying to ReadMemory 0xE100D210[0x208] 22:13:28:609 3848 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 22:13:28:609 3848 DetectCureTDL3: IrpHandler (0) addr: F853BBB0 22:13:28:609 3848 DetectCureTDL3: IrpHandler (1) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (2) addr: F853BBB0 22:13:28:609 3848 DetectCureTDL3: IrpHandler (3) addr: F8535D1F 22:13:28:609 3848 DetectCureTDL3: IrpHandler (4) addr: F8535D1F 22:13:28:609 3848 DetectCureTDL3: IrpHandler (5) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (6) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (7) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (8) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (9) addr: F85362E2 22:13:28:609 3848 DetectCureTDL3: IrpHandler (10) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (11) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (12) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (13) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (14) addr: F85363BB 22:13:28:609 3848 DetectCureTDL3: IrpHandler (15) addr: F8539F28 22:13:28:609 3848 DetectCureTDL3: IrpHandler (16) addr: F85362E2 22:13:28:609 3848 DetectCureTDL3: IrpHandler (17) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (18) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (19) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (20) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (21) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (22) addr: F8537C82 22:13:28:609 3848 DetectCureTDL3: IrpHandler (23) addr: F853C99E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (24) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (25) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (26) addr: 804FA87E 22:13:28:609 3848 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 22:13:28:609 3848 KLMD_ReadMem: DeviceIoControl error 1 22:13:28:609 3848 TDL3_StartIoHookDetect: Unable to get StartIo handler code 22:13:28:609 3848 TDL3_FileDetect: Processing driver: Disk 22:13:28:609 3848 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys 22:13:28:609 3848 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys 22:13:28:609 3848 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys 22:13:28:609 3848 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 82AD62C0 22:13:28:609 3848 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82AD62C0 22:13:28:609 3848 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 82AF3030 22:13:28:609 3848 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82AF3030 22:13:28:609 3848 KLMD_ReadMem: Trying to ReadMemory 0x82AF3030[0x38] 22:13:28:609 3848 DetectCureTDL3: DRIVER_OBJECT addr: 82AF33F8 22:13:28:609 3848 KLMD_ReadMem: Trying to ReadMemory 0x82AF33F8[0xA8] 22:13:28:609 3848 KLMD_ReadMem: Trying to ReadMemory 0xE19E9420[0x208] 22:13:28:609 3848 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor 22:13:28:609 3848 DetectCureTDL3: IrpHandler (0) addr: F88DA218 22:13:28:609 3848 DetectCureTDL3: IrpHandler (1) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (2) addr: F88DA218 22:13:28:609 3848 DetectCureTDL3: IrpHandler (3) addr: F88DA23C 22:13:28:609 3848 DetectCureTDL3: IrpHandler (4) addr: F88DA23C 22:13:28:609 3848 DetectCureTDL3: IrpHandler (5) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (6) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (7) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (8) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (9) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (10) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (11) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (12) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (13) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (14) addr: F88DA180 22:13:28:609 3848 DetectCureTDL3: IrpHandler (15) addr: F88D59E6 22:13:28:609 3848 DetectCureTDL3: IrpHandler (16) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (17) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (18) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (19) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (20) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (21) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (22) addr: F88D95F0 22:13:28:609 3848 DetectCureTDL3: IrpHandler (23) addr: F88D7A6E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (24) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (25) addr: 804FA87E 22:13:28:609 3848 DetectCureTDL3: IrpHandler (26) addr: 804FA87E 22:13:28:609 3848 KLMD_ReadMem: Trying to ReadMemory 0xF88D6F26[0x400] 22:13:28:609 3848 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0 22:13:28:609 3848 TDL3_FileDetect: Processing driver: usbstor 22:13:28:609 3848 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\tsk_usbstor.sys, SYSTEM\CurrentControlSet\Services\usbstor, system32\Drivers\tsk_usbstor.sys 22:13:28:609 3848 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys 22:13:28:609 3848 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys 22:13:28:640 3848 DetectCureTDL3: 5 Curr stack PDEVICE_OBJECT: 82B74508 22:13:28:640 3848 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82B74508 22:13:28:640 3848 DetectCureTDL3: 5 Curr stack PDEVICE_OBJECT: 82AAA030 22:13:28:640 3848 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82AAA030 22:13:28:640 3848 KLMD_ReadMem: Trying to ReadMemory 0x82AAA030[0x38] 22:13:28:640 3848 DetectCureTDL3: DRIVER_OBJECT addr: 82AF33F8 22:13:28:640 3848 KLMD_ReadMem: Trying to ReadMemory 0x82AF33F8[0xA8] 22:13:28:640 3848 KLMD_ReadMem: Trying to ReadMemory 0xE19E9420[0x208] 22:13:28:640 3848 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor 22:13:28:640 3848 DetectCureTDL3: IrpHandler (0) addr: F88DA218 22:13:28:640 3848 DetectCureTDL3: IrpHandler (1) addr: 804FA87E 22:13:28:640 3848 DetectCureTDL3: IrpHandler (2) addr: F88DA218 22:13:28:640 3848 DetectCureTDL3: IrpHandler (3) addr: F88DA23C 22:13:28:640 3848 DetectCureTDL3: IrpHandler (4) addr: F88DA23C 22:13:28:640 3848 DetectCureTDL3: IrpHandler (5) addr: 804FA87E 22:13:28:640 3848 DetectCureTDL3: IrpHandler (6) addr: 804FA87E 22:13:28:640 3848 DetectCureTDL3: IrpHandler (7) addr: 804FA87E 22:13:28:640 3848 DetectCureTDL3: IrpHandler (8) addr: 804FA87E 22:13:28:640 3848 DetectCureTDL3: IrpHandler (9) addr: 804FA87E 22:13:28:640 3848 DetectCureTDL3: IrpHandler (10) addr: 804FA87E 22:13:28:640 3848 DetectCureTDL3: IrpHandler (11) addr: 804FA87E 22:13:28:640 3848 DetectCureTDL3: IrpHandler (12) addr: 804FA87E 22:13:28:640 3848 DetectCureTDL3: IrpHandler (13) addr: 804FA87E 22:13:28:640 3848 DetectCureTDL3: IrpHandler (14) addr: F88DA180 22:13:28:640 3848 DetectCureTDL3: IrpHandler (15) addr: F88D59E6 22:13:28:640 3848 DetectCureTDL3: IrpHandler (16) addr: 804FA87E 22:13:28:640 3848 DetectCureTDL3: IrpHandler (17) addr: 804FA87E 22:13:28:640 3848 DetectCureTDL3: IrpHandler (18) addr: 804FA87E 22:13:28:640 3848 DetectCureTDL3: IrpHandler (19) addr: 804FA87E 22:13:28:640 3848 DetectCureTDL3: IrpHandler (20) addr: 804FA87E 22:13:28:640 3848 DetectCureTDL3: IrpHandler (21) addr: 804FA87E 22:13:28:640 3848 DetectCureTDL3: IrpHandler (22) addr: F88D95F0 22:13:28:640 3848 DetectCureTDL3: IrpHandler (23) addr: F88D7A6E 22:13:28:640 3848 DetectCureTDL3: IrpHandler (24) addr: 804FA87E 22:13:28:640 3848 DetectCureTDL3: IrpHandler (25) addr: 804FA87E 22:13:28:640 3848 DetectCureTDL3: IrpHandler (26) addr: 804FA87E 22:13:28:640 3848 KLMD_ReadMem: Trying to ReadMemory 0xF88D6F26[0x400] 22:13:28:640 3848 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0 22:13:28:640 3848 TDL3_FileDetect: Processing driver: usbstor 22:13:28:640 3848 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\tsk_usbstor.sys, SYSTEM\CurrentControlSet\Services\usbstor, system32\Drivers\tsk_usbstor.sys 22:13:28:640 3848 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys 22:13:28:640 3848 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys 22:13:28:640 3848 DetectCureTDL3: 6 Curr stack PDEVICE_OBJECT: 82AF13A0 22:13:28:640 3848 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82AF13A0 22:13:28:640 3848 DetectCureTDL3: 6 Curr stack PDEVICE_OBJECT: 82AE59C0 22:13:28:640 3848 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82AE59C0 22:13:28:640 3848 KLMD_ReadMem: Trying to ReadMemory 0x82AE59C0[0x38] 22:13:28:640 3848 DetectCureTDL3: DRIVER_OBJECT addr: 82AF33F8 22:13:28:640 3848 KLMD_ReadMem: Trying to ReadMemory 0x82AF33F8[0xA8] 22:13:28:640 3848 KLMD_ReadMem: Trying to ReadMemory 0xE19E9420[0x208] 22:13:28:640 3848 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor 22:13:28:640 3848 DetectCureTDL3: IrpHandler (0) addr: F88DA218 22:13:28:640 3848 DetectCureTDL3: IrpHandler (1) addr: 804FA87E 22:13:28:640 3848 DetectCureTDL3: IrpHandler (2) addr: F88DA218 22:13:28:640 3848 DetectCureTDL3: IrpHandler (3) addr: F88DA23C 22:13:28:640 3848 DetectCureTDL3: IrpHandler (4) addr: F88DA23C 22:13:28:640 3848 DetectCureTDL3: IrpHandler (5) addr: 804FA87E 22:13:28:640 3848 DetectCureTDL3: IrpHandler (6) addr: 804FA87E 22:13:28:640 3848 DetectCureTDL3: IrpHandler (7) addr: 804FA87E 22:13:28:640 3848 DetectCureTDL3: IrpHandler (8) addr: 804FA87E 22:13:28:640 3848 DetectCureTDL3: IrpHandler (9) addr: 804FA87E 22:13:28:640 3848 DetectCureTDL3: IrpHandler (10) addr: 804FA87E 22:13:28:640 3848 DetectCureTDL3: IrpHandler (11) addr: 804FA87E 22:13:28:640 3848 DetectCureTDL3: IrpHandler (12) addr: 804FA87E 22:13:28:640 3848 DetectCureTDL3: IrpHandler (13) addr: 804FA87E 22:13:28:656 3848 DetectCureTDL3: IrpHandler (14) addr: F88DA180 22:13:28:656 3848 DetectCureTDL3: IrpHandler (15) addr: F88D59E6 22:13:28:656 3848 DetectCureTDL3: IrpHandler (16) addr: 804FA87E 22:13:28:656 3848 DetectCureTDL3: IrpHandler (17) addr: 804FA87E 22:13:28:656 3848 DetectCureTDL3: IrpHandler (18) addr: 804FA87E 22:13:28:656 3848 DetectCureTDL3: IrpHandler (19) addr: 804FA87E 22:13:28:656 3848 DetectCureTDL3: IrpHandler (20) addr: 804FA87E 22:13:28:656 3848 DetectCureTDL3: IrpHandler (21) addr: 804FA87E 22:13:28:656 3848 DetectCureTDL3: IrpHandler (22) addr: F88D95F0 22:13:28:656 3848 DetectCureTDL3: IrpHandler (23) addr: F88D7A6E 22:13:28:656 3848 DetectCureTDL3: IrpHandler (24) addr: 804FA87E 22:13:28:656 3848 DetectCureTDL3: IrpHandler (25) addr: 804FA87E 22:13:28:656 3848 DetectCureTDL3: IrpHandler (26) addr: 804FA87E 22:13:28:656 3848 KLMD_ReadMem: Trying to ReadMemory 0xF88D6F26[0x400] 22:13:28:656 3848 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0 22:13:28:656 3848 TDL3_FileDetect: Processing driver: usbstor 22:13:28:656 3848 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\tsk_usbstor.sys, SYSTEM\CurrentControlSet\Services\usbstor, system32\Drivers\tsk_usbstor.sys 22:13:28:656 3848 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys 22:13:28:656 3848 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys 22:13:28:718 3848 DetectCureTDL3: 7 Curr stack PDEVICE_OBJECT: 82AF8638 22:13:28:718 3848 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82AF8638 22:13:28:718 3848 DetectCureTDL3: 7 Curr stack PDEVICE_OBJECT: 82B17CC0 22:13:28:718 3848 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82B17CC0 22:13:28:718 3848 KLMD_ReadMem: Trying to ReadMemory 0x82B17CC0[0x38] 22:13:28:718 3848 DetectCureTDL3: DRIVER_OBJECT addr: 82AF33F8 22:13:28:718 3848 KLMD_ReadMem: Trying to ReadMemory 0x82AF33F8[0xA8] 22:13:28:718 3848 KLMD_ReadMem: Trying to ReadMemory 0xE19E9420[0x208] 22:13:28:718 3848 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor 22:13:28:718 3848 DetectCureTDL3: IrpHandler (0) addr: F88DA218 22:13:28:718 3848 DetectCureTDL3: IrpHandler (1) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (2) addr: F88DA218 22:13:28:718 3848 DetectCureTDL3: IrpHandler (3) addr: F88DA23C 22:13:28:718 3848 DetectCureTDL3: IrpHandler (4) addr: F88DA23C 22:13:28:718 3848 DetectCureTDL3: IrpHandler (5) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (6) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (7) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (8) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (9) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (10) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (11) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (12) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (13) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (14) addr: F88DA180 22:13:28:718 3848 DetectCureTDL3: IrpHandler (15) addr: F88D59E6 22:13:28:718 3848 DetectCureTDL3: IrpHandler (16) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (17) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (18) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (19) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (20) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (21) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (22) addr: F88D95F0 22:13:28:718 3848 DetectCureTDL3: IrpHandler (23) addr: F88D7A6E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (24) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (25) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (26) addr: 804FA87E 22:13:28:718 3848 KLMD_ReadMem: Trying to ReadMemory 0xF88D6F26[0x400] 22:13:28:718 3848 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0 22:13:28:718 3848 TDL3_FileDetect: Processing driver: usbstor 22:13:28:718 3848 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\tsk_usbstor.sys, SYSTEM\CurrentControlSet\Services\usbstor, system32\Drivers\tsk_usbstor.sys 22:13:28:718 3848 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys 22:13:28:718 3848 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys 22:13:28:718 3848 DetectCureTDL3: 8 Curr stack PDEVICE_OBJECT: 82FCDC68 22:13:28:718 3848 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82FCDC68 22:13:28:718 3848 KLMD_ReadMem: Trying to ReadMemory 0x82FCDC68[0x38] 22:13:28:718 3848 DetectCureTDL3: DRIVER_OBJECT addr: 82F928A0 22:13:28:718 3848 KLMD_ReadMem: Trying to ReadMemory 0x82F928A0[0xA8] 22:13:28:718 3848 KLMD_ReadMem: Trying to ReadMemory 0xE100D210[0x208] 22:13:28:718 3848 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 22:13:28:718 3848 DetectCureTDL3: IrpHandler (0) addr: F853BBB0 22:13:28:718 3848 DetectCureTDL3: IrpHandler (1) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (2) addr: F853BBB0 22:13:28:718 3848 DetectCureTDL3: IrpHandler (3) addr: F8535D1F 22:13:28:718 3848 DetectCureTDL3: IrpHandler (4) addr: F8535D1F 22:13:28:718 3848 DetectCureTDL3: IrpHandler (5) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (6) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (7) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (8) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (9) addr: F85362E2 22:13:28:718 3848 DetectCureTDL3: IrpHandler (10) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (11) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (12) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (13) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (14) addr: F85363BB 22:13:28:718 3848 DetectCureTDL3: IrpHandler (15) addr: F8539F28 22:13:28:718 3848 DetectCureTDL3: IrpHandler (16) addr: F85362E2 22:13:28:718 3848 DetectCureTDL3: IrpHandler (17) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (18) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (19) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (20) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (21) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (22) addr: F8537C82 22:13:28:718 3848 DetectCureTDL3: IrpHandler (23) addr: F853C99E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (24) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (25) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (26) addr: 804FA87E 22:13:28:718 3848 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 22:13:28:718 3848 KLMD_ReadMem: DeviceIoControl error 1 22:13:28:718 3848 TDL3_StartIoHookDetect: Unable to get StartIo handler code 22:13:28:718 3848 TDL3_FileDetect: Processing driver: Disk 22:13:28:718 3848 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys 22:13:28:718 3848 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys 22:13:28:718 3848 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys 22:13:28:718 3848 DetectCureTDL3: 9 Curr stack PDEVICE_OBJECT: 82FCF9F0 22:13:28:718 3848 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82FCF9F0 22:13:28:718 3848 KLMD_ReadMem: Trying to ReadMemory 0x82FCF9F0[0x38] 22:13:28:718 3848 DetectCureTDL3: DRIVER_OBJECT addr: 82F928A0 22:13:28:718 3848 KLMD_ReadMem: Trying to ReadMemory 0x82F928A0[0xA8] 22:13:28:718 3848 KLMD_ReadMem: Trying to ReadMemory 0xE100D210[0x208] 22:13:28:718 3848 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 22:13:28:718 3848 DetectCureTDL3: IrpHandler (0) addr: F853BBB0 22:13:28:718 3848 DetectCureTDL3: IrpHandler (1) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (2) addr: F853BBB0 22:13:28:718 3848 DetectCureTDL3: IrpHandler (3) addr: F8535D1F 22:13:28:718 3848 DetectCureTDL3: IrpHandler (4) addr: F8535D1F 22:13:28:718 3848 DetectCureTDL3: IrpHandler (5) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (6) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (7) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (8) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (9) addr: F85362E2 22:13:28:718 3848 DetectCureTDL3: IrpHandler (10) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (11) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (12) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (13) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (14) addr: F85363BB 22:13:28:718 3848 DetectCureTDL3: IrpHandler (15) addr: F8539F28 22:13:28:718 3848 DetectCureTDL3: IrpHandler (16) addr: F85362E2 22:13:28:718 3848 DetectCureTDL3: IrpHandler (17) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (18) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (19) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (20) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (21) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (22) addr: F8537C82 22:13:28:718 3848 DetectCureTDL3: IrpHandler (23) addr: F853C99E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (24) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (25) addr: 804FA87E 22:13:28:718 3848 DetectCureTDL3: IrpHandler (26) addr: 804FA87E 22:13:28:718 3848 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 22:13:28:718 3848 KLMD_ReadMem: DeviceIoControl error 1 22:13:28:718 3848 TDL3_StartIoHookDetect: Unable to get StartIo handler code 22:13:28:718 3848 TDL3_FileDetect: Processing driver: Disk 22:13:28:718 3848 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys 22:13:28:718 3848 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys 22:13:28:718 3848 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys 22:13:28:718 3848 DetectCureTDL3: 10 Curr stack PDEVICE_OBJECT: 82F99030 22:13:28:718 3848 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82F99030 22:13:28:718 3848 DetectCureTDL3: 10 Curr stack PDEVICE_OBJECT: 82FCF3B8 22:13:28:718 3848 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82FCF3B8 22:13:28:718 3848 DetectCureTDL3: 10 Curr stack PDEVICE_OBJECT: 82FCED98 22:13:28:718 3848 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82FCED98 22:13:28:718 3848 KLMD_ReadMem: Trying to ReadMemory 0x82FCED98[0x38] 22:13:28:734 3848 DetectCureTDL3: DRIVER_OBJECT addr: 82FDFC28 22:13:28:734 3848 KLMD_ReadMem: Trying to ReadMemory 0x82FDFC28[0xA8] 22:13:28:734 3848 KLMD_ReadMem: Trying to ReadMemory 0xE101BAF0[0x208] 22:13:28:734 3848 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi 22:13:28:734 3848 DetectCureTDL3: IrpHandler (0) addr: F8467B3A 22:13:28:734 3848 DetectCureTDL3: IrpHandler (1) addr: F8467B3A 22:13:28:734 3848 DetectCureTDL3: IrpHandler (2) addr: F8467B3A 22:13:28:734 3848 DetectCureTDL3: IrpHandler (3) addr: F8467B3A 22:13:28:734 3848 DetectCureTDL3: IrpHandler (4) addr: F8467B3A 22:13:28:734 3848 DetectCureTDL3: IrpHandler (5) addr: F8467B3A 22:13:28:734 3848 DetectCureTDL3: IrpHandler (6) addr: F8467B3A 22:13:28:734 3848 DetectCureTDL3: IrpHandler (7) addr: F8467B3A 22:13:28:734 3848 DetectCureTDL3: IrpHandler (8) addr: F8467B3A 22:13:28:734 3848 DetectCureTDL3: IrpHandler (9) addr: F8467B3A 22:13:28:734 3848 DetectCureTDL3: IrpHandler (10) addr: F8467B3A 22:13:28:734 3848 DetectCureTDL3: IrpHandler (11) addr: F8467B3A 22:13:28:734 3848 DetectCureTDL3: IrpHandler (12) addr: F8467B3A 22:13:28:734 3848 DetectCureTDL3: IrpHandler (13) addr: F8467B3A 22:13:28:734 3848 DetectCureTDL3: IrpHandler (14) addr: F8467B3A 22:13:28:734 3848 DetectCureTDL3: IrpHandler (15) addr: F8467B3A 22:13:28:734 3848 DetectCureTDL3: IrpHandler (16) addr: F8467B3A 22:13:28:734 3848 DetectCureTDL3: IrpHandler (17) addr: F8467B3A 22:13:28:734 3848 DetectCureTDL3: IrpHandler (18) addr: F8467B3A 22:13:28:734 3848 DetectCureTDL3: IrpHandler (19) addr: F8467B3A 22:13:28:734 3848 DetectCureTDL3: IrpHandler (20) addr: F8467B3A 22:13:28:734 3848 DetectCureTDL3: IrpHandler (21) addr: F8467B3A 22:13:28:734 3848 DetectCureTDL3: IrpHandler (22) addr: F8467B3A 22:13:28:734 3848 DetectCureTDL3: IrpHandler (23) addr: F8467B3A 22:13:28:734 3848 DetectCureTDL3: IrpHandler (24) addr: F8467B3A 22:13:28:734 3848 DetectCureTDL3: IrpHandler (25) addr: F8467B3A 22:13:28:734 3848 DetectCureTDL3: IrpHandler (26) addr: F8467B3A 22:13:28:734 3848 DetectCureTDL3: All IRP handlers pointed to one addr: F8467B3A 22:13:28:734 3848 KLMD_ReadMem: Trying to ReadMemory 0xF8467B3A[0x400] 22:13:28:734 3848 TDL3_IrpHookDetect: TDL3 Stub signature found, trying to get hook true addr 22:13:28:734 3848 KLMD_ReadMem: Trying to ReadMemory 0xFFDF0308[0x4] 22:13:28:734 3848 KLMD_ReadMem: Trying to ReadMemory 0x82FDF5F4[0x4] 22:13:28:734 3848 TDL3_IrpHookDetect: New IrpHandler addr: 82F7FF61 22:13:28:734 3848 KLMD_ReadMem: Trying to ReadMemory 0x82F7FF61[0x400] 22:13:28:734 3848 TDL3_IrpHookDetect: CheckParameters: 10, FFDF0308, 510, 134, 3, 120 22:13:28:734 3848 Driver "atapi" Irp handler infected by TDSS rootkit ... 22:13:28:734 3848 KLMD_WriteMem: Trying to WriteMemory 0x82F7FFE7[0xD] 22:13:28:734 3848 cured 22:13:28:734 3848 KLMD_ReadMem: Trying to ReadMemory 0xF8465864[0x400] 22:13:28:734 3848 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 316, 0 22:13:28:734 3848 TDL3_FileDetect: Processing driver: atapi 22:13:28:734 3848 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\atapi.sys, C:\WINDOWS\system32\Drivers\tsk_atapi.sys, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\tsk_atapi.sys 22:13:28:734 3848 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys 22:13:28:734 3848 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\atapi.sys 22:13:28:765 3848 File C:\WINDOWS\system32\drivers\atapi.sys infected by TDSS rootkit ... 22:13:28:765 3848 TDL3_FileCure: Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys 22:13:28:765 3848 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\atapi.sys 22:13:28:765 3848 TDL3_FileCure: Dumping cured buffer to file C:\WINDOWS\system32\Drivers\tsk_atapi.sys 22:13:28:812 3848 TDL3_FileCure: Image path (system32\Drivers\tsk_atapi.sys) was set for service (SYSTEM\CurrentControlSet\Services\atapi) 22:13:28:812 3848 TDL3_FileCure: KLMD_PendCopyFileW (C:\WINDOWS\system32\Drivers\tsk_atapi.sys, C:\WINDOWS\system32\drivers\atapi.sys) success 22:13:28:812 3848 will be cured on next reboot 22:13:28:812 3848 DetectCureTDL3: 11 Curr stack PDEVICE_OBJECT: 82F90030 22:13:28:812 3848 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82F90030 22:13:28:812 3848 DetectCureTDL3: 11 Curr stack PDEVICE_OBJECT: 82FDF198 22:13:28:812 3848 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82FDF198 22:13:28:812 3848 DetectCureTDL3: 11 Curr stack PDEVICE_OBJECT: 82F90D98 22:13:28:812 3848 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82F90D98 22:13:28:812 3848 KLMD_ReadMem: Trying to ReadMemory 0x82F90D98[0x38] 22:13:28:812 3848 DetectCureTDL3: DRIVER_OBJECT addr: 82FDFC28 22:13:28:812 3848 KLMD_ReadMem: Trying to ReadMemory 0x82FDFC28[0xA8] 22:13:28:812 3848 KLMD_ReadMem: Trying to ReadMemory 0xE101BAF0[0x208] 22:13:28:812 3848 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi 22:13:28:812 3848 DetectCureTDL3: IrpHandler (0) addr: F8467B3A 22:13:28:812 3848 DetectCureTDL3: IrpHandler (1) addr: F8467B3A 22:13:28:812 3848 DetectCureTDL3: IrpHandler (2) addr: F8467B3A 22:13:28:812 3848 DetectCureTDL3: IrpHandler (3) addr: F8467B3A 22:13:28:812 3848 DetectCureTDL3: IrpHandler (4) addr: F8467B3A 22:13:28:812 3848 DetectCureTDL3: IrpHandler (5) addr: F8467B3A 22:13:28:812 3848 DetectCureTDL3: IrpHandler (6) addr: F8467B3A 22:13:28:812 3848 DetectCureTDL3: IrpHandler (7) addr: F8467B3A 22:13:28:812 3848 DetectCureTDL3: IrpHandler (8) addr: F8467B3A 22:13:28:812 3848 DetectCureTDL3: IrpHandler (9) addr: F8467B3A 22:13:28:812 3848 DetectCureTDL3: IrpHandler (10) addr: F8467B3A 22:13:28:812 3848 DetectCureTDL3: IrpHandler (11) addr: F8467B3A 22:13:28:812 3848 DetectCureTDL3: IrpHandler (12) addr: F8467B3A 22:13:28:812 3848 DetectCureTDL3: IrpHandler (13) addr: F8467B3A 22:13:28:812 3848 DetectCureTDL3: IrpHandler (14) addr: F8467B3A 22:13:28:812 3848 DetectCureTDL3: IrpHandler (15) addr: F8467B3A 22:13:28:812 3848 DetectCureTDL3: IrpHandler (16) addr: F8467B3A 22:13:28:812 3848 DetectCureTDL3: IrpHandler (17) addr: F8467B3A 22:13:28:812 3848 DetectCureTDL3: IrpHandler (18) addr: F8467B3A 22:13:28:812 3848 DetectCureTDL3: IrpHandler (19) addr: F8467B3A 22:13:28:812 3848 DetectCureTDL3: IrpHandler (20) addr: F8467B3A 22:13:28:812 3848 DetectCureTDL3: IrpHandler (21) addr: F8467B3A 22:13:28:812 3848 DetectCureTDL3: IrpHandler (22) addr: F8467B3A 22:13:28:812 3848 DetectCureTDL3: IrpHandler (23) addr: F8467B3A 22:13:28:812 3848 DetectCureTDL3: IrpHandler (24) addr: F8467B3A 22:13:28:812 3848 DetectCureTDL3: IrpHandler (25) addr: F8467B3A 22:13:28:812 3848 DetectCureTDL3: IrpHandler (26) addr: F8467B3A 22:13:28:812 3848 DetectCureTDL3: All IRP handlers pointed to one addr: F8467B3A 22:13:28:812 3848 KLMD_ReadMem: Trying to ReadMemory 0xF8467B3A[0x400] 22:13:28:812 3848 TDL3_IrpHookDetect: TDL3 Stub signature found, trying to get hook true addr 22:13:28:812 3848 KLMD_ReadMem: Trying to ReadMemory 0xFFDF0308[0x4] 22:13:28:812 3848 KLMD_ReadMem: Trying to ReadMemory 0x82FDF5F4[0x4] 22:13:28:812 3848 TDL3_IrpHookDetect: New IrpHandler addr: 82F7FF61 22:13:28:812 3848 KLMD_ReadMem: Trying to ReadMemory 0x82F7FF61[0x400] 22:13:28:812 3848 TDL3_IrpHookDetect: TDL3 is already cured 22:13:28:812 3848 KLMD_ReadMem: Trying to ReadMemory 0xF8465864[0x400] 22:13:28:812 3848 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 316, 0 22:13:28:812 3848 TDL3_FileDetect: Processing driver: atapi 22:13:28:812 3848 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\tsk_atapi.sys, C:\WINDOWS\system32\Drivers\tsk_tsk_atapi.sys, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\tsk_tsk_atapi.sys 22:13:28:812 3848 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\tsk_atapi.sys 22:13:28:812 3848 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\tsk_atapi.sys 22:13:28:812 3848 Completed Results: 22:13:28:812 3848 Infected objects in memory: 1 22:13:28:812 3848 Cured objects in memory: 1 22:13:28:812 3848 Infected objects on disk: 1 22:13:28:812 3848 Objects on disk cured on reboot: 1 22:13:28:812 3848 Objects on disk deleted on reboot: 0 22:13:28:812 3848 Registry nodes deleted on reboot: 0 22:13:28:828 3848 OTL.txt: OTL logfile created on: 12/9/2009 10:47:00 PM - Run 1 OTL by OldTimer - Version 3.1.14.0 Folder = C:\Documents and Settings\Olijnyk\Desktop\OTL Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 511.53 Mb Total Physical Memory | 196.08 Mb Available Physical Memory | 38.33% Memory free 1.22 Gb Paging File | 0.96 Gb Available in Paging File | 78.75% Paging File free Paging file location(s): c:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149.04 Gb Total Space | 39.80 Gb Free Space | 26.71% Space Free | Partition Type: NTFS Drive D: | 19.01 Gb Total Space | 16.28 Gb Free Space | 85.62% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: KOMPUTOR Current User Name: Olijnyk Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2009/12/09 22:03:06 | 00,537,600 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Olijnyk\Desktop\OTL\OTL.exe PRC - [2009/11/25 13:05:17 | 02,029,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe PRC - [2009/11/24 17:01:39 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009/08/17 23:58:12 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe PRC - [2009/08/17 23:58:11 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe PRC - [2009/08/17 23:58:08 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe PRC - [2009/08/17 23:58:05 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe PRC - [2009/08/17 23:57:45 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006/06/29 16:54:23 | 00,187,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamSvc.exe PRC - [2005/09/30 18:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe PRC - [2003/05/14 08:40:58 | 00,040,960 | ---- | M] () -- C:\WINDOWS\shicoxp.exe PRC - [2003/02/17 16:25:16 | 00,053,248 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster\Surround Mixer\CTSysVol.exe PRC - [1999/12/13 00:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE ========== Modules (SafeList) ========== MOD - [2009/12/09 22:03:06 | 00,537,600 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Olijnyk\Desktop\OTL\OTL.exe ========== Win32 Services (SafeList) ========== SRV - [2009/11/24 17:01:39 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2009/11/06 09:18:50 | 00,051,168 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus® SRV - [2009/08/17 23:58:05 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc) SRV - [2009/08/17 23:57:45 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd) SRV - [2006/06/29 16:54:23 | 00,187,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamSvc.exe -- (MSCamSvc) SRV - [2005/09/30 18:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8) SRV - [2003/09/12 20:10:00 | 00,114,688 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart) SRV - [2003/09/12 07:33:38 | 00,376,832 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller) SRV - [1999/12/13 00:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access) ========== Driver Services (SafeList) ========== DRV - [2009/12/09 22:13:28 | 00,096,512 | ---- | M] () -- C:\WINDOWS\system32\Drivers\tsk_atapi.sys -- (atapi) DRV - [2009/08/17 23:58:11 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86) DRV - [2009/08/17 23:58:11 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2009/06/23 21:56:38 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin) DRV - [2009/06/18 13:19:11 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX) DRV - [2008/07/09 04:05:48 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20) DRV - [2008/04/13 11:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2008/04/13 11:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM) DRV - [2008/04/13 11:40:50 | 00,149,376 | ---- | M] (M-Systems) -- C:\WINDOWS\system32\DRIVERS\tffsport.sys -- (tffsport) DRV - [2007/11/13 01:47:45 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2006/06/29 16:42:59 | 01,965,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000) DRV - [2006/04/26 14:46:20 | 00,428,064 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) -- C:\WINDOWS\system32\drivers\Cap7134.sys -- (Cap7134) DRV - [2005/06/10 08:39:20 | 01,694,592 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\sbusb.sys -- (sbusb) DRV - [2005/04/20 08:44:08 | 00,138,752 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - [2005/04/20 08:44:06 | 00,106,496 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2005/03/24 16:21:22 | 00,038,937 | ---- | M] (Service & Quality Technology.) -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C) DRV - [2004/12/16 12:36:30 | 00,042,496 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5bv.sys -- (FETND5BV) DRV - [2004/08/03 22:29:26 | 00,701,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2003/12/05 03:46:36 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) DRV - [2003/07/16 13:58:30 | 00,013,056 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\drivers\cdrbsvsd.sys -- (cdrbsvsd) DRV - [2003/03/05 11:19:28 | 00,015,840 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\pfmodnt.sys -- (PfModNT) DRV - [2002/08/29 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2002/07/17 09:05:10 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI) DRV - [2002/02/01 09:29:36 | 00,015,300 | ---- | M] (CANON INC.) -- C:\BJPrinter\CNMWINDOWS\Canon i450 Installer\Inst2\cnmpar21.sys -- (cnmpar21) DRV - [2001/08/17 12:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1) DRV - [2001/08/17 06:28:02 | 00,907,456 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/ukrainian/index.shtml IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://news.bbc.co.uk/sport" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.18 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/29 15:00:23 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/24 16:51:06 | 00,000,000 | ---D | M] [2009/07/31 08:53:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Olijnyk\Application Data\Mozilla\Extensions [2009/12/09 13:11:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Olijnyk\Application Data\Mozilla\Firefox\Profiles\mo456j00.default\extensions [2009/11/28 10:45:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Olijnyk\Application Data\Mozilla\Firefox\Profiles\mo456j00.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2009/12/09 13:11:11 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: (22 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [sbUsb AudCtrl] C:\WINDOWS\System32\sbusbdll.dll (Creative Technology Ltd) O4 - HKLM..\Run: [shicoxp] C:\WINDOWS\shicoxp.exe () O4 - HKLM..\Run: [updReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Plugin Control) O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/su/ocx/15015/CTSUEng.cab (Creative Software AutoUpdate) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su/ocx/15021/CTPID.cab (Creative Software AutoUpdate Support Package) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.154.132.68 75.154.132.100 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/04/26 12:11:09 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{14df8d58-c6dd-11dd-a271-00112f6b10a8}\Shell\Shell00\Command - "" = K:\Start.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2009/12/09 22:13:28 | 00,016,904 | ---- | C] (Kaspersky Lab, Parshin Yury) -- C:\WINDOWS\System32\drivers\KLMD.sys [2009/12/09 22:10:24 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT [2009/12/09 22:02:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Olijnyk\Desktop\Security Check [2009/12/09 21:56:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Olijnyk\Desktop\OTL [2009/12/09 21:55:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Olijnyk\Desktop\ERUNT [2009/12/09 21:55:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Olijnyk\Desktop\TDSSKiller [2009/12/09 20:38:17 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Olijnyk\Recent [2009/12/03 00:12:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Olijnyk\Application Data\REAPER [2009/12/03 00:11:51 | 00,000,000 | ---D | C] -- C:\Program Files\REAPER [2009/11/29 00:53:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Olijnyk\My Documents\Squarepusher-Hello_Everything-2006-FWYH [2009/11/29 00:53:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Olijnyk\My Documents\Squarepusher - Just A Souvenir [2009/11/28 22:48:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Olijnyk\My Documents\Swervedriver-Raise-(Remastered)-2009-FNT [2009/11/28 21:51:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Olijnyk\My Documents\Velvet Crush - In The Presence Of Greatness (1991) [2009/11/28 20:10:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Olijnyk\My Documents\New Folder (2) [2009/11/27 21:44:05 | 00,000,000 | ---D | C] -- C:\Program Files\RootRepeal [2009/11/27 00:45:22 | 01,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Program Files\WinsockxpFix.exe [2009/11/24 17:01:52 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2009/11/24 17:01:52 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2009/11/24 17:01:52 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2009/11/24 17:01:52 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2009/11/24 17:01:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee [2009/11/24 16:50:02 | 00,000,000 | -HSD | C] -- C:\Config.Msi [2009/11/24 16:47:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR [2009/11/24 16:42:55 | 00,000,000 | ---D | C] -- C:\Program Files\NOS [2009/11/24 16:42:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS [2009/11/21 18:42:30 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll [2009/11/21 15:12:24 | 00,000,000 | ---D | C] -- C:\Program Files\Sophos [2009/11/19 13:21:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Olijnyk\Desktop\Stock Photography [2009/11/19 00:47:52 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009/11/18 18:44:41 | 00,068,168 | ---- | C] (jpshortstuff) -- C:\Program Files\GooredFix.exe [2009/11/17 21:42:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Olijnyk\Desktop\Sept 2009 [2009/08/18 00:17:03 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2009/08/18 00:17:03 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2009/08/18 00:17:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2009/08/18 00:16:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2009/06/23 21:56:38 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Olijnyk\Application Data\pcouffin.sys [2008/12/09 15:10:33 | 04,411,392 | ---- | C] (Gabest) -- C:\Program Files\mplayerc.exe [2008/05/29 09:09:36 | 03,276,800 | ---- | C] (Nero AG) -- C:\Program Files\DiscSpeed.exe [2006/05/26 11:48:58 | 00,059,392 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2009/12/09 22:45:39 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/12/09 22:45:00 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/12/09 22:44:52 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/12/09 22:44:03 | 18,087,936 | ---- | M] () -- C:\Documents and Settings\Olijnyk\NTUSER.DAT [2009/12/09 22:44:03 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Olijnyk\ntuser.ini [2009/12/09 22:15:16 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys [2009/12/09 22:13:28 | 00,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\tsk_atapi.sys [2009/12/09 22:13:28 | 00,016,904 | ---- | M] (Kaspersky Lab, Parshin Yury) -- C:\WINDOWS\System32\drivers\KLMD.sys [2009/12/09 20:27:41 | 00,204,288 | ---- | M] () -- C:\Documents and Settings\Olijnyk\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/12/09 11:19:14 | 46,405,649 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2009/12/09 11:19:14 | 00,122,177 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg [2009/12/08 23:50:19 | 00,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/12/08 23:50:19 | 00,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/12/08 23:50:19 | 00,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/12/08 12:34:37 | 00,022,804 | ---- | M] () -- C:\Documents and Settings\Olijnyk\Desktop\Coumadin-e.pdf [2009/12/06 18:11:56 | 00,115,224 | ---- | M] () -- C:\img2-001.raw [2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/12/01 16:21:36 | 00,000,709 | ---- | M] () -- C:\WINDOWS\win.ini [2009/11/27 00:45:24 | 01,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Program Files\WinsockxpFix.exe [2009/11/26 11:45:40 | 00,035,262 | ---- | M] () -- C:\WINDOWS\SYSTEM.acl [2009/11/24 20:24:34 | 00,087,608 | ---- | M] () -- C:\Documents and Settings\Olijnyk\Application Data\inst.exe [2009/11/24 20:24:34 | 00,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Olijnyk\Application Data\pcouffin.sys [2009/11/24 20:24:34 | 00,007,887 | ---- | M] () -- C:\Documents and Settings\Olijnyk\Application Data\pcouffin.cat [2009/11/24 20:24:34 | 00,001,144 | ---- | M] () -- C:\Documents and Settings\Olijnyk\Application Data\pcouffin.inf [2009/11/24 17:01:39 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2009/11/24 17:01:39 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2009/11/24 17:01:39 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2009/11/24 17:01:39 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2009/11/24 17:01:38 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll [2009/11/23 13:32:55 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2009/11/19 23:49:18 | 03,050,203 | ---- | M] () -- C:\Documents and Settings\Olijnyk\Desktop\TIO[1].pdf [2009/11/18 18:44:42 | 00,068,168 | ---- | M] (jpshortstuff) -- C:\Program Files\GooredFix.exe [2009/11/15 16:03:39 | 00,000,964 | ---- | M] () -- C:\Documents and Settings\Olijnyk\My Documents\Chukotka.rtf [2009/11/14 16:01:51 | 00,000,882 | ---- | M] () -- C:\Documents and Settings\Olijnyk\Application Data\AutoGK.ini [2009/11/13 12:50:29 | 00,000,156 | ---- | M] () -- C:\Documents and Settings\Olijnyk\Desktop\CBC.ca Member Centre.url [2009/11/12 13:38:13 | 06,158,447 | ---- | M] () -- C:\Documents and Settings\Olijnyk\Desktop\AsideofIranwedontknow.pdf [2009/11/11 21:21:47 | 00,003,560 | ---- | M] () -- C:\Documents and Settings\Olijnyk\My Documents\Cosmos.rtf [2009/11/11 20:20:01 | 00,169,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2009/12/09 22:13:28 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\tsk_atapi.sys [2009/12/08 12:34:37 | 00,022,804 | ---- | C] () -- C:\Documents and Settings\Olijnyk\Desktop\Coumadin-e.pdf [2009/11/26 11:45:40 | 00,035,262 | ---- | C] () -- C:\WINDOWS\SYSTEM.acl [2009/11/19 23:49:18 | 03,050,203 | ---- | C] () -- C:\Documents and Settings\Olijnyk\Desktop\TIO[1].pdf [2009/11/15 15:56:31 | 00,000,964 | ---- | C] () -- C:\Documents and Settings\Olijnyk\My Documents\Chukotka.rtf [2009/11/13 12:50:13 | 00,000,156 | ---- | C] () -- C:\Documents and Settings\Olijnyk\Desktop\CBC.ca Member Centre.url [2009/11/12 13:38:12 | 06,158,447 | ---- | C] () -- C:\Documents and Settings\Olijnyk\Desktop\AsideofIranwedontknow.pdf [2009/11/11 19:46:09 | 00,003,560 | ---- | C] () -- C:\Documents and Settings\Olijnyk\My Documents\Cosmos.rtf [2009/10/19 10:49:24 | 00,118,000 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2009/08/18 11:17:41 | 00,003,289 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2009/08/04 08:31:15 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2009/06/29 18:36:29 | 00,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv39738p1now.sys [2009/06/23 21:57:24 | 00,001,044 | ---- | C] () -- C:\Documents and Settings\Olijnyk\Application Data\vso_ts_preview.xml [2009/06/23 21:56:57 | 00,000,055 | ---- | C] () -- C:\Documents and Settings\Olijnyk\Application Data\pcouffin.log [2009/06/23 21:56:38 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\Olijnyk\Application Data\inst.exe [2009/06/23 21:56:38 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\Olijnyk\Application Data\pcouffin.cat [2009/06/23 21:56:38 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\Olijnyk\Application Data\pcouffin.inf [2008/09/19 10:53:18 | 00,000,170 | ---- | C] () -- C:\WINDOWS\wininit.ini [2008/07/02 15:18:49 | 03,293,184 | ---- | C] () -- C:\Program Files\QuEnc.exe [2008/07/02 15:18:49 | 00,000,468 | ---- | C] () -- C:\Program Files\QuEnc070_diff.txt [2008/06/26 23:29:47 | 02,387,480 | ---- | C] () -- C:\Program Files\SVGView.exe [2008/06/19 19:08:51 | 01,391,616 | ---- | C] () -- C:\WINDOWS\System32\ActPDF.dll [2008/06/19 19:08:51 | 00,880,640 | ---- | C] () -- C:\WINDOWS\System32\SaveTo.dll [2008/05/29 17:35:34 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2008/05/29 17:35:34 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2008/05/12 18:53:16 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008/05/12 18:50:16 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest [2008/05/12 18:50:16 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest [2008/05/12 18:50:08 | 00,831,488 | ---- | C] () -- C:\WINDOWS\System32\divx_xx0a.dll [2008/05/12 18:49:02 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2008/03/14 14:33:56 | 00,000,067 | ---- | C] () -- C:\WINDOWS\DVDIdle.INI [2007/12/17 14:30:20 | 00,007,168 | ---- | C] () -- C:\Program Files\driveinfo22.exe [2007/06/28 14:41:02 | 00,000,149 | ---- | C] () -- C:\WINDOWS\mp3wavcon.ini [2007/06/28 14:40:09 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2007/03/17 20:51:13 | 00,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI [2007/03/04 19:30:09 | 00,008,192 | ---- | C] () -- C:\WINDOWS\System32\KBD1251U.DLL [2007/01/23 15:03:48 | 00,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI [2006/10/20 15:52:05 | 00,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2006/08/16 07:13:34 | 01,382,280 | ---- | C] () -- C:\WINDOWS\System32\fftw3.dll [2006/08/14 09:12:27 | 00,000,077 | ---- | C] () -- C:\WINDOWS\huffyuv.ini [2006/07/28 12:39:01 | 00,000,120 | ---- | C] () -- C:\Documents and Settings\Olijnyk\Application Data\FixVTS.ini [2006/07/13 18:21:01 | 00,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFreeLite.INI [2006/06/08 16:15:03 | 00,000,882 | ---- | C] () -- C:\Documents and Settings\Olijnyk\Application Data\AutoGK.ini [2006/05/26 11:48:58 | 00,012,043 | ---- | C] () -- C:\WINDOWS\System32\SBUSB.INI [2006/04/27 03:19:01 | 00,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini [2006/04/26 14:43:49 | 00,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini [2006/04/26 14:21:34 | 00,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll [2006/04/26 14:12:15 | 00,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe [2006/04/26 14:04:30 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI [2006/04/26 14:03:21 | 00,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI [2006/04/26 13:57:43 | 00,000,611 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006/04/26 13:44:04 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS4w.DLL [2006/04/26 13:41:31 | 00,204,288 | ---- | C] () -- C:\Documents and Settings\Olijnyk\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/04/26 13:14:52 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2004/09/17 16:37:42 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll [2003/09/12 07:35:06 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll [2002/10/15 15:54:04 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2002/08/29 05:00:00 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys [2000/07/22 15:49:46 | 00,431,104 | ---- | C] () -- C:\WINDOWS\System32\VFCodec.dll [1997/07/10 23:00:00 | 00,031,232 | ---- | C] () -- C:\WINDOWS\System32\XLREC.DLL [1997/07/10 23:00:00 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\RECNCL.DLL [1997/07/10 23:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL [1997/07/10 23:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL ========== LOP Check ========== [2007/04/25 14:46:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon [2008/06/19 19:11:14 | 00,000,000 | RHSD | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009/06/22 00:50:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Olijnyk\Application Data\avidemux [2009/08/18 13:00:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Olijnyk\Application Data\Dr. DivX 2.0 OSS [2009/06/22 00:55:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Olijnyk\Application Data\gtk-2.0 [2009/11/29 16:19:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Olijnyk\Application Data\ImgBurn [2009/06/21 23:36:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Olijnyk\Application Data\MuldeR [2009/12/03 00:30:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Olijnyk\Application Data\REAPER [2006/07/28 12:42:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Olijnyk\Application Data\RipIt4Me ========== Purity Check ========== < End of report > checkup.txt: Results of screen317's Security Check version 0.99.1 Windows XP Service Pack 3 `````````````````````````````` Antivirus/Firewall Check: Windows Security Center service is not running! This report may not be accurate! AVG Free 8.5 `````````````````````````````` Anti-malware/Other Utilities Check: Spybot - Search & Destroy Sophos Anti-Rootkit 1.5.0 HijackThis 2.0.2 CCleaner Java 6 Update 17 Adobe Flash Player 10 Adobe Reader 9.2 `````````````````````````````` Process Check: objlist.exe by Laurent AVG avgwdsvc.exe AVG avgtray.exe AVG avgrsx.exe AVG avgnsx.exe AVG avgemc.exe AVG avgemc.exe `````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) `````````End of Log```````````
  9. Hello all, I'm going to bump this as it has been a week since I first posted. I hope I'm not seeming to be impolite or impatient! At any rate, the search redirects are still going strong... Would really appreciate some help. -- Iosif
  10. Hello, and thanks in advance for any help I might get with regard to this... Primary symptom as far as I can make out is the redirection of search links
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.