Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constant Redirection of web brower


  • This topic is locked This topic is locked
6 replies to this topic

#1 bigwhitefangs

bigwhitefangs

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 28 November 2009 - 10:10 AM

I am running Firefox as my web browser. However, I noticed the same behavior with IE. Several weeks ago I began to notice that sometimes when using google to search for items, the page I selected was not brought up but rather some other page... usually an add. I have both AVG (free ed) and Malware bytes and run them periodically. Malwarebytes does not find anything. The last time I ran AVG it found the Cryptor virus, but said it healed it. I also recently installed AdAware and ran that. It only found some cookies. I know that this is some sort of malware agent but am at a loss for determining what and where. It has now gotten a little worse in that when I attempt to go to a webpage, a new instance of the browser is sometimes being opened, with multiple tabs open. I have used HiJackthis several years ago on another computer and it worked quite nicely. So, I am back to see if it can help. Any input/directions will be much appreciated. I am running XP SP3 and firefox as the browser.

Here are the dss.txt followed by the RootRepeal.txt. I have also attached the 'attach' log file that was generated during the dss scan.
******************
******************

DDS (Ver_09-11-24.02) - NTFSx86
Run by HP_Administrator at 0:36:47.46 on Sat 11/28/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1237 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mWinlogon: Shell=Explorer.exe
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
mRun: [HPHmon04] c:\windows\system32\hphmon04.exe
mRun: [HPHUPD04] "c:\program files\hp photosmart 11\hphinstall\unipatch\hphupd04.exe"
mRun: [Share-to-Web Namespace Daemon] c:\program files\hp\hp share-to-web\hpgs2wnd.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\program files\nos\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\1.0.150\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
Trusted Zone: trymedia.com
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256871247130
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\616yhw5l.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\616yhw5l.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPCIG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-27 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-29 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-29 360584]

=============== Created Last 30 ================

2009-11-28 05:06:46 0 d-sh--w- c:\documents and settings\hp_administrator\PrivacIE
2009-11-28 04:59:49 0 d-----w- c:\program files\Trend Micro
2009-11-28 04:35:41 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2009-11-28 04:35:19 0 d-----w- c:\program files\McAfee Security Scan
2009-11-28 02:42:31 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-27 18:41:18 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-27 18:39:55 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-27 18:38:10 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-27 18:37:56 0 d-----w- c:\program files\Lavasoft
2009-11-08 15:06:39 22 ----a-w- c:\windows\kodakpcd.HP_Administrator.ini
2009-11-05 04:06:38 35840 ----a-w- c:\windows\system32\drivers\AFS2K.SYS
2009-11-05 04:05:49 34 ----a-w- c:\windows\hpfsched.ini
2009-11-05 04:05:37 0 d-----w- c:\program files\HP Photosmart 11
2009-11-05 04:04:57 50800 ----a-r- c:\windows\system32\drivers\hphid411.sys
2009-11-05 04:04:57 49956 ----a-r- c:\windows\system32\drivers\hphs2k11.sys
2009-11-05 04:04:57 356352 ------w- c:\windows\system32\hphc3204.dll
2009-11-05 04:04:57 18928 ----a-r- c:\windows\system32\drivers\hphius11.sys
2009-11-05 04:04:57 16112 ----a-r- c:\windows\system32\drivers\hphipr11.sys
2009-11-05 04:04:56 4229 ------w- c:\windows\hphmdl11.dat
2009-11-05 02:13:47 0 d-----w- c:\docume~1\hp_adm~1\applic~1\WinBatch
2009-11-05 01:36:01 0 d-----w- c:\program files\Ask.com
2009-11-05 01:35:59 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Blitware
2009-11-03 02:31:42 1089593 ------w- c:\windows\system32\dllcache\ntprint.cat
2009-11-03 02:01:27 0 d-----w- c:\docume~1\hp_adm~1\applic~1\HPQ
2009-11-02 05:32:52 0 d-----w- c:\windows\system32\XPSViewer
2009-11-02 05:32:29 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-11-02 05:32:29 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-11-02 05:32:29 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-11-02 05:32:29 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-11-02 05:32:29 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-11-02 05:32:29 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-11-02 05:32:29 117760 ------w- c:\windows\system32\prntvpt.dll
2009-11-02 05:32:28 0 d-----w- C:\9bb87378a7d30ad4e29c8c39
2009-11-02 05:20:04 0 d-----w- c:\docume~1\alluse~1\applic~1\PhotoStitch
2009-11-02 01:10:05 0 d-----w- c:\docume~1\hp_adm~1\applic~1\ZoomBrowser EX
2009-11-02 01:08:36 0 d-----w- c:\docume~1\hp_adm~1\applic~1\CameraWindowDC
2009-11-02 01:08:34 0 d-----w- c:\docume~1\hp_adm~1\applic~1\CANON INC
2009-11-02 01:08:08 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-11-02 01:08:08 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-11-02 01:08:08 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2009-11-02 01:08:07 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-11-02 00:58:09 0 d-----w- c:\docume~1\alluse~1\applic~1\ZoomBrowser
2009-11-02 00:57:53 0 d-----w- c:\program files\Canon
2009-11-02 00:56:52 0 d-----w- c:\program files\common files\Canon
2009-10-31 14:53:46 0 d-----w- c:\docume~1\hp_adm~1\applic~1\HpUpdate
2009-10-31 14:53:44 0 d-----w- c:\windows\Hewlett-Packard
2009-10-30 05:07:35 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-10-30 05:07:32 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-10-30 05:04:11 242 ----a-w- c:\windows\system\hpsysdrv.dat
2009-10-30 04:54:51 0 d-----r- c:\documents and settings\all users\Documents
2009-10-30 04:53:16 0 d-----r- c:\windows\Offline Web Pages
2009-10-30 04:50:41 0 d-sh--r- c:\windows\system32\dllcache
2009-10-30 04:42:46 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-10-30 04:42:46 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2009-10-30 04:41:59 0 d-sh--w- c:\documents and settings\hp_administrator\IETldCache
2009-10-30 04:36:21 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-10-30 04:36:07 0 d-----w- c:\windows\ie8updates
2009-10-30 04:36:01 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-30 04:36:01 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-30 04:36:01 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-30 04:36:01 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-10-30 04:36:01 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-10-30 04:36:01 11069440 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-10-30 04:35:37 0 dc-h--w- c:\windows\ie8
2009-10-30 04:20:29 0 d-----w- c:\windows\system32\NtmsData
2009-10-30 04:18:37 69632 ------w- c:\windows\system32\hpodinet.dll
2009-10-30 04:18:31 0 d-----w- c:\temp\photosmart
2009-10-30 04:10:24 376 ----a-w- c:\windows\ODBC.INI
2009-10-30 04:09:55 0 d-----w- c:\program files\Microsoft ActiveSync
2009-10-30 04:08:44 0 d-----w- c:\windows\ShellNew
2009-10-30 03:53:55 0 d-----w- c:\program files\MSXML 4.0
2009-10-30 03:48:44 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2009-10-30 03:40:12 0 d--h--w- C:\$AVG
2009-10-30 03:40:00 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-30 03:40:00 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-30 03:40:00 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-30 03:39:58 0 d-----w- c:\windows\system32\drivers\Avg
2009-10-30 03:39:57 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-10-30 03:39:52 128512 ------w- c:\windows\system32\dllcache\dhtmled.ocx
2009-10-30 03:39:51 0 d-----w- c:\program files\AVG
2009-10-30 03:39:51 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-10-30 03:38:44 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2009-10-30 03:38:38 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-30 03:38:03 333952 ------w- c:\windows\system32\dllcache\srv.sys
2009-10-30 03:37:52 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2009-10-30 03:37:38 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-10-30 03:37:27 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-10-30 03:29:31 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-10-30 03:29:22 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2009-10-30 03:28:54 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-30 03:27:41 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Malwarebytes
2009-10-30 03:27:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-30 03:27:37 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-30 03:27:37 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-30 03:27:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-30 03:25:29 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-10-30 03:25:29 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-10-30 03:25:29 1203922 ------w- c:\windows\system32\dllcache\sysmain.sdb
2009-10-30 03:13:50 0 d-----w- c:\windows\system32\scripting
2009-10-30 03:13:50 0 d-----w- c:\windows\system32\en
2009-10-30 03:13:50 0 d-----w- c:\windows\l2schemas
2009-10-30 03:13:49 0 d-----w- c:\windows\system32\bits
2009-10-30 03:12:56 0 d-----w- c:\windows\ServicePackFiles
2009-10-30 03:12:09 0 d-----w- c:\windows\network diagnostic
2009-10-30 03:00:41 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-10-30 03:00:40 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-10-30 03:00:39 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-10-30 03:00:39 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-10-30 02:56:14 0 d-----w- c:\windows\system32\PreInstall
2009-10-30 02:54:37 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2009-10-30 02:54:37 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2009-10-30 02:54:37 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2009-10-30 02:54:37 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2009-10-30 02:54:37 0 d-----w- c:\windows\system32\SoftwareDistribution
2009-10-30 02:47:18 0 d-----w- c:\windows\system32\appmgmt
2009-10-30 02:29:38 0 d-sh--w- c:\documents and settings\hp_administrator\UserData
2009-10-30 02:27:02 0 d-sh--w- C:\cmdcons
2009-10-30 02:27:02 0 d-----w- c:\windows\setup.pss
2009-10-30 02:26:49 0 d-----w- c:\windows\setupupd
2009-10-30 02:26:04 1913 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_RC663AA-ABA a1640n_YC_0Pavi_QMXF635_E64NAemMPA3_48_IBuckeye_SASUSTek Computer INC._V1.05_B3.06_T060811_WXP2_L409_M2039_J250_7Intel_8Core2 6300_91.87_#061104_N8086104C_Z14F12F20_G808629A2.MRK
2009-10-30 02:18:48 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Intuit
2009-10-30 00:29:08 2146304 ----a-w- c:\windows\system32\GPhotos.scr

==================== Find3M ====================

2009-10-22 09:19:04 5939712 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-09-25 05:37:10 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll

============= FINISH: 0:48:58.32 ===============

********************************
********************************
**rootrepeal********
********************************
********************************
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/28 00:57
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0x9A1ED000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\documents and settings\all users\application data\avg9\chjw\05c6447b-f4a0-4782-af3b-8a3a83070f2d.cm-2-p.dat
Status: Size mismatch (API: 14536, Raw: 13576)

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "Lbd.sys" at address 0xba11887e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "Lbd.sys" at address 0xba118bfe

==EOF==

Attached Files



BC AdBot (Login to Remove)

 


#2 Guest_Black_Bird_*

Guest_Black_Bird_*

  • Guests
  • OFFLINE
  •  

Posted 05 December 2009 - 01:25 PM

Hi,

Download ComboFix from here

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Posted Image
Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply, together with a new DDS log.

#3 bigwhitefangs

bigwhitefangs
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 06 December 2009 - 06:40 PM

Black_Bird

Thank you for your assistance. I have done as instructed. I did not know whether to attach or paste the logs. I have decided on the later for viewing ease. First I will paste the combofix log, followed by the DDS log. I will attach the 'attach log' as before. Thanks again for your help and please let me know the next course of action.
**********
**********
combofix.txt
**********
**********
ComboFix 09-12-06.07 - HP_Administrator 12/06/2009 18:13.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1472 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :(
Infected copy of c:\windows\system32\DRIVERS\iastor.sys was found and disinfected
Restored copy from - Kitty ate it :(
.
((((((((((((((((((((((((( Files Created from 2009-11-06 to 2009-12-06 )))))))))))))))))))))))))))))))
.

2009-12-05 17:33 . 2009-12-05 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-04 01:25 . 2009-12-04 01:25 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-01 02:42 . 2009-12-01 02:42 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-11-28 05:07 . 2009-10-16 16:12 1119488 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-11-28 05:06 . 2009-11-28 05:06 -------- d-sh--w- c:\documents and settings\HP_Administrator\PrivacIE
2009-11-28 04:59 . 2009-11-28 04:59 -------- d-----w- c:\program files\Trend Micro
2009-11-28 04:35 . 2009-11-28 04:35 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-11-28 04:35 . 2009-11-28 04:35 -------- d-----w- c:\program files\McAfee Security Scan
2009-11-28 02:42 . 2009-11-27 18:39 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-27 18:41 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-27 18:38 . 2009-11-27 18:38 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-27 18:38 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-11-27 18:37 . 2009-11-27 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-27 18:37 . 2009-11-27 18:37 -------- d-----w- c:\program files\Lavasoft
2009-11-21 15:15 . 2006-08-15 16:15 110592 ----a-w- c:\documents and settings\HP_Administrator\Application Data\U3\temp\cleanup.exe
2009-11-21 13:46 . 2009-11-21 15:15 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\U3
2009-11-14 20:37 . 2009-11-10 14:45 4026136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2009-11-14 20:37 . 2009-11-10 14:45 2016536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2009-11-14 20:37 . 2009-11-10 14:45 1257240 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2009-11-14 20:37 . 2009-11-14 20:37 497944 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2009-11-14 20:37 . 2009-11-14 20:37 3963648 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-11-10 14:45 . 2009-11-10 14:45 1657112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2009-11-10 04:24 . 2009-11-10 04:24 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AdobeUM
2009-11-10 02:23 . 2009-11-10 02:24 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google
2009-11-10 02:23 . 2009-11-10 02:23 -------- d-----w- c:\program files\Google
2009-11-08 14:13 . 2009-11-08 14:13 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-11-08 13:50 . 2009-11-08 13:50 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-11-08 13:42 . 2009-11-08 13:42 -------- d-----w- c:\windows\Sun
2009-11-08 13:29 . 2009-11-08 13:29 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-06 22:40 . 2009-11-02 03:14 0 ----a-w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\prvlcl.dat
2009-12-05 18:03 . 2006-08-20 04:44 -------- d-----w- c:\program files\Hewlett-Packard
2009-12-04 01:26 . 2009-10-30 03:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-04 01:24 . 2009-10-30 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-03 21:14 . 2009-10-30 03:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 21:13 . 2009-10-30 03:27 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-28 05:07 . 2009-10-30 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-11-16 01:52 . 2009-11-02 01:10 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\ZoomBrowser EX
2009-11-16 01:51 . 2009-11-02 01:08 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\CameraWindowDC
2009-11-10 14:45 . 2009-10-30 03:40 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-10 03:33 . 2009-11-02 05:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PhotoStitch
2009-11-07 15:46 . 2009-10-31 14:53 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\HpUpdate
2009-11-05 04:07 . 2009-11-05 04:07 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Share-to-Web Upload Folder
2009-11-05 04:06 . 2006-08-20 04:33 -------- d-----w- c:\program files\HP
2009-11-05 04:05 . 2009-11-05 04:05 -------- d-----w- c:\program files\HP Photosmart 11
2009-11-05 02:13 . 2009-11-05 02:13 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\WinBatch
2009-11-05 02:10 . 2009-10-30 02:18 139 ----a-w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
2009-11-05 01:58 . 2006-08-20 04:42 46872 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-05 01:55 . 2006-08-20 04:33 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-11-05 01:54 . 2006-08-20 04:33 -------- d-----w- c:\program files\Common Files\HP
2009-11-05 01:35 . 2009-11-05 01:35 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Blitware
2009-11-03 02:01 . 2009-11-03 02:01 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\HPQ
2009-11-03 01:42 . 2009-10-30 03:28 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-02 05:32 . 2009-11-02 05:32 -------- d-----w- c:\program files\MSBuild
2009-11-02 05:32 . 2009-11-02 05:32 -------- d-----w- c:\program files\Reference Assemblies
2009-11-02 05:21 . 2009-11-02 05:21 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Canon
2009-11-02 02:56 . 2009-11-02 02:56 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Sonic
2009-11-02 02:55 . 2009-11-02 02:55 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Leadertech
2009-11-02 01:08 . 2009-11-02 01:08 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\CANON INC
2009-11-02 01:03 . 2009-11-02 00:57 -------- d-----w- c:\program files\Canon
2009-11-02 00:58 . 2009-11-02 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-11-02 00:56 . 2009-11-02 00:56 -------- d-----w- c:\program files\Common Files\Canon
2009-10-30 04:09 . 2009-10-30 04:09 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-10-30 03:53 . 2009-10-30 03:53 -------- d-----w- c:\program files\MSXML 4.0
2009-10-30 03:40 . 2009-10-30 03:40 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-30 03:40 . 2009-10-30 03:40 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-30 03:40 . 2009-10-30 03:40 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-30 03:39 . 2009-10-30 03:39 -------- d-----w- c:\program files\AVG
2009-10-30 03:28 . 2009-10-30 03:28 -------- d-----w- c:\program files\Windows Defender
2009-10-30 03:27 . 2009-10-30 03:27 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-10-30 03:27 . 2009-10-30 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-30 03:22 . 2006-08-20 05:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-10-30 03:22 . 2006-08-20 05:03 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-30 03:18 . 2005-08-31 04:01 92947 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-30 02:50 . 2009-10-30 02:50 0 ----a-w- c:\windows\nsreg.dat
2009-10-30 02:47 . 2006-08-20 04:48 -------- d-----w- c:\program files\Quicken
2009-10-30 02:26 . 2009-10-30 02:26 1913 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_RC663AA-ABA a1640n_YC_0Pavi_QMXF635_E64NAemMPA3_48_IBuckeye_SASUSTek Computer INC._V1.05_B3.06_T060811_WXP2_L409_M2039_J250_7Intel_8Core2 6300_91.87_#061104_N8086104C_Z14F12F20_G808629A2.MRK
2009-10-30 02:23 . 2006-08-20 04:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-10-30 00:29 . 2009-10-30 00:29 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-09-11 14:18 . 2004-08-10 04:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2008-06-19 09:16 . 2008-06-19 09:16 118784 ----a-w- c:\program files\mozilla firefox\plugins\MyCamera.dll
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-10 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

[-] 2004-08-10 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2004-08-10 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-10 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2004-08-10 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2004-08-09 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\I386\NTFS.SYS

[-] 2004-08-10 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2004-08-10 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2005-03-14 . 6129E70F3D2F1E60860C930EBEAF92C2 . 359936 . . [5.1.2600.2631] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-03-14 . 0E66B538096A6529D1AC66E78EB0D5C8 . 359808 . . [5.1.2600.2631] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2004-08-10 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-08-10 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-10 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2004-08-10 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netman.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-10 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2004-08-10 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB902400$\rpcss.dll

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-10 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[-] 2004-08-10 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-10 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2004-08-10 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2004-08-09 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-10 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 11:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2005-07-26 11:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-10 04:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-10 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2004-08-10 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kernel32.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2004-08-10 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-10 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll

[-] 2009-10-22 . CDA69BC1C23B0EA033B989F67CB722FF . 5939712 . . [8.00.6001.18852] . . c:\windows\system32\mshtml.dll
[-] 2009-10-22 . CDA69BC1C23B0EA033B989F67CB722FF . 5939712 . . [8.00.6001.18852] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2009-10-22 . A6CF28C6E0B6D10098AB601D85EE55E8 . 5943296 . . [8.00.6001.22942] . . c:\windows\$hf_mig$\KB976749-IE8\SP3QFE\mshtml.dll
[-] 2009-09-25 . 601E18A9A8F0D0ED39692B593212378F . 3070976 . . [6.00.2900.5880] . . c:\windows\ie8\mshtml.dll
[-] 2009-09-25 . 37F578776552FA076EA6085F0365209C . 3072512 . . [6.00.2900.5880] . . c:\windows\$hf_mig$\KB974455\SP3QFE\mshtml.dll
[-] 2009-08-29 . 0E49677EE57A928765FC47FFBACD5326 . 5940224 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976749-IE8\mshtml.dll
[-] 2009-08-29 . 0E49677EE57A928765FC47FFBACD5326 . 5940224 . . [8.00.6001.18828] . . c:\windows\SoftwareDistribution\Download\f5ce3558cdad2d0de1884dee71734a4a\SP3GDR\mshtml.dll
[-] 2009-08-29 . B68F6E6C66D17D9EDABF3D5DA71046DA . 5942272 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\mshtml.dll
[-] 2009-08-29 . B68F6E6C66D17D9EDABF3D5DA71046DA . 5942272 . . [8.00.6001.22918] . . c:\windows\SoftwareDistribution\Download\f5ce3558cdad2d0de1884dee71734a4a\SP3QFE\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB974455-IE8\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB974455$\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2006-03-24 . ABCD123F888E4E97C8751378CCCC4F26 . 3055616 . . [6.00.2900.2873] . . c:\windows\$NtServicePackUninstall$\mshtml.dll
[-] 2006-02-01 . 51C91AC189321A320FC4BC90B56255A3 . 3073024 . . [6.00.2900.2838] . . c:\windows\$NtUninstallKB912812$\mshtml.dll
[-] 2004-08-10 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB912945$\mshtml.dll

[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-10 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-09 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\I386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSVCRT.DLL

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-10 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\mswsock.dll

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-10 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

[-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2009-08-04 . 78FCC97CD878D4CF5B5D2158A5A7CF92 . 2145280 . . [5.1.2600.5857] . . c:\windows\system32\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-04-13 . 40F8880122A030A7E9E1FEDEA833B33D . 2145280 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[-] 2004-08-10 . 626309040459C3915997EF98EC1C8D40 . 2148352 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-10 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-10 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-10 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-10 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2004-08-10 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2004-08-10 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-10 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2009-09-25 . 178CF0F58C9907633AAB633860B68973 . 667136 . . [6.00.2900.5880] . . c:\windows\ie8\wininet.dll
[-] 2009-09-25 . 406D33F9B30FFC0EEFC7C55562839931 . 668672 . . [6.00.2900.5880] . . c:\windows\$hf_mig$\KB974455\SP3QFE\wininet.dll
[-] 2009-08-29 . CF0A5FE05BF614C24950D8FAEC1BC309 . 916480 . . [8.00.6001.18828] . . c:\windows\SoftwareDistribution\Download\f5ce3558cdad2d0de1884dee71734a4a\SP3GDR\wininet.dll
[-] 2009-08-29 . CF0A5FE05BF614C24950D8FAEC1BC309 . 916480 . . [8.00.6001.18828] . . c:\windows\system32\wininet.dll
[-] 2009-08-29 . CF0A5FE05BF614C24950D8FAEC1BC309 . 916480 . . [8.00.6001.18828] . . c:\windows\system32\dllcache\wininet.dll
[-] 2009-08-29 . 972B226BDAD71C55F3CC9A72BBF8F1C1 . 916480 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll
[-] 2009-08-29 . 972B226BDAD71C55F3CC9A72BBF8F1C1 . 916480 . . [8.00.6001.22918] . . c:\windows\SoftwareDistribution\Download\f5ce3558cdad2d0de1884dee71734a4a\SP3QFE\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB974455-IE8\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB974455$\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2006-03-04 . C0845ECBF4F9164E618EE381B79C9032 . 663552 . . [6.00.2900.2861] . . c:\windows\$NtServicePackUninstall$\wininet.dll
[-] 2006-01-10 . DDE9597A3311748C1519444E2BC147BD . 662016 . . [6.00.2900.2823] . . c:\windows\$NtUninstallKB912812$\wininet.dll
[-] 2004-08-10 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB912945$\wininet.dll

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-10 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2004-08-10 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-10 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-10 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-10 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-10 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-10 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2004-08-10 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-10 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-10 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-10 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2005-03-10 . C29A5286E64D97385178452D5F307B98 . 295424 . . [5.1.2600.2627] . . c:\windows\$NtServicePackUninstall$\termsrv.dll

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-10 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll

[-] 2004-08-10 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2004-08-04 12:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtServicePackUninstall$\aec.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-10 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys

[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2004-08-10 04:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-10 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

[-] 2005-08-04 08:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2005-08-04 08:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\system32\MsPMSNSv.dll
[-] 2005-08-04 08:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-08-10 04:00 . 6EAA72FD9EF993EC1FA9A06DE65105DA . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 32B1A971183EC22DD91EEDA61C499E7C . 2023936 . . [5.1.2600.5857] . . c:\windows\system32\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-04-13 . 7F653A89F6E89E3AE0D49830EECE35D4 . 2023936 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2004-08-10 . FB142B7007CA2EEA76966C6C5CC12150 . 2015232 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-10 04:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2004-08-10 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-10-16 16:12 1119488 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"ftutil2"="ftutil2.dll" [2004-06-07 106496]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-14 16239616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-06-23 86016]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-06-23 81920]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-14 2020120]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-04-04 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-04-04 335872]
"HPHUPD04"="c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-04-04 49152]
"Share-to-Web Namespace Daemon"="c:\program files\HP\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-8-19 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-30 03:40 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/27/2009 1:41 PM 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/29/2009 10:40 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/29/2009 10:40 PM 360584]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM 1184912]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [10/29/2009 10:39 PM 906520]
S3 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [10/29/2009 10:39 PM 285392]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\616yhw5l.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCIG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
HKLM-Run-PCDrProfiler - (no file)
AddRemove-Ad-Aware - c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe REMOVE=TRUE MODIFY=FALSE
AddRemove-RealJukebox 1.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-06 18:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-12-06 18:20
ComboFix-quarantined-files.txt 2009-12-06 23:20

Pre-Run: 214,893,682,688 bytes free
Post-Run: 215,220,699,136 bytes free

- - End Of File - - 0FDED4BF2867B4074747EE4F36673ABE
***********
***********
DDS log
***********
***********

DDS (Ver_09-11-24.02) - NTFSx86
Run by HP_Administrator at 18:21:51.26 on Sun 12/06/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1436 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
mRun: [HPHmon04] c:\windows\system32\hphmon04.exe
mRun: [HPHUPD04] "c:\program files\hp photosmart 11\hphinstall\unipatch\hphupd04.exe"
mRun: [Share-to-Web Namespace Daemon] c:\program files\hp\hp share-to-web\hpgs2wnd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\1.0.150\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256871247130
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\616yhw5l.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-27 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-29 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-29 360584]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1184912]
S3 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-10-29 906520]
S3 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-10-29 285392]
UnknownUnknown rootrepeal;rootrepeal; [x]

=============== Created Last 30 ================

2009-12-06 22:54:58 98816 ----a-w- c:\windows\sed.exe
2009-12-06 22:54:58 77312 ----a-w- c:\windows\MBR.exe
2009-12-06 22:54:58 260608 ----a-w- c:\windows\PEV.exe
2009-12-06 22:54:58 161792 ----a-w- c:\windows\SWREG.exe
2009-11-28 05:06:46 0 d-sh--w- c:\documents and settings\hp_administrator\PrivacIE
2009-11-28 04:59:49 0 d-----w- c:\program files\Trend Micro
2009-11-28 04:35:41 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2009-11-28 04:35:19 0 d-----w- c:\program files\McAfee Security Scan
2009-11-28 02:42:31 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-27 18:41:18 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-27 18:39:55 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-27 18:38:10 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-27 18:37:56 0 d-----w- c:\program files\Lavasoft
2009-11-08 15:06:39 22 ----a-w- c:\windows\kodakpcd.HP_Administrator.ini

==================== Find3M ====================

2009-12-03 21:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 21:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-10 14:45:50 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-03 01:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-30 03:40:00 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-30 03:40:00 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-30 02:26:06 1913 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_RC663AA-ABA a1640n_YC_0Pavi_QMXF635_E64NAemMPA3_48_IBuckeye_SASUSTek Computer INC._V1.05_B3.06_T060811_WXP2_L409_M2039_J250_7Intel_8Core2 6300_91.87_#061104_N8086104C_Z14F12F20_G808629A2.MRK
2009-10-30 00:29:08 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-10-22 09:19:04 5939712 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-10-02 04:44:07 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-09-25 05:37:10 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll

============= FINISH: 18:22:02.68 ===============

Attached Files



#4 Guest_Black_Bird_*

Guest_Black_Bird_*

  • Guests
  • OFFLINE
  •  

Posted 07 December 2009 - 09:21 AM

Hi,

1. Open My Computer (you can find it on your Desktop, and in your Start menu)
Double click on your C-drive.
Now go to File > New > Folder
Enter this for the name of the folder: TDSSKiller

2. Download TDSSKiller.zip
Save it to the folder C:\TDSSKiller

3. Unzip the file. Follow these steps to unzip:
Go, if you are not already there, to the folder: C:\TDSSKiller
Now right click on TDSSKiller.zip and choose Extract all
Click on Next every time, and click Finish in the last screen.

4. Open a Notepad file.
Copy the code below into this Notepad file.

@ECHO OFF
TDSSKiller.exe -l report.txt -v
DEL %0
Go to File - Save as.
At "Save to", choose: C:\TDSSKiller
At "File name", choose: start.bat
At "File type" select: All files (*.*).
Now click on the Save button.

Double click on start.bat
This will activate TDSSKiller.
Please post the contents from the file that opens (report.txt).

#5 bigwhitefangs

bigwhitefangs
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 08 December 2009 - 08:24 PM

Black_Bird

Thanks for the additional information. I have done as instructed. It would appear (see report below) that the previous combofix cleared up the problems. I have not had another occurrence since I ran the combofix. Thank you for your help. :( If there is anything else I need to do or that you would recommend please let me know. Again thank you for your assistance with this. It is greatly appreciated. :(


Host Name: YOUR-4DACD0EA75
OS Name: Microsoft Windows XP Professional
OS Version: 5.1.2600 Service Pack 3 Build 2600
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
Registered Owner: bigwhitefangs
Registered Organization:
Product ID: 76487-OEM-0011903-00803
Original Install Date: 10/29/2009, 10:17:50 PM
System Up Time: 0 Days, 1 Hours, 40 Minutes, 1 Seconds
System Manufacturer: HP Pavilion 061
System Model: RC663AA-ABA a1640n
System type: X86-based PC
Processor(s): 1 Processor(s) Installed.
[01]: x86 Family 6 Model 15 Stepping 6 GenuineIntel ~1866 Mhz
BIOS Version: HP-CPC - 42302e31
Windows Directory: C:\WINDOWS
System Directory: C:\WINDOWS\system32
Boot Device: \Device\HarddiskVolume1
System Locale: en-us;English (United States)
Input Locale: en-us;English (United States)
Time Zone: (GMT-05:00) Eastern Time (US & Canada)
Total Physical Memory: 2,038 MB
Available Physical Memory: 1,232 MB
Virtual Memory: Max Size: 2,048 MB
Virtual Memory: Available: 2,008 MB
Virtual Memory: In Use: 40 MB
Page File Location(s): C:\pagefile.sys
Domain: WORKGROUP
Logon Server: \\YOUR-4DACD0EA75
Hotfix(s): 136 Hotfix(s) Installed.
[01]: File 1
[02]: File 1
[03]: File 1
[04]: File 1
[05]: File 1
[06]: File 1
[07]: File 1
[08]: File 1
[09]: File 1
[10]: File 1
[11]: File 1
[12]: File 1
[13]: File 1
[14]: File 1
[15]: File 1
[16]: File 1
[17]: File 1
[18]: File 1
[19]: File 1
[20]: File 1
[21]: File 1
[22]: File 1
[23]: File 1
[24]: File 1
[25]: File 1
[26]: File 1
[27]: File 1
[28]: File 1
[29]: File 1
[30]: File 1
[31]: File 1
[32]: File 1
[33]: File 1
[34]: File 1
[35]: File 1
[36]: File 1
[37]: File 1
[38]: File 1
[39]: File 1
[40]: File 1
[41]: File 1
[42]: File 1
[43]: File 1
[44]: File 1
[45]: File 1
[46]: File 1
[47]: File 1
[48]: File 1
[49]: File 1
[50]: File 1
[51]: File 1
[52]: File 1
[53]: File 1
[54]: File 1
[55]: File 1
[56]: File 1
[57]: File 1
[58]: File 1
[59]: File 1
[60]: File 1
[61]: Q147222
[62]: KB953295 - QFE
[63]: SP3 - SP
[64]: M953297 - Update
[65]: S867460 - Update
[66]: KB900325 - Update
[67]: Q954430
[68]: Q973688
[69]: KB923723 - Update
[70]: KB952069_WM9
[71]: KB954155_WM9
[72]: KB968816_WM9
[73]: KB973540_WM9
[74]: KB936782_WMP10
[75]: KB923689
[76]: KB941569
[77]: KB971961-IE8 - Update
[78]: KB974455-IE8 - Update
[79]: KB975364-IE8 - Update
[80]: KB976749-IE8 - Update
[81]: KB936929 - Service Pack
[82]: KB952011 - Update
[83]: KB953295 - Update
[84]: KB923561 - Update
[85]: KB946648 - Update
[86]: KB950762 - Update
[87]: KB950974 - Update
[88]: KB951066 - Update
[89]: KB951376-v2 - Update
[90]: KB951748 - Update
[91]: KB951978 - Update
[92]: KB952004 - Update
[93]: KB952287 - Update
[94]: KB952954 - Update
[95]: KB954459 - Update
[96]: KB954550-v5 - Update
[97]: KB955069 - Update
[98]: KB956572 - Update
[99]: KB956744 - Update
[100]: KB956802 - Update
[101]: KB956803 - Update
[102]: KB956844 - Update
[103]: KB957097 - Update
[104]: KB958644 - Update
[105]: KB958687 - Update
[106]: KB958869 - Update
[107]: KB959426 - Update
[108]: KB960225 - Update
[109]: KB960803 - Update
[110]: KB960859 - Update
[111]: KB961118 - Update
[112]: KB961371-v2 - Update
[113]: KB961501 - Update
[114]: KB967715 - Update
[115]: KB968389 - Update
[116]: KB968537 - Update
[117]: KB969059 - Update
[118]: KB969947 - Update
[119]: KB970238 - Update
[120]: KB970653-v3 - Update
[121]: KB971486 - Update
[122]: KB971557 - Update
[123]: KB971633 - Update
[124]: KB971657 - Update
[125]: KB973354 - Update
[126]: KB973507 - Update
[127]: KB973525 - Update
[128]: KB973687 - Update
[129]: KB973815 - Update
[130]: KB973869 - Update
[131]: KB974112 - Update
[132]: KB974455 - Update
[133]: KB974571 - Update
[134]: KB975025 - Update
[135]: KB975467 - Update
[136]: KB976098-v2 - Update
NetWork Card(s): 2 NIC(s) Installed.
[01]: Intel® 82562V 10/100 Network Connection
Connection Name: Local Area Connection
DHCP Enabled: Yes
DHCP Server: 192.168.1.1
IP address(es)
[01]: 192.168.1.103
[02]: 1394 Net Adapter
Connection Name: 1394 Connection
DHCP Enabled: Yes
DHCP Server: N/A
IP address(es)
20:18:14:374 1756 ForceUnloadDriver: NtUnloadDriver error 2
20:18:14:374 1756 ForceUnloadDriver: NtUnloadDriver error 2
20:18:14:374 1756 ForceUnloadDriver: NtUnloadDriver error 2
20:18:14:374 1756 main: Driver KLMD successfully dropped
20:18:14:405 1756 main: Driver KLMD successfully loaded
20:18:14:405 1756
Scanning Registry ...
20:18:14:405 1756 ScanServices: Searching service UACd.sys
20:18:14:405 1756 ScanServices: Open/Create key error 2
20:18:14:405 1756 ScanServices: Searching service TDSSserv.sys
20:18:14:405 1756 ScanServices: Open/Create key error 2
20:18:14:405 1756 ScanServices: Searching service gaopdxserv.sys
20:18:14:405 1756 ScanServices: Open/Create key error 2
20:18:14:405 1756 ScanServices: Searching service gxvxcserv.sys
20:18:14:405 1756 ScanServices: Open/Create key error 2
20:18:14:405 1756 ScanServices: Searching service MSIVXserv.sys
20:18:14:405 1756 ScanServices: Open/Create key error 2
20:18:14:405 1756 UnhookRegistry: Kernel module file name: C:\windows\system32\ntkrnlpa.exe, base addr: 804D7000
20:18:14:405 1756 UnhookRegistry: Kernel local addr: A40000
20:18:14:421 1756 UnhookRegistry: KeServiceDescriptorTable addr: AC5700
20:18:14:515 1756 UnhookRegistry: KiServiceTable addr: A6D460
20:18:14:515 1756 UnhookRegistry: NtEnumerateKey service number (local): 47
20:18:14:515 1756 UnhookRegistry: NtEnumerateKey local addr: B8CFF2
20:18:14:530 1756 KLMD_OpenDevice: Trying to open KLMD device
20:18:14:530 1756 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey
20:18:14:530 1756 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey
20:18:14:530 1756 KLMD_ReadMem: Trying to ReadMemory 0x805002C9[0x4]
20:18:14:530 1756 UnhookRegistry: NtEnumerateKey service number (kernel): 47
20:18:14:530 1756 KLMD_ReadMem: Trying to ReadMemory 0x8050457C[0x4]
20:18:14:530 1756 UnhookRegistry: NtEnumerateKey real addr: 80623FF2
20:18:14:530 1756 UnhookRegistry: NtEnumerateKey calc addr: 80623FF2
20:18:14:530 1756 UnhookRegistry: No SDT hooks found on NtEnumerateKey
20:18:14:530 1756 KLMD_ReadMem: Trying to ReadMemory 0x80623FF2[0xA]
20:18:14:530 1756 UnhookRegistry: No splicing found on NtEnumerateKey
20:18:14:530 1756
Scanning Kernel memory ...
20:18:14:530 1756 KLMD_OpenDevice: Trying to open KLMD device
20:18:14:530 1756 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk
20:18:14:530 1756 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
20:18:14:530 1756 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 898BC330
20:18:14:530 1756 DetectCureTDL3: KLMD_GetDeviceObjectList returned 11 DevObjects
20:18:14:530 1756 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 88F97C68
20:18:14:530 1756 KLMD_GetLowerDeviceObject: Trying to get lower device object for 88F97C68
20:18:14:530 1756 KLMD_ReadMem: Trying to ReadMemory 0x88F97C68[0x38]
20:18:14:530 1756 DetectCureTDL3: DRIVER_OBJECT addr: 898BC330
20:18:14:530 1756 KLMD_ReadMem: Trying to ReadMemory 0x898BC330[0xA8]
20:18:14:530 1756 KLMD_ReadMem: Trying to ReadMemory 0xE1574C78[0x208]
20:18:14:530 1756 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
20:18:14:530 1756 DetectCureTDL3: IrpHandler (0) addr: BA10EBB0
20:18:14:530 1756 DetectCureTDL3: IrpHandler (1) addr: 804F4562
20:18:14:530 1756 DetectCureTDL3: IrpHandler (2) addr: BA10EBB0
20:18:14:530 1756 DetectCureTDL3: IrpHandler (3) addr: BA108D1F
20:18:14:530 1756 DetectCureTDL3: IrpHandler (4) addr: BA108D1F
20:18:14:530 1756 DetectCureTDL3: IrpHandler (5) addr: 804F4562
20:18:14:530 1756 DetectCureTDL3: IrpHandler (6) addr: 804F4562
20:18:14:530 1756 DetectCureTDL3: IrpHandler (7) addr: 804F4562
20:18:14:530 1756 DetectCureTDL3: IrpHandler (8) addr: 804F4562
20:18:14:530 1756 DetectCureTDL3: IrpHandler (9) addr: BA1092E2
20:18:14:530 1756 DetectCureTDL3: IrpHandler (10) addr: 804F4562
20:18:14:530 1756 DetectCureTDL3: IrpHandler (11) addr: 804F4562
20:18:14:530 1756 DetectCureTDL3: IrpHandler (12) addr: 804F4562
20:18:14:530 1756 DetectCureTDL3: IrpHandler (13) addr: 804F4562
20:18:14:530 1756 DetectCureTDL3: IrpHandler (14) addr: BA1093BB
20:18:14:530 1756 DetectCureTDL3: IrpHandler (15) addr: BA10CF28
20:18:14:530 1756 DetectCureTDL3: IrpHandler (16) addr: BA1092E2
20:18:14:530 1756 DetectCureTDL3: IrpHandler (17) addr: 804F4562
20:18:14:530 1756 DetectCureTDL3: IrpHandler (18) addr: 804F4562
20:18:14:530 1756 DetectCureTDL3: IrpHandler (19) addr: 804F4562
20:18:14:530 1756 DetectCureTDL3: IrpHandler (20) addr: 804F4562
20:18:14:530 1756 DetectCureTDL3: IrpHandler (21) addr: 804F4562
20:18:14:530 1756 DetectCureTDL3: IrpHandler (22) addr: BA10AC82
20:18:14:530 1756 DetectCureTDL3: IrpHandler (23) addr: BA10F99E
20:18:14:530 1756 DetectCureTDL3: IrpHandler (24) addr: 804F4562
20:18:14:530 1756 DetectCureTDL3: IrpHandler (25) addr: 804F4562
20:18:14:530 1756 DetectCureTDL3: IrpHandler (26) addr: 804F4562
20:18:14:530 1756 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
20:18:14:530 1756 KLMD_ReadMem: DeviceIoControl error 1
20:18:14:530 1756 TDL3_StartIoHookDetect: Unable to get StartIo handler code
20:18:14:530 1756 TDL3_FileDetect: Processing driver: Disk
20:18:14:530 1756 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys
20:18:14:530 1756 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
20:18:14:530 1756 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
20:18:14:546 1756 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 8901AC68
20:18:14:546 1756 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8901AC68
20:18:14:546 1756 KLMD_ReadMem: Trying to ReadMemory 0x8901AC68[0x38]
20:18:14:546 1756 DetectCureTDL3: DRIVER_OBJECT addr: 898BC330
20:18:14:546 1756 KLMD_ReadMem: Trying to ReadMemory 0x898BC330[0xA8]
20:18:14:546 1756 KLMD_ReadMem: Trying to ReadMemory 0xE1574C78[0x208]
20:18:14:546 1756 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
20:18:14:546 1756 DetectCureTDL3: IrpHandler (0) addr: BA10EBB0
20:18:14:546 1756 DetectCureTDL3: IrpHandler (1) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (2) addr: BA10EBB0
20:18:14:546 1756 DetectCureTDL3: IrpHandler (3) addr: BA108D1F
20:18:14:546 1756 DetectCureTDL3: IrpHandler (4) addr: BA108D1F
20:18:14:546 1756 DetectCureTDL3: IrpHandler (5) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (6) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (7) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (8) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (9) addr: BA1092E2
20:18:14:546 1756 DetectCureTDL3: IrpHandler (10) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (11) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (12) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (13) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (14) addr: BA1093BB
20:18:14:546 1756 DetectCureTDL3: IrpHandler (15) addr: BA10CF28
20:18:14:546 1756 DetectCureTDL3: IrpHandler (16) addr: BA1092E2
20:18:14:546 1756 DetectCureTDL3: IrpHandler (17) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (18) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (19) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (20) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (21) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (22) addr: BA10AC82
20:18:14:546 1756 DetectCureTDL3: IrpHandler (23) addr: BA10F99E
20:18:14:546 1756 DetectCureTDL3: IrpHandler (24) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (25) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (26) addr: 804F4562
20:18:14:546 1756 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
20:18:14:546 1756 KLMD_ReadMem: DeviceIoControl error 1
20:18:14:546 1756 TDL3_StartIoHookDetect: Unable to get StartIo handler code
20:18:14:546 1756 TDL3_FileDetect: Processing driver: Disk
20:18:14:546 1756 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys
20:18:14:546 1756 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
20:18:14:546 1756 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
20:18:14:546 1756 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 88F41508
20:18:14:546 1756 KLMD_GetLowerDeviceObject: Trying to get lower device object for 88F41508
20:18:14:546 1756 KLMD_ReadMem: Trying to ReadMemory 0x88F41508[0x38]
20:18:14:546 1756 DetectCureTDL3: DRIVER_OBJECT addr: 898BC330
20:18:14:546 1756 KLMD_ReadMem: Trying to ReadMemory 0x898BC330[0xA8]
20:18:14:546 1756 KLMD_ReadMem: Trying to ReadMemory 0xE1574C78[0x208]
20:18:14:546 1756 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
20:18:14:546 1756 DetectCureTDL3: IrpHandler (0) addr: BA10EBB0
20:18:14:546 1756 DetectCureTDL3: IrpHandler (1) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (2) addr: BA10EBB0
20:18:14:546 1756 DetectCureTDL3: IrpHandler (3) addr: BA108D1F
20:18:14:546 1756 DetectCureTDL3: IrpHandler (4) addr: BA108D1F
20:18:14:546 1756 DetectCureTDL3: IrpHandler (5) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (6) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (7) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (8) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (9) addr: BA1092E2
20:18:14:546 1756 DetectCureTDL3: IrpHandler (10) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (11) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (12) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (13) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (14) addr: BA1093BB
20:18:14:546 1756 DetectCureTDL3: IrpHandler (15) addr: BA10CF28
20:18:14:546 1756 DetectCureTDL3: IrpHandler (16) addr: BA1092E2
20:18:14:546 1756 DetectCureTDL3: IrpHandler (17) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (18) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (19) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (20) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (21) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (22) addr: BA10AC82
20:18:14:546 1756 DetectCureTDL3: IrpHandler (23) addr: BA10F99E
20:18:14:546 1756 DetectCureTDL3: IrpHandler (24) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (25) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (26) addr: 804F4562
20:18:14:546 1756 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
20:18:14:546 1756 KLMD_ReadMem: DeviceIoControl error 1
20:18:14:546 1756 TDL3_StartIoHookDetect: Unable to get StartIo handler code
20:18:14:546 1756 TDL3_FileDetect: Processing driver: Disk
20:18:14:546 1756 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys
20:18:14:546 1756 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
20:18:14:546 1756 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
20:18:14:546 1756 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 890B4AF8
20:18:14:546 1756 KLMD_GetLowerDeviceObject: Trying to get lower device object for 890B4AF8
20:18:14:546 1756 KLMD_ReadMem: Trying to ReadMemory 0x890B4AF8[0x38]
20:18:14:546 1756 DetectCureTDL3: DRIVER_OBJECT addr: 898BC330
20:18:14:546 1756 KLMD_ReadMem: Trying to ReadMemory 0x898BC330[0xA8]
20:18:14:546 1756 KLMD_ReadMem: Trying to ReadMemory 0xE1574C78[0x208]
20:18:14:546 1756 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
20:18:14:546 1756 DetectCureTDL3: IrpHandler (0) addr: BA10EBB0
20:18:14:546 1756 DetectCureTDL3: IrpHandler (1) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (2) addr: BA10EBB0
20:18:14:546 1756 DetectCureTDL3: IrpHandler (3) addr: BA108D1F
20:18:14:546 1756 DetectCureTDL3: IrpHandler (4) addr: BA108D1F
20:18:14:546 1756 DetectCureTDL3: IrpHandler (5) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (6) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (7) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (8) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (9) addr: BA1092E2
20:18:14:546 1756 DetectCureTDL3: IrpHandler (10) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (11) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (12) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (13) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (14) addr: BA1093BB
20:18:14:546 1756 DetectCureTDL3: IrpHandler (15) addr: BA10CF28
20:18:14:546 1756 DetectCureTDL3: IrpHandler (16) addr: BA1092E2
20:18:14:546 1756 DetectCureTDL3: IrpHandler (17) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (18) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (19) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (20) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (21) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (22) addr: BA10AC82
20:18:14:546 1756 DetectCureTDL3: IrpHandler (23) addr: BA10F99E
20:18:14:546 1756 DetectCureTDL3: IrpHandler (24) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (25) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (26) addr: 804F4562
20:18:14:546 1756 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
20:18:14:546 1756 KLMD_ReadMem: DeviceIoControl error 1
20:18:14:546 1756 TDL3_StartIoHookDetect: Unable to get StartIo handler code
20:18:14:546 1756 TDL3_FileDetect: Processing driver: Disk
20:18:14:546 1756 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys
20:18:14:546 1756 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
20:18:14:546 1756 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
20:18:14:546 1756 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 88F92708
20:18:14:546 1756 KLMD_GetLowerDeviceObject: Trying to get lower device object for 88F92708
20:18:14:546 1756 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 891E4488
20:18:14:546 1756 KLMD_GetLowerDeviceObject: Trying to get lower device object for 891E4488
20:18:14:546 1756 KLMD_ReadMem: Trying to ReadMemory 0x891E4488[0x38]
20:18:14:546 1756 DetectCureTDL3: DRIVER_OBJECT addr: 89208928
20:18:14:546 1756 KLMD_ReadMem: Trying to ReadMemory 0x89208928[0xA8]
20:18:14:546 1756 KLMD_ReadMem: Trying to ReadMemory 0xE1A59448[0x208]
20:18:14:546 1756 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor
20:18:14:546 1756 DetectCureTDL3: IrpHandler (0) addr: A2961218
20:18:14:546 1756 DetectCureTDL3: IrpHandler (1) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (2) addr: A2961218
20:18:14:546 1756 DetectCureTDL3: IrpHandler (3) addr: A296123C
20:18:14:546 1756 DetectCureTDL3: IrpHandler (4) addr: A296123C
20:18:14:546 1756 DetectCureTDL3: IrpHandler (5) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (6) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (7) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (8) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (9) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (10) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (11) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (12) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (13) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (14) addr: A2961180
20:18:14:546 1756 DetectCureTDL3: IrpHandler (15) addr: A295C9E6
20:18:14:546 1756 DetectCureTDL3: IrpHandler (16) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (17) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (18) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (19) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (20) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (21) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (22) addr: A29605F0
20:18:14:546 1756 DetectCureTDL3: IrpHandler (23) addr: A295EA6E
20:18:14:546 1756 DetectCureTDL3: IrpHandler (24) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (25) addr: 804F4562
20:18:14:546 1756 DetectCureTDL3: IrpHandler (26) addr: 804F4562
20:18:14:546 1756 KLMD_ReadMem: Trying to ReadMemory 0xA295DF26[0x400]
20:18:14:546 1756 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0
20:18:14:546 1756 TDL3_FileDetect: Processing driver: usbstor
20:18:14:546 1756 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\tsk_usbstor.sys, SYSTEM\CurrentControlSet\Services\usbstor, system32\Drivers\tsk_usbstor.sys
20:18:14:546 1756 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys
20:18:14:546 1756 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys
20:18:14:562 1756 DetectCureTDL3: 5 Curr stack PDEVICE_OBJECT: 89165708
20:18:14:562 1756 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89165708
20:18:14:562 1756 DetectCureTDL3: 5 Curr stack PDEVICE_OBJECT: 890B3030
20:18:14:562 1756 KLMD_GetLowerDeviceObject: Trying to get lower device object for 890B3030
20:18:14:562 1756 KLMD_ReadMem: Trying to ReadMemory 0x890B3030[0x38]
20:18:14:562 1756 DetectCureTDL3: DRIVER_OBJECT addr: 89208928
20:18:14:562 1756 KLMD_ReadMem: Trying to ReadMemory 0x89208928[0xA8]
20:18:14:562 1756 KLMD_ReadMem: Trying to ReadMemory 0xE1A59448[0x208]
20:18:14:562 1756 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor
20:18:14:562 1756 DetectCureTDL3: IrpHandler (0) addr: A2961218
20:18:14:562 1756 DetectCureTDL3: IrpHandler (1) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (2) addr: A2961218
20:18:14:562 1756 DetectCureTDL3: IrpHandler (3) addr: A296123C
20:18:14:562 1756 DetectCureTDL3: IrpHandler (4) addr: A296123C
20:18:14:562 1756 DetectCureTDL3: IrpHandler (5) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (6) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (7) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (8) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (9) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (10) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (11) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (12) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (13) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (14) addr: A2961180
20:18:14:562 1756 DetectCureTDL3: IrpHandler (15) addr: A295C9E6
20:18:14:562 1756 DetectCureTDL3: IrpHandler (16) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (17) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (18) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (19) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (20) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (21) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (22) addr: A29605F0
20:18:14:562 1756 DetectCureTDL3: IrpHandler (23) addr: A295EA6E
20:18:14:562 1756 DetectCureTDL3: IrpHandler (24) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (25) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (26) addr: 804F4562
20:18:14:562 1756 KLMD_ReadMem: Trying to ReadMemory 0xA295DF26[0x400]
20:18:14:562 1756 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0
20:18:14:562 1756 TDL3_FileDetect: Processing driver: usbstor
20:18:14:562 1756 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\tsk_usbstor.sys, SYSTEM\CurrentControlSet\Services\usbstor, system32\Drivers\tsk_usbstor.sys
20:18:14:562 1756 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys
20:18:14:562 1756 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys
20:18:14:562 1756 DetectCureTDL3: 6 Curr stack PDEVICE_OBJECT: 8910D708
20:18:14:562 1756 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8910D708
20:18:14:562 1756 DetectCureTDL3: 6 Curr stack PDEVICE_OBJECT: 888E9930
20:18:14:562 1756 KLMD_GetLowerDeviceObject: Trying to get lower device object for 888E9930
20:18:14:562 1756 KLMD_ReadMem: Trying to ReadMemory 0x888E9930[0x38]
20:18:14:562 1756 DetectCureTDL3: DRIVER_OBJECT addr: 89208928
20:18:14:562 1756 KLMD_ReadMem: Trying to ReadMemory 0x89208928[0xA8]
20:18:14:562 1756 KLMD_ReadMem: Trying to ReadMemory 0xE1A59448[0x208]
20:18:14:562 1756 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor
20:18:14:562 1756 DetectCureTDL3: IrpHandler (0) addr: A2961218
20:18:14:562 1756 DetectCureTDL3: IrpHandler (1) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (2) addr: A2961218
20:18:14:562 1756 DetectCureTDL3: IrpHandler (3) addr: A296123C
20:18:14:562 1756 DetectCureTDL3: IrpHandler (4) addr: A296123C
20:18:14:562 1756 DetectCureTDL3: IrpHandler (5) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (6) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (7) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (8) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (9) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (10) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (11) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (12) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (13) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (14) addr: A2961180
20:18:14:562 1756 DetectCureTDL3: IrpHandler (15) addr: A295C9E6
20:18:14:562 1756 DetectCureTDL3: IrpHandler (16) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (17) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (18) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (19) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (20) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (21) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (22) addr: A29605F0
20:18:14:562 1756 DetectCureTDL3: IrpHandler (23) addr: A295EA6E
20:18:14:562 1756 DetectCureTDL3: IrpHandler (24) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (25) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (26) addr: 804F4562
20:18:14:562 1756 KLMD_ReadMem: Trying to ReadMemory 0xA295DF26[0x400]
20:18:14:562 1756 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0
20:18:14:562 1756 TDL3_FileDetect: Processing driver: usbstor
20:18:14:562 1756 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\tsk_usbstor.sys, SYSTEM\CurrentControlSet\Services\usbstor, system32\Drivers\tsk_usbstor.sys
20:18:14:562 1756 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys
20:18:14:562 1756 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys
20:18:14:562 1756 DetectCureTDL3: 7 Curr stack PDEVICE_OBJECT: 890B9708
20:18:14:562 1756 KLMD_GetLowerDeviceObject: Trying to get lower device object for 890B9708
20:18:14:562 1756 DetectCureTDL3: 7 Curr stack PDEVICE_OBJECT: 89222EA0
20:18:14:562 1756 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89222EA0
20:18:14:562 1756 KLMD_ReadMem: Trying to ReadMemory 0x89222EA0[0x38]
20:18:14:562 1756 DetectCureTDL3: DRIVER_OBJECT addr: 89208928
20:18:14:562 1756 KLMD_ReadMem: Trying to ReadMemory 0x89208928[0xA8]
20:18:14:562 1756 KLMD_ReadMem: Trying to ReadMemory 0xE1A59448[0x208]
20:18:14:562 1756 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor
20:18:14:562 1756 DetectCureTDL3: IrpHandler (0) addr: A2961218
20:18:14:562 1756 DetectCureTDL3: IrpHandler (1) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (2) addr: A2961218
20:18:14:562 1756 DetectCureTDL3: IrpHandler (3) addr: A296123C
20:18:14:562 1756 DetectCureTDL3: IrpHandler (4) addr: A296123C
20:18:14:562 1756 DetectCureTDL3: IrpHandler (5) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (6) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (7) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (8) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (9) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (10) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (11) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (12) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (13) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (14) addr: A2961180
20:18:14:562 1756 DetectCureTDL3: IrpHandler (15) addr: A295C9E6
20:18:14:562 1756 DetectCureTDL3: IrpHandler (16) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (17) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (18) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (19) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (20) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (21) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (22) addr: A29605F0
20:18:14:562 1756 DetectCureTDL3: IrpHandler (23) addr: A295EA6E
20:18:14:562 1756 DetectCureTDL3: IrpHandler (24) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (25) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (26) addr: 804F4562
20:18:14:562 1756 KLMD_ReadMem: Trying to ReadMemory 0xA295DF26[0x400]
20:18:14:562 1756 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0
20:18:14:562 1756 TDL3_FileDetect: Processing driver: usbstor
20:18:14:562 1756 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\tsk_usbstor.sys, SYSTEM\CurrentControlSet\Services\usbstor, system32\Drivers\tsk_usbstor.sys
20:18:14:562 1756 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys
20:18:14:562 1756 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys
20:18:14:562 1756 DetectCureTDL3: 8 Curr stack PDEVICE_OBJECT: 894B48A0
20:18:14:562 1756 KLMD_GetLowerDeviceObject: Trying to get lower device object for 894B48A0
20:18:14:562 1756 KLMD_ReadMem: Trying to ReadMemory 0x894B48A0[0x38]
20:18:14:562 1756 DetectCureTDL3: DRIVER_OBJECT addr: 898BC330
20:18:14:562 1756 KLMD_ReadMem: Trying to ReadMemory 0x898BC330[0xA8]
20:18:14:562 1756 KLMD_ReadMem: Trying to ReadMemory 0xE1574C78[0x208]
20:18:14:562 1756 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
20:18:14:562 1756 DetectCureTDL3: IrpHandler (0) addr: BA10EBB0
20:18:14:562 1756 DetectCureTDL3: IrpHandler (1) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (2) addr: BA10EBB0
20:18:14:562 1756 DetectCureTDL3: IrpHandler (3) addr: BA108D1F
20:18:14:562 1756 DetectCureTDL3: IrpHandler (4) addr: BA108D1F
20:18:14:562 1756 DetectCureTDL3: IrpHandler (5) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (6) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (7) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (8) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (9) addr: BA1092E2
20:18:14:562 1756 DetectCureTDL3: IrpHandler (10) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (11) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (12) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (13) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (14) addr: BA1093BB
20:18:14:562 1756 DetectCureTDL3: IrpHandler (15) addr: BA10CF28
20:18:14:562 1756 DetectCureTDL3: IrpHandler (16) addr: BA1092E2
20:18:14:562 1756 DetectCureTDL3: IrpHandler (17) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (18) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (19) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (20) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (21) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (22) addr: BA10AC82
20:18:14:562 1756 DetectCureTDL3: IrpHandler (23) addr: BA10F99E
20:18:14:562 1756 DetectCureTDL3: IrpHandler (24) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (25) addr: 804F4562
20:18:14:562 1756 DetectCureTDL3: IrpHandler (26) addr: 804F4562
20:18:14:562 1756 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
20:18:14:562 1756 KLMD_ReadMem: DeviceIoControl error 1
20:18:14:562 1756 TDL3_StartIoHookDetect: Unable to get StartIo handler code
20:18:14:562 1756 TDL3_FileDetect: Processing driver: Disk
20:18:14:562 1756 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys
20:18:14:562 1756 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
20:18:14:562 1756 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
20:18:14:577 1756 DetectCureTDL3: 9 Curr stack PDEVICE_OBJECT: 894B4C68
20:18:14:577 1756 KLMD_GetLowerDeviceObject: Trying to get lower device object for 894B4C68
20:18:14:577 1756 KLMD_ReadMem: Trying to ReadMemory 0x894B4C68[0x38]
20:18:14:577 1756 DetectCureTDL3: DRIVER_OBJECT addr: 898BC330
20:18:14:577 1756 KLMD_ReadMem: Trying to ReadMemory 0x898BC330[0xA8]
20:18:14:577 1756 KLMD_ReadMem: Trying to ReadMemory 0xE1574C78[0x208]
20:18:14:577 1756 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
20:18:14:577 1756 DetectCureTDL3: IrpHandler (0) addr: BA10EBB0
20:18:14:577 1756 DetectCureTDL3: IrpHandler (1) addr: 804F4562
20:18:14:577 1756 DetectCureTDL3: IrpHandler (2) addr: BA10EBB0
20:18:14:577 1756 DetectCureTDL3: IrpHandler (3) addr: BA108D1F
20:18:14:577 1756 DetectCureTDL3: IrpHandler (4) addr: BA108D1F
20:18:14:577 1756 DetectCureTDL3: IrpHandler (5) addr: 804F4562
20:18:14:577 1756 DetectCureTDL3: IrpHandler (6) addr: 804F4562
20:18:14:577 1756 DetectCureTDL3: IrpHandler (7) addr: 804F4562
20:18:14:577 1756 DetectCureTDL3: IrpHandler (8) addr: 804F4562
20:18:14:577 1756 DetectCureTDL3: IrpHandler (9) addr: BA1092E2
20:18:14:577 1756 DetectCureTDL3: IrpHandler (10) addr: 804F4562
20:18:14:577 1756 DetectCureTDL3: IrpHandler (11) addr: 804F4562
20:18:14:577 1756 DetectCureTDL3: IrpHandler (12) addr: 804F4562
20:18:14:577 1756 DetectCureTDL3: IrpHandler (13) addr: 804F4562
20:18:14:577 1756 DetectCureTDL3: IrpHandler (14) addr: BA1093BB
20:18:14:577 1756 DetectCureTDL3: IrpHandler (15) addr: BA10CF28
20:18:14:577 1756 DetectCureTDL3: IrpHandler (16) addr: BA1092E2
20:18:14:577 1756 DetectCureTDL3: IrpHandler (17) addr: 804F4562
20:18:14:577 1756 DetectCureTDL3: IrpHandler (18) addr: 804F4562
20:18:14:577 1756 DetectCureTDL3: IrpHandler (19) addr: 804F4562
20:18:14:577 1756 DetectCureTDL3: IrpHandler (20) addr: 804F4562
20:18:14:577 1756 DetectCureTDL3: IrpHandler (21) addr: 804F4562
20:18:14:577 1756 DetectCureTDL3: IrpHandler (22) addr: BA10AC82
20:18:14:577 1756 DetectCureTDL3: IrpHandler (23) addr: BA10F99E
20:18:14:577 1756 DetectCureTDL3: IrpHandler (24) addr: 804F4562
20:18:14:577 1756 DetectCureTDL3: IrpHandler (25) addr: 804F4562
20:18:14:577 1756 DetectCureTDL3: IrpHandler (26) addr: 804F4562
20:18:14:577 1756 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
20:18:14:577 1756 KLMD_ReadMem: DeviceIoControl error 1
20:18:14:577 1756 TDL3_StartIoHookDetect: Unable to get StartIo handler code
20:18:14:577 1756 TDL3_FileDetect: Processing driver: Disk
20:18:14:577 1756 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys
20:18:14:577 1756 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
20:18:14:577 1756 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
20:18:14:577 1756 DetectCureTDL3: 10 Curr stack PDEVICE_OBJECT: 894B8AB8
20:18:14:577 1756 KLMD_GetLowerDeviceObject: Trying to get lower device object for 894B8AB8
20:18:14:577 1756 DetectCureTDL3: 10 Curr stack PDEVICE_OBJECT: 898B9030
20:18:14:577 1756 KLMD_GetLowerDeviceObject: Trying to get lower device object for 898B9030
20:18:14:577 1756 KLMD_ReadMem: Trying to ReadMemory 0x898B9030[0x38]
20:18:14:577 1756 DetectCureTDL3: DRIVER_OBJECT addr: 89DEB7E0
20:18:14:577 1756 KLMD_ReadMem: Trying to ReadMemory 0x89DEB7E0[0xA8]
20:18:14:577 1756 KLMD_ReadMem: Trying to ReadMemory 0xE101CA60[0x208]
20:18:14:577 1756 DetectCureTDL3: DRIVER_OBJECT name: \Driver\iaStor, Driver Name: iaStor
20:18:14:577 1756 DetectCureTDL3: IrpHandler (0) addr: B9E70FC2
20:18:14:577 1756 DetectCureTDL3: IrpHandler (1) addr: 804F4562
20:18:14:577 1756 DetectCureTDL3: IrpHandler (2) addr: B9E70FC2
20:18:14:577 1756 DetectCureTDL3: IrpHandler (3) addr: 804F4562
20:18:14:577 1756 DetectCureTDL3: IrpHandler (4) addr: 804F4562
20:18:14:577 1756 DetectCureTDL3: IrpHandler (5) addr: 804F4562
20:18:14:577 1756 DetectCureTDL3: IrpHandler (6) addr: 804F4562
20:18:14:577 1756 DetectCureTDL3: IrpHandler (7) addr: 804F4562
20:18:14:577 1756 DetectCureTDL3: IrpHandler (8) addr: 804F4562
20:18:14:577 1756 DetectCureTDL3: IrpHandler (9) addr: 804F4562
20:18:14:577 1756 DetectCureTDL3: IrpHandler (10) addr: 804F4562
20:18:14:577 1756 DetectCureTDL3: IrpHandler (11) addr: 804F4562
20:18:14:577 1756 DetectCureTDL3: IrpHandler (12) addr: 804F4562
20:18:14:577 1756 DetectCureTDL3: IrpHandler (13) addr: 804F4562
20:18:14:577 1756 DetectCureTDL3: IrpHandler (14) addr: B9E74CBE
20:18:14:577 1756 DetectCureTDL3: IrpHandler (15) addr: B9E74F80
20:18:14:577 1756 DetectCureTDL3: IrpHandler (16) addr: 804F4562
20:18:14:577 1756 DetectCureTDL3: IrpHandler (17) addr: 804F4562
20:18:14:577 1756 DetectCureTDL3: IrpHandler (18) addr: 804F4562
20:18:14:577 1756 DetectCureTDL3: IrpHandler (19) addr: 804F4562
20:18:14:577 1756 DetectCureTDL3: IrpHandler (20) addr: 804F4562
20:18:14:577 1756 DetectCureTDL3: IrpHandler (21) addr: 804F4562
20:18:14:577 1756 DetectCureTDL3: IrpHandler (22) addr: B9E79884
20:18:14:577 1756 DetectCureTDL3: IrpHandler (23) addr: B9E799E4
20:18:14:577 1756 DetectCureTDL3: IrpHandler (24) addr: 804F4562
20:18:14:577 1756 DetectCureTDL3: IrpHandler (25) addr: 804F4562
20:18:14:577 1756 DetectCureTDL3: IrpHandler (26) addr: 804F4562
20:18:14:577 1756 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
20:18:14:577 1756 KLMD_ReadMem: DeviceIoControl error 1
20:18:14:577 1756 TDL3_StartIoHookDetect: Unable to get StartIo handler code
20:18:14:577 1756 TDL3_FileDetect: Processing driver: iaStor
20:18:14:577 1756 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\iastor.sys, C:\WINDOWS\system32\Drivers\tsk_iastor.sys, SYSTEM\CurrentControlSet\Services\iaStor, system32\Drivers\tsk_iastor.sys
20:18:14:577 1756 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\iastor.sys
20:18:14:577 1756 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\iastor.sys
20:18:14:577 1756
Completed

Results:
20:18:14:577 1756 Infected objects in memory: 0
20:18:14:577 1756 Cured objects in memory: 0
20:18:14:577 1756 Infected objects on disk: 0
20:18:14:577 1756 Objects on disk cured on reboot: 0
20:18:14:577 1756 Objects on disk deleted on reboot: 0
20:18:14:577 1756 Registry nodes deleted on reboot: 0
20:18:14:577 1756

#6 Guest_Black_Bird_*

Guest_Black_Bird_*

  • Guests
  • OFFLINE
  •  

Posted 09 December 2009 - 08:39 AM

Hi,

1. Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
If you need a tutorial, see here

2. Also please post a new DDS logfile. :(

Edited by Black_Bird, 09 December 2009 - 08:39 AM.


#7 Guest_Black_Bird_*

Guest_Black_Bird_*

  • Guests
  • OFFLINE
  •  

Posted 17 December 2009 - 04:00 PM

Because you didn't reply anymore, I am closing this topic.
If you want to have this topic reopened, please feel free to send me a private message.

All others, please start a new topic.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users