Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

can't browse to bleeping computer


  • Please log in to reply
23 replies to this topic

#1 kkirkham32

kkirkham32

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 07 February 2010 - 11:13 AM

Need advice!

Hello, first post. My wife's computer is over-run. A number of issues are happening simultaneously. She started having system window pop-ups which were obviously malicious. Also, her computer seems to have spontaneously downloaded a program called Paladin Anti-virus which runs on every start-up and declares it has discovered malware. She was running AVG which did not ever find anything but now has no components active and we are unable to re-activate it.

I managed to install a-squared which I have run several times. It commonly hangs and I have not been able to get through a complete deep scan. I have interupted a number of scans part-way and quarantined several high risk files but cannot get through the whole hard-drive.

I have attempted to download malwarebytes but the installer will not run. I also tried to install spybot and it downloaded the program but then froze the computer.

Not sure where to turn next. I am sending this post from my computer because her firefox will not allow me to go to the "bleepingcomputer" websit.

Thanks in advance!
K

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:41 AM

Posted 07 February 2010 - 02:07 PM

Some types of malware will target Malwarebytes Anti-Malware and other security tools to keep them from running properly. If MBAM will not install, try renaming it first.
  • Right-click on the mbam-setup.exe file file and rename it to mysetup.exe. If that did not work, rename it explorer.exe.
  • Double-click on the renamed file to start the installation.
  • If that still did not work, then try changing the file extension. <- click this link if you do not see the file extension
    If using Windows Vista, refer to these instructions.
  • Right-click on explorer.exe and change the .exe extension to .scr, .com, .pif, or .bat.
  • Then double-click on explorer.com (or whatever extension you renamed it) to begin installation.
Note: Malwarebytes Anti-Malware uses Inno Setup instead of the Windows Installer Service to install the program. If installation coninues to fail in normal mode, try installing and scanning in safe mode. Doing this is usually not advised as MBAM is designed to be at full power when running in normal mode and loses some effectiveness for detection & removal when used in safe mode. For optimal removal, normal mode is recommended so it does not limit the abilities of MBAM. Therefore, after completing a scan it is recommended to uninstall MBAM, then reinstall it in normal mode and perform another Quick Scan.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files.
  • Right-click on mbam.exe and rename it to wuauclt.exe.
  • Double-click on wuauclt.exe to launch the program.
  • If that did not work, then change the .exe extension in the same way as noted above.
  • Double-click on wuauclt.com (or whatever extension you renamed it) to launch the program.
If that does not work, you can try using Rkill before scanning with Malwarebytes Anti-Malware. This tool terminates certain processes and fixes certain registry keys that stop us from using security and clean up tools. To do that, please refer to the instructions provided in For those having trouble running Malwarebytes Anti-Malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 kkirkham32

kkirkham32
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 08 February 2010 - 12:31 AM

Thanks for the advice!

I have managed to install mwb in safe mode and am running a scan now. I will uninstall after and try to repeat the process in normal mode. I did have to change the name of both the installer file and the exe file to allow the program to launch.

I also managed to run a full a-squared scan in safe mode. It did not find anything more than I had managed to remove in normal mode but at least it was able to complete a full scan. I have also managed to get ad-aware on the computer. I has found nothing.

If I continue to have problems after scanning with mwb I will re-post.

However, may I ask about Paladin? Is this a real anti-virus program or is it some elaborate malware? Should I uninstall it? When I try a text box opens which asks me why I am uninstalling the software? Is this ligit?

[I just found the uninstall guide for Paladin so I guess I have the answer to my question. I will try to run rkill before my next malwarebytes scan to see if I can get rid of it because mwb did not seem to find Paladin on its own]

Thanks again for all your help. You are lifesavers and providing a real service.

K

Edited by kkirkham32, 08 February 2010 - 09:21 AM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:41 AM

Posted 08 February 2010 - 10:06 AM

Not a problem.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 kkirkham32

kkirkham32
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 08 February 2010 - 07:16 PM

afraid I'm back.

Followed the directions to remove Paladin. I was able to download rkill on my other computer and move it via USB drive to the infected computer. On start-up I can run rkill and its log does say that it has stopped Paladin.

The problem is now two fold. First, I am unable to launch Malwarebytes under its real name even with Paladin stopped. I have to change the name like you suggested. Second, everytime I try to run Malwarebytes after rkill the computer freezes at some point. Sometimes this is 1:22 into the scan, sometimes this is over an hour into the scan but it never completes in normal mode. So far it has not indicated that it has found anything during the part of the scan it is capable of completing.

[update - I finally completed a quick scan. MBAM found nothing. I was watching the folders being scanned and it didn't appear to even look at the Palading Program folder. On completion of the scan the log opened but as I went to save it the whole system crashed as below]

A couple of times early in start-up normal mode the computer has crashed completely with a blue screen with white words indicating that a physical memory dump has been performed. The short version


A problem has been detected and windows has been shut down to prevent damage to your computer.

DRIVER_IRQL_NOT_LESS_OR_EQUAL

‚‚‚Äö¨¶

Technical information:
*** STOP: 0x000000D1 (0xB1FF5198, 0x00000002, 0x00000000, 0xB1FECE22)

Beginning dump of physical memory
Physical memory dump complete.




Any suggestions? In the meantime I will continue trying to do a full scan.
[finally managed to run update on MBAM again. Previously caused the computer to hang. One time generated this message:

Malwarebytes‚‚ā¨‚ĄĘ Anti-Malware
An error occurred. Please report the following error code to the Malwarebytes‚‚ā¨‚ĄĘ Anti-Malware support team.

Error code: 732 (0, 0)

running full scan now -- No Luck. The program continually hangs part way through the scan and I have to manually shut down the computer]
K

Edited by kkirkham32, 08 February 2010 - 10:42 PM.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:41 AM

Posted 09 February 2010 - 08:47 AM

Anytime Malwarebytes Anti-Malware results in any error messages, check the Help file's list of error codes within its program folder first. Go to Start > All Programs > Malwarebytes' Anti-Malware folder or open Windows Explorer and navigate to its folder in Program Files. If you do not find any information, please refer to: Section C: Explanation of common Malwarebytesí Anti-Malware error codes

Error 732: Error updating the database or product. Check Internet connectivity.

Section D
Error Code 732 - Automatically Detect Settings in IE & Note for NetZero Users


...the scan but it never completes in normal mode.

Have your tried doing a scan in safe mode? If not, please do so.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 kkirkham32

kkirkham32
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 09 February 2010 - 09:20 AM

Hi Quietman,

Nice to see you back. I was watching most of the evening but I guess we need to allow you a life away from kindly solving our problems. Genuinely thankful to hear your response again! PS. love the Dick Tracey avatar.

Here is the summary of what I have tried and the results.

1) completed several partial scans with updated a-squared and quaranteened several files. Initially unable to complete full scan as the program froze every time. Completed full scan in safe mode and found nothing more than tracking cookies.

2) completed ad-aware update and scan. Found nothing at all.

3) attempted multiple scans with MBAM in normal mode. Had difficulty and error message with update but did manage to update the program. MBAM has never competed a full scan in normal mode. Always freezes. The freeze occurs at different points in the scan each time. Sometime early, sometimes late. MBAM has never indicated an object identified during scan.

3) ran full MBAM scan in safe mode. Found a number of trojan files which were quaranteened. The scan completed successfully. Resarted the computer in normal mode as you suggested safe mode may result in incomplete removal. Paladin remains and launches on start-up.

4) ran Rkill which after MOST reboots stops Paladin. Despite Rkill, MBAM still is unable to complete a full scan in normal mode and freezes. I watched one of the scans and when moving though the program files folder it did not appear to even seen the Paladin folder.

any thoughts? I will be away from the infected computer until this evening.

K

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:41 AM

Posted 09 February 2010 - 10:36 AM

Many rogue malware programs can be uninstalled by using Add/Remove Programs as shown here.

Reboot in safe mode, go to Posted Image > Control Panel or Posted Image > Settings > Control Panel (if in Classic View) and double-click on Add/Remove Programs. From within Add/Remove Programs uninstall the program by highlighting it (if listed) and selecting Remove, then reboot normally. Vista users should use the Programs and Features section of Control Panel.

Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
-- If you cannot boot into safe mode or complete a scan, then perform your scan in normal mode.

-- If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

Edited by quietman7, 09 February 2010 - 10:37 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 kkirkham32

kkirkham32
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 09 February 2010 - 10:57 AM

Thanks again,

I will do this as soon as I get home. Should I post the log from SAS when the scan is complete?

K

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:41 AM

Posted 09 February 2010 - 11:03 AM

Yes, post the log.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 kkirkham32

kkirkham32
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 09 February 2010 - 10:38 PM

Hi Quietman7,

Hope you had a good day today. I have followed your suggestions and have logs pasted below. First, I tried uninstalling Paladin in Safe Mode and what a surprise that seemed to work. Before your suggested that I was afraid it might cause more problems since there were such specific instructions on how to remove the program posted.

This seemed to allow me to proceed with the next few steps. I downloaded, updated and ran superantispyware in safe mode. It found only tracking cookies. You'll notice that several are porn related. Not sure if these came from all the porn windows that were popping up a few days ago but I think I will have to speak to my son about safe internetting in any case. I've posted the log below.

Following this I re-installed MBAM and updated. I managed to run a quick scan in normal mode and the log is below. It found some of the Paladin components and others. Following the quick scan I finally have been able to complete a full MBAM scan in normal mode. This log is also posted below.

The best news is that I am posting this reply from the affected computer and I seem to have some degree of function returned! Still seems to be running quite slow though.

What should I do now?

K

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/09/2010 at 06:13 PM

Application Version : 4.33.1000

Core Rules Database Version : 4570
Trace Rules Database Version: 2382

Scan type : Complete Scan
Total Scan Time : 02:50:09

Memory items scanned : 243
Memory threats detected : 0
Registry items scanned : 6080
Registry threats detected : 0
File items scanned : 80951
File threats detected : 305

Adware.Tracking Cookie
C:\Documents and Settings\Kyle\Cookies\kyle@server.iad.liveperson[5].txt
C:\Documents and Settings\Kyle\Cookies\kyle@rogersmedia[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@oasc11.247realmedia[2].txt
C:\Documents and Settings\Kyle\Cookies\kyle@media6degrees[2].txt
C:\Documents and Settings\Kyle\Cookies\kyle@content.yieldmanager[2].txt
C:\Documents and Settings\Kyle\Cookies\kyle@atdmt[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@vitamine.networldmedia[3].txt
C:\Documents and Settings\Kyle\Cookies\kyle@roiservice[2].txt
C:\Documents and Settings\Kyle\Cookies\kyle@ads.squamishrealestate[2].txt
C:\Documents and Settings\Kyle\Cookies\kyle@eas.apm.emediate[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@collective-media[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@elitemotorcars[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@tribalfusion[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@serving-sys[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@advertising[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@analytics.rogersmedia[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@adcentriconline[2].txt
C:\Documents and Settings\Kyle\Cookies\kyle@apmebf[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@bs.serving-sys[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@mediaplex[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@doubleclick[2].txt
C:\Documents and Settings\Kyle\Cookies\kyle@ads.networldmedia[3].txt
C:\Documents and Settings\Kyle\Cookies\kyle@ads.fcaccess[2].txt
C:\Documents and Settings\Kyle\Cookies\kyle@specificmedia[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@imrworldwide[2].txt
C:\Documents and Settings\Kyle\Cookies\kyle@answerstv.112.2o7[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@interclick[2].txt
C:\Documents and Settings\Kyle\Cookies\kyle@revenue[2].txt
C:\Documents and Settings\Kyle\Cookies\kyle@sales.liveperson[2].txt
C:\Documents and Settings\Kyle\Cookies\kyle@ad.yieldmanager[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@server.lon.liveperson[2].txt
C:\Documents and Settings\Kyle\Cookies\kyle@www.m2omedia[2].txt
C:\Documents and Settings\Kyle\Cookies\kyle@stylefinds.blogspot[2].txt
C:\Documents and Settings\Kyle\Cookies\kyle@ad.dragonstar.dmoglobal[2].txt
C:\Documents and Settings\Kyle\Cookies\kyle@ad.associatedcontent[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@server.iad.liveperson[3].txt
C:\Documents and Settings\Kyle\Cookies\kyle@specificclick[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@ads.clicksor[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@discount-voucher.co[2].txt
C:\Documents and Settings\Kyle\Cookies\kyle@uk.sitestat[2].txt
C:\Documents and Settings\Kyle\Cookies\kyle@track.bestbuy[2].txt
C:\Documents and Settings\Kyle\Cookies\kyle@forumfind[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@ehg-hollywoodmedia.hitbox[2].txt
C:\Documents and Settings\Kyle\Cookies\kyle@thefind[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@m2omedia[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@hitbox[2].txt
C:\Documents and Settings\Kyle\Cookies\kyle@www.locatewebfind[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@trafficmp[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@sales.liveperson[4].txt
C:\Documents and Settings\Kyle\Cookies\kyle@247realmedia[2].txt
C:\Documents and Settings\Kyle\Cookies\kyle@bizrate[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@ads.addynamix[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@vitamine.networldmedia[2].txt
C:\Documents and Settings\Kyle\Cookies\kyle@ads.networldmedia[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@www.discount-voucher.co[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@ads.widgetbucks[2].txt
C:\Documents and Settings\Kyle\Cookies\kyle@media.ethical-junction[2].txt
C:\Documents and Settings\Kyle\Cookies\kyle@realmedia[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@warnerbrothersrecords.112.2o7[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@tacoda[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@casalemedia[2].txt
C:\Documents and Settings\Kyle\Cookies\kyle@ads.undertone[2].txt
C:\Documents and Settings\Kyle\Cookies\kyle@b5media[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@serw.clicksor[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@ads.adhostingsolutions[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@a1.interclick[2].txt
C:\Documents and Settings\Kyle\Cookies\kyle@ehg-researchinmotion.hitbox[2].txt
C:\Documents and Settings\Kyle\Cookies\kyle@axxessads.valuead[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@ads.wayspa[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@invitemedia[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@content.yieldmanager[3].txt
C:\Documents and Settings\Kyle\Cookies\kyle@adultadworld[2].txt
C:\Documents and Settings\Kyle\Cookies\kyle@ads.cnn[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@www.googleadservices[3].txt
C:\Documents and Settings\Kyle\Cookies\kyle@server.iad.liveperson[4].txt
C:\Documents and Settings\Kyle\Cookies\kyle@fastclick[2].txt
C:\Documents and Settings\Kyle\Cookies\kyle@ads.contactmusic[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@questionmarket[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@myroitracking[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@openxxx.viragemedia[2].txt
C:\Documents and Settings\Kyle\Cookies\kyle@uk.sitestat[3].txt
C:\Documents and Settings\Kyle\Cookies\kyle@ads.associatedcontent[2].txt
C:\Documents and Settings\Kyle\Cookies\kyle@statse.webtrendslive[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@networldmedia[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@clickpayz4.91447.blueseek[2].txt
C:\Documents and Settings\Kyle\Cookies\kyle@msnportal.112.2o7[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@ads.freefoto[2].txt
C:\Documents and Settings\Kyle\Cookies\kyle@adcloudmedia[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@uk.sitestat[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@onlyfind[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@adserving.localpages[2].txt
C:\Documents and Settings\Kyle\Cookies\kyle@insightexpressai[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@statcounter[2].txt
C:\Documents and Settings\Kyle\Cookies\kyle@overture[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@2o7[2].txt
C:\Documents and Settings\Kyle\Cookies\kyle@media.adrevolver[2].txt
C:\Documents and Settings\Kyle\Cookies\kyle@bellcan.adbureau[2].txt
C:\Documents and Settings\Kyle\Cookies\kyle@naiadsystems[1].txt
C:\Documents and Settings\Kyle\Cookies\kyle@ads.pointroll[1].txt
www.puretracks.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
www.puretracks.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.bellglobemediapublishing.122.2o7.net [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.m2omedia.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.m2omedia.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
www.googleadservices.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.adcentriconline.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.ehg-ctv.hitbox.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.ehg-ctv.hitbox.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.ehg-mybc.hitbox.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.ehg-mybc.hitbox.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
data.coremetrics.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.ehg-corusentertainment.hitbox.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.airmilesrewardprogram.112.2o7.net [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.optimost.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.optimost.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.homedepotca.122.2o7.net [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.ehg-bestbuy.hitbox.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.ehg-bestbuy.hitbox.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.amazonsearsca.122.2o7.net [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
sales.liveperson.net [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
sales.liveperson.net [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
sales.liveperson.net [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.torstardigital.122.2o7.net [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
blacks.pnimedia.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.canadapost.112.2o7.net [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
media.sensis.com.au [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.ehg-cruiseshipcenters.hitbox.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.ehg-cruiseshipcenters.hitbox.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
www.3dstats.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.ehg-dig.hitbox.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.ehg-dig.hitbox.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.ehg-dig.hitbox.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.ehg-dig.hitbox.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
www.googleadservices.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.as-eu.falkag.net [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.as-eu.falkag.net [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.as-eu.falkag.net [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.as-eu.falkag.net [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
image.masterstats.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.adultadworld.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.adultadworld.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.adultadworld.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.humornsex.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.humornsex.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
www.addfreestats.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
www4.addfreestats.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.cz7.clickzs.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.cz7.clickzs.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
www6.addfreestats.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
www.burstbeacon.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.maxserving.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.northwestairlines.112.2o7.net [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.ehg-yellowpages.hitbox.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.as-us.falkag.net [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.as-us.falkag.net [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.as-us.falkag.net [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
sales.liveperson.net [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
sales.liveperson.net [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.adlegend.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.ehg-nestleusainc.hitbox.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.ehg-nestleusainc.hitbox.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.ehg-nestleusainc.hitbox.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.ehg-shoppersdrugmart.hitbox.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.ehg-foxmovies.hitbox.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.kanoodle.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
ads.bridgetrack.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
ads.bridgetrack.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.xiti.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.ehg-zoomerang.hitbox.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.phg.hitbox.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.indextools.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.giftscom.122.2o7.net [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.ehg-debenhams.hitbox.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.manulife.122.2o7.net [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.discount-london.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.discount-london.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.ehg-iwantoneofthose.hitbox.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
test.coremetrics.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.keywordmax.com [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.sexualityandu.ca [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.sexualityandu.ca [ C:\Documents and Settings\Kyle\Application Data\You've Got Pictures Screensaver\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.accessexcellence.org [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.tripod.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.tripod.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.adultadworld.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.adultadworld.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.bleeparoo.org [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.twelvefifteen.net [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
www.quppyporn.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
www.quppyporn.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.xiti.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.thatsbleeped.org [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.thatsbleeped.org [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
thatsbleeped.org [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
www.thatsbleeped.org [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.heavycom.122.2o7.net [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.m2omedia.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.bellglobemediapublishing.122.2o7.net [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.adcentriconline.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.airmilesrewardprogram.112.2o7.net [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.homedepotca.122.2o7.net [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.amazonsearsca.122.2o7.net [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.torstardigital.122.2o7.net [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.canadapost.112.2o7.net [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.humornsex.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.maxserving.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.northwestairlines.112.2o7.net [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.adlegend.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.kanoodle.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.giftscom.122.2o7.net [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.manulife.122.2o7.net [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.discount-london.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.keywordmax.com [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
.sexualityandu.ca [ C:\Documents and Settings\Yolanda\Application Data\Mozilla\Firefox\Profiles\fyi4bz22.default\cookies.txt ]
C:\Documents and Settings\Yolanda\Cookies\yolanda@adcentriconline[1].txt
C:\Documents and Settings\Yolanda\Cookies\yolanda@adopt.specificclick[1].txt
C:\Documents and Settings\Yolanda\Cookies\yolanda@ads.mytelus[1].txt
C:\Documents and Settings\Yolanda\Cookies\yolanda@ads.pointroll[1].txt
C:\Documents and Settings\Yolanda\Cookies\yolanda@atdmt[2].txt
C:\Documents and Settings\Yolanda\Cookies\yolanda@cbs.112.2o7[1].txt
C:\Documents and Settings\Yolanda\Cookies\yolanda@m2omedia[2].txt
C:\Documents and Settings\Yolanda\Cookies\yolanda@msnportal.112.2o7[1].txt
C:\Documents and Settings\Yolanda\Cookies\yolanda@www.m2omedia[2].txt
C:\Documents and Settings\Yolanda\Cookies\yolanda@www.puretracks[2].txt
C:\Documents and Settings\Yolanda\Cookies\yolanda@www.theporndoc[1].txt




Malwarebytes' Anti-Malware 1.44
Database version: 3717
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

09/02/2010 7:23:04 PM
mbam-log-2010-02-09 (19-23-04).txt

Scan type: Quick Scan
Objects scanned: 154847
Time elapsed: 20 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\_VOID (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\_VOIDd.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\All Users\Application Data\_VOIDkrl32mainweq.dll (Rootkit.TDSS) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\_VOIDmainqt.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\_VOIDshsyst.dll (Rootkit.TDSS) -> Delete on reboot.






Malwarebytes' Anti-Malware 1.44
Database version: 3717
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

09/02/2010 10:12:51 PM
mbam-log-2010-02-09 (22-12-51).txt

Scan type: Full Scan (C:\|)
Objects scanned: 232359
Time elapsed: 2 hour(s), 39 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Kyle\Local Settings\Temp\_VOID7a0d.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_VOIDfqpxettlni.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_VOIDjkkyaveqaj.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_VOIDpjewpisnvx.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_VOIDvmpfvmkvrs.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\_VOIDobbibqjlhi.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_VOIDowvyxujdux.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:41 AM

Posted 09 February 2010 - 10:48 PM

Please download the TDSS Rootkit Removing Tool (TDSSKiller.zip) save it to your Desktop. <-Important!!!
Be sure to print out and follow the instructions provided on that same page for performing a scan.
  • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop. (click here if you're not sure how to do this. Vista users refer to these instructions.)
  • Go to Posted Image > Run..., , then type or copy and paste everything in the code box below into the Open dialogue box:

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  • Click OK.
  • If malicious services or files have been detected, the utility will prompt to reboot the computer in order to complete the disinfection procedure. Please reboot when prompted.
  • A log file named TDSSKiller.txt should have been created and saved to the root directory (usually C:\TDSSKiller.txt).
  • Copy and paste the contents of that report in your next reply.
IMPORTANT NOTE: One or more of the identified infections was related to a nasty variant of the TDSS/TDL3 rootkit. Rootkits, backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used by the attacker for malicious purposes. Rootkits are used by Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker. To learn more about these types of infections, you can refer to:If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. They should be changed using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:Although the rootkit was identified and may be removed, your machine has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired so you can never be sure that you have completely removed a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 kkirkham32

kkirkham32
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 09 February 2010 - 10:57 PM

downloading now.

Will post log when ready.

K

#14 kkirkham32

kkirkham32
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 09 February 2010 - 11:03 PM

TDSS killer log below. Can I post a MBAM log from another computer for you to look at when we come to a conclusion with this one or would that be inappropriate and should be posted in a new post?

K



22:58:54:608 2224 TDSS rootkit removing tool 2.2.3 Feb 4 2010 14:34:00
22:58:54:608 2224 ================================================================================
22:58:54:608 2224 SystemInfo:

22:58:54:608 2224 OS Version: 5.1.2600 ServicePack: 3.0
22:58:54:608 2224 Product type: Workstation
22:58:54:628 2224 ComputerName: ICE
22:58:54:628 2224 UserName: Kyle
22:58:54:628 2224 Windows directory: C:\WINDOWS
22:58:54:628 2224 Processor architecture: Intel x86
22:58:54:628 2224 Number of processors: 1
22:58:54:628 2224 Page size: 0x1000
22:58:54:628 2224 Boot type: Normal boot
22:58:54:628 2224 ================================================================================
22:58:54:648 2224 UnloadDriverW: NtUnloadDriver error 2
22:58:54:648 2224 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
22:58:54:648 2224 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
22:58:56:040 2224 UtilityInit: KLMD drop and load success
22:58:56:040 2224 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201010)
22:58:56:040 2224 UtilityInit: KLMD open success
22:58:56:040 2224 UtilityInit: Initialize success
22:58:56:040 2224
22:58:56:040 2224 Scanning Services ...
22:58:56:040 2224 CreateRegParser: Registry parser init started
22:58:56:040 2224 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127
22:58:56:040 2224 CreateRegParser: DisableWow64Redirection error
22:58:56:040 2224 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
22:58:56:040 2224 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043
22:58:56:040 2224 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
22:58:56:040 2224 wfopen_ex: Trying to KLMD file open
22:58:56:040 2224 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system
22:58:56:040 2224 wfopen_ex: File opened ok (Flags 2)
22:58:56:040 2224 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: 384AF8
22:58:56:040 2224 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
22:58:56:100 2224 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043
22:58:56:100 2224 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
22:58:56:100 2224 wfopen_ex: Trying to KLMD file open
22:58:56:100 2224 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software
22:58:56:100 2224 wfopen_ex: File opened ok (Flags 2)
22:58:56:100 2224 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: 3849E8
22:58:56:100 2224 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127
22:58:56:100 2224 CreateRegParser: EnableWow64Redirection error
22:58:56:100 2224 CreateRegParser: RegParser init completed
22:58:56:851 2224 GetAdvancedServicesInfo: Raw services enum returned 363 services
22:58:56:861 2224 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
22:58:56:861 2224 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
22:58:56:861 2224
22:58:56:861 2224 Scanning Kernel memory ...
22:58:56:861 2224 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
22:58:56:861 2224 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 82F97240
22:58:56:861 2224 DetectCureTDL3: KLMD_GetDeviceObjectList returned 6 DevObjects
22:58:56:861 2224
22:58:56:861 2224 DetectCureTDL3: DEVICE_OBJECT: 82E0FC68
22:58:56:861 2224 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82E0FC68
22:58:56:861 2224 KLMD_ReadMem: Trying to ReadMemory 0x82E0FC68[0x38]
22:58:56:861 2224 DetectCureTDL3: DRIVER_OBJECT: 82F97240
22:58:56:861 2224 KLMD_ReadMem: Trying to ReadMemory 0x82F97240[0xA8]
22:58:56:861 2224 KLMD_ReadMem: Trying to ReadMemory 0xE101DEF0[0x18]
22:58:56:861 2224 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
22:58:56:861 2224 DetectCureTDL3: IrpHandler (0) addr: F853CBB0
22:58:56:861 2224 DetectCureTDL3: IrpHandler (1) addr: 804FA87E
22:58:56:861 2224 DetectCureTDL3: IrpHandler (2) addr: F853CBB0
22:58:56:861 2224 DetectCureTDL3: IrpHandler (3) addr: F8536D1F
22:58:56:861 2224 DetectCureTDL3: IrpHandler (4) addr: F8536D1F
22:58:56:861 2224 DetectCureTDL3: IrpHandler (5) addr: 804FA87E
22:58:56:861 2224 DetectCureTDL3: IrpHandler (6) addr: 804FA87E
22:58:56:861 2224 DetectCureTDL3: IrpHandler (7) addr: 804FA87E
22:58:56:861 2224 DetectCureTDL3: IrpHandler (8) addr: 804FA87E
22:58:56:861 2224 DetectCureTDL3: IrpHandler (9) addr: F85372E2
22:58:56:861 2224 DetectCureTDL3: IrpHandler (10) addr: 804FA87E
22:58:56:861 2224 DetectCureTDL3: IrpHandler (11) addr: 804FA87E
22:58:56:861 2224 DetectCureTDL3: IrpHandler (12) addr: 804FA87E
22:58:56:861 2224 DetectCureTDL3: IrpHandler (13) addr: 804FA87E
22:58:56:861 2224 DetectCureTDL3: IrpHandler (14) addr: F85373BB
22:58:56:861 2224 DetectCureTDL3: IrpHandler (15) addr: F853AF28
22:58:56:861 2224 DetectCureTDL3: IrpHandler (16) addr: F85372E2
22:58:56:861 2224 DetectCureTDL3: IrpHandler (17) addr: 804FA87E
22:58:56:861 2224 DetectCureTDL3: IrpHandler (18) addr: 804FA87E
22:58:56:861 2224 DetectCureTDL3: IrpHandler (19) addr: 804FA87E
22:58:56:861 2224 DetectCureTDL3: IrpHandler (20) addr: 804FA87E
22:58:56:861 2224 DetectCureTDL3: IrpHandler (21) addr: 804FA87E
22:58:56:861 2224 DetectCureTDL3: IrpHandler (22) addr: F8538C82
22:58:56:861 2224 DetectCureTDL3: IrpHandler (23) addr: F853D99E
22:58:56:861 2224 DetectCureTDL3: IrpHandler (24) addr: 804FA87E
22:58:56:861 2224 DetectCureTDL3: IrpHandler (25) addr: 804FA87E
22:58:56:861 2224 DetectCureTDL3: IrpHandler (26) addr: 804FA87E
22:58:56:861 2224 TDL3_FileDetect: Processing driver: Disk
22:58:56:861 2224 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
22:58:56:861 2224 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
22:58:56:921 2224 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
22:58:56:921 2224
22:58:56:921 2224 DetectCureTDL3: DEVICE_OBJECT: 82E4D0D8
22:58:56:921 2224 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82E4D0D8
22:58:56:921 2224 DetectCureTDL3: DEVICE_OBJECT: 82CA2020
22:58:56:921 2224 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82CA2020
22:58:56:921 2224 DetectCureTDL3: DEVICE_OBJECT: 82ED3030
22:58:56:921 2224 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82ED3030
22:58:56:921 2224 KLMD_ReadMem: Trying to ReadMemory 0x82ED3030[0x38]
22:58:56:921 2224 DetectCureTDL3: DRIVER_OBJECT: 82D70400
22:58:56:921 2224 KLMD_ReadMem: Trying to ReadMemory 0x82D70400[0xA8]
22:58:56:921 2224 KLMD_ReadMem: Trying to ReadMemory 0xE1B86858[0x1E]
22:58:56:921 2224 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR
22:58:56:921 2224 DetectCureTDL3: IrpHandler (0) addr: B6504218
22:58:56:921 2224 DetectCureTDL3: IrpHandler (1) addr: 804FA87E
22:58:56:921 2224 DetectCureTDL3: IrpHandler (2) addr: B6504218
22:58:56:921 2224 DetectCureTDL3: IrpHandler (3) addr: B650423C
22:58:56:921 2224 DetectCureTDL3: IrpHandler (4) addr: B650423C
22:58:56:921 2224 DetectCureTDL3: IrpHandler (5) addr: 804FA87E
22:58:56:921 2224 DetectCureTDL3: IrpHandler (6) addr: 804FA87E
22:58:56:921 2224 DetectCureTDL3: IrpHandler (7) addr: 804FA87E
22:58:56:921 2224 DetectCureTDL3: IrpHandler (8) addr: 804FA87E
22:58:56:921 2224 DetectCureTDL3: IrpHandler (9) addr: 804FA87E
22:58:56:921 2224 DetectCureTDL3: IrpHandler (10) addr: 804FA87E
22:58:56:921 2224 DetectCureTDL3: IrpHandler (11) addr: 804FA87E
22:58:56:921 2224 DetectCureTDL3: IrpHandler (12) addr: 804FA87E
22:58:56:921 2224 DetectCureTDL3: IrpHandler (13) addr: 804FA87E
22:58:56:921 2224 DetectCureTDL3: IrpHandler (14) addr: B6504180
22:58:56:921 2224 DetectCureTDL3: IrpHandler (15) addr: B64FF9E6
22:58:56:921 2224 DetectCureTDL3: IrpHandler (16) addr: 804FA87E
22:58:56:921 2224 DetectCureTDL3: IrpHandler (17) addr: 804FA87E
22:58:56:921 2224 DetectCureTDL3: IrpHandler (18) addr: 804FA87E
22:58:56:921 2224 DetectCureTDL3: IrpHandler (19) addr: 804FA87E
22:58:56:921 2224 DetectCureTDL3: IrpHandler (20) addr: 804FA87E
22:58:56:921 2224 DetectCureTDL3: IrpHandler (21) addr: 804FA87E
22:58:56:921 2224 DetectCureTDL3: IrpHandler (22) addr: B65035F0
22:58:56:921 2224 DetectCureTDL3: IrpHandler (23) addr: B6501A6E
22:58:56:921 2224 DetectCureTDL3: IrpHandler (24) addr: 804FA87E
22:58:56:921 2224 DetectCureTDL3: IrpHandler (25) addr: 804FA87E
22:58:56:921 2224 DetectCureTDL3: IrpHandler (26) addr: 804FA87E
22:58:56:921 2224 KLMD_ReadMem: Trying to ReadMemory 0xB6500F26[0x400]
22:58:56:921 2224 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
22:58:56:921 2224 TDL3_FileDetect: Processing driver: USBSTOR
22:58:56:921 2224 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:58:56:921 2224 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:58:57:061 2224 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
22:58:57:061 2224
22:58:57:061 2224 DetectCureTDL3: DEVICE_OBJECT: 82F93C68
22:58:57:061 2224 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82F93C68
22:58:57:061 2224 KLMD_ReadMem: Trying to ReadMemory 0x82F93C68[0x38]
22:58:57:061 2224 DetectCureTDL3: DRIVER_OBJECT: 82F97240
22:58:57:061 2224 KLMD_ReadMem: Trying to ReadMemory 0x82F97240[0xA8]
22:58:57:061 2224 KLMD_ReadMem: Trying to ReadMemory 0xE101DEF0[0x18]
22:58:57:061 2224 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
22:58:57:061 2224 DetectCureTDL3: IrpHandler (0) addr: F853CBB0
22:58:57:061 2224 DetectCureTDL3: IrpHandler (1) addr: 804FA87E
22:58:57:061 2224 DetectCureTDL3: IrpHandler (2) addr: F853CBB0
22:58:57:061 2224 DetectCureTDL3: IrpHandler (3) addr: F8536D1F
22:58:57:061 2224 DetectCureTDL3: IrpHandler (4) addr: F8536D1F
22:58:57:061 2224 DetectCureTDL3: IrpHandler (5) addr: 804FA87E
22:58:57:061 2224 DetectCureTDL3: IrpHandler (6) addr: 804FA87E
22:58:57:061 2224 DetectCureTDL3: IrpHandler (7) addr: 804FA87E
22:58:57:061 2224 DetectCureTDL3: IrpHandler (8) addr: 804FA87E
22:58:57:061 2224 DetectCureTDL3: IrpHandler (9) addr: F85372E2
22:58:57:061 2224 DetectCureTDL3: IrpHandler (10) addr: 804FA87E
22:58:57:061 2224 DetectCureTDL3: IrpHandler (11) addr: 804FA87E
22:58:57:061 2224 DetectCureTDL3: IrpHandler (12) addr: 804FA87E
22:58:57:061 2224 DetectCureTDL3: IrpHandler (13) addr: 804FA87E
22:58:57:061 2224 DetectCureTDL3: IrpHandler (14) addr: F85373BB
22:58:57:061 2224 DetectCureTDL3: IrpHandler (15) addr: F853AF28
22:58:57:061 2224 DetectCureTDL3: IrpHandler (16) addr: F85372E2
22:58:57:061 2224 DetectCureTDL3: IrpHandler (17) addr: 804FA87E
22:58:57:061 2224 DetectCureTDL3: IrpHandler (18) addr: 804FA87E
22:58:57:061 2224 DetectCureTDL3: IrpHandler (19) addr: 804FA87E
22:58:57:061 2224 DetectCureTDL3: IrpHandler (20) addr: 804FA87E
22:58:57:061 2224 DetectCureTDL3: IrpHandler (21) addr: 804FA87E
22:58:57:061 2224 DetectCureTDL3: IrpHandler (22) addr: F8538C82
22:58:57:061 2224 DetectCureTDL3: IrpHandler (23) addr: F853D99E
22:58:57:061 2224 DetectCureTDL3: IrpHandler (24) addr: 804FA87E
22:58:57:061 2224 DetectCureTDL3: IrpHandler (25) addr: 804FA87E
22:58:57:061 2224 DetectCureTDL3: IrpHandler (26) addr: 804FA87E
22:58:57:061 2224 TDL3_FileDetect: Processing driver: Disk
22:58:57:061 2224 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
22:58:57:061 2224 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
22:58:57:111 2224 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
22:58:57:111 2224
22:58:57:111 2224 DetectCureTDL3: DEVICE_OBJECT: 82F94C68
22:58:57:111 2224 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82F94C68
22:58:57:111 2224 KLMD_ReadMem: Trying to ReadMemory 0x82F94C68[0x38]
22:58:57:111 2224 DetectCureTDL3: DRIVER_OBJECT: 82F97240
22:58:57:111 2224 KLMD_ReadMem: Trying to ReadMemory 0x82F97240[0xA8]
22:58:57:111 2224 KLMD_ReadMem: Trying to ReadMemory 0xE101DEF0[0x18]
22:58:57:111 2224 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
22:58:57:111 2224 DetectCureTDL3: IrpHandler (0) addr: F853CBB0
22:58:57:111 2224 DetectCureTDL3: IrpHandler (1) addr: 804FA87E
22:58:57:111 2224 DetectCureTDL3: IrpHandler (2) addr: F853CBB0
22:58:57:111 2224 DetectCureTDL3: IrpHandler (3) addr: F8536D1F
22:58:57:111 2224 DetectCureTDL3: IrpHandler (4) addr: F8536D1F
22:58:57:111 2224 DetectCureTDL3: IrpHandler (5) addr: 804FA87E
22:58:57:111 2224 DetectCureTDL3: IrpHandler (6) addr: 804FA87E
22:58:57:111 2224 DetectCureTDL3: IrpHandler (7) addr: 804FA87E
22:58:57:111 2224 DetectCureTDL3: IrpHandler (8) addr: 804FA87E
22:58:57:111 2224 DetectCureTDL3: IrpHandler (9) addr: F85372E2
22:58:57:111 2224 DetectCureTDL3: IrpHandler (10) addr: 804FA87E
22:58:57:111 2224 DetectCureTDL3: IrpHandler (11) addr: 804FA87E
22:58:57:111 2224 DetectCureTDL3: IrpHandler (12) addr: 804FA87E
22:58:57:111 2224 DetectCureTDL3: IrpHandler (13) addr: 804FA87E
22:58:57:111 2224 DetectCureTDL3: IrpHandler (14) addr: F85373BB
22:58:57:111 2224 DetectCureTDL3: IrpHandler (15) addr: F853AF28
22:58:57:111 2224 DetectCureTDL3: IrpHandler (16) addr: F85372E2
22:58:57:111 2224 DetectCureTDL3: IrpHandler (17) addr: 804FA87E
22:58:57:111 2224 DetectCureTDL3: IrpHandler (18) addr: 804FA87E
22:58:57:111 2224 DetectCureTDL3: IrpHandler (19) addr: 804FA87E
22:58:57:111 2224 DetectCureTDL3: IrpHandler (20) addr: 804FA87E
22:58:57:111 2224 DetectCureTDL3: IrpHandler (21) addr: 804FA87E
22:58:57:111 2224 DetectCureTDL3: IrpHandler (22) addr: F8538C82
22:58:57:111 2224 DetectCureTDL3: IrpHandler (23) addr: F853D99E
22:58:57:111 2224 DetectCureTDL3: IrpHandler (24) addr: 804FA87E
22:58:57:111 2224 DetectCureTDL3: IrpHandler (25) addr: 804FA87E
22:58:57:111 2224 DetectCureTDL3: IrpHandler (26) addr: 804FA87E
22:58:57:111 2224 TDL3_FileDetect: Processing driver: Disk
22:58:57:111 2224 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
22:58:57:111 2224 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
22:58:57:171 2224 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
22:58:57:171 2224
22:58:57:171 2224 DetectCureTDL3: DEVICE_OBJECT: 82F95C68
22:58:57:171 2224 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82F95C68
22:58:57:171 2224 KLMD_ReadMem: Trying to ReadMemory 0x82F95C68[0x38]
22:58:57:171 2224 DetectCureTDL3: DRIVER_OBJECT: 82F97240
22:58:57:171 2224 KLMD_ReadMem: Trying to ReadMemory 0x82F97240[0xA8]
22:58:57:171 2224 KLMD_ReadMem: Trying to ReadMemory 0xE101DEF0[0x18]
22:58:57:171 2224 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
22:58:57:171 2224 DetectCureTDL3: IrpHandler (0) addr: F853CBB0
22:58:57:171 2224 DetectCureTDL3: IrpHandler (1) addr: 804FA87E
22:58:57:171 2224 DetectCureTDL3: IrpHandler (2) addr: F853CBB0
22:58:57:171 2224 DetectCureTDL3: IrpHandler (3) addr: F8536D1F
22:58:57:171 2224 DetectCureTDL3: IrpHandler (4) addr: F8536D1F
22:58:57:171 2224 DetectCureTDL3: IrpHandler (5) addr: 804FA87E
22:58:57:171 2224 DetectCureTDL3: IrpHandler (6) addr: 804FA87E
22:58:57:171 2224 DetectCureTDL3: IrpHandler (7) addr: 804FA87E
22:58:57:171 2224 DetectCureTDL3: IrpHandler (8) addr: 804FA87E
22:58:57:171 2224 DetectCureTDL3: IrpHandler (9) addr: F85372E2
22:58:57:171 2224 DetectCureTDL3: IrpHandler (10) addr: 804FA87E
22:58:57:171 2224 DetectCureTDL3: IrpHandler (11) addr: 804FA87E
22:58:57:171 2224 DetectCureTDL3: IrpHandler (12) addr: 804FA87E
22:58:57:171 2224 DetectCureTDL3: IrpHandler (13) addr: 804FA87E
22:58:57:171 2224 DetectCureTDL3: IrpHandler (14) addr: F85373BB
22:58:57:171 2224 DetectCureTDL3: IrpHandler (15) addr: F853AF28
22:58:57:171 2224 DetectCureTDL3: IrpHandler (16) addr: F85372E2
22:58:57:171 2224 DetectCureTDL3: IrpHandler (17) addr: 804FA87E
22:58:57:171 2224 DetectCureTDL3: IrpHandler (18) addr: 804FA87E
22:58:57:171 2224 DetectCureTDL3: IrpHandler (19) addr: 804FA87E
22:58:57:171 2224 DetectCureTDL3: IrpHandler (20) addr: 804FA87E
22:58:57:171 2224 DetectCureTDL3: IrpHandler (21) addr: 804FA87E
22:58:57:171 2224 DetectCureTDL3: IrpHandler (22) addr: F8538C82
22:58:57:171 2224 DetectCureTDL3: IrpHandler (23) addr: F853D99E
22:58:57:171 2224 DetectCureTDL3: IrpHandler (24) addr: 804FA87E
22:58:57:171 2224 DetectCureTDL3: IrpHandler (25) addr: 804FA87E
22:58:57:171 2224 DetectCureTDL3: IrpHandler (26) addr: 804FA87E
22:58:57:171 2224 TDL3_FileDetect: Processing driver: Disk
22:58:57:171 2224 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
22:58:57:171 2224 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
22:58:57:211 2224 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
22:58:57:211 2224
22:58:57:211 2224 DetectCureTDL3: DEVICE_OBJECT: 82F39AB8
22:58:57:211 2224 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82F39AB8
22:58:57:211 2224 DetectCureTDL3: DEVICE_OBJECT: 82F3ED98
22:58:57:211 2224 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82F3ED98
22:58:57:211 2224 KLMD_ReadMem: Trying to ReadMemory 0x82F3ED98[0x38]
22:58:57:211 2224 DetectCureTDL3: DRIVER_OBJECT: 82F3D428
22:58:57:211 2224 KLMD_ReadMem: Trying to ReadMemory 0x82F3D428[0xA8]
22:58:57:211 2224 KLMD_ReadMem: Trying to ReadMemory 0xE1015A98[0x1A]
22:58:57:211 2224 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
22:58:57:211 2224 DetectCureTDL3: IrpHandler (0) addr: F844B6F2
22:58:57:211 2224 DetectCureTDL3: IrpHandler (1) addr: 804FA87E
22:58:57:211 2224 DetectCureTDL3: IrpHandler (2) addr: F844B6F2
22:58:57:211 2224 DetectCureTDL3: IrpHandler (3) addr: 804FA87E
22:58:57:211 2224 DetectCureTDL3: IrpHandler (4) addr: 804FA87E
22:58:57:211 2224 DetectCureTDL3: IrpHandler (5) addr: 804FA87E
22:58:57:211 2224 DetectCureTDL3: IrpHandler (6) addr: 804FA87E
22:58:57:211 2224 DetectCureTDL3: IrpHandler (7) addr: 804FA87E
22:58:57:211 2224 DetectCureTDL3: IrpHandler (8) addr: 804FA87E
22:58:57:211 2224 DetectCureTDL3: IrpHandler (9) addr: 804FA87E
22:58:57:211 2224 DetectCureTDL3: IrpHandler (10) addr: 804FA87E
22:58:57:211 2224 DetectCureTDL3: IrpHandler (11) addr: 804FA87E
22:58:57:211 2224 DetectCureTDL3: IrpHandler (12) addr: 804FA87E
22:58:57:211 2224 DetectCureTDL3: IrpHandler (13) addr: 804FA87E
22:58:57:211 2224 DetectCureTDL3: IrpHandler (14) addr: F844B712
22:58:57:211 2224 DetectCureTDL3: IrpHandler (15) addr: F8447852
22:58:57:211 2224 DetectCureTDL3: IrpHandler (16) addr: 804FA87E
22:58:57:211 2224 DetectCureTDL3: IrpHandler (17) addr: 804FA87E
22:58:57:211 2224 DetectCureTDL3: IrpHandler (18) addr: 804FA87E
22:58:57:211 2224 DetectCureTDL3: IrpHandler (19) addr: 804FA87E
22:58:57:211 2224 DetectCureTDL3: IrpHandler (20) addr: 804FA87E
22:58:57:211 2224 DetectCureTDL3: IrpHandler (21) addr: 804FA87E
22:58:57:211 2224 DetectCureTDL3: IrpHandler (22) addr: F844B73C
22:58:57:211 2224 DetectCureTDL3: IrpHandler (23) addr: F8452336
22:58:57:211 2224 DetectCureTDL3: IrpHandler (24) addr: 804FA87E
22:58:57:211 2224 DetectCureTDL3: IrpHandler (25) addr: 804FA87E
22:58:57:211 2224 DetectCureTDL3: IrpHandler (26) addr: 804FA87E
22:58:57:211 2224 KLMD_ReadMem: Trying to ReadMemory 0xF8448864[0x400]
22:58:57:211 2224 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
22:58:57:211 2224 TDL3_FileDetect: Processing driver: atapi
22:58:57:211 2224 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
22:58:57:211 2224 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys
22:58:57:272 2224 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Clean
22:58:57:272 2224
22:58:57:272 2224 Completed
22:58:57:272 2224
22:58:57:272 2224 Results:
22:58:57:272 2224 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
22:58:57:272 2224 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
22:58:57:272 2224 File objects infected / cured / cured on reboot: 0 / 0 / 0
22:58:57:282 2224
22:58:57:282 2224 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
22:58:57:282 2224 UtilityDeinit: KLMD(ARK) unloaded successfully

#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:41 AM

Posted 10 February 2010 - 07:24 AM

Can I post a MBAM log from another computer for you to look at when we come to a conclusion with this one or would that be inappropriate and should be posted in a new post?

Only one computer per topic. It causes confusion when dealing with multiple systems so you need to start a new thread for that one.

Please perform a scan with Kaspersky Online Virus Scanner.
-- Requires free Java Runtime Environment (JRE) to be installed before scanning for malware as ActiveX is no longer being used.
-- This scan will not remove any detected file threats but it will show where they are located so they can be cleaned with other tools.[/i]
  • Vista users: need to right-click either the IE or FF Start Menu or Quick Launch Bar icons and select Run As Administrator) from the context menu.
  • Read the "Advantages - Requirements and Limitations" then press the Posted Image... button.
  • You will be prompted to install an application from Kaspersky. Click the Run button. It will start downloading and installing the scanner and virus definitions.
  • When the downloads have finished, you should see 'Database is updated. Ready to scan'. Click on the Posted Image... button.
  • Make sure these boxes are checked. By default, they should be. If not, please check them and click on the Posted Image... button afterwards:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
  • Click on My Computer under the Scan section. OK any warnings from your protection programs.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • Once the scan is complete (the 'status' will show complete), click on View Scan Report and any infected objects will be shown.
  • Click on Save Report As... and change the Files of type to Text file (.txt)
  • Name the file KAVScan_ddmmyy (day, month, year) before clicking on the Save button and save it to your Desktop.
  • Copy and paste (Ctrl+C) the saved scan results from that file in your next reply.
-- Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users