Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect Issue


  • This topic is locked This topic is locked
72 replies to this topic

#1 luv4mypc

luv4mypc

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:california
  • Local time:12:13 AM

Posted 12 May 2010 - 11:07 AM

AII topic link ~~boopme

http://www.bleepingcomputer.com/forums/top...ml#entry1754186


DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 12:10:21.85 on Mon 05/10/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.110 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
svchost.exe
C:Program FilesAVGAVG9avgchsvx.exe
C:Program FilesAVGAVG9avgrsx.exe
svchost.exe
C:WINDOWSExplorer.EXE
C:Program FilesLavasoftAd-Awareaawservice.exe
C:Program FilesAVGAVG9avgcsrvx.exe
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:Program FilesDigital Media Readershwiconem.exe
C:Program FilesLogitechVideoCameraAssistant.exe
C:WINDOWSsystem32ElkCtrl.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:WINDOWSsystem32LVCOMSX.EXE
C:PROGRA~1AVGAVG9avgtray.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesYahoo!Search ProtectionSearchProtection.exe
C:Program FilesQuickTimeqttask.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesHPDigital Imagingbinhpqtra08.exe
C:Documents and SettingsOwnerLocal SettingsApplication DataGoogleUpdate1.2.183.23GoogleCrashHandler.exe
C:WINDOWSsystem32spoolsv.exe
c:program filescommon fileslogitechlvmvfmLVPrcSrv.exe
C:Program FilesHPDigital ImagingbinhpqSTE08.exe
svchost.exe
C:Program FilesAVGAVG9avgwdsvc.exe
C:Program FilesJavajre6binjqs.exe
C:WINDOWSsystem32nvsvc32.exe
C:Program FilesAVGAVG9avgnsx.exe
C:Program FilesCommon FilesNew BoundaryPrismXLPRISMXL.SYS
C:WINDOWSsystem32svchost.exe -k imgsvc
C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe
C:Program FilesAVGAVG9avgemc.exe
C:Program FilesAVGAVG9avgcsrvx.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSsystem32wuauclt.exe
C:Documents and SettingsOwnerDesktopdds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:program filescommon filesadobeacrobatactivexAcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:program filesrealrealplayerrpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:program filesavgavg9avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:program filesyahoo!commonyiesrvc.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - c:program filespaypalpaypal plug-inOToolbar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:windowssystem32Shdocvw.dll
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:progra~1yahoo!messen~1YahooMessenger.exe" -quiet
uRun: [Google Update] "c:documents and settingsownerlocal settingsapplication datagoogleupdateGoogleUpdate.exe" /c
uRun: [Search Protection] c:program filesyahoo!search protectionSearchProtection.exe
mRun: [Recguard] c:windowssminstRECGUARD.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:windowssystem32NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:windowssystem32NvMcTray.dll,NvTaskbarInit
mRun: [NVMixerTray] "c:program filesnvidia corporationnvmixerNVMixerTray.exe"
mRun: [NeroFilterCheck] c:windowssystem32NeroCheck.exe
mRun: [RemoteControl] "c:program filescyberlinkpowerdvdPDVDServ.exe"
mRun: [SunKistEM] c:program filesdigital media readershwiconem.exe
mRun: [<NO NAME>]
mRun: [LogitechCameraAssistant] c:program fileslogitechvideoCameraAssistant.exe
mRun: [LogitechVideo[inspector]] c:program fileslogitechvideoInstallHelper.exe /inspect
mRun: [LogitechCameraService(E)] c:windowssystem32ElkCtrl.exe /automation
mRun: [HP Software Update] c:program fileshphp software updateHPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:program filesadobereader 9.0readerReader_sl.exe"
mRun: [LVCOMSX] c:windowssystem32LVCOMSX.EXE
mRun: [AVG9_TRAY] c:progra~1avgavg9avgtray.exe
mRun: [SunJavaUpdateSched] "c:program filesjavajre6binjusched.exe"
mRun: [YSearchProtection] "c:program filesyahoo!search protectionSearchProtection.exe"
mRun: [QuickTime Task] "c:program filesquicktimeqttask.exe" -atboottime
mRun: [Adobe ARM] "c:program filescommon filesadobearm1.0AdobeARM.exe"
StartupFolder: c:docume~1alluse~1startm~1programsstartuphpdigi~1.lnk - c:program fileshpdigital imagingbinhpqtra08.exe
StartupFolder: c:documents and settingsall usersstart menuprogramsstartuprun_startmenu.cmd
IE: &Search
IE: Add to Google Photos Screensa&ver - c:windowssystem32GPhotos.scr/200
IE: eBay Search - c:program filesebayebay toolbar2eBayTb.dll/RCSearch.html
IE: Google Sidewiki... - c:program filesgooglegoogle toolbarcomponentGoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:program filesyahoo!commonyiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:windowssystem32Shdocvw.dll
DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - hxxp://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} - hxxp://www.worldwinner.com/games/v54/zengems/zengems.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} - hxxp://www.worldwinner.com/games/v47/skillgam/skillgam.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://mypoints.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} - hxxp://www.worldwinner.com/games/v48/brickout/brickout.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:program filesyahoo!commonYinsthelper.dll
DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - hxxp://www.worldwinner.com/games/v50/pool/pool.cab
DPF: {360E40AA-EE8B-4101-BA67-0CAD3F7A48DD} - hxxp://www.luckynugget.co.uk/download_helper/Nyoko.cab
DPF: {3D3DBC64-0D21-4EA4-94EE-86D6D9B31C0C} -hxxp://www.worldwinner.com/games/v43/jigsaw/jigsaw.cab
DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} - hxxp://www.worldwinner.com/games/v47/solitairerush/solitairerush.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} - hxxp://www.worldwinner.com/games/v52/wwhearts/wwhearts.cab
DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - hxxp://www.worldwinner.com/games/v63/bjattack/bja.cab
DPF: {61900274-3323-4446-BDCD-91548D32AF1B} -


Boopme added their GMER log.. she had to email it to me
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-10 21:01:21
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:DOCUME~1OwnerLOCALS~1Tempkxtdypow.sys

---- Kernel code sections - GMER 1.0.15 ----
.rsrc C:WINDOWSsystem32driversmraid35x.sys entry point in ".rsrc" section [0xF772AD94]
init C:WINDOWSsystem32driversnvax.sys entry point in "init" section [0xF6875B8D]
init C:WINDOWSSystem32Driverssunkfilt39.sys entry point in "init" section [0xF2989360]
---- User code sections - GMER 1.0.15 ----
.text C:Program FilesInternet Exploreriexplore.exe[176] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D7000A
.text C:Program FilesInternet Exploreriexplore.exe[176] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D8000A
.text C:Program FilesInternet Exploreriexplore.exe[176] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00D6000C
.text C:Program FilesInternet Exploreriexplore.exe[176] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[176] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[176] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[176] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[176] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[176] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[176] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[176] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[176] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:WINDOWSSystem32svchost.exe[1032] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 0091000A
.text C:WINDOWSSystem32svchost.exe[1032] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84]
.text C:WINDOWSSystem32svchost.exe[1032] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0092000A
.text C:WINDOWSSystem32svchost.exe[1032] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0090000C
.text C:WINDOWSSystem32svchost.exe[1032] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 021E000A
.text C:WINDOWSSystem32svchost.exe[1032] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 021D000A
.text C:WINDOWSExplorer.EXE[1508] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B6000A
.text C:WINDOWSExplorer.EXE[1508] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BC000A
.text C:WINDOWSExplorer.EXE[1508] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B5000C
.text C:Program FilesInternet Exploreriexplore.exe[2260] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D7000A
.text C:Program FilesInternet Exploreriexplore.exe[2260] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D8000A
.text C:Program FilesInternet Exploreriexplore.exe[2260] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00D6000C
.text C:Program FilesInternet Exploreriexplore.exe[2260] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[2260] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A75 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[2260] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD101 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[2260] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[2260] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[2260] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[2260] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[2260] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[2260] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[2260] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[2260] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[2260] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[2260] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB20 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:Program FilesInternet Exploreriexplore.exe[2260] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4AA7 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice DriverTcpip DeviceIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice DriverTcpip DeviceTcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice DriverTcpip DeviceUdp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice DriverTcpip DeviceRawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice FileSystemFastfat Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device -> Driveratapi DeviceHarddisk0DR0 895A6EE4
---- Files - GMER 1.0.15 ----
File C:WINDOWSsystem32driversmraid35x.sys suspicious modification
File C:WINDOWSsystem32driversatapi.sys suspicious modification
---- EOF - GMER 1.0.15 ----

14:21:08:203 3264 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
14:21:08:203 3264 ================================================================================
14:21:08:203 3264 SystemInfo:

14:21:08:203 3264 OS Version: 5.1.2600 ServicePack: 3.0
14:21:08:203 3264 Product type: Workstation
14:21:08:203 3264 ComputerName: MYBABY
14:21:08:203 3264 UserName: Owner
14:21:08:203 3264 Windows directory: C:WINDOWS
14:21:08:203 3264 Processor architecture: Intel x86
14:21:08:203 3264 Number of processors: 1
14:21:08:203 3264 Page size: 0x1000
14:21:08:203 3264 Boot type: Normal boot
14:21:08:203 3264 ================================================================================
14:21:08:250 3264 UnloadDriverW: NtUnloadDriver error 2
14:21:08:250 3264 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
14:21:08:750 3264 wfopen_ex: Trying to open file C:WINDOWSsystem32configsystem
14:21:08:750 3264 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
14:21:08:750 3264 wfopen_ex: Trying to KLMD file open
14:21:08:750 3264 wfopen_ex: File opened ok (Flags 2)
14:21:08:750 3264 wfopen_ex: Trying to open file C:WINDOWSsystem32configsoftware
14:21:08:750 3264 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
14:21:08:750 3264 wfopen_ex: Trying to KLMD file open
14:21:08:750 3264 wfopen_ex: File opened ok (Flags 2)
14:21:08:750 3264 Initialize success
14:21:08:750 3264
14:21:08:750 3264 Scanning Services ...
14:21:10:312 3264 Raw services enum returned 363 services
14:21:10:390 3264
14:21:10:390 3264 Scanning Kernel memory ...
14:21:10:390 3264 Devices to scan: 11
14:21:10:390 3264
14:21:10:390 3264 Driver Name: Disk
14:21:10:390 3264 IRP_MJ_CREATE : F754DBB0
14:21:10:390 3264 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
14:21:10:390 3264 IRP_MJ_CLOSE : F754DBB0
14:21:10:390 3264 IRP_MJ_READ : F7547D1F
14:21:10:390 3264 IRP_MJ_WRITE : F7547D1F
14:21:10:390 3264 IRP_MJ_QUERY_INFORMATION : 804FA88E
14:21:10:390 3264 IRP_MJ_SET_INFORMATION : 804FA88E
14:21:10:390 3264 IRP_MJ_QUERY_EA : 804FA88E
14:21:10:390 3264 IRP_MJ_SET_EA : 804FA88E
14:21:10:390 3264 IRP_MJ_FLUSH_BUFFERS : F75482E2
14:21:10:390 3264 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
14:21:10:390 3264 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
14:21:10:390 3264 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
14:21:10:390 3264 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
14:21:10:390 3264 IRP_MJ_DEVICE_CONTROL : F75483BB
14:21:10:390 3264 IRP_MJ_INTERNAL_DEVICE_CONTROL : F754BF28
14:21:10:390 3264 IRP_MJ_SHUTDOWN : F75482E2
14:21:10:390 3264 IRP_MJ_LOCK_CONTROL : 804FA88E
14:21:10:390 3264 IRP_MJ_CLEANUP : 804FA88E
14:21:10:390 3264 IRP_MJ_CREATE_MAILSLOT : 804FA88E
14:21:10:390 3264 IRP_MJ_QUERY_SECURITY : 804FA88E
14:21:10:390 3264 IRP_MJ_SET_SECURITY : 804FA88E
14:21:10:390 3264 IRP_MJ_POWER : F7549C82
14:21:10:390 3264 IRP_MJ_SYSTEM_CONTROL : F754E99E
14:21:10:390 3264 IRP_MJ_DEVICE_CHANGE : 804FA88E
14:21:10:390 3264 IRP_MJ_QUERY_QUOTA : 804FA88E
14:21:10:390 3264 IRP_MJ_SET_QUOTA : 804FA88E
14:21:10:437 3264 C:WINDOWSsystem32DRIVERSdisk.sys - Verdict: 1
14:21:10:437 3264
14:21:10:437 3264 Driver Name: Disk
14:21:10:437 3264 IRP_MJ_CREATE : F754DBB0
14:21:10:437 3264 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
14:21:10:437 3264 IRP_MJ_CLOSE : F754DBB0
14:21:10:437 3264 IRP_MJ_READ : F7547D1F
14:21:10:437 3264 IRP_MJ_WRITE : F7547D1F
14:21:10:437 3264 IRP_MJ_QUERY_INFORMATION : 804FA88E
14:21:10:437 3264 IRP_MJ_SET_INFORMATION : 804FA88E
14:21:10:437 3264 IRP_MJ_QUERY_EA : 804FA88E
14:21:10:437 3264 IRP_MJ_SET_EA : 804FA88E
14:21:10:437 3264 IRP_MJ_FLUSH_BUFFERS : F75482E2
14:21:10:437 3264 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
14:21:10:437 3264 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
14:21:10:437 3264 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
14:21:10:437 3264 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
14:21:10:437 3264 IRP_MJ_DEVICE_CONTROL : F75483BB
14:21:10:437 3264 IRP_MJ_INTERNAL_DEVICE_CONTROL : F754BF28
14:21:10:437 3264 IRP_MJ_SHUTDOWN : F75482E2
14:21:10:437 3264 IRP_MJ_LOCK_CONTROL : 804FA88E
14:21:10:437 3264 IRP_MJ_CLEANUP : 804FA88E
14:21:10:437 3264 IRP_MJ_CREATE_MAILSLOT : 804FA88E
14:21:10:437 3264 IRP_MJ_QUERY_SECURITY : 804FA88E
14:21:10:437 3264 IRP_MJ_SET_SECURITY : 804FA88E
14:21:10:437 3264 IRP_MJ_POWER : F7549C82
14:21:10:437 3264 IRP_MJ_SYSTEM_CONTROL : F754E99E
14:21:10:437 3264 IRP_MJ_DEVICE_CHANGE : 804FA88E
14:21:10:437 3264 IRP_MJ_QUERY_QUOTA : 804FA88E
14:21:10:437 3264 IRP_MJ_SET_QUOTA : 804FA88E
14:21:10:468 3264 C:WINDOWSsystem32DRIVERSdisk.sys - Verdict: 1
14:21:10:468 3264
14:21:10:468 3264 Driver Name: Disk
14:21:10:468 3264 IRP_MJ_CREATE : F754DBB0
14:21:10:468 3264 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
14:21:10:468 3264 IRP_MJ_CLOSE : F754DBB0
14:21:10:468 3264 IRP_MJ_READ : F7547D1F
14:21:10:468 3264 IRP_MJ_WRITE : F7547D1F
14:21:10:468 3264 IRP_MJ_QUERY_INFORMATION : 804FA88E
14:21:10:468 3264 IRP_MJ_SET_INFORMATION : 804FA88E
14:21:10:468 3264 IRP_MJ_QUERY_EA : 804FA88E
14:21:10:468 3264 IRP_MJ_SET_EA : 804FA88E
14:21:10:468 3264 IRP_MJ_FLUSH_BUFFERS : F75482E2
14:21:10:468 3264 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
14:21:10:468 3264 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
14:21:10:468 3264 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
14:21:10:468 3264 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
14:21:10:468 3264 IRP_MJ_DEVICE_CONTROL : F75483BB
14:21:10:468 3264 IRP_MJ_INTERNAL_DEVICE_CONTROL : F754BF28
14:21:10:468 3264 IRP_MJ_SHUTDOWN : F75482E2
14:21:10:468 3264 IRP_MJ_LOCK_CONTROL : 804FA88E
14:21:10:468 3264 IRP_MJ_CLEANUP : 804FA88E
14:21:10:468 3264 IRP_MJ_CREATE_MAILSLOT : 804FA88E
14:21:10:468 3264 IRP_MJ_QUERY_SECURITY : 804FA88E
14:21:10:468 3264 IRP_MJ_SET_SECURITY : 804FA88E
14:21:10:468 3264 IRP_MJ_POWER : F7549C82
14:21:10:468 3264 IRP_MJ_SYSTEM_CONTROL : F754E99E
14:21:10:468 3264 IRP_MJ_DEVICE_CHANGE : 804FA88E
14:21:10:468 3264 IRP_MJ_QUERY_QUOTA : 804FA88E
14:21:10:468 3264 IRP_MJ_SET_QUOTA : 804FA88E
14:21:10:468 3264 C:WINDOWSsystem32DRIVERSdisk.sys - Verdict: 1
14:21:10:468 3264
14:21:10:468 3264 Driver Name: Disk
14:21:10:468 3264 IRP_MJ_CREATE : F754DBB0
14:21:10:468 3264 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
14:21:10:468 3264 IRP_MJ_CLOSE : F754DBB0
14:21:10:468 3264 IRP_MJ_READ : F7547D1F
14:21:10:468 3264 IRP_MJ_WRITE : F7547D1F
14:21:10:468 3264 IRP_MJ_QUERY_INFORMATION : 804FA88E
14:21:10:468 3264 IRP_MJ_SET_INFORMATION : 804FA88E
14:21:10:468 3264 IRP_MJ_QUERY_EA : 804FA88E
14:21:10:468 3264 IRP_MJ_SET_EA : 804FA88E
14:21:10:468 3264 IRP_MJ_FLUSH_BUFFERS : F75482E2
14:21:10:468 3264 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
14:21:10:468 3264 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
14:21:10:468 3264 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
14:21:10:468 3264 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
14:21:10:468 3264 IRP_MJ_DEVICE_CONTROL : F75483BB
14:21:10:468 3264 IRP_MJ_INTERNAL_DEVICE_CONTROL : F754BF28
14:21:10:468 3264 IRP_MJ_SHUTDOWN : F75482E2
14:21:10:468 3264 IRP_MJ_LOCK_CONTROL : 804FA88E
14:21:10:468 3264 IRP_MJ_CLEANUP : 804FA88E
14:21:10:468 3264 IRP_MJ_CREATE_MAILSLOT : 804FA88E
14:21:10:468 3264 IRP_MJ_QUERY_SECURITY : 804FA88E
14:21:10:468 3264 IRP_MJ_SET_SECURITY : 804FA88E
14:21:10:468 3264 IRP_MJ_POWER : F7549C82
14:21:10:468 3264 IRP_MJ_SYSTEM_CONTROL : F754E99E
14:21:10:468 3264 IRP_MJ_DEVICE_CHANGE : 804FA88E
14:21:10:468 3264 IRP_MJ_QUERY_QUOTA : 804FA88E
14:21:10:468 3264 IRP_MJ_SET_QUOTA : 804FA88E
14:21:10:500 3264 C:WINDOWSsystem32DRIVERSdisk.sys - Verdict: 1
14:21:10:500 3264
14:21:10:500 3264 Driver Name: USBSTOR
14:21:10:500 3264 IRP_MJ_CREATE : F0CDA218
14:21:10:500 3264 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
14:21:10:500 3264 IRP_MJ_CLOSE : F0CDA218
14:21:10:500 3264 IRP_MJ_READ : F0CDA23C
14:21:10:500 3264 IRP_MJ_WRITE : F0CDA23C
14:21:10:500 3264 IRP_MJ_QUERY_INFORMATION : 804FA88E
14:21:10:500 3264 IRP_MJ_SET_INFORMATION : 804FA88E
14:21:10:500 3264 IRP_MJ_QUERY_EA : 804FA88E
14:21:10:500 3264 IRP_MJ_SET_EA : 804FA88E
14:21:10:500 3264 IRP_MJ_FLUSH_BUFFERS : 804FA88E
14:21:10:500 3264 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
14:21:10:500 3264 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
14:21:10:500 3264 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
14:21:10:500 3264 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
14:21:10:500 3264 IRP_MJ_DEVICE_CONTROL : F0CDA180
14:21:10:500 3264 IRP_MJ_INTERNAL_DEVICE_CONTROL : F0CD59E6
14:21:10:500 3264 IRP_MJ_SHUTDOWN : 804FA88E
14:21:10:500 3264 IRP_MJ_LOCK_CONTROL : 804FA88E
14:21:10:500 3264 IRP_MJ_CLEANUP : 804FA88E
14:21:10:500 3264 IRP_MJ_CREATE_MAILSLOT : 804FA88E
14:21:10:500 3264 IRP_MJ_QUERY_SECURITY : 804FA88E
14:21:10:500 3264 IRP_MJ_SET_SECURITY : 804FA88E
14:21:10:500 3264 IRP_MJ_POWER : F0CD95F0
14:21:10:500 3264 IRP_MJ_SYSTEM_CONTROL : F0CD7A6E
14:21:10:500 3264 IRP_MJ_DEVICE_CHANGE : 804FA88E
14:21:10:500 3264 IRP_MJ_QUERY_QUOTA : 804FA88E
14:21:10:500 3264 IRP_MJ_SET_QUOTA : 804FA88E
14:21:10:562 3264 C:WINDOWSsystem32DRIVERSUSBSTOR.SYS - Verdict: 1
14:21:10:562 3264
14:21:10:562 3264 Driver Name: USBSTOR
14:21:10:562 3264 IRP_MJ_CREATE : F0CDA218
14:21:10:562 3264 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
14:21:10:562 3264 IRP_MJ_CLOSE : F0CDA218
14:21:10:562 3264 IRP_MJ_READ : F0CDA23C
14:21:10:562 3264 IRP_MJ_WRITE : F0CDA23C
14:21:10:562 3264 IRP_MJ_QUERY_INFORMATION : 804FA88E
14:21:10:562 3264 IRP_MJ_SET_INFORMATION : 804FA88E
14:21:10:562 3264 IRP_MJ_QUERY_EA : 804FA88E
14:21:10:562 3264 IRP_MJ_SET_EA : 804FA88E
14:21:10:562 3264 IRP_MJ_FLUSH_BUFFERS : 804FA88E
14:21:10:562 3264 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
14:21:10:562 3264 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
14:21:10:562 3264 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
14:21:10:562 3264 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
14:21:10:562 3264 IRP_MJ_DEVICE_CONTROL : F0CDA180
14:21:10:562 3264 IRP_MJ_INTERNAL_DEVICE_CONTROL : F0CD59E6
14:21:10:562 3264 IRP_MJ_SHUTDOWN : 804FA88E
14:21:10:562 3264 IRP_MJ_LOCK_CONTROL : 804FA88E
14:21:10:562 3264 IRP_MJ_CLEANUP : 804FA88E
14:21:10:562 3264 IRP_MJ_CREATE_MAILSLOT : 804FA88E
14:21:10:562 3264 IRP_MJ_QUERY_SECURITY : 804FA88E
14:21:10:562 3264 IRP_MJ_SET_SECURITY : 804FA88E
14:21:10:562 3264 IRP_MJ_POWER : F0CD95F0
14:21:10:562 3264 IRP_MJ_SYSTEM_CONTROL : F0CD7A6E
14:21:10:562 3264 IRP_MJ_DEVICE_CHANGE : 804FA88E
14:21:10:562 3264 IRP_MJ_QUERY_QUOTA : 804FA88E
14:21:10:562 3264 IRP_MJ_SET_QUOTA : 804FA88E
14:21:10:578 3264 C:WINDOWSsystem32DRIVERSUSBSTOR.SYS - Verdict: 1
14:21:10:578 3264
14:21:10:578 3264 Driver Name: USBSTOR
14:21:10:578 3264 IRP_MJ_CREATE : F0CDA218
14:21:10:578 3264 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
14:21:10:578 3264 IRP_MJ_CLOSE : F0CDA218
14:21:10:578 3264 IRP_MJ_READ : F0CDA23C
14:21:10:578 3264 IRP_MJ_WRITE : F0CDA23C
14:21:10:578 3264 IRP_MJ_QUERY_INFORMATION : 804FA88E
14:21:10:578 3264 IRP_MJ_SET_INFORMATION : 804FA88E
14:21:10:578 3264 IRP_MJ_QUERY_EA : 804FA88E
14:21:10:578 3264 IRP_MJ_SET_EA : 804FA88E
14:21:10:578 3264 IRP_MJ_FLUSH_BUFFERS : 804FA88E
14:21:10:578 3264 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
14:21:10:578 3264 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
14:21:10:578 3264 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
14:21:10:578 3264 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
14:21:10:578 3264 IRP_MJ_DEVICE_CONTROL : F0CDA180
14:21:10:578 3264 IRP_MJ_INTERNAL_DEVICE_CONTROL : F0CD59E6
14:21:10:578 3264 IRP_MJ_SHUTDOWN : 804FA88E
14:21:10:578 3264 IRP_MJ_LOCK_CONTROL : 804FA88E
14:21:10:578 3264 IRP_MJ_CLEANUP : 804FA88E
14:21:10:578 3264 IRP_MJ_CREATE_MAILSLOT : 804FA88E
14:21:10:578 3264 IRP_MJ_QUERY_SECURITY : 804FA88E
14:21:10:578 3264 IRP_MJ_SET_SECURITY : 804FA88E
14:21:10:578 3264 IRP_MJ_POWER : F0CD95F0
14:21:10:578 3264 IRP_MJ_SYSTEM_CONTROL : F0CD7A6E
14:21:10:578 3264 IRP_MJ_DEVICE_CHANGE : 804FA88E
14:21:10:578 3264 IRP_MJ_QUERY_QUOTA : 804FA88E
14:21:10:578 3264 IRP_MJ_SET_QUOTA : 804FA88E
14:21:10:578 3264 C:WINDOWSsystem32DRIVERSUSBSTOR.SYS - Verdict: 1
14:21:10:578 3264
14:21:10:578 3264 Driver Name: USBSTOR
14:21:10:578 3264 IRP_MJ_CREATE : F0CDA218
14:21:10:578 3264 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
14:21:10:578 3264 IRP_MJ_CLOSE : F0CDA218
14:21:10:578 3264 IRP_MJ_READ : F0CDA23C
14:21:10:578 3264 IRP_MJ_WRITE : F0CDA23C
14:21:10:578 3264 IRP_MJ_QUERY_INFORMATION : 804FA88E
14:21:10:578 3264 IRP_MJ_SET_INFORMATION : 804FA88E
14:21:10:578 3264 IRP_MJ_QUERY_EA : 804FA88E
14:21:10:578 3264 IRP_MJ_SET_EA : 804FA88E
14:21:10:578 3264 IRP_MJ_FLUSH_BUFFERS : 804FA88E
14:21:10:578 3264 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
14:21:10:578 3264 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
14:21:10:578 3264 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
14:21:10:578 3264 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
14:21:10:578 3264 IRP_MJ_DEVICE_CONTROL : F0CDA180
14:21:10:578 3264 IRP_MJ_INTERNAL_DEVICE_CONTROL : F0CD59E6
14:21:10:578 3264 IRP_MJ_SHUTDOWN : 804FA88E
14:21:10:578 3264 IRP_MJ_LOCK_CONTROL : 804FA88E
14:21:10:578 3264 IRP_MJ_CLEANUP : 804FA88E
14:21:10:578 3264 IRP_MJ_CREATE_MAILSLOT : 804FA88E
14:21:10:578 3264 IRP_MJ_QUERY_SECURITY : 804FA88E
14:21:10:578 3264 IRP_MJ_SET_SECURITY : 804FA88E
14:21:10:578 3264 IRP_MJ_POWER : F0CD95F0
14:21:10:578 3264 IRP_MJ_SYSTEM_CONTROL : F0CD7A6E
14:21:10:578 3264 IRP_MJ_DEVICE_CHANGE : 804FA88E
14:21:10:578 3264 IRP_MJ_QUERY_QUOTA : 804FA88E
14:21:10:578 3264 IRP_MJ_SET_QUOTA : 804FA88E
14:21:10:578 3264 C:WINDOWSsystem32DRIVERSUSBSTOR.SYS - Verdict: 1
14:21:10:578 3264
14:21:10:578 3264 Driver Name: Disk
14:21:10:578 3264 IRP_MJ_CREATE : F754DBB0
14:21:10:578 3264 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
14:21:10:578 3264 IRP_MJ_CLOSE : F754DBB0
14:21:10:578 3264 IRP_MJ_READ : F7547D1F
14:21:10:578 3264 IRP_MJ_WRITE : F7547D1F
14:21:10:578 3264 IRP_MJ_QUERY_INFORMATION : 804FA88E
14:21:10:578 3264 IRP_MJ_SET_INFORMATION : 804FA88E
14:21:10:578 3264 IRP_MJ_QUERY_EA : 804FA88E
14:21:10:578 3264 IRP_MJ_SET_EA : 804FA88E
14:21:10:578 3264 IRP_MJ_FLUSH_BUFFERS : F75482E2
14:21:10:578 3264 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
14:21:10:578 3264 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
14:21:10:578 3264 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
14:21:10:578 3264 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
14:21:10:578 3264 IRP_MJ_DEVICE_CONTROL : F75483BB
14:21:10:578 3264 IRP_MJ_INTERNAL_DEVICE_CONTROL : F754BF28
14:21:10:578 3264 IRP_MJ_SHUTDOWN : F75482E2
14:21:10:578 3264 IRP_MJ_LOCK_CONTROL : 804FA88E
14:21:10:578 3264 IRP_MJ_CLEANUP : 804FA88E
14:21:10:578 3264 IRP_MJ_CREATE_MAILSLOT : 804FA88E
14:21:10:578 3264 IRP_MJ_QUERY_SECURITY : 804FA88E
14:21:10:578 3264 IRP_MJ_SET_SECURITY : 804FA88E
14:21:10:578 3264 IRP_MJ_POWER : F7549C82
14:21:10:578 3264 IRP_MJ_SYSTEM_CONTROL : F754E99E
14:21:10:578 3264 IRP_MJ_DEVICE_CHANGE : 804FA88E
14:21:10:578 3264 IRP_MJ_QUERY_QUOTA : 804FA88E
14:21:10:578 3264 IRP_MJ_SET_QUOTA : 804FA88E
14:21:10:578 3264 C:WINDOWSsystem32DRIVERSdisk.sys - Verdict: 1
14:21:10:578 3264
14:21:10:578 3264 Driver Name: Disk
14:21:10:578 3264 IRP_MJ_CREATE : F754DBB0
14:21:10:578 3264 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
14:21:10:578 3264 IRP_MJ_CLOSE : F754DBB0
14:21:10:578 3264 IRP_MJ_READ : F7547D1F
14:21:10:578 3264 IRP_MJ_WRITE : F7547D1F
14:21:10:578 3264 IRP_MJ_QUERY_INFORMATION : 804FA88E
14:21:10:578 3264 IRP_MJ_SET_INFORMATION : 804FA88E
14:21:10:578 3264 IRP_MJ_QUERY_EA : 804FA88E
14:21:10:578 3264 IRP_MJ_SET_EA : 804FA88E
14:21:10:578 3264 IRP_MJ_FLUSH_BUFFERS : F75482E2
14:21:10:578 3264 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
14:21:10:578 3264 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
14:21:10:578 3264 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
14:21:10:578 3264 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
14:21:10:578 3264 IRP_MJ_DEVICE_CONTROL : F75483BB
14:21:10:578 3264 IRP_MJ_INTERNAL_DEVICE_CONTROL : F754BF28
14:21:10:578 3264 IRP_MJ_SHUTDOWN : F75482E2
14:21:10:578 3264 IRP_MJ_LOCK_CONTROL : 804FA88E
14:21:10:578 3264 IRP_MJ_CLEANUP : 804FA88E
14:21:10:578 3264 IRP_MJ_CREATE_MAILSLOT : 804FA88E
14:21:10:578 3264 IRP_MJ_QUERY_SECURITY : 804FA88E
14:21:10:578 3264 IRP_MJ_SET_SECURITY : 804FA88E
14:21:10:578 3264 IRP_MJ_POWER : F7549C82
14:21:10:578 3264 IRP_MJ_SYSTEM_CONTROL : F754E99E
14:21:10:578 3264 IRP_MJ_DEVICE_CHANGE : 804FA88E
14:21:10:578 3264 IRP_MJ_QUERY_QUOTA : 804FA88E
14:21:10:578 3264 IRP_MJ_SET_QUOTA : 804FA88E
14:21:10:578 3264 C:WINDOWSsystem32DRIVERSdisk.sys - Verdict: 1
14:21:10:578 3264
14:21:10:578 3264 Driver Name: atapi
14:21:10:578 3264 IRP_MJ_CREATE : 895A6EE4
14:21:10:578 3264 IRP_MJ_CREATE_NAMED_PIPE : 895A6EE4
14:21:10:578 3264 IRP_MJ_CLOSE : 895A6EE4
14:21:10:578 3264 IRP_MJ_READ : 895A6EE4
14:21:10:578 3264 IRP_MJ_WRITE : 895A6EE4
14:21:10:578 3264 IRP_MJ_QUERY_INFORMATION : 895A6EE4
14:21:10:578 3264 IRP_MJ_SET_INFORMATION : 895A6EE4
14:21:10:578 3264 IRP_MJ_QUERY_EA : 895A6EE4
14:21:10:578 3264 IRP_MJ_SET_EA : 895A6EE4
14:21:10:578 3264 IRP_MJ_FLUSH_BUFFERS : 895A6EE4
14:21:10:578 3264 IRP_MJ_QUERY_VOLUME_INFORMATION : 895A6EE4
14:21:10:578 3264 IRP_MJ_SET_VOLUME_INFORMATION : 895A6EE4
14:21:10:578 3264 IRP_MJ_DIRECTORY_CONTROL : 895A6EE4
14:21:10:578 3264 IRP_MJ_FILE_SYSTEM_CONTROL : 895A6EE4
14:21:10:578 3264 IRP_MJ_DEVICE_CONTROL : 895A6EE4
14:21:10:578 3264 IRP_MJ_INTERNAL_DEVICE_CONTROL : 895A6EE4
14:21:10:578 3264 IRP_MJ_SHUTDOWN : 895A6EE4
14:21:10:578 3264 IRP_MJ_LOCK_CONTROL : 895A6EE4
14:21:10:578 3264 IRP_MJ_CLEANUP : 895A6EE4
14:21:10:578 3264 IRP_MJ_CREATE_MAILSLOT : 895A6EE4
14:21:10:578 3264 IRP_MJ_QUERY_SECURITY : 895A6EE4
14:21:10:578 3264 IRP_MJ_SET_SECURITY : 895A6EE4
14:21:10:578 3264 IRP_MJ_POWER : 895A6EE4
14:21:10:578 3264 IRP_MJ_SYSTEM_CONTROL : 895A6EE4
14:21:10:578 3264 IRP_MJ_DEVICE_CHANGE : 895A6EE4
14:21:10:578 3264 IRP_MJ_QUERY_QUOTA : 895A6EE4
14:21:10:578 3264 IRP_MJ_SET_QUOTA : 895A6EE4
14:21:10:578 3264 Driver "atapi" infected by TDSS rootkit!
14:21:10:625 3264 C:WINDOWSsystem32DRIVERSatapi.sys - Verdict: 1
14:21:10:625 3264 File "C:WINDOWSsystem32DRIVERSatapi.sys" infected by TDSS rootkit ... 14:21:10:625 3264 Processing driver file: C:WINDOWSsystem32DRIVERSatapi.sys
14:21:10:625 3264 ProcessDirEnumEx: FindFirstFile(C:WINDOWSsystem32DriverStoreFileRepository*) error 3
14:21:10:812 3264 vfvi6
14:21:11:046 3264 !dsvbh1
14:21:13:125 3264 dsvbh2
14:21:13:140 3264 fdfb2
14:21:13:140 3264 Backup copy found, using it..
14:21:13:203 3264 will be cured on next reboot
14:21:13:203 3264 Reboot required for cure complete..
14:21:13:203 3264 Cure on reboot scheduled successfully
14:21:13:203 3264
14:21:13:203 3264 Completed
14:21:13:203 3264
14:21:13:203 3264 Results:
14:21:13:203 3264 Memory objects infected / cured / cured on reboot: 1 / 0 / 0
14:21:13:203 3264 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
14:21:13:203 3264 File objects infected / cured / cured on reboot: 1 / 0 / 1
14:21:13:203 3264
14:21:13:203 3264 fclose_ex: Trying to close file C:WINDOWSsystem32configsystem
14:21:13:203 3264 fclose_ex: Trying to close file C:WINDOWSsystem32configsoftware
14:21:13:218 3264 UnloadDriverW: NtUnloadDriver error 1
14:21:13:218 3264 KLMD(ARK) unloaded successfully

smile.gif Finally...I got it posted !

ADDED GMER LOG ~~boopme
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-10 21:01:21
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kxtdypow.sys

---- Kernel code sections - GMER 1.0.15 ----
.rsrc C:\WINDOWS\system32\drivers\mraid35x.sys entry point in ".rsrc" section [0xF772AD94]
init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xF6875B8D]
init C:\WINDOWS\System32\Drivers\sunkfilt39.sys entry point in "init" section [0xF2989360]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[176] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D7000A
.text C:\Program Files\Internet Explorer\iexplore.exe[176] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D8000A
.text C:\Program Files\Internet Explorer\iexplore.exe[176] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00D6000C
.text C:\Program Files\Internet Explorer\iexplore.exe[176] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[176] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[176] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[176] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[176] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[176] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[176] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[176] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[176] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\System32\svchost.exe[1032] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 0091000A
.text C:\WINDOWS\System32\svchost.exe[1032] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[1032] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0092000A
.text C:\WINDOWS\System32\svchost.exe[1032] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0090000C
.text C:\WINDOWS\System32\svchost.exe[1032] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 021E000A
.text C:\WINDOWS\System32\svchost.exe[1032] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 021D000A
.text C:\WINDOWS\Explorer.EXE[1508] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B6000A
.text C:\WINDOWS\Explorer.EXE[1508] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BC000A
.text C:\WINDOWS\Explorer.EXE[1508] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B5000C
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D7000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D8000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00D6000C
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD101 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB20 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4AA7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device -> \Driver\atapi \Device\Harddisk0\DR0 895A6EE4
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\system32\drivers\mraid35x.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification
---- EOF - GMER 1.0.15 ----

Merged posts. ~ OB

Edited by boopme, 12 May 2010 - 07:36 PM.


BC AdBot (Login to Remove)

 


#2 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:12:13 PM

Posted 13 May 2010 - 03:29 AM

Hello, luv4mypc.
My name is aommaster and I will be helping you with your log.


If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.

Thanks

Should you still require assistance, please take note of the points below:
  • Please track this topic by either adding it to your favourites or clicking the Options button at the top of this thread and then Track this topic.
  • Please disable word-wrap before posting logs. This can be done by clicking Format and un-ticking the word-wrap feature in notepad.
  • The logs that you post should be copied and pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • If you do not reply within 5 days, I will have to close your topic. Should you not be able to meet this, please notify me so that I will leave the topic open.
  • Please do not install, update, or run any programs for the duration of the fix.
  • If you do not understand the instructions I provide, please don't hesitate to ask. That's what I'm here for smile.gif
  • Please continue to reply to this topic until I give you the all clean. Just because there are no symptoms of infection doesn't mean that the computer is clean.
  • If you are running Vista, please run all the fixes as an administrator. This is done by right-clicking the program and clicking "Run as Administrator".

Please do the following so I can take a look at the current state of your system.

We need to run RSIT
  1. Download random's system information tool (RSIT) by random/random and save it to your desktop.
  2. Double click on RSIT.exe.
  3. Click Continue at the disclaimer screen.
  4. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

NEXT:
(This step may produce a blank log. Let me know if that is the case)
We need to run a GMER scan
  1. Download GMER and save to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  2. Close all other open programs as there is a slight chance your computer will crash.
  3. Double click the GMER program. Your security programs may detect GMER's driver trying to load. Allow it.
  4. You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  5. Make sure all options are checked except:
    • IAT/EAT
    • Drives/Partition other than Systemdrive, which is typically C:\
    • Show All (This is important, so do not miss it.)
    Note: If GMER crashes or hangs, please retry running a scan. Only this time, in addition to the options mentioned above, uncheck Devices as well.
  6. When the scan is complete, click Save and save the log onto your desktop.

In your next reply, please include the following:
  • Log.txt
  • info.txt
  • gmer.log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#3 luv4mypc

luv4mypc
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:california
  • Local time:12:13 AM

Posted 13 May 2010 - 11:08 AM

Hello aommaster, Thank you for your Help.
First i have a Question to ask you. I was previously asked to download and run Several scans And also DEFOGGER . when I was reading the instructions for defogger it was to Disable CD Emulator I believe it was.
It said that after the scan I would be told to re enable again...I was looking through my previous post of instructions and the defogger instructions are GONE. Don't I need to re enable the CD Emulator?? Also since running all the scans, SuperAntispyware,Malwarebytes,ATF cleaner,Gmer,Defogger,TFC,OTL, and TDSSKiller my system has gotten WORSE ! This morning I am having more Popups , and the redirect problem is unbarable.
Thanks ,
Liane

#4 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:12:13 PM

Posted 13 May 2010 - 01:16 PM

Hi!

Defogger is a program that disables CD emulation drivers and makes logs (espeically GMER logs) not even faster to produce but clearer to read. So if you have disabled the CD emulation drivers, then leave them that way. If not, please run defogger one more time and disable those drivers.

Once we have a look at the logs, we'll see what's going on with your PC smile.gif

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#5 luv4mypc

luv4mypc
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:california
  • Local time:12:13 AM

Posted 13 May 2010 - 01:54 PM

Well I can NOT POST AGAIN !!! I got the reports ( RSIT ) tried to copy paste them here I unchecked the word wrap in notepad before I ran the scan, after I pasted them here I clicked Add Rely and it went straight to Internet Explorer can not display ...I tried several times. What do i do Now?

#6 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:12:13 PM

Posted 13 May 2010 - 02:08 PM

Two options:
1. If you have another PC, you can transfer the files across to that one and post from there
2. You could try attaching the logs to your reply, and I can edit them in myself

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#7 luv4mypc

luv4mypc
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:california
  • Local time:12:13 AM

Posted 13 May 2010 - 02:31 PM

I do not have another computer and I tried uploading which does not work either. Somthing had to happen during all the scans for me not to be able to paste and then post..I can type something and it posts just fine.
I emailed the reports to boopme yesterday but he got a security warning except for one file. then he had me run the TDSSKiller and i was able to make a copy and paste here. so should I run that again?

#8 luv4mypc

luv4mypc
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:california
  • Local time:12:13 AM

Posted 13 May 2010 - 02:40 PM

Info File attached

info.txt logfile of random's system information tool 1.06 2010-05-13 11:40:49

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
Adobe Reader 8.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Reader 9.3.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
All Jackpots-->C:\MicroGaming\Casino\AllJackpots\install.exe -uninstall
Art Explosion Scrapbook Factory Deluxe-->MsiExec.exe /X{E432C362-6A71-4E8A-A68A-AE5246520656}
AVG Anti-Rootkit Free-->C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
Big Dollar Casino-->C:\MicroGaming\Casino\BigDollar\install.exe -uninstall
Cashmill Bingo-->C:\Program Files\Common Files\CA Shared\BIUninstML.exe /C:\Program Files\Cashmill Bingo\Support\InstallerCashmill.dll
Casino Classic-->C:\MicroGaming\Casino\CasinoClassic\install.exe -uninstall
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Digital Media Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
Google Earth-->MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
Google Photos Screensaver-->MsiExec.exe /X{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}
Grand Hotel Casino-->C:\MicroGaming\Casino\GrandHotel\install.exe -uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
HP Customer Participation Program 7.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
Jackpot City Online Casino-->C:\MicroGaming\Casino\JackpotCity\install.exe -uninstall
Java 2 Runtime Environment, SE v1.4.2-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Java™ 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire 5.3.6-->"C:\Program Files\LimeWire\uninstall.exe"
Logitech QuickCam Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C191BE7C-8542-4A61-973A-714EF76C5995}\setup.exe" -l0x9
Logitech® Camera Driver-->"C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Lucky Emperor Casino-->C:\MicroGaming\Casino\luckyemperor\install.exe -uninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2004 System Pack-->MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Money 2004-->MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Live Small Business Image Uploader-->MsiExec.exe /X{A580547F-4FB6-433E-A595-21CAA858C556}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero BurnRights-->C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NvMixer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7A6C517-11F2-419F-B5BB-27772B939698}\setup.exe" -uninstall
Nvu 1.0-->"C:\Program Files\Nvu\unins000.exe"
OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
OpenOffice.org 3.1-->MsiExec.exe /I{E6B87DC4-2B3D-4483-ADFF-E483BF718991}
Paint.NET v2.6-->MsiExec.exe /X{9B26CF0A-EE65-4379-B2D4-6E6AABE06498}
PayPal Plug-In-->C:\Program Files\InstallShield Installation Information\{73317C31-2B6E-4B88-9865-B97C1331A39D}\setup.exe -runfromtemp -l0x0009 -removeonly
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Roadhouse Reels Casino-->C:\MicroGaming\Casino\RoadHouseReels\install.exe -uninstall
Rockbet Casino-->C:\Program Files\RockbetCasino\uninst.exe
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
SoftV92 Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IURSLST5K.inf
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Turbo Lister 2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{69640730-B830-4C24-BB5C-222DA1260548}
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980302)-->"C:\WINDOWS\ie8updates\KB980302-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
URGE-->MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows PowerShell™ 1.0-->"C:\WINDOWS\$NtUninstallKB926139-v2$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Search Protection-->C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE
Yukon Gold-->C:\MicroGaming\Casino\YukonGold\install.exe -uninstall

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: MYBABY
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk1\D.

Record Number: 16358
Source Name: Disk
Time Written: 20100324210052.000000-420
Event Type: error
User:

Computer Name: MYBABY
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk1\D.

Record Number: 16357
Source Name: Disk
Time Written: 20100324210051.000000-420
Event Type: error
User:

Computer Name: MYBABY
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk1\D.

Record Number: 16356
Source Name: Disk
Time Written: 20100324210050.000000-420
Event Type: error
User:

Computer Name: MYBABY
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk1\D.

Record Number: 16355
Source Name: Disk
Time Written: 20100324210049.000000-420
Event Type: error
User:

Computer Name: MYBABY
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk1\D.

Record Number: 16354
Source Name: Disk
Time Written: 20100324210048.000000-420
Event Type: error
User:

=====Application event log=====

Computer Name: MYBABY
Event Code: 0
Message:
Record Number: 28
Source Name: LeapFrog Connect Device Service
Time Written: 20100503225113.000000-420
Event Type: warning
User:

Computer Name: MYBABY
Event Code: 0
Message:
Record Number: 20
Source Name: LeapFrog Connect Device Service
Time Written: 20100503223041.000000-420
Event Type:
User:

Computer Name: MYBABY
Event Code: 0
Message:
Record Number: 19
Source Name: LeapFrog Connect Device Service
Time Written: 20100503223032.000000-420
Event Type: warning
User:

Computer Name: MYBABY
Event Code: 0
Message:
Record Number: 5
Source Name: LeapFrog Connect Device Service
Time Written: 20100503115914.000000-420
Event Type:
User:

Computer Name: MYBABY
Event Code: 0
Message:
Record Number: 4
Source Name: LeapFrog Connect Device Service
Time Written: 20100503115858.000000-420
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\WINDOWS\system32\WindowsPowerShell\v1.0
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Attached Files

  • Attached File  info.txt   26.19KB   12 downloads

Edited by aommaster, 14 May 2010 - 07:15 PM.


#9 luv4mypc

luv4mypc
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:california
  • Local time:12:13 AM

Posted 13 May 2010 - 02:44 PM

I got one uploaded I'll keep trying for a while to see if I can upload the Log.

#10 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:12:13 PM

Posted 13 May 2010 - 03:32 PM

Hello, luv4mypc.
If you're having trouble with the upload, let's try a different scanner. Perhaps you may have better luck with it.
We need to run a DDS scan
  1. Please download DDS by sUBs from one of the following links. Save it to your desktop.
    Download 1
    Download 2
  2. Double click on the DDS icon, allow it to run
  3. A small box will open, with an explanation about the tool. No input is needed, the scan is running
  4. Notepad will open with the results, click no to the Optional Scan
  5. Follow the instructions that pop up for posting the results
  6. Close the program window
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. You can find information on A/V control HERE

In your next reply, please include the following:
  • DDS Log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#11 luv4mypc

luv4mypc
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:california
  • Local time:12:13 AM

Posted 14 May 2010 - 10:04 AM

I already ran the DDS previously, Thats when the whole thing about me not being able to copy and paste the Logs started.

#12 luv4mypc

luv4mypc
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:california
  • Local time:12:13 AM

Posted 14 May 2010 - 10:18 AM

QUOTE(luv4mypc @ May 14 2010, 08:04 AM) View Post
I already ran the DDS previously, Thats when the whole thing about me not being able to copy and paste the Logs started.



I will Run it again and see what happens.


#13 luv4mypc

luv4mypc
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:california
  • Local time:12:13 AM

Posted 14 May 2010 - 10:38 AM

QUOTE(luv4mypc @ May 14 2010, 08:18 AM) View Post
QUOTE(luv4mypc @ May 14 2010, 08:04 AM) View Post
I already ran the DDS previously, Thats when the whole thing about me not being able to copy and paste the Logs started.



I will Run it again and see what happens.



I Ran the DDS, Got the Log But after copy and paste , Can't post it as soon as I click ADD REPLY it goes to explorer can not display. Tried uploading again and that will not work either.

#14 luv4mypc

luv4mypc
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:california
  • Local time:12:13 AM

Posted 14 May 2010 - 10:53 AM

14:21:08:203 3264 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
14:21:08:203 3264 ================================================================================
14:21:08:203 3264 SystemInfo:

14:21:08:203 3264 OS Version: 5.1.2600 ServicePack: 3.0
14:21:08:203 3264 Product type: Workstation
14:21:08:203 3264 ComputerName: MYBABY
14:21:08:203 3264 UserName: Owner
14:21:08:203 3264 Windows directory: C:\WINDOWS
14:21:08:203 3264 Processor architecture: Intel x86
14:21:08:203 3264 Number of processors: 1
14:21:08:203 3264 Page size: 0x1000
14:21:08:203 3264 Boot type: Normal boot
14:21:08:203 3264 ================================================================================
14:21:08:250 3264 UnloadDriverW: NtUnloadDriver error 2
14:21:08:250 3264 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
14:21:08:750 3264 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
14:21:08:750 3264 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
14:21:08:750 3264 wfopen_ex: Trying to KLMD file open
14:21:08:750 3264 wfopen_ex: File opened ok (Flags 2)
14:21:08:750 3264 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
14:21:08:750 3264 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
14:21:08:750 3264 wfopen_ex: Trying to KLMD file open
14:21:08:750 3264 wfopen_ex: File opened ok (Flags 2)
14:21:08:750 3264 Initialize success
14:21:08:750 3264
14:21:08:750 3264 Scanning Services ...
14:21:10:312 3264 Raw services enum returned 363 services
14:21:10:390 3264
14:21:10:390 3264 Scanning Kernel memory ...
14:21:10:390 3264 Devices to scan: 11
14:21:10:390 3264
14:21:10:390 3264 Driver Name: Disk
14:21:10:390 3264 IRP_MJ_CREATE : F754DBB0
14:21:10:390 3264 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
14:21:10:390 3264 IRP_MJ_CLOSE : F754DBB0
14:21:10:390 3264 IRP_MJ_READ : F7547D1F
14:21:10:390 3264 IRP_MJ_WRITE : F7547D1F
14:21:10:390 3264 IRP_MJ_QUERY_INFORMATION : 804FA88E
14:21:10:390 3264 IRP_MJ_SET_INFORMATION : 804FA88E
14:21:10:390 3264 IRP_MJ_QUERY_EA : 804FA88E
14:21:10:390 3264 IRP_MJ_SET_EA : 804FA88E
14:21:10:390 3264 IRP_MJ_FLUSH_BUFFERS : F75482E2
14:21:10:390 3264 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
14:21:10:390 3264 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
14:21:10:390 3264 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
14:21:10:390 3264 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
14:21:10:390 3264 IRP_MJ_DEVICE_CONTROL : F75483BB
14:21:10:390 3264 IRP_MJ_INTERNAL_DEVICE_CONTROL : F754BF28
14:21:10:390 3264 IRP_MJ_SHUTDOWN : F75482E2
14:21:10:390 3264 IRP_MJ_LOCK_CONTROL : 804FA88E
14:21:10:390 3264 IRP_MJ_CLEANUP : 804FA88E
14:21:10:390 3264 IRP_MJ_CREATE_MAILSLOT : 804FA88E
14:21:10:390 3264 IRP_MJ_QUERY_SECURITY : 804FA88E
14:21:10:390 3264 IRP_MJ_SET_SECURITY : 804FA88E
14:21:10:390 3264 IRP_MJ_POWER : F7549C82
14:21:10:390 3264 IRP_MJ_SYSTEM_CONTROL : F754E99E
14:21:10:390 3264 IRP_MJ_DEVICE_CHANGE : 804FA88E
14:21:10:390 3264 IRP_MJ_QUERY_QUOTA : 804FA88E
14:21:10:390 3264 IRP_MJ_SET_QUOTA : 804FA88E
14:21:10:437 3264 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
14:21:10:437 3264
14:21:10:437 3264 Driver Name: Disk
14:21:10:437 3264 IRP_MJ_CREATE : F754DBB0
14:21:10:437 3264 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
14:21:10:437 3264 IRP_MJ_CLOSE : F754DBB0
14:21:10:437 3264 IRP_MJ_READ : F7547D1F
14:21:10:437 3264 IRP_MJ_WRITE : F7547D1F
14:21:10:437 3264 IRP_MJ_QUERY_INFORMATION : 804FA88E
14:21:10:437 3264 IRP_MJ_SET_INFORMATION : 804FA88E
14:21:10:437 3264 IRP_MJ_QUERY_EA : 804FA88E
14:21:10:437 3264 IRP_MJ_SET_EA : 804FA88E
14:21:10:437 3264 IRP_MJ_FLUSH_BUFFERS : F75482E2
14:21:10:437 3264 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
14:21:10:437 3264 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
14:21:10:437 3264 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
14:21:10:437 3264 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
14:21:10:437 3264 IRP_MJ_DEVICE_CONTROL : F75483BB
14:21:10:437 3264 IRP_MJ_INTERNAL_DEVICE_CONTROL : F754BF28
14:21:10:437 3264 IRP_MJ_SHUTDOWN : F75482E2
14:21:10:437 3264 IRP_MJ_LOCK_CONTROL : 804FA88E
14:21:10:437 3264 IRP_MJ_CLEANUP : 804FA88E
14:21:10:437 3264 IRP_MJ_CREATE_MAILSLOT : 804FA88E
14:21:10:437 3264 IRP_MJ_QUERY_SECURITY : 804FA88E
14:21:10:437 3264 IRP_MJ_SET_SECURITY : 804FA88E
14:21:10:437 3264 IRP_MJ_POWER : F7549C82
14:21:10:437 3264 IRP_MJ_SYSTEM_CONTROL : F754E99E
14:21:10:437 3264 IRP_MJ_DEVICE_CHANGE : 804FA88E
14:21:10:437 3264 IRP_MJ_QUERY_QUOTA : 804FA88E
14:21:10:437 3264 IRP_MJ_SET_QUOTA : 804FA88E
14:21:10:468 3264 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
14:21:10:468 3264
14:21:10:468 3264 Driver Name: Disk
14:21:10:468 3264 IRP_MJ_CREATE : F754DBB0
14:21:10:468 3264 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
14:21:10:468 3264 IRP_MJ_CLOSE : F754DBB0
14:21:10:468 3264 IRP_MJ_READ : F7547D1F
14:21:10:468 3264 IRP_MJ_WRITE : F7547D1F
14:21:10:468 3264 IRP_MJ_QUERY_INFORMATION : 804FA88E
14:21:10:468 3264 IRP_MJ_SET_INFORMATION : 804FA88E
14:21:10:468 3264 IRP_MJ_QUERY_EA : 804FA88E
14:21:10:468 3264 IRP_MJ_SET_EA : 804FA88E
14:21:10:468 3264 IRP_MJ_FLUSH_BUFFERS : F75482E2
14:21:10:468 3264 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
14:21:10:468 3264 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
14:21:10:468 3264 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
14:21:10:468 3264 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
14:21:10:468 3264 IRP_MJ_DEVICE_CONTROL : F75483BB
14:21:10:468 3264 IRP_MJ_INTERNAL_DEVICE_CONTROL : F754BF28
14:21:10:468 3264 IRP_MJ_SHUTDOWN : F75482E2
14:21:10:468 3264 IRP_MJ_LOCK_CONTROL : 804FA88E
14:21:10:468 3264 IRP_MJ_CLEANUP : 804FA88E
14:21:10:468 3264 IRP_MJ_CREATE_MAILSLOT : 804FA88E
14:21:10:468 3264 IRP_MJ_QUERY_SECURITY : 804FA88E
14:21:10:468 3264 IRP_MJ_SET_SECURITY : 804FA88E
14:21:10:468 3264 IRP_MJ_POWER : F7549C82
14:21:10:468 3264 IRP_MJ_SYSTEM_CONTROL : F754E99E
14:21:10:468 3264 IRP_MJ_DEVICE_CHANGE : 804FA88E
14:21:10:468 3264 IRP_MJ_QUERY_QUOTA : 804FA88E
14:21:10:468 3264 IRP_MJ_SET_QUOTA : 804FA88E
14:21:10:468 3264 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
14:21:10:468 3264
14:21:10:468 3264 Driver Name: Disk
14:21:10:468 3264 IRP_MJ_CREATE : F754DBB0
14:21:10:468 3264 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
14:21:10:468 3264 IRP_MJ_CLOSE : F754DBB0
14:21:10:468 3264 IRP_MJ_READ : F7547D1F
14:21:10:468 3264 IRP_MJ_WRITE : F7547D1F
14:21:10:468 3264 IRP_MJ_QUERY_INFORMATION : 804FA88E
14:21:10:468 3264 IRP_MJ_SET_INFORMATION : 804FA88E
14:21:10:468 3264 IRP_MJ_QUERY_EA : 804FA88E
14:21:10:468 3264 IRP_MJ_SET_EA : 804FA88E
14:21:10:468 3264 IRP_MJ_FLUSH_BUFFERS : F75482E2
14:21:10:468 3264 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
14:21:10:468 3264 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
14:21:10:468 3264 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
14:21:10:468 3264 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
14:21:10:468 3264 IRP_MJ_DEVICE_CONTROL : F75483BB
14:21:10:468 3264 IRP_MJ_INTERNAL_DEVICE_CONTROL : F754BF28
14:21:10:468 3264 IRP_MJ_SHUTDOWN : F75482E2
14:21:10:468 3264 IRP_MJ_LOCK_CONTROL : 804FA88E
14:21:10:468 3264 IRP_MJ_CLEANUP : 804FA88E
14:21:10:468 3264 IRP_MJ_CREATE_MAILSLOT : 804FA88E
14:21:10:468 3264 IRP_MJ_QUERY_SECURITY : 804FA88E
14:21:10:468 3264 IRP_MJ_SET_SECURITY : 804FA88E
14:21:10:468 3264 IRP_MJ_POWER : F7549C82
14:21:10:468 3264 IRP_MJ_SYSTEM_CONTROL : F754E99E
14:21:10:468 3264 IRP_MJ_DEVICE_CHANGE : 804FA88E
14:21:10:468 3264 IRP_MJ_QUERY_QUOTA : 804FA88E
14:21:10:468 3264 IRP_MJ_SET_QUOTA : 804FA88E
14:21:10:500 3264 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
14:21:10:500 3264
14:21:10:500 3264 Driver Name: USBSTOR
14:21:10:500 3264 IRP_MJ_CREATE : F0CDA218
14:21:10:500 3264 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
14:21:10:500 3264 IRP_MJ_CLOSE : F0CDA218
14:21:10:500 3264 IRP_MJ_READ : F0CDA23C
14:21:10:500 3264 IRP_MJ_WRITE : F0CDA23C
14:21:10:500 3264 IRP_MJ_QUERY_INFORMATION : 804FA88E
14:21:10:500 3264 IRP_MJ_SET_INFORMATION : 804FA88E
14:21:10:500 3264 IRP_MJ_QUERY_EA : 804FA88E
14:21:10:500 3264 IRP_MJ_SET_EA : 804FA88E
14:21:10:500 3264 IRP_MJ_FLUSH_BUFFERS : 804FA88E
14:21:10:500 3264 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
14:21:10:500 3264 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
14:21:10:500 3264 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
14:21:10:500 3264 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
14:21:10:500 3264 IRP_MJ_DEVICE_CONTROL : F0CDA180
14:21:10:500 3264 IRP_MJ_INTERNAL_DEVICE_CONTROL : F0CD59E6
14:21:10:500 3264 IRP_MJ_SHUTDOWN : 804FA88E
14:21:10:500 3264 IRP_MJ_LOCK_CONTROL : 804FA88E
14:21:10:500 3264 IRP_MJ_CLEANUP : 804FA88E
14:21:10:500 3264 IRP_MJ_CREATE_MAILSLOT : 804FA88E
14:21:10:500 3264 IRP_MJ_QUERY_SECURITY : 804FA88E
14:21:10:500 3264 IRP_MJ_SET_SECURITY : 804FA88E
14:21:10:500 3264 IRP_MJ_POWER : F0CD95F0
14:21:10:500 3264 IRP_MJ_SYSTEM_CONTROL : F0CD7A6E
14:21:10:500 3264 IRP_MJ_DEVICE_CHANGE : 804FA88E
14:21:10:500 3264 IRP_MJ_QUERY_QUOTA : 804FA88E
14:21:10:500 3264 IRP_MJ_SET_QUOTA : 804FA88E
14:21:10:562 3264 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
14:21:10:562 3264
14:21:10:562 3264 Driver Name: USBSTOR
14:21:10:562 3264 IRP_MJ_CREATE : F0CDA218
14:21:10:562 3264 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
14:21:10:562 3264 IRP_MJ_CLOSE : F0CDA218
14:21:10:562 3264 IRP_MJ_READ : F0CDA23C
14:21:10:562 3264 IRP_MJ_WRITE : F0CDA23C
14:21:10:562 3264 IRP_MJ_QUERY_INFORMATION : 804FA88E
14:21:10:562 3264 IRP_MJ_SET_INFORMATION : 804FA88E
14:21:10:562 3264 IRP_MJ_QUERY_EA : 804FA88E
14:21:10:562 3264 IRP_MJ_SET_EA : 804FA88E
14:21:10:562 3264 IRP_MJ_FLUSH_BUFFERS : 804FA88E
14:21:10:562 3264 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
14:21:10:562 3264 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
14:21:10:562 3264 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
14:21:10:562 3264 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
14:21:10:562 3264 IRP_MJ_DEVICE_CONTROL : F0CDA180
14:21:10:562 3264 IRP_MJ_INTERNAL_DEVICE_CONTROL : F0CD59E6
14:21:10:562 3264 IRP_MJ_SHUTDOWN : 804FA88E
14:21:10:562 3264 IRP_MJ_LOCK_CONTROL : 804FA88E
14:21:10:562 3264 IRP_MJ_CLEANUP : 804FA88E
14:21:10:562 3264 IRP_MJ_CREATE_MAILSLOT : 804FA88E
14:21:10:562 3264 IRP_MJ_QUERY_SECURITY : 804FA88E
14:21:10:562 3264 IRP_MJ_SET_SECURITY : 804FA88E
14:21:10:562 3264 IRP_MJ_POWER : F0CD95F0
14:21:10:562 3264 IRP_MJ_SYSTEM_CONTROL : F0CD7A6E
14:21:10:562 3264 IRP_MJ_DEVICE_CHANGE : 804FA88E
14:21:10:562 3264 IRP_MJ_QUERY_QUOTA : 804FA88E
14:21:10:562 3264 IRP_MJ_SET_QUOTA : 804FA88E
14:21:10:578 3264 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
14:21:10:578 3264
14:21:10:578 3264 Driver Name: USBSTOR
14:21:10:578 3264 IRP_MJ_CREATE : F0CDA218
14:21:10:578 3264 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
14:21:10:578 3264 IRP_MJ_CLOSE : F0CDA218
14:21:10:578 3264 IRP_MJ_READ : F0CDA23C
14:21:10:578 3264 IRP_MJ_WRITE : F0CDA23C
14:21:10:578 3264 IRP_MJ_QUERY_INFORMATION : 804FA88E
14:21:10:578 3264 IRP_MJ_SET_INFORMATION : 804FA88E
14:21:10:578 3264 IRP_MJ_QUERY_EA : 804FA88E
14:21:10:578 3264 IRP_MJ_SET_EA : 804FA88E
14:21:10:578 3264 IRP_MJ_FLUSH_BUFFERS : 804FA88E
14:21:10:578 3264 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
14:21:10:578 3264 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
14:21:10:578 3264 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
14:21:10:578 3264 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
14:21:10:578 3264 IRP_MJ_DEVICE_CONTROL : F0CDA180
14:21:10:578 3264 IRP_MJ_INTERNAL_DEVICE_CONTROL : F0CD59E6
14:21:10:578 3264 IRP_MJ_SHUTDOWN : 804FA88E
14:21:10:578 3264 IRP_MJ_LOCK_CONTROL : 804FA88E
14:21:10:578 3264 IRP_MJ_CLEANUP : 804FA88E
14:21:10:578 3264 IRP_MJ_CREATE_MAILSLOT : 804FA88E
14:21:10:578 3264 IRP_MJ_QUERY_SECURITY : 804FA88E
14:21:10:578 3264 IRP_MJ_SET_SECURITY : 804FA88E
14:21:10:578 3264 IRP_MJ_POWER : F0CD95F0
14:21:10:578 3264 IRP_MJ_SYSTEM_CONTROL : F0CD7A6E
14:21:10:578 3264 IRP_MJ_DEVICE_CHANGE : 804FA88E
14:21:10:578 3264 IRP_MJ_QUERY_QUOTA : 804FA88E
14:21:10:578 3264 IRP_MJ_SET_QUOTA : 804FA88E
14:21:10:578 3264 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
14:21:10:578 3264
14:21:10:578 3264 Driver Name: USBSTOR
14:21:10:578 3264 IRP_MJ_CREATE : F0CDA218
14:21:10:578 3264 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
14:21:10:578 3264 IRP_MJ_CLOSE : F0CDA218
14:21:10:578 3264 IRP_MJ_READ : F0CDA23C
14:21:10:578 3264 IRP_MJ_WRITE : F0CDA23C
14:21:10:578 3264 IRP_MJ_QUERY_INFORMATION : 804FA88E
14:21:10:578 3264 IRP_MJ_SET_INFORMATION : 804FA88E
14:21:10:578 3264 IRP_MJ_QUERY_EA : 804FA88E
14:21:10:578 3264 IRP_MJ_SET_EA : 804FA88E
14:21:10:578 3264 IRP_MJ_FLUSH_BUFFERS : 804FA88E
14:21:10:578 3264 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
14:21:10:578 3264 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
14:21:10:578 3264 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
14:21:10:578 3264 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
14:21:10:578 3264 IRP_MJ_DEVICE_CONTROL : F0CDA180
14:21:10:578 3264 IRP_MJ_INTERNAL_DEVICE_CONTROL : F0CD59E6
14:21:10:578 3264 IRP_MJ_SHUTDOWN : 804FA88E
14:21:10:578 3264 IRP_MJ_LOCK_CONTROL : 804FA88E
14:21:10:578 3264 IRP_MJ_CLEANUP : 804FA88E
14:21:10:578 3264 IRP_MJ_CREATE_MAILSLOT : 804FA88E
14:21:10:578 3264 IRP_MJ_QUERY_SECURITY : 804FA88E
14:21:10:578 3264 IRP_MJ_SET_SECURITY : 804FA88E
14:21:10:578 3264 IRP_MJ_POWER : F0CD95F0
14:21:10:578 3264 IRP_MJ_SYSTEM_CONTROL : F0CD7A6E
14:21:10:578 3264 IRP_MJ_DEVICE_CHANGE : 804FA88E
14:21:10:578 3264 IRP_MJ_QUERY_QUOTA : 804FA88E
14:21:10:578 3264 IRP_MJ_SET_QUOTA : 804FA88E
14:21:10:578 3264 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
14:21:10:578 3264
14:21:10:578 3264 Driver Name: Disk
14:21:10:578 3264 IRP_MJ_CREATE : F754DBB0
14:21:10:578 3264 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
14:21:10:578 3264 IRP_MJ_CLOSE : F754DBB0
14:21:10:578 3264 IRP_MJ_READ : F7547D1F
14:21:10:578 3264 IRP_MJ_WRITE : F7547D1F
14:21:10:578 3264 IRP_MJ_QUERY_INFORMATION : 804FA88E
14:21:10:578 3264 IRP_MJ_SET_INFORMATION : 804FA88E
14:21:10:578 3264 IRP_MJ_QUERY_EA : 804FA88E
14:21:10:578 3264 IRP_MJ_SET_EA : 804FA88E
14:21:10:578 3264 IRP_MJ_FLUSH_BUFFERS : F75482E2
14:21:10:578 3264 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
14:21:10:578 3264 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
14:21:10:578 3264 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
14:21:10:578 3264 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
14:21:10:578 3264 IRP_MJ_DEVICE_CONTROL : F75483BB
14:21:10:578 3264 IRP_MJ_INTERNAL_DEVICE_CONTROL : F754BF28
14:21:10:578 3264 IRP_MJ_SHUTDOWN : F75482E2
14:21:10:578 3264 IRP_MJ_LOCK_CONTROL : 804FA88E
14:21:10:578 3264 IRP_MJ_CLEANUP : 804FA88E
14:21:10:578 3264 IRP_MJ_CREATE_MAILSLOT : 804FA88E
14:21:10:578 3264 IRP_MJ_QUERY_SECURITY : 804FA88E
14:21:10:578 3264 IRP_MJ_SET_SECURITY : 804FA88E
14:21:10:578 3264 IRP_MJ_POWER : F7549C82
14:21:10:578 3264 IRP_MJ_SYSTEM_CONTROL : F754E99E
14:21:10:578 3264 IRP_MJ_DEVICE_CHANGE : 804FA88E
14:21:10:578 3264 IRP_MJ_QUERY_QUOTA : 804FA88E
14:21:10:578 3264 IRP_MJ_SET_QUOTA : 804FA88E
14:21:10:578 3264 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
14:21:10:578 3264
14:21:10:578 3264 Driver Name: Disk
14:21:10:578 3264 IRP_MJ_CREATE : F754DBB0
14:21:10:578 3264 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E
14:21:10:578 3264 IRP_MJ_CLOSE : F754DBB0
14:21:10:578 3264 IRP_MJ_READ : F7547D1F
14:21:10:578 3264 IRP_MJ_WRITE : F7547D1F
14:21:10:578 3264 IRP_MJ_QUERY_INFORMATION : 804FA88E
14:21:10:578 3264 IRP_MJ_SET_INFORMATION : 804FA88E
14:21:10:578 3264 IRP_MJ_QUERY_EA : 804FA88E
14:21:10:578 3264 IRP_MJ_SET_EA : 804FA88E
14:21:10:578 3264 IRP_MJ_FLUSH_BUFFERS : F75482E2
14:21:10:578 3264 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E
14:21:10:578 3264 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E
14:21:10:578 3264 IRP_MJ_DIRECTORY_CONTROL : 804FA88E
14:21:10:578 3264 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E
14:21:10:578 3264 IRP_MJ_DEVICE_CONTROL : F75483BB
14:21:10:578 3264 IRP_MJ_INTERNAL_DEVICE_CONTROL : F754BF28
14:21:10:578 3264 IRP_MJ_SHUTDOWN : F75482E2
14:21:10:578 3264 IRP_MJ_LOCK_CONTROL : 804FA88E
14:21:10:578 3264 IRP_MJ_CLEANUP : 804FA88E
14:21:10:578 3264 IRP_MJ_CREATE_MAILSLOT : 804FA88E
14:21:10:578 3264 IRP_MJ_QUERY_SECURITY : 804FA88E
14:21:10:578 3264 IRP_MJ_SET_SECURITY : 804FA88E
14:21:10:578 3264 IRP_MJ_POWER : F7549C82
14:21:10:578 3264 IRP_MJ_SYSTEM_CONTROL : F754E99E
14:21:10:578 3264 IRP_MJ_DEVICE_CHANGE : 804FA88E
14:21:10:578 3264 IRP_MJ_QUERY_QUOTA : 804FA88E
14:21:10:578 3264 IRP_MJ_SET_QUOTA : 804FA88E
14:21:10:578 3264 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
14:21:10:578 3264
14:21:10:578 3264 Driver Name: atapi
14:21:10:578 3264 IRP_MJ_CREATE : 895A6EE4
14:21:10:578 3264 IRP_MJ_CREATE_NAMED_PIPE : 895A6EE4
14:21:10:578 3264 IRP_MJ_CLOSE : 895A6EE4
14:21:10:578 3264 IRP_MJ_READ : 895A6EE4
14:21:10:578 3264 IRP_MJ_WRITE : 895A6EE4
14:21:10:578 3264 IRP_MJ_QUERY_INFORMATION : 895A6EE4
14:21:10:578 3264 IRP_MJ_SET_INFORMATION : 895A6EE4
14:21:10:578 3264 IRP_MJ_QUERY_EA : 895A6EE4
14:21:10:578 3264 IRP_MJ_SET_EA : 895A6EE4
14:21:10:578 3264 IRP_MJ_FLUSH_BUFFERS : 895A6EE4
14:21:10:578 3264 IRP_MJ_QUERY_VOLUME_INFORMATION : 895A6EE4
14:21:10:578 3264 IRP_MJ_SET_VOLUME_INFORMATION : 895A6EE4
14:21:10:578 3264 IRP_MJ_DIRECTORY_CONTROL : 895A6EE4
14:21:10:578 3264 IRP_MJ_FILE_SYSTEM_CONTROL : 895A6EE4
14:21:10:578 3264 IRP_MJ_DEVICE_CONTROL : 895A6EE4
14:21:10:578 3264 IRP_MJ_INTERNAL_DEVICE_CONTROL : 895A6EE4
14:21:10:578 3264 IRP_MJ_SHUTDOWN : 895A6EE4
14:21:10:578 3264 IRP_MJ_LOCK_CONTROL : 895A6EE4
14:21:10:578 3264 IRP_MJ_CLEANUP : 895A6EE4
14:21:10:578 3264 IRP_MJ_CREATE_MAILSLOT : 895A6EE4
14:21:10:578 3264 IRP_MJ_QUERY_SECURITY : 895A6EE4
14:21:10:578 3264 IRP_MJ_SET_SECURITY : 895A6EE4
14:21:10:578 3264 IRP_MJ_POWER : 895A6EE4
14:21:10:578 3264 IRP_MJ_SYSTEM_CONTROL : 895A6EE4
14:21:10:578 3264 IRP_MJ_DEVICE_CHANGE : 895A6EE4
14:21:10:578 3264 IRP_MJ_QUERY_QUOTA : 895A6EE4
14:21:10:578 3264 IRP_MJ_SET_QUOTA : 895A6EE4
14:21:10:578 3264 Driver "atapi" infected by TDSS rootkit!
14:21:10:625 3264 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
14:21:10:625 3264 File "C:\WINDOWS\system32\DRIVERS\atapi.sys" infected by TDSS rootkit ... 14:21:10:625 3264 Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
14:21:10:625 3264 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3
14:21:10:812 3264 vfvi6
14:21:11:046 3264 !dsvbh1
14:21:13:125 3264 dsvbh2
14:21:13:140 3264 fdfb2
14:21:13:140 3264 Backup copy found, using it..
14:21:13:203 3264 will be cured on next reboot
14:21:13:203 3264 Reboot required for cure complete..
14:21:13:203 3264 Cure on reboot scheduled successfully
14:21:13:203 3264
14:21:13:203 3264 Completed
14:21:13:203 3264
14:21:13:203 3264 Results:
14:21:13:203 3264 Memory objects infected / cured / cured on reboot: 1 / 0 / 0
14:21:13:203 3264 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
14:21:13:203 3264 File objects infected / cured / cured on reboot: 1 / 0 / 1
14:21:13:203 3264
14:21:13:203 3264 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
14:21:13:203 3264 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
14:21:13:218 3264 UnloadDriverW: NtUnloadDriver error 1
14:21:13:218 3264 KLMD(ARK) unloaded successfully


#15 luv4mypc

luv4mypc
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:california
  • Local time:12:13 AM

Posted 14 May 2010 - 10:58 AM

QUOTE(luv4mypc @ May 14 2010, 08:38 AM) View Post
QUOTE(luv4mypc @ May 14 2010, 08:18 AM) View Post
QUOTE(luv4mypc @ May 14 2010, 08:04 AM) View Post
I already ran the DDS previously, Thats when the whole thing about me not being able to copy and paste the Logs started.



I will Run it again and see what happens.



I Ran the DDS, Got the Log But after copy and paste , Can't post it as soon as I click ADD REPLY it goes to explorer can not display. Tried uploading again and that will not work either.



OK I am playing around and see If I could get ANYTHING to Post and I was able to post the result
from the TDSS Scan That I ran a few days ago. Don't understand WHY I could post this and not the other, So I keep trying to post some of the Logs from the scans I ran and keeping my fingers crossed that I can post the ones you requested.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users