Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Search Redirect and PopUp


  • Please log in to reply
4 replies to this topic

#1 Bonnie K

Bonnie K

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 26 January 2011 - 12:23 PM

I think I am infected with a virus but have run AdAware, Malwarebytes, File Assassin and Spybot but nothing is found. Computer is running slow and when I search from Google and click on a link I get redirected to Tazinga, Work At Home ads and other misc sites, as well as random pop ups when IE is on. Also get error messages when closing internet explorer.

Can someone point me in the right direction to find and resolve this?

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:46 AM

Posted 26 January 2011 - 12:41 PM

Hello, I moved this to the Am I Infected forum from XP.

Please post your MBAM log. File Assassin is not,per se, a malware removal tool,please be careful with that.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Please perform a scan with Eset Online Antiivirus Scanner.
This scan requires Internet Explorer,Opera or Firefox to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Bonnie K

Bonnie K
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 27 January 2011 - 04:12 PM

here is the log from TDSS but when I tried to run ESET it told me "cannot get update is proxy configured" I tried it with proxy server checked and not checked. now what?

:33:21:735 3392 TDSS rootkit removing tool 2.2.7.1 Feb 27 2010 13:29:25
18:33:21:735 3392 ================================================================================
18:33:21:735 3392 SystemInfo:

18:33:21:735 3392 OS Version: 5.1.2600 ServicePack: 3.0
18:33:21:735 3392 Product type: Workstation
18:33:21:735 3392 ComputerName: YOUR-20FE224C19
18:33:21:745 3392 UserName: Owner
18:33:21:745 3392 Windows directory: C:\WINDOWS
18:33:21:745 3392 Processor architecture: Intel x86
18:33:21:745 3392 Number of processors: 1
18:33:21:745 3392 Page size: 0x1000
18:33:21:745 3392 Boot type: Normal boot
18:33:21:745 3392 ================================================================================
18:33:21:755 3392 UnloadDriverW: NtUnloadDriver error 2
18:33:21:755 3392 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
18:33:22:096 3392 Initialize success
18:33:22:096 3392
18:33:22:096 3392 Scanning Services ...
18:33:22:096 3392 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
18:33:22:096 3392 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
18:33:22:096 3392 wfopen_ex: Trying to KLMD file open
18:33:22:096 3392 wfopen_ex: File opened ok (Flags 2)
18:33:22:096 3392 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
18:33:22:096 3392 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
18:33:22:096 3392 wfopen_ex: Trying to KLMD file open
18:33:22:096 3392 wfopen_ex: File opened ok (Flags 2)
18:33:22:486 3392 GetAdvancedServicesInfo: Raw services enum returned 353 services
18:33:22:496 3392 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
18:33:22:557 3392 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
18:33:22:567 3392
18:33:22:567 3392 Scanning Kernel memory ...
18:33:22:567 3392 Devices to scan: 13
18:33:22:567 3392
18:33:22:567 3392 Driver Name: Disk
18:33:22:567 3392 IRP_MJ_CREATE : BA16EBB0
18:33:22:567 3392 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
18:33:22:567 3392 IRP_MJ_CLOSE : BA16EBB0
18:33:22:567 3392 IRP_MJ_READ : BA168D1F
18:33:22:567 3392 IRP_MJ_WRITE : BA168D1F
18:33:22:567 3392 IRP_MJ_QUERY_INFORMATION : 804F355A
18:33:22:567 3392 IRP_MJ_SET_INFORMATION : 804F355A
18:33:22:567 3392 IRP_MJ_QUERY_EA : 804F355A
18:33:22:567 3392 IRP_MJ_SET_EA : 804F355A
18:33:22:567 3392 IRP_MJ_FLUSH_BUFFERS : BA1692E2
18:33:22:567 3392 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
18:33:22:567 3392 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
18:33:22:567 3392 IRP_MJ_DIRECTORY_CONTROL : 804F355A
18:33:22:567 3392 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
18:33:22:567 3392 IRP_MJ_DEVICE_CONTROL : BA1693BB
18:33:22:567 3392 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA16CF28
18:33:22:567 3392 IRP_MJ_SHUTDOWN : BA1692E2
18:33:22:567 3392 IRP_MJ_LOCK_CONTROL : 804F355A
18:33:22:567 3392 IRP_MJ_CLEANUP : 804F355A
18:33:22:567 3392 IRP_MJ_CREATE_MAILSLOT : 804F355A
18:33:22:567 3392 IRP_MJ_QUERY_SECURITY : 804F355A
18:33:22:567 3392 IRP_MJ_SET_SECURITY : 804F355A
18:33:22:567 3392 IRP_MJ_POWER : BA16AC82
18:33:22:567 3392 IRP_MJ_SYSTEM_CONTROL : BA16F99E
18:33:22:567 3392 IRP_MJ_DEVICE_CHANGE : 804F355A
18:33:22:567 3392 IRP_MJ_QUERY_QUOTA : 804F355A
18:33:22:567 3392 IRP_MJ_SET_QUOTA : 804F355A
18:33:22:607 3392 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
18:33:22:617 3392 sion
18:33:22:637 3392 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
18:33:22:637 3392
18:33:22:637 3392 Driver Name: USBSTOR
18:33:22:637 3392 IRP_MJ_CREATE : AEFBE218
18:33:22:637 3392 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
18:33:22:637 3392 IRP_MJ_CLOSE : AEFBE218
18:33:22:637 3392 IRP_MJ_READ : AEFBE23C
18:33:22:637 3392 IRP_MJ_WRITE : AEFBE23C
18:33:22:637 3392 IRP_MJ_QUERY_INFORMATION : 804F355A
18:33:22:637 3392 IRP_MJ_SET_INFORMATION : 804F355A
18:33:22:637 3392 IRP_MJ_QUERY_EA : 804F355A
18:33:22:637 3392 IRP_MJ_SET_EA : 804F355A
18:33:22:637 3392 IRP_MJ_FLUSH_BUFFERS : 804F355A
18:33:22:637 3392 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
18:33:22:637 3392 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
18:33:22:637 3392 IRP_MJ_DIRECTORY_CONTROL : 804F355A
18:33:22:637 3392 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
18:33:22:637 3392 IRP_MJ_DEVICE_CONTROL : AEFBE180
18:33:22:637 3392 IRP_MJ_INTERNAL_DEVICE_CONTROL : AEFB99E6
18:33:22:637 3392 IRP_MJ_SHUTDOWN : 804F355A
18:33:22:637 3392 IRP_MJ_LOCK_CONTROL : 804F355A
18:33:22:637 3392 IRP_MJ_CLEANUP : 804F355A
18:33:22:637 3392 IRP_MJ_CREATE_MAILSLOT : 804F355A
18:33:22:637 3392 IRP_MJ_QUERY_SECURITY : 804F355A
18:33:22:637 3392 IRP_MJ_SET_SECURITY : 804F355A
18:33:22:637 3392 IRP_MJ_POWER : AEFBD5F0
18:33:22:637 3392 IRP_MJ_SYSTEM_CONTROL : AEFBBA6E
18:33:22:637 3392 IRP_MJ_DEVICE_CHANGE : 804F355A
18:33:22:637 3392 IRP_MJ_QUERY_QUOTA : 804F355A
18:33:22:637 3392 IRP_MJ_SET_QUOTA : 804F355A
18:33:22:647 3392 siohd: 0
18:33:22:657 3392 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
18:33:22:657 3392
18:33:22:657 3392 Driver Name: Disk
18:33:22:657 3392 IRP_MJ_CREATE : BA16EBB0
18:33:22:657 3392 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
18:33:22:657 3392 IRP_MJ_CLOSE : BA16EBB0
18:33:22:657 3392 IRP_MJ_READ : BA168D1F
18:33:22:657 3392 IRP_MJ_WRITE : BA168D1F
18:33:22:657 3392 IRP_MJ_QUERY_INFORMATION : 804F355A
18:33:22:657 3392 IRP_MJ_SET_INFORMATION : 804F355A
18:33:22:657 3392 IRP_MJ_QUERY_EA : 804F355A
18:33:22:657 3392 IRP_MJ_SET_EA : 804F355A
18:33:22:657 3392 IRP_MJ_FLUSH_BUFFERS : BA1692E2
18:33:22:657 3392 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
18:33:22:657 3392 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
18:33:22:657 3392 IRP_MJ_DIRECTORY_CONTROL : 804F355A
18:33:22:657 3392 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
18:33:22:657 3392 IRP_MJ_DEVICE_CONTROL : BA1693BB
18:33:22:657 3392 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA16CF28
18:33:22:657 3392 IRP_MJ_SHUTDOWN : BA1692E2
18:33:22:657 3392 IRP_MJ_LOCK_CONTROL : 804F355A
18:33:22:657 3392 IRP_MJ_CLEANUP : 804F355A
18:33:22:657 3392 IRP_MJ_CREATE_MAILSLOT : 804F355A
18:33:22:657 3392 IRP_MJ_QUERY_SECURITY : 804F355A
18:33:22:657 3392 IRP_MJ_SET_SECURITY : 804F355A
18:33:22:657 3392 IRP_MJ_POWER : BA16AC82
18:33:22:657 3392 IRP_MJ_SYSTEM_CONTROL : BA16F99E
18:33:22:657 3392 IRP_MJ_DEVICE_CHANGE : 804F355A
18:33:22:657 3392 IRP_MJ_QUERY_QUOTA : 804F355A
18:33:22:657 3392 IRP_MJ_SET_QUOTA : 804F355A
18:33:22:657 3392 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
18:33:22:657 3392 sion
18:33:22:657 3392 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
18:33:22:657 3392
18:33:22:657 3392 Driver Name: Disk
18:33:22:657 3392 IRP_MJ_CREATE : BA16EBB0
18:33:22:657 3392 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
18:33:22:657 3392 IRP_MJ_CLOSE : BA16EBB0
18:33:22:657 3392 IRP_MJ_READ : BA168D1F
18:33:22:657 3392 IRP_MJ_WRITE : BA168D1F
18:33:22:657 3392 IRP_MJ_QUERY_INFORMATION : 804F355A
18:33:22:657 3392 IRP_MJ_SET_INFORMATION : 804F355A
18:33:22:657 3392 IRP_MJ_QUERY_EA : 804F355A
18:33:22:657 3392 IRP_MJ_SET_EA : 804F355A
18:33:22:657 3392 IRP_MJ_FLUSH_BUFFERS : BA1692E2
18:33:22:657 3392 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
18:33:22:657 3392 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
18:33:22:657 3392 IRP_MJ_DIRECTORY_CONTROL : 804F355A
18:33:22:657 3392 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
18:33:22:657 3392 IRP_MJ_DEVICE_CONTROL : BA1693BB
18:33:22:657 3392 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA16CF28
18:33:22:657 3392 IRP_MJ_SHUTDOWN : BA1692E2
18:33:22:657 3392 IRP_MJ_LOCK_CONTROL : 804F355A
18:33:22:657 3392 IRP_MJ_CLEANUP : 804F355A
18:33:22:657 3392 IRP_MJ_CREATE_MAILSLOT : 804F355A
18:33:22:657 3392 IRP_MJ_QUERY_SECURITY : 804F355A
18:33:22:657 3392 IRP_MJ_SET_SECURITY : 804F355A
18:33:22:657 3392 IRP_MJ_POWER : BA16AC82
18:33:22:657 3392 IRP_MJ_SYSTEM_CONTROL : BA16F99E
18:33:22:657 3392 IRP_MJ_DEVICE_CHANGE : 804F355A
18:33:22:657 3392 IRP_MJ_QUERY_QUOTA : 804F355A
18:33:22:657 3392 IRP_MJ_SET_QUOTA : 804F355A
18:33:22:657 3392 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
18:33:22:657 3392 sion
18:33:22:667 3392 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
18:33:22:667 3392
18:33:22:667 3392 Driver Name: Disk
18:33:22:667 3392 IRP_MJ_CREATE : BA16EBB0
18:33:22:667 3392 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
18:33:22:667 3392 IRP_MJ_CLOSE : BA16EBB0
18:33:22:667 3392 IRP_MJ_READ : BA168D1F
18:33:22:667 3392 IRP_MJ_WRITE : BA168D1F
18:33:22:667 3392 IRP_MJ_QUERY_INFORMATION : 804F355A
18:33:22:667 3392 IRP_MJ_SET_INFORMATION : 804F355A
18:33:22:667 3392 IRP_MJ_QUERY_EA : 804F355A
18:33:22:667 3392 IRP_MJ_SET_EA : 804F355A
18:33:22:667 3392 IRP_MJ_FLUSH_BUFFERS : BA1692E2
18:33:22:667 3392 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
18:33:22:667 3392 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
18:33:22:667 3392 IRP_MJ_DIRECTORY_CONTROL : 804F355A
18:33:22:667 3392 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
18:33:22:667 3392 IRP_MJ_DEVICE_CONTROL : BA1693BB
18:33:22:667 3392 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA16CF28
18:33:22:667 3392 IRP_MJ_SHUTDOWN : BA1692E2
18:33:22:667 3392 IRP_MJ_LOCK_CONTROL : 804F355A
18:33:22:667 3392 IRP_MJ_CLEANUP : 804F355A
18:33:22:667 3392 IRP_MJ_CREATE_MAILSLOT : 804F355A
18:33:22:667 3392 IRP_MJ_QUERY_SECURITY : 804F355A
18:33:22:667 3392 IRP_MJ_SET_SECURITY : 804F355A
18:33:22:667 3392 IRP_MJ_POWER : BA16AC82
18:33:22:667 3392 IRP_MJ_SYSTEM_CONTROL : BA16F99E
18:33:22:667 3392 IRP_MJ_DEVICE_CHANGE : 804F355A
18:33:22:667 3392 IRP_MJ_QUERY_QUOTA : 804F355A
18:33:22:667 3392 IRP_MJ_SET_QUOTA : 804F355A
18:33:22:687 3392 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
18:33:22:687 3392 sion
18:33:22:697 3392 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
18:33:22:697 3392
18:33:22:697 3392 Driver Name: Disk
18:33:22:697 3392 IRP_MJ_CREATE : BA16EBB0
18:33:22:697 3392 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
18:33:22:697 3392 IRP_MJ_CLOSE : BA16EBB0
18:33:22:697 3392 IRP_MJ_READ : BA168D1F
18:33:22:697 3392 IRP_MJ_WRITE : BA168D1F
18:33:22:697 3392 IRP_MJ_QUERY_INFORMATION : 804F355A
18:33:22:697 3392 IRP_MJ_SET_INFORMATION : 804F355A
18:33:22:697 3392 IRP_MJ_QUERY_EA : 804F355A
18:33:22:697 3392 IRP_MJ_SET_EA : 804F355A
18:33:22:697 3392 IRP_MJ_FLUSH_BUFFERS : BA1692E2
18:33:22:697 3392 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
18:33:22:697 3392 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
18:33:22:697 3392 IRP_MJ_DIRECTORY_CONTROL : 804F355A
18:33:22:697 3392 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
18:33:22:697 3392 IRP_MJ_DEVICE_CONTROL : BA1693BB
18:33:22:697 3392 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA16CF28
18:33:22:697 3392 IRP_MJ_SHUTDOWN : BA1692E2
18:33:22:697 3392 IRP_MJ_LOCK_CONTROL : 804F355A
18:33:22:697 3392 IRP_MJ_CLEANUP : 804F355A
18:33:22:697 3392 IRP_MJ_CREATE_MAILSLOT : 804F355A
18:33:22:697 3392 IRP_MJ_QUERY_SECURITY : 804F355A
18:33:22:697 3392 IRP_MJ_SET_SECURITY : 804F355A
18:33:22:697 3392 IRP_MJ_POWER : BA16AC82
18:33:22:697 3392 IRP_MJ_SYSTEM_CONTROL : BA16F99E
18:33:22:697 3392 IRP_MJ_DEVICE_CHANGE : 804F355A
18:33:22:697 3392 IRP_MJ_QUERY_QUOTA : 804F355A
18:33:22:697 3392 IRP_MJ_SET_QUOTA : 804F355A
18:33:22:697 3392 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
18:33:22:697 3392 sion
18:33:22:697 3392 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
18:33:22:697 3392
18:33:22:697 3392 Driver Name: USBSTOR
18:33:22:697 3392 IRP_MJ_CREATE : AEFBE218
18:33:22:697 3392 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
18:33:22:697 3392 IRP_MJ_CLOSE : AEFBE218
18:33:22:697 3392 IRP_MJ_READ : AEFBE23C
18:33:22:697 3392 IRP_MJ_WRITE : AEFBE23C
18:33:22:697 3392 IRP_MJ_QUERY_INFORMATION : 804F355A
18:33:22:697 3392 IRP_MJ_SET_INFORMATION : 804F355A
18:33:22:697 3392 IRP_MJ_QUERY_EA : 804F355A
18:33:22:697 3392 IRP_MJ_SET_EA : 804F355A
18:33:22:697 3392 IRP_MJ_FLUSH_BUFFERS : 804F355A
18:33:22:697 3392 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
18:33:22:697 3392 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
18:33:22:697 3392 IRP_MJ_DIRECTORY_CONTROL : 804F355A
18:33:22:697 3392 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
18:33:22:697 3392 IRP_MJ_DEVICE_CONTROL : AEFBE180
18:33:22:697 3392 IRP_MJ_INTERNAL_DEVICE_CONTROL : AEFB99E6
18:33:22:697 3392 IRP_MJ_SHUTDOWN : 804F355A
18:33:22:697 3392 IRP_MJ_LOCK_CONTROL : 804F355A
18:33:22:697 3392 IRP_MJ_CLEANUP : 804F355A
18:33:22:697 3392 IRP_MJ_CREATE_MAILSLOT : 804F355A
18:33:22:697 3392 IRP_MJ_QUERY_SECURITY : 804F355A
18:33:22:697 3392 IRP_MJ_SET_SECURITY : 804F355A
18:33:22:697 3392 IRP_MJ_POWER : AEFBD5F0
18:33:22:697 3392 IRP_MJ_SYSTEM_CONTROL : AEFBBA6E
18:33:22:697 3392 IRP_MJ_DEVICE_CHANGE : 804F355A
18:33:22:697 3392 IRP_MJ_QUERY_QUOTA : 804F355A
18:33:22:697 3392 IRP_MJ_SET_QUOTA : 804F355A
18:33:22:697 3392 siohd: 0
18:33:22:707 3392 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
18:33:22:707 3392
18:33:22:707 3392 Driver Name: USBSTOR
18:33:22:707 3392 IRP_MJ_CREATE : AEFBE218
18:33:22:707 3392 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
18:33:22:707 3392 IRP_MJ_CLOSE : AEFBE218
18:33:22:707 3392 IRP_MJ_READ : AEFBE23C
18:33:22:707 3392 IRP_MJ_WRITE : AEFBE23C
18:33:22:707 3392 IRP_MJ_QUERY_INFORMATION : 804F355A
18:33:22:707 3392 IRP_MJ_SET_INFORMATION : 804F355A
18:33:22:707 3392 IRP_MJ_QUERY_EA : 804F355A
18:33:22:707 3392 IRP_MJ_SET_EA : 804F355A
18:33:22:707 3392 IRP_MJ_FLUSH_BUFFERS : 804F355A
18:33:22:707 3392 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
18:33:22:707 3392 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
18:33:22:707 3392 IRP_MJ_DIRECTORY_CONTROL : 804F355A
18:33:22:707 3392 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
18:33:22:707 3392 IRP_MJ_DEVICE_CONTROL : AEFBE180
18:33:22:707 3392 IRP_MJ_INTERNAL_DEVICE_CONTROL : AEFB99E6
18:33:22:707 3392 IRP_MJ_SHUTDOWN : 804F355A
18:33:22:707 3392 IRP_MJ_LOCK_CONTROL : 804F355A
18:33:22:707 3392 IRP_MJ_CLEANUP : 804F355A
18:33:22:707 3392 IRP_MJ_CREATE_MAILSLOT : 804F355A
18:33:22:707 3392 IRP_MJ_QUERY_SECURITY : 804F355A
18:33:22:707 3392 IRP_MJ_SET_SECURITY : 804F355A
18:33:22:707 3392 IRP_MJ_POWER : AEFBD5F0
18:33:22:707 3392 IRP_MJ_SYSTEM_CONTROL : AEFBBA6E
18:33:22:707 3392 IRP_MJ_DEVICE_CHANGE : 804F355A
18:33:22:707 3392 IRP_MJ_QUERY_QUOTA : 804F355A
18:33:22:707 3392 IRP_MJ_SET_QUOTA : 804F355A
18:33:22:707 3392 siohd: 0
18:33:22:707 3392 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
18:33:22:707 3392
18:33:22:707 3392 Driver Name: USBSTOR
18:33:22:707 3392 IRP_MJ_CREATE : AEFBE218
18:33:22:707 3392 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
18:33:22:707 3392 IRP_MJ_CLOSE : AEFBE218
18:33:22:707 3392 IRP_MJ_READ : AEFBE23C
18:33:22:707 3392 IRP_MJ_WRITE : AEFBE23C
18:33:22:707 3392 IRP_MJ_QUERY_INFORMATION : 804F355A
18:33:22:707 3392 IRP_MJ_SET_INFORMATION : 804F355A
18:33:22:707 3392 IRP_MJ_QUERY_EA : 804F355A
18:33:22:707 3392 IRP_MJ_SET_EA : 804F355A
18:33:22:707 3392 IRP_MJ_FLUSH_BUFFERS : 804F355A
18:33:22:707 3392 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
18:33:22:707 3392 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
18:33:22:707 3392 IRP_MJ_DIRECTORY_CONTROL : 804F355A
18:33:22:707 3392 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
18:33:22:707 3392 IRP_MJ_DEVICE_CONTROL : AEFBE180
18:33:22:707 3392 IRP_MJ_INTERNAL_DEVICE_CONTROL : AEFB99E6
18:33:22:707 3392 IRP_MJ_SHUTDOWN : 804F355A
18:33:22:707 3392 IRP_MJ_LOCK_CONTROL : 804F355A
18:33:22:707 3392 IRP_MJ_CLEANUP : 804F355A
18:33:22:707 3392 IRP_MJ_CREATE_MAILSLOT : 804F355A
18:33:22:707 3392 IRP_MJ_QUERY_SECURITY : 804F355A
18:33:22:707 3392 IRP_MJ_SET_SECURITY : 804F355A
18:33:22:707 3392 IRP_MJ_POWER : AEFBD5F0
18:33:22:707 3392 IRP_MJ_SYSTEM_CONTROL : AEFBBA6E
18:33:22:707 3392 IRP_MJ_DEVICE_CHANGE : 804F355A
18:33:22:707 3392 IRP_MJ_QUERY_QUOTA : 804F355A
18:33:22:707 3392 IRP_MJ_SET_QUOTA : 804F355A
18:33:22:707 3392 siohd: 0
18:33:22:707 3392 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
18:33:22:707 3392
18:33:22:707 3392 Driver Name: USBSTOR
18:33:22:707 3392 IRP_MJ_CREATE : AEFBE218
18:33:22:707 3392 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
18:33:22:707 3392 IRP_MJ_CLOSE : AEFBE218
18:33:22:707 3392 IRP_MJ_READ : AEFBE23C
18:33:22:707 3392 IRP_MJ_WRITE : AEFBE23C
18:33:22:707 3392 IRP_MJ_QUERY_INFORMATION : 804F355A
18:33:22:707 3392 IRP_MJ_SET_INFORMATION : 804F355A
18:33:22:707 3392 IRP_MJ_QUERY_EA : 804F355A
18:33:22:707 3392 IRP_MJ_SET_EA : 804F355A
18:33:22:707 3392 IRP_MJ_FLUSH_BUFFERS : 804F355A
18:33:22:707 3392 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
18:33:22:707 3392 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
18:33:22:707 3392 IRP_MJ_DIRECTORY_CONTROL : 804F355A
18:33:22:707 3392 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
18:33:22:707 3392 IRP_MJ_DEVICE_CONTROL : AEFBE180
18:33:22:707 3392 IRP_MJ_INTERNAL_DEVICE_CONTROL : AEFB99E6
18:33:22:707 3392 IRP_MJ_SHUTDOWN : 804F355A
18:33:22:707 3392 IRP_MJ_LOCK_CONTROL : 804F355A
18:33:22:707 3392 IRP_MJ_CLEANUP : 804F355A
18:33:22:707 3392 IRP_MJ_CREATE_MAILSLOT : 804F355A
18:33:22:707 3392 IRP_MJ_QUERY_SECURITY : 804F355A
18:33:22:707 3392 IRP_MJ_SET_SECURITY : 804F355A
18:33:22:707 3392 IRP_MJ_POWER : AEFBD5F0
18:33:22:707 3392 IRP_MJ_SYSTEM_CONTROL : AEFBBA6E
18:33:22:707 3392 IRP_MJ_DEVICE_CHANGE : 804F355A
18:33:22:707 3392 IRP_MJ_QUERY_QUOTA : 804F355A
18:33:22:707 3392 IRP_MJ_SET_QUOTA : 804F355A
18:33:22:717 3392 siohd: 0
18:33:22:717 3392 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
18:33:22:717 3392
18:33:22:717 3392 Driver Name: Disk
18:33:22:717 3392 IRP_MJ_CREATE : BA16EBB0
18:33:22:717 3392 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
18:33:22:717 3392 IRP_MJ_CLOSE : BA16EBB0
18:33:22:717 3392 IRP_MJ_READ : BA168D1F
18:33:22:717 3392 IRP_MJ_WRITE : BA168D1F
18:33:22:717 3392 IRP_MJ_QUERY_INFORMATION : 804F355A
18:33:22:717 3392 IRP_MJ_SET_INFORMATION : 804F355A
18:33:22:717 3392 IRP_MJ_QUERY_EA : 804F355A
18:33:22:717 3392 IRP_MJ_SET_EA : 804F355A
18:33:22:717 3392 IRP_MJ_FLUSH_BUFFERS : BA1692E2
18:33:22:717 3392 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
18:33:22:717 3392 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
18:33:22:717 3392 IRP_MJ_DIRECTORY_CONTROL : 804F355A
18:33:22:717 3392 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
18:33:22:717 3392 IRP_MJ_DEVICE_CONTROL : BA1693BB
18:33:22:717 3392 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA16CF28
18:33:22:717 3392 IRP_MJ_SHUTDOWN : BA1692E2
18:33:22:717 3392 IRP_MJ_LOCK_CONTROL : 804F355A
18:33:22:717 3392 IRP_MJ_CLEANUP : 804F355A
18:33:22:717 3392 IRP_MJ_CREATE_MAILSLOT : 804F355A
18:33:22:717 3392 IRP_MJ_QUERY_SECURITY : 804F355A
18:33:22:717 3392 IRP_MJ_SET_SECURITY : 804F355A
18:33:22:717 3392 IRP_MJ_POWER : BA16AC82
18:33:22:717 3392 IRP_MJ_SYSTEM_CONTROL : BA16F99E
18:33:22:717 3392 IRP_MJ_DEVICE_CHANGE : 804F355A
18:33:22:717 3392 IRP_MJ_QUERY_QUOTA : 804F355A
18:33:22:717 3392 IRP_MJ_SET_QUOTA : 804F355A
18:33:22:717 3392 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
18:33:22:717 3392 sion
18:33:22:717 3392 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
18:33:22:717 3392
18:33:22:717 3392 Driver Name: Disk
18:33:22:717 3392 IRP_MJ_CREATE : BA16EBB0
18:33:22:717 3392 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
18:33:22:717 3392 IRP_MJ_CLOSE : BA16EBB0
18:33:22:717 3392 IRP_MJ_READ : BA168D1F
18:33:22:717 3392 IRP_MJ_WRITE : BA168D1F
18:33:22:717 3392 IRP_MJ_QUERY_INFORMATION : 804F355A
18:33:22:717 3392 IRP_MJ_SET_INFORMATION : 804F355A
18:33:22:717 3392 IRP_MJ_QUERY_EA : 804F355A
18:33:22:717 3392 IRP_MJ_SET_EA : 804F355A
18:33:22:717 3392 IRP_MJ_FLUSH_BUFFERS : BA1692E2
18:33:22:717 3392 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
18:33:22:717 3392 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
18:33:22:717 3392 IRP_MJ_DIRECTORY_CONTROL : 804F355A
18:33:22:717 3392 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
18:33:22:717 3392 IRP_MJ_DEVICE_CONTROL : BA1693BB
18:33:22:717 3392 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA16CF28
18:33:22:717 3392 IRP_MJ_SHUTDOWN : BA1692E2
18:33:22:717 3392 IRP_MJ_LOCK_CONTROL : 804F355A
18:33:22:717 3392 IRP_MJ_CLEANUP : 804F355A
18:33:22:717 3392 IRP_MJ_CREATE_MAILSLOT : 804F355A
18:33:22:717 3392 IRP_MJ_QUERY_SECURITY : 804F355A
18:33:22:717 3392 IRP_MJ_SET_SECURITY : 804F355A
18:33:22:717 3392 IRP_MJ_POWER : BA16AC82
18:33:22:717 3392 IRP_MJ_SYSTEM_CONTROL : BA16F99E
18:33:22:717 3392 IRP_MJ_DEVICE_CHANGE : 804F355A
18:33:22:717 3392 IRP_MJ_QUERY_QUOTA : 804F355A
18:33:22:717 3392 IRP_MJ_SET_QUOTA : 804F355A
18:33:22:717 3392 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
18:33:22:717 3392 sion
18:33:22:727 3392 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
18:33:22:727 3392
18:33:22:727 3392 Driver Name: atapi
18:33:22:727 3392 IRP_MJ_CREATE : 8A0A9555
18:33:22:727 3392 IRP_MJ_CREATE_NAMED_PIPE : 8A0A9555
18:33:22:727 3392 IRP_MJ_CLOSE : 8A0A9555
18:33:22:727 3392 IRP_MJ_READ : 8A0A9555
18:33:22:727 3392 IRP_MJ_WRITE : 8A0A9555
18:33:22:727 3392 IRP_MJ_QUERY_INFORMATION : 8A0A9555
18:33:22:727 3392 IRP_MJ_SET_INFORMATION : 8A0A9555
18:33:22:727 3392 IRP_MJ_QUERY_EA : 8A0A9555
18:33:22:727 3392 IRP_MJ_SET_EA : 8A0A9555
18:33:22:727 3392 IRP_MJ_FLUSH_BUFFERS : 8A0A9555
18:33:22:727 3392 IRP_MJ_QUERY_VOLUME_INFORMATION : 8A0A9555
18:33:22:727 3392 IRP_MJ_SET_VOLUME_INFORMATION : 8A0A9555
18:33:22:727 3392 IRP_MJ_DIRECTORY_CONTROL : 8A0A9555
18:33:22:727 3392 IRP_MJ_FILE_SYSTEM_CONTROL : 8A0A9555
18:33:22:727 3392 IRP_MJ_DEVICE_CONTROL : 8A0A9555
18:33:22:727 3392 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8A0A9555
18:33:22:727 3392 IRP_MJ_SHUTDOWN : 8A0A9555
18:33:22:727 3392 IRP_MJ_LOCK_CONTROL : 8A0A9555
18:33:22:727 3392 IRP_MJ_CLEANUP : 8A0A9555
18:33:22:727 3392 IRP_MJ_CREATE_MAILSLOT : 8A0A9555
18:33:22:727 3392 IRP_MJ_QUERY_SECURITY : 8A0A9555
18:33:22:727 3392 IRP_MJ_SET_SECURITY : 8A0A9555
18:33:22:727 3392 IRP_MJ_POWER : 8A0A9555
18:33:22:727 3392 IRP_MJ_SYSTEM_CONTROL : 8A0A9555
18:33:22:727 3392 IRP_MJ_DEVICE_CHANGE : 8A0A9555
18:33:22:727 3392 IRP_MJ_QUERY_QUOTA : 8A0A9555
18:33:22:727 3392 IRP_MJ_SET_QUOTA : 8A0A9555
18:33:22:757 3392 ihd: 1, 0, 0, 126, 4, 113, 0
18:33:22:757 3392 siohd: 0
18:33:22:757 3392 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Clean
18:33:22:757 3392
18:33:22:757 3392 Completed
18:33:22:757 3392
18:33:22:757 3392 Results:
18:33:22:757 3392 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
18:33:22:757 3392 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
18:33:22:757 3392 File objects infected / cured / cured on reboot: 0 / 0 / 0
18:33:22:757 3392
18:33:22:757 3392 KLMD(ARK) unloaded successfully

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:46 AM

Posted 27 January 2011 - 07:18 PM

OK,let's try an alternate.

Please run the F-Secure Online Scanner
Follow the Instruction here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes, the scan will begin automatically.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Bonnie K

Bonnie K
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 30 January 2011 - 08:41 AM

okay - ran Microsoft Security - it found 4 items - 2 EXPLOIT:Java/cve files and 2 trojandownload/:java/Rexec and mesdeh. I removed those and tried again to run the other 2 you suggested - neither would run. - I do appreciate your help but I am feeling cursed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users