'Open With' Virus [Solved]
Started by
wowcow12
, Mar 06 2010 02:34 PM
-
This topic is locked
#16
Posted 07 March 2010 - 04:59 PM
wowcow12
- Topic Starter
-
- Member
-
- 60 posts
Member
#17
Posted 07 March 2010 - 05:02 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
It should be a series of numbers that make up todays date and time
What problems do you have now ?
What problems do you have now ?
#18
Posted 07 March 2010 - 05:04 PM
wowcow12
- Topic Starter
-
- Member
-
- 60 posts
Member
15:46:48:718 2352 TDSS rootkit removing tool 2.2.7.1 Feb 27 2010 13:29:25
15:46:48:718 2352 ================================================================================
15:46:48:718 2352 SystemInfo:
15:46:48:718 2352 OS Version: 5.1.2600 ServicePack: 2.0
15:46:48:718 2352 Product type: Workstation
15:46:48:734 2352 ComputerName: FLEXSPACE
15:46:48:734 2352 UserName: Meredith
15:46:48:734 2352 Windows directory: C:\WINDOWS
15:46:48:734 2352 Processor architecture: Intel x86
15:46:48:734 2352 Number of processors: 1
15:46:48:734 2352 Page size: 0x1000
15:46:48:750 2352 Boot type: Normal boot
15:46:48:750 2352 ================================================================================
15:46:49:062 2352 UnloadDriverW: NtUnloadDriver error 2
15:46:49:062 2352 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
15:46:49:281 2352 Initialize success
15:46:49:281 2352
15:46:49:281 2352 Scanning Services ...
15:46:49:281 2352 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
15:46:49:281 2352 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
15:46:49:281 2352 wfopen_ex: Trying to KLMD file open
15:46:49:281 2352 wfopen_ex: File opened ok (Flags 2)
15:46:49:281 2352 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
15:46:49:281 2352 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
15:46:49:281 2352 wfopen_ex: Trying to KLMD file open
15:46:49:281 2352 wfopen_ex: File opened ok (Flags 2)
15:46:50:203 2352 GetAdvancedServicesInfo: Raw services enum returned 342 services
15:46:50:203 2352 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
15:46:50:203 2352 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
15:46:50:203 2352
15:46:50:203 2352 Scanning Kernel memory ...
15:46:50:203 2352 Devices to scan: 13
15:46:50:203 2352
15:46:50:203 2352 Driver Name: Disk
15:46:50:203 2352 IRP_MJ_CREATE : F84F9C30
15:46:50:203 2352 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
15:46:50:203 2352 IRP_MJ_CLOSE : F84F9C30
15:46:50:203 2352 IRP_MJ_READ : F84F3D9B
15:46:50:203 2352 IRP_MJ_WRITE : F84F3D9B
15:46:50:203 2352 IRP_MJ_QUERY_INFORMATION : 804F3418
15:46:50:203 2352 IRP_MJ_SET_INFORMATION : 804F3418
15:46:50:203 2352 IRP_MJ_QUERY_EA : 804F3418
15:46:50:203 2352 IRP_MJ_SET_EA : 804F3418
15:46:50:203 2352 IRP_MJ_FLUSH_BUFFERS : F84F4366
15:46:50:203 2352 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
15:46:50:203 2352 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
15:46:50:203 2352 IRP_MJ_DIRECTORY_CONTROL : 804F3418
15:46:50:203 2352 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
15:46:50:203 2352 IRP_MJ_DEVICE_CONTROL : F84F444D
15:46:50:203 2352 IRP_MJ_INTERNAL_DEVICE_CONTROL : F84F7FC3
15:46:50:203 2352 IRP_MJ_SHUTDOWN : F84F4366
15:46:50:203 2352 IRP_MJ_LOCK_CONTROL : 804F3418
15:46:50:203 2352 IRP_MJ_CLEANUP : 804F3418
15:46:50:203 2352 IRP_MJ_CREATE_MAILSLOT : 804F3418
15:46:50:203 2352 IRP_MJ_QUERY_SECURITY : 804F3418
15:46:50:203 2352 IRP_MJ_SET_SECURITY : 804F3418
15:46:50:203 2352 IRP_MJ_POWER : F84F5EF3
15:46:50:203 2352 IRP_MJ_SYSTEM_CONTROL : F84FAA24
15:46:50:203 2352 IRP_MJ_DEVICE_CHANGE : 804F3418
15:46:50:203 2352 IRP_MJ_QUERY_QUOTA : 804F3418
15:46:50:203 2352 IRP_MJ_SET_QUOTA : 804F3418
15:46:50:265 2352 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
15:46:50:265 2352 sion
15:46:50:281 2352 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
15:46:50:281 2352
15:46:50:281 2352 Driver Name: USBSTOR
15:46:50:281 2352 IRP_MJ_CREATE : F88B0218
15:46:50:281 2352 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
15:46:50:281 2352 IRP_MJ_CLOSE : F88B0218
15:46:50:281 2352 IRP_MJ_READ : F88B023C
15:46:50:281 2352 IRP_MJ_WRITE : F88B023C
15:46:50:281 2352 IRP_MJ_QUERY_INFORMATION : 804F3418
15:46:50:281 2352 IRP_MJ_SET_INFORMATION : 804F3418
15:46:50:281 2352 IRP_MJ_QUERY_EA : 804F3418
15:46:50:281 2352 IRP_MJ_SET_EA : 804F3418
15:46:50:281 2352 IRP_MJ_FLUSH_BUFFERS : 804F3418
15:46:50:281 2352 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
15:46:50:281 2352 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
15:46:50:281 2352 IRP_MJ_DIRECTORY_CONTROL : 804F3418
15:46:50:281 2352 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
15:46:50:281 2352 IRP_MJ_DEVICE_CONTROL : F88B0180
15:46:50:281 2352 IRP_MJ_INTERNAL_DEVICE_CONTROL : F88AB9E6
15:46:50:281 2352 IRP_MJ_SHUTDOWN : 804F3418
15:46:50:281 2352 IRP_MJ_LOCK_CONTROL : 804F3418
15:46:50:281 2352 IRP_MJ_CLEANUP : 804F3418
15:46:50:281 2352 IRP_MJ_CREATE_MAILSLOT : 804F3418
15:46:50:281 2352 IRP_MJ_QUERY_SECURITY : 804F3418
15:46:50:281 2352 IRP_MJ_SET_SECURITY : 804F3418
15:46:50:281 2352 IRP_MJ_POWER : F88AF5F0
15:46:50:281 2352 IRP_MJ_SYSTEM_CONTROL : F88ADA6E
15:46:50:281 2352 IRP_MJ_DEVICE_CHANGE : 804F3418
15:46:50:281 2352 IRP_MJ_QUERY_QUOTA : 804F3418
15:46:50:281 2352 IRP_MJ_SET_QUOTA : 804F3418
15:46:50:343 2352 siohd: 0
15:46:50:359 2352 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
15:46:50:359 2352
15:46:50:359 2352 Driver Name: Disk
15:46:50:359 2352 IRP_MJ_CREATE : F84F9C30
15:46:50:359 2352 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
15:46:50:359 2352 IRP_MJ_CLOSE : F84F9C30
15:46:50:359 2352 IRP_MJ_READ : F84F3D9B
15:46:50:359 2352 IRP_MJ_WRITE : F84F3D9B
15:46:50:359 2352 IRP_MJ_QUERY_INFORMATION : 804F3418
15:46:50:359 2352 IRP_MJ_SET_INFORMATION : 804F3418
15:46:50:359 2352 IRP_MJ_QUERY_EA : 804F3418
15:46:50:359 2352 IRP_MJ_SET_EA : 804F3418
15:46:50:359 2352 IRP_MJ_FLUSH_BUFFERS : F84F4366
15:46:50:359 2352 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
15:46:50:359 2352 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
15:46:50:359 2352 IRP_MJ_DIRECTORY_CONTROL : 804F3418
15:46:50:359 2352 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
15:46:50:359 2352 IRP_MJ_DEVICE_CONTROL : F84F444D
15:46:50:359 2352 IRP_MJ_INTERNAL_DEVICE_CONTROL : F84F7FC3
15:46:50:359 2352 IRP_MJ_SHUTDOWN : F84F4366
15:46:50:359 2352 IRP_MJ_LOCK_CONTROL : 804F3418
15:46:50:359 2352 IRP_MJ_CLEANUP : 804F3418
15:46:50:359 2352 IRP_MJ_CREATE_MAILSLOT : 804F3418
15:46:50:359 2352 IRP_MJ_QUERY_SECURITY : 804F3418
15:46:50:359 2352 IRP_MJ_SET_SECURITY : 804F3418
15:46:50:359 2352 IRP_MJ_POWER : F84F5EF3
15:46:50:359 2352 IRP_MJ_SYSTEM_CONTROL : F84FAA24
15:46:50:359 2352 IRP_MJ_DEVICE_CHANGE : 804F3418
15:46:50:359 2352 IRP_MJ_QUERY_QUOTA : 804F3418
15:46:50:359 2352 IRP_MJ_SET_QUOTA : 804F3418
15:46:50:375 2352 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
15:46:50:375 2352 sion
15:46:50:375 2352 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
15:46:50:375 2352
15:46:50:375 2352 Driver Name: Disk
15:46:50:375 2352 IRP_MJ_CREATE : F84F9C30
15:46:50:375 2352 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
15:46:50:375 2352 IRP_MJ_CLOSE : F84F9C30
15:46:50:375 2352 IRP_MJ_READ : F84F3D9B
15:46:50:375 2352 IRP_MJ_WRITE : F84F3D9B
15:46:50:375 2352 IRP_MJ_QUERY_INFORMATION : 804F3418
15:46:50:375 2352 IRP_MJ_SET_INFORMATION : 804F3418
15:46:50:375 2352 IRP_MJ_QUERY_EA : 804F3418
15:46:50:375 2352 IRP_MJ_SET_EA : 804F3418
15:46:50:375 2352 IRP_MJ_FLUSH_BUFFERS : F84F4366
15:46:50:375 2352 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
15:46:50:375 2352 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
15:46:50:375 2352 IRP_MJ_DIRECTORY_CONTROL : 804F3418
15:46:50:375 2352 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
15:46:50:375 2352 IRP_MJ_DEVICE_CONTROL : F84F444D
15:46:50:375 2352 IRP_MJ_INTERNAL_DEVICE_CONTROL : F84F7FC3
15:46:50:375 2352 IRP_MJ_SHUTDOWN : F84F4366
15:46:50:375 2352 IRP_MJ_LOCK_CONTROL : 804F3418
15:46:50:375 2352 IRP_MJ_CLEANUP : 804F3418
15:46:50:375 2352 IRP_MJ_CREATE_MAILSLOT : 804F3418
15:46:50:375 2352 IRP_MJ_QUERY_SECURITY : 804F3418
15:46:50:375 2352 IRP_MJ_SET_SECURITY : 804F3418
15:46:50:375 2352 IRP_MJ_POWER : F84F5EF3
15:46:50:375 2352 IRP_MJ_SYSTEM_CONTROL : F84FAA24
15:46:50:375 2352 IRP_MJ_DEVICE_CHANGE : 804F3418
15:46:50:375 2352 IRP_MJ_QUERY_QUOTA : 804F3418
15:46:50:375 2352 IRP_MJ_SET_QUOTA : 804F3418
15:46:50:375 2352 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
15:46:50:375 2352 sion
15:46:50:375 2352 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
15:46:50:375 2352
15:46:50:375 2352 Driver Name: Disk
15:46:50:375 2352 IRP_MJ_CREATE : F84F9C30
15:46:50:375 2352 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
15:46:50:375 2352 IRP_MJ_CLOSE : F84F9C30
15:46:50:375 2352 IRP_MJ_READ : F84F3D9B
15:46:50:375 2352 IRP_MJ_WRITE : F84F3D9B
15:46:50:375 2352 IRP_MJ_QUERY_INFORMATION : 804F3418
15:46:50:375 2352 IRP_MJ_SET_INFORMATION : 804F3418
15:46:50:375 2352 IRP_MJ_QUERY_EA : 804F3418
15:46:50:375 2352 IRP_MJ_SET_EA : 804F3418
15:46:50:375 2352 IRP_MJ_FLUSH_BUFFERS : F84F4366
15:46:50:375 2352 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
15:46:50:375 2352 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
15:46:50:375 2352 IRP_MJ_DIRECTORY_CONTROL : 804F3418
15:46:50:375 2352 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
15:46:50:375 2352 IRP_MJ_DEVICE_CONTROL : F84F444D
15:46:50:375 2352 IRP_MJ_INTERNAL_DEVICE_CONTROL : F84F7FC3
15:46:50:375 2352 IRP_MJ_SHUTDOWN : F84F4366
15:46:50:375 2352 IRP_MJ_LOCK_CONTROL : 804F3418
15:46:50:375 2352 IRP_MJ_CLEANUP : 804F3418
15:46:50:375 2352 IRP_MJ_CREATE_MAILSLOT : 804F3418
15:46:50:375 2352 IRP_MJ_QUERY_SECURITY : 804F3418
15:46:50:375 2352 IRP_MJ_SET_SECURITY : 804F3418
15:46:50:375 2352 IRP_MJ_POWER : F84F5EF3
15:46:50:375 2352 IRP_MJ_SYSTEM_CONTROL : F84FAA24
15:46:50:375 2352 IRP_MJ_DEVICE_CHANGE : 804F3418
15:46:50:375 2352 IRP_MJ_QUERY_QUOTA : 804F3418
15:46:50:375 2352 IRP_MJ_SET_QUOTA : 804F3418
15:46:50:375 2352 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
15:46:50:375 2352 sion
15:46:50:390 2352 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
15:46:50:390 2352
15:46:50:390 2352 Driver Name: Disk
15:46:50:390 2352 IRP_MJ_CREATE : F84F9C30
15:46:50:390 2352 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
15:46:50:390 2352 IRP_MJ_CLOSE : F84F9C30
15:46:50:390 2352 IRP_MJ_READ : F84F3D9B
15:46:50:390 2352 IRP_MJ_WRITE : F84F3D9B
15:46:50:390 2352 IRP_MJ_QUERY_INFORMATION : 804F3418
15:46:50:390 2352 IRP_MJ_SET_INFORMATION : 804F3418
15:46:50:390 2352 IRP_MJ_QUERY_EA : 804F3418
15:46:50:390 2352 IRP_MJ_SET_EA : 804F3418
15:46:50:390 2352 IRP_MJ_FLUSH_BUFFERS : F84F4366
15:46:50:390 2352 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
15:46:50:390 2352 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
15:46:50:390 2352 IRP_MJ_DIRECTORY_CONTROL : 804F3418
15:46:50:390 2352 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
15:46:50:390 2352 IRP_MJ_DEVICE_CONTROL : F84F444D
15:46:50:390 2352 IRP_MJ_INTERNAL_DEVICE_CONTROL : F84F7FC3
15:46:50:390 2352 IRP_MJ_SHUTDOWN : F84F4366
15:46:50:390 2352 IRP_MJ_LOCK_CONTROL : 804F3418
15:46:50:390 2352 IRP_MJ_CLEANUP : 804F3418
15:46:50:390 2352 IRP_MJ_CREATE_MAILSLOT : 804F3418
15:46:50:390 2352 IRP_MJ_QUERY_SECURITY : 804F3418
15:46:50:390 2352 IRP_MJ_SET_SECURITY : 804F3418
15:46:50:390 2352 IRP_MJ_POWER : F84F5EF3
15:46:50:390 2352 IRP_MJ_SYSTEM_CONTROL : F84FAA24
15:46:50:390 2352 IRP_MJ_DEVICE_CHANGE : 804F3418
15:46:50:390 2352 IRP_MJ_QUERY_QUOTA : 804F3418
15:46:50:390 2352 IRP_MJ_SET_QUOTA : 804F3418
15:46:50:390 2352 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
15:46:50:390 2352 sion
15:46:50:390 2352 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
15:46:50:390 2352
15:46:50:390 2352 Driver Name: USBSTOR
15:46:50:390 2352 IRP_MJ_CREATE : F88B0218
15:46:50:390 2352 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
15:46:50:390 2352 IRP_MJ_CLOSE : F88B0218
15:46:50:390 2352 IRP_MJ_READ : F88B023C
15:46:50:390 2352 IRP_MJ_WRITE : F88B023C
15:46:50:390 2352 IRP_MJ_QUERY_INFORMATION : 804F3418
15:46:50:390 2352 IRP_MJ_SET_INFORMATION : 804F3418
15:46:50:390 2352 IRP_MJ_QUERY_EA : 804F3418
15:46:50:390 2352 IRP_MJ_SET_EA : 804F3418
15:46:50:390 2352 IRP_MJ_FLUSH_BUFFERS : 804F3418
15:46:50:390 2352 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
15:46:50:390 2352 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
15:46:50:390 2352 IRP_MJ_DIRECTORY_CONTROL : 804F3418
15:46:50:390 2352 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
15:46:50:390 2352 IRP_MJ_DEVICE_CONTROL : F88B0180
15:46:50:390 2352 IRP_MJ_INTERNAL_DEVICE_CONTROL : F88AB9E6
15:46:50:390 2352 IRP_MJ_SHUTDOWN : 804F3418
15:46:50:390 2352 IRP_MJ_LOCK_CONTROL : 804F3418
15:46:50:390 2352 IRP_MJ_CLEANUP : 804F3418
15:46:50:390 2352 IRP_MJ_CREATE_MAILSLOT : 804F3418
15:46:50:390 2352 IRP_MJ_QUERY_SECURITY : 804F3418
15:46:50:390 2352 IRP_MJ_SET_SECURITY : 804F3418
15:46:50:390 2352 IRP_MJ_POWER : F88AF5F0
15:46:50:390 2352 IRP_MJ_SYSTEM_CONTROL : F88ADA6E
15:46:50:390 2352 IRP_MJ_DEVICE_CHANGE : 804F3418
15:46:50:390 2352 IRP_MJ_QUERY_QUOTA : 804F3418
15:46:50:390 2352 IRP_MJ_SET_QUOTA : 804F3418
15:46:50:390 2352 siohd: 0
15:46:50:390 2352 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
15:46:50:390 2352
15:46:50:390 2352 Driver Name: USBSTOR
15:46:50:390 2352 IRP_MJ_CREATE : F88B0218
15:46:50:390 2352 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
15:46:50:390 2352 IRP_MJ_CLOSE : F88B0218
15:46:50:390 2352 IRP_MJ_READ : F88B023C
15:46:50:390 2352 IRP_MJ_WRITE : F88B023C
15:46:50:390 2352 IRP_MJ_QUERY_INFORMATION : 804F3418
15:46:50:390 2352 IRP_MJ_SET_INFORMATION : 804F3418
15:46:50:390 2352 IRP_MJ_QUERY_EA : 804F3418
15:46:50:390 2352 IRP_MJ_SET_EA : 804F3418
15:46:50:390 2352 IRP_MJ_FLUSH_BUFFERS : 804F3418
15:46:50:390 2352 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
15:46:50:421 2352 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
15:46:50:421 2352 IRP_MJ_DIRECTORY_CONTROL : 804F3418
15:46:50:421 2352 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
15:46:50:421 2352 IRP_MJ_DEVICE_CONTROL : F88B0180
15:46:50:421 2352 IRP_MJ_INTERNAL_DEVICE_CONTROL : F88AB9E6
15:46:50:421 2352 IRP_MJ_SHUTDOWN : 804F3418
15:46:50:421 2352 IRP_MJ_LOCK_CONTROL : 804F3418
15:46:50:421 2352 IRP_MJ_CLEANUP : 804F3418
15:46:50:421 2352 IRP_MJ_CREATE_MAILSLOT : 804F3418
15:46:50:421 2352 IRP_MJ_QUERY_SECURITY : 804F3418
15:46:50:421 2352 IRP_MJ_SET_SECURITY : 804F3418
15:46:50:421 2352 IRP_MJ_POWER : F88AF5F0
15:46:50:421 2352 IRP_MJ_SYSTEM_CONTROL : F88ADA6E
15:46:50:421 2352 IRP_MJ_DEVICE_CHANGE : 804F3418
15:46:50:421 2352 IRP_MJ_QUERY_QUOTA : 804F3418
15:46:50:421 2352 IRP_MJ_SET_QUOTA : 804F3418
15:46:50:421 2352 siohd: 0
15:46:50:421 2352 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
15:46:50:421 2352
15:46:50:421 2352 Driver Name: USBSTOR
15:46:50:421 2352 IRP_MJ_CREATE : F88B0218
15:46:50:421 2352 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
15:46:50:421 2352 IRP_MJ_CLOSE : F88B0218
15:46:50:421 2352 IRP_MJ_READ : F88B023C
15:46:50:421 2352 IRP_MJ_WRITE : F88B023C
15:46:50:421 2352 IRP_MJ_QUERY_INFORMATION : 804F3418
15:46:50:421 2352 IRP_MJ_SET_INFORMATION : 804F3418
15:46:50:421 2352 IRP_MJ_QUERY_EA : 804F3418
15:46:50:421 2352 IRP_MJ_SET_EA : 804F3418
15:46:50:421 2352 IRP_MJ_FLUSH_BUFFERS : 804F3418
15:46:50:421 2352 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
15:46:50:421 2352 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
15:46:50:421 2352 IRP_MJ_DIRECTORY_CONTROL : 804F3418
15:46:50:421 2352 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
15:46:50:421 2352 IRP_MJ_DEVICE_CONTROL : F88B0180
15:46:50:421 2352 IRP_MJ_INTERNAL_DEVICE_CONTROL : F88AB9E6
15:46:50:421 2352 IRP_MJ_SHUTDOWN : 804F3418
15:46:50:421 2352 IRP_MJ_LOCK_CONTROL : 804F3418
15:46:50:421 2352 IRP_MJ_CLEANUP : 804F3418
15:46:50:421 2352 IRP_MJ_CREATE_MAILSLOT : 804F3418
15:46:50:421 2352 IRP_MJ_QUERY_SECURITY : 804F3418
15:46:50:421 2352 IRP_MJ_SET_SECURITY : 804F3418
15:46:50:421 2352 IRP_MJ_POWER : F88AF5F0
15:46:50:421 2352 IRP_MJ_SYSTEM_CONTROL : F88ADA6E
15:46:50:421 2352 IRP_MJ_DEVICE_CHANGE : 804F3418
15:46:50:421 2352 IRP_MJ_QUERY_QUOTA : 804F3418
15:46:50:421 2352 IRP_MJ_SET_QUOTA : 804F3418
15:46:50:421 2352 siohd: 0
15:46:50:421 2352 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
15:46:50:421 2352
15:46:50:421 2352 Driver Name: USBSTOR
15:46:50:421 2352 IRP_MJ_CREATE : F88B0218
15:46:50:421 2352 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
15:46:50:421 2352 IRP_MJ_CLOSE : F88B0218
15:46:50:421 2352 IRP_MJ_READ : F88B023C
15:46:50:421 2352 IRP_MJ_WRITE : F88B023C
15:46:50:421 2352 IRP_MJ_QUERY_INFORMATION : 804F3418
15:46:50:421 2352 IRP_MJ_SET_INFORMATION : 804F3418
15:46:50:421 2352 IRP_MJ_QUERY_EA : 804F3418
15:46:50:421 2352 IRP_MJ_SET_EA : 804F3418
15:46:50:421 2352 IRP_MJ_FLUSH_BUFFERS : 804F3418
15:46:50:421 2352 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
15:46:50:421 2352 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
15:46:50:421 2352 IRP_MJ_DIRECTORY_CONTROL : 804F3418
15:46:50:421 2352 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
15:46:50:421 2352 IRP_MJ_DEVICE_CONTROL : F88B0180
15:46:50:421 2352 IRP_MJ_INTERNAL_DEVICE_CONTROL : F88AB9E6
15:46:50:421 2352 IRP_MJ_SHUTDOWN : 804F3418
15:46:50:421 2352 IRP_MJ_LOCK_CONTROL : 804F3418
15:46:50:421 2352 IRP_MJ_CLEANUP : 804F3418
15:46:50:421 2352 IRP_MJ_CREATE_MAILSLOT : 804F3418
15:46:50:421 2352 IRP_MJ_QUERY_SECURITY : 804F3418
15:46:50:421 2352 IRP_MJ_SET_SECURITY : 804F3418
15:46:50:421 2352 IRP_MJ_POWER : F88AF5F0
15:46:50:421 2352 IRP_MJ_SYSTEM_CONTROL : F88ADA6E
15:46:50:421 2352 IRP_MJ_DEVICE_CHANGE : 804F3418
15:46:50:421 2352 IRP_MJ_QUERY_QUOTA : 804F3418
15:46:50:421 2352 IRP_MJ_SET_QUOTA : 804F3418
15:46:50:421 2352 siohd: 0
15:46:50:421 2352 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
15:46:50:421 2352
15:46:50:421 2352 Driver Name: Disk
15:46:50:421 2352 IRP_MJ_CREATE : F84F9C30
15:46:50:421 2352 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
15:46:50:421 2352 IRP_MJ_CLOSE : F84F9C30
15:46:50:421 2352 IRP_MJ_READ : F84F3D9B
15:46:50:421 2352 IRP_MJ_WRITE : F84F3D9B
15:46:50:421 2352 IRP_MJ_QUERY_INFORMATION : 804F3418
15:46:50:421 2352 IRP_MJ_SET_INFORMATION : 804F3418
15:46:50:421 2352 IRP_MJ_QUERY_EA : 804F3418
15:46:50:421 2352 IRP_MJ_SET_EA : 804F3418
15:46:50:421 2352 IRP_MJ_FLUSH_BUFFERS : F84F4366
15:46:50:421 2352 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
15:46:50:421 2352 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
15:46:50:421 2352 IRP_MJ_DIRECTORY_CONTROL : 804F3418
15:46:50:421 2352 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
15:46:50:421 2352 IRP_MJ_DEVICE_CONTROL : F84F444D
15:46:50:421 2352 IRP_MJ_INTERNAL_DEVICE_CONTROL : F84F7FC3
15:46:50:421 2352 IRP_MJ_SHUTDOWN : F84F4366
15:46:50:421 2352 IRP_MJ_LOCK_CONTROL : 804F3418
15:46:50:421 2352 IRP_MJ_CLEANUP : 804F3418
15:46:50:421 2352 IRP_MJ_CREATE_MAILSLOT : 804F3418
15:46:50:421 2352 IRP_MJ_QUERY_SECURITY : 804F3418
15:46:50:421 2352 IRP_MJ_SET_SECURITY : 804F3418
15:46:50:421 2352 IRP_MJ_POWER : F84F5EF3
15:46:50:421 2352 IRP_MJ_SYSTEM_CONTROL : F84FAA24
15:46:50:421 2352 IRP_MJ_DEVICE_CHANGE : 804F3418
15:46:50:421 2352 IRP_MJ_QUERY_QUOTA : 804F3418
15:46:50:421 2352 IRP_MJ_SET_QUOTA : 804F3418
15:46:50:421 2352 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
15:46:50:421 2352 sion
15:46:50:437 2352 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
15:46:50:437 2352
15:46:50:437 2352 Driver Name: Disk
15:46:50:437 2352 IRP_MJ_CREATE : F84F9C30
15:46:50:437 2352 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
15:46:50:437 2352 IRP_MJ_CLOSE : F84F9C30
15:46:50:437 2352 IRP_MJ_READ : F84F3D9B
15:46:50:437 2352 IRP_MJ_WRITE : F84F3D9B
15:46:50:437 2352 IRP_MJ_QUERY_INFORMATION : 804F3418
15:46:50:437 2352 IRP_MJ_SET_INFORMATION : 804F3418
15:46:50:437 2352 IRP_MJ_QUERY_EA : 804F3418
15:46:50:437 2352 IRP_MJ_SET_EA : 804F3418
15:46:50:437 2352 IRP_MJ_FLUSH_BUFFERS : F84F4366
15:46:50:437 2352 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
15:46:50:437 2352 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
15:46:50:437 2352 IRP_MJ_DIRECTORY_CONTROL : 804F3418
15:46:50:437 2352 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
15:46:50:437 2352 IRP_MJ_DEVICE_CONTROL : F84F444D
15:46:50:437 2352 IRP_MJ_INTERNAL_DEVICE_CONTROL : F84F7FC3
15:46:50:437 2352 IRP_MJ_SHUTDOWN : F84F4366
15:46:50:437 2352 IRP_MJ_LOCK_CONTROL : 804F3418
15:46:50:437 2352 IRP_MJ_CLEANUP : 804F3418
15:46:50:437 2352 IRP_MJ_CREATE_MAILSLOT : 804F3418
15:46:50:437 2352 IRP_MJ_QUERY_SECURITY : 804F3418
15:46:50:437 2352 IRP_MJ_SET_SECURITY : 804F3418
15:46:50:437 2352 IRP_MJ_POWER : F84F5EF3
15:46:50:437 2352 IRP_MJ_SYSTEM_CONTROL : F84FAA24
15:46:50:437 2352 IRP_MJ_DEVICE_CHANGE : 804F3418
15:46:50:437 2352 IRP_MJ_QUERY_QUOTA : 804F3418
15:46:50:437 2352 IRP_MJ_SET_QUOTA : 804F3418
15:46:50:437 2352 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
15:46:50:437 2352 sion
15:46:50:437 2352 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
15:46:50:437 2352
15:46:50:437 2352 Driver Name: atapi
15:46:50:437 2352 IRP_MJ_CREATE : F8346572
15:46:50:437 2352 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
15:46:50:437 2352 IRP_MJ_CLOSE : F8346572
15:46:50:437 2352 IRP_MJ_READ : 804F3418
15:46:50:437 2352 IRP_MJ_WRITE : 804F3418
15:46:50:437 2352 IRP_MJ_QUERY_INFORMATION : 804F3418
15:46:50:437 2352 IRP_MJ_SET_INFORMATION : 804F3418
15:46:50:437 2352 IRP_MJ_QUERY_EA : 804F3418
15:46:50:437 2352 IRP_MJ_SET_EA : 804F3418
15:46:50:437 2352 IRP_MJ_FLUSH_BUFFERS : 804F3418
15:46:50:437 2352 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
15:46:50:437 2352 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
15:46:50:437 2352 IRP_MJ_DIRECTORY_CONTROL : 804F3418
15:46:50:437 2352 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
15:46:50:437 2352 IRP_MJ_DEVICE_CONTROL : 82F1090A
15:46:50:437 2352 IRP_MJ_INTERNAL_DEVICE_CONTROL : F83427B4
15:46:50:437 2352 IRP_MJ_SHUTDOWN : 804F3418
15:46:50:437 2352 IRP_MJ_LOCK_CONTROL : 804F3418
15:46:50:437 2352 IRP_MJ_CLEANUP : 804F3418
15:46:50:437 2352 IRP_MJ_CREATE_MAILSLOT : 804F3418
15:46:50:437 2352 IRP_MJ_QUERY_SECURITY : 804F3418
15:46:50:437 2352 IRP_MJ_SET_SECURITY : 804F3418
15:46:50:437 2352 IRP_MJ_POWER : F83465BC
15:46:50:437 2352 IRP_MJ_SYSTEM_CONTROL : F834D164
15:46:50:437 2352 IRP_MJ_DEVICE_CHANGE : 804F3418
15:46:50:437 2352 IRP_MJ_QUERY_QUOTA : 804F3418
15:46:50:437 2352 IRP_MJ_SET_QUOTA : 804F3418
15:46:50:515 2352 siohd: 0
15:46:50:515 2352 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Infected
15:46:50:515 2352 File C:\WINDOWS\system32\DRIVERS\atapi.sys infected by TDSS rootkit ... 15:46:50:515 2352 Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
15:46:50:515 2352 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3
15:46:50:921 2352 vfvi6
15:46:51:390 2352 !dsvbh1
15:46:56:109 2352 dsvbh2
15:46:56:109 2352 fdfb2
15:46:56:109 2352 Backup copy found, using it..
15:46:57:578 2352 will be cured on next reboot
15:46:57:578 2352 Reboot required for cure complete..
15:46:57:687 2352 Cure on reboot scheduled successfully
15:46:57:687 2352
15:46:57:687 2352 Completed
15:46:57:687 2352
15:46:57:687 2352 Results:
15:46:57:687 2352 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
15:46:57:687 2352 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
15:46:57:687 2352 File objects infected / cured / cured on reboot: 1 / 0 / 1
15:46:57:687 2352
15:46:57:687 2352 UnloadDriverW: NtUnloadDriver error 1
15:46:57:687 2352 KLMD_Unload: UnloadDriverW(klmd21) error 1
15:46:57:687 2352 KLMD(ARK) unloaded successfully
And absolutely none, my PC booted up PERFECTLY and there were no error messages and it even seems faster. Thank you so much for your help!!(:
15:46:48:718 2352 ================================================================================
15:46:48:718 2352 SystemInfo:
15:46:48:718 2352 OS Version: 5.1.2600 ServicePack: 2.0
15:46:48:718 2352 Product type: Workstation
15:46:48:734 2352 ComputerName: FLEXSPACE
15:46:48:734 2352 UserName: Meredith
15:46:48:734 2352 Windows directory: C:\WINDOWS
15:46:48:734 2352 Processor architecture: Intel x86
15:46:48:734 2352 Number of processors: 1
15:46:48:734 2352 Page size: 0x1000
15:46:48:750 2352 Boot type: Normal boot
15:46:48:750 2352 ================================================================================
15:46:49:062 2352 UnloadDriverW: NtUnloadDriver error 2
15:46:49:062 2352 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
15:46:49:281 2352 Initialize success
15:46:49:281 2352
15:46:49:281 2352 Scanning Services ...
15:46:49:281 2352 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
15:46:49:281 2352 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
15:46:49:281 2352 wfopen_ex: Trying to KLMD file open
15:46:49:281 2352 wfopen_ex: File opened ok (Flags 2)
15:46:49:281 2352 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
15:46:49:281 2352 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
15:46:49:281 2352 wfopen_ex: Trying to KLMD file open
15:46:49:281 2352 wfopen_ex: File opened ok (Flags 2)
15:46:50:203 2352 GetAdvancedServicesInfo: Raw services enum returned 342 services
15:46:50:203 2352 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
15:46:50:203 2352 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
15:46:50:203 2352
15:46:50:203 2352 Scanning Kernel memory ...
15:46:50:203 2352 Devices to scan: 13
15:46:50:203 2352
15:46:50:203 2352 Driver Name: Disk
15:46:50:203 2352 IRP_MJ_CREATE : F84F9C30
15:46:50:203 2352 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
15:46:50:203 2352 IRP_MJ_CLOSE : F84F9C30
15:46:50:203 2352 IRP_MJ_READ : F84F3D9B
15:46:50:203 2352 IRP_MJ_WRITE : F84F3D9B
15:46:50:203 2352 IRP_MJ_QUERY_INFORMATION : 804F3418
15:46:50:203 2352 IRP_MJ_SET_INFORMATION : 804F3418
15:46:50:203 2352 IRP_MJ_QUERY_EA : 804F3418
15:46:50:203 2352 IRP_MJ_SET_EA : 804F3418
15:46:50:203 2352 IRP_MJ_FLUSH_BUFFERS : F84F4366
15:46:50:203 2352 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
15:46:50:203 2352 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
15:46:50:203 2352 IRP_MJ_DIRECTORY_CONTROL : 804F3418
15:46:50:203 2352 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
15:46:50:203 2352 IRP_MJ_DEVICE_CONTROL : F84F444D
15:46:50:203 2352 IRP_MJ_INTERNAL_DEVICE_CONTROL : F84F7FC3
15:46:50:203 2352 IRP_MJ_SHUTDOWN : F84F4366
15:46:50:203 2352 IRP_MJ_LOCK_CONTROL : 804F3418
15:46:50:203 2352 IRP_MJ_CLEANUP : 804F3418
15:46:50:203 2352 IRP_MJ_CREATE_MAILSLOT : 804F3418
15:46:50:203 2352 IRP_MJ_QUERY_SECURITY : 804F3418
15:46:50:203 2352 IRP_MJ_SET_SECURITY : 804F3418
15:46:50:203 2352 IRP_MJ_POWER : F84F5EF3
15:46:50:203 2352 IRP_MJ_SYSTEM_CONTROL : F84FAA24
15:46:50:203 2352 IRP_MJ_DEVICE_CHANGE : 804F3418
15:46:50:203 2352 IRP_MJ_QUERY_QUOTA : 804F3418
15:46:50:203 2352 IRP_MJ_SET_QUOTA : 804F3418
15:46:50:265 2352 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
15:46:50:265 2352 sion
15:46:50:281 2352 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
15:46:50:281 2352
15:46:50:281 2352 Driver Name: USBSTOR
15:46:50:281 2352 IRP_MJ_CREATE : F88B0218
15:46:50:281 2352 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
15:46:50:281 2352 IRP_MJ_CLOSE : F88B0218
15:46:50:281 2352 IRP_MJ_READ : F88B023C
15:46:50:281 2352 IRP_MJ_WRITE : F88B023C
15:46:50:281 2352 IRP_MJ_QUERY_INFORMATION : 804F3418
15:46:50:281 2352 IRP_MJ_SET_INFORMATION : 804F3418
15:46:50:281 2352 IRP_MJ_QUERY_EA : 804F3418
15:46:50:281 2352 IRP_MJ_SET_EA : 804F3418
15:46:50:281 2352 IRP_MJ_FLUSH_BUFFERS : 804F3418
15:46:50:281 2352 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
15:46:50:281 2352 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
15:46:50:281 2352 IRP_MJ_DIRECTORY_CONTROL : 804F3418
15:46:50:281 2352 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
15:46:50:281 2352 IRP_MJ_DEVICE_CONTROL : F88B0180
15:46:50:281 2352 IRP_MJ_INTERNAL_DEVICE_CONTROL : F88AB9E6
15:46:50:281 2352 IRP_MJ_SHUTDOWN : 804F3418
15:46:50:281 2352 IRP_MJ_LOCK_CONTROL : 804F3418
15:46:50:281 2352 IRP_MJ_CLEANUP : 804F3418
15:46:50:281 2352 IRP_MJ_CREATE_MAILSLOT : 804F3418
15:46:50:281 2352 IRP_MJ_QUERY_SECURITY : 804F3418
15:46:50:281 2352 IRP_MJ_SET_SECURITY : 804F3418
15:46:50:281 2352 IRP_MJ_POWER : F88AF5F0
15:46:50:281 2352 IRP_MJ_SYSTEM_CONTROL : F88ADA6E
15:46:50:281 2352 IRP_MJ_DEVICE_CHANGE : 804F3418
15:46:50:281 2352 IRP_MJ_QUERY_QUOTA : 804F3418
15:46:50:281 2352 IRP_MJ_SET_QUOTA : 804F3418
15:46:50:343 2352 siohd: 0
15:46:50:359 2352 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
15:46:50:359 2352
15:46:50:359 2352 Driver Name: Disk
15:46:50:359 2352 IRP_MJ_CREATE : F84F9C30
15:46:50:359 2352 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
15:46:50:359 2352 IRP_MJ_CLOSE : F84F9C30
15:46:50:359 2352 IRP_MJ_READ : F84F3D9B
15:46:50:359 2352 IRP_MJ_WRITE : F84F3D9B
15:46:50:359 2352 IRP_MJ_QUERY_INFORMATION : 804F3418
15:46:50:359 2352 IRP_MJ_SET_INFORMATION : 804F3418
15:46:50:359 2352 IRP_MJ_QUERY_EA : 804F3418
15:46:50:359 2352 IRP_MJ_SET_EA : 804F3418
15:46:50:359 2352 IRP_MJ_FLUSH_BUFFERS : F84F4366
15:46:50:359 2352 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
15:46:50:359 2352 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
15:46:50:359 2352 IRP_MJ_DIRECTORY_CONTROL : 804F3418
15:46:50:359 2352 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
15:46:50:359 2352 IRP_MJ_DEVICE_CONTROL : F84F444D
15:46:50:359 2352 IRP_MJ_INTERNAL_DEVICE_CONTROL : F84F7FC3
15:46:50:359 2352 IRP_MJ_SHUTDOWN : F84F4366
15:46:50:359 2352 IRP_MJ_LOCK_CONTROL : 804F3418
15:46:50:359 2352 IRP_MJ_CLEANUP : 804F3418
15:46:50:359 2352 IRP_MJ_CREATE_MAILSLOT : 804F3418
15:46:50:359 2352 IRP_MJ_QUERY_SECURITY : 804F3418
15:46:50:359 2352 IRP_MJ_SET_SECURITY : 804F3418
15:46:50:359 2352 IRP_MJ_POWER : F84F5EF3
15:46:50:359 2352 IRP_MJ_SYSTEM_CONTROL : F84FAA24
15:46:50:359 2352 IRP_MJ_DEVICE_CHANGE : 804F3418
15:46:50:359 2352 IRP_MJ_QUERY_QUOTA : 804F3418
15:46:50:359 2352 IRP_MJ_SET_QUOTA : 804F3418
15:46:50:375 2352 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
15:46:50:375 2352 sion
15:46:50:375 2352 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
15:46:50:375 2352
15:46:50:375 2352 Driver Name: Disk
15:46:50:375 2352 IRP_MJ_CREATE : F84F9C30
15:46:50:375 2352 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
15:46:50:375 2352 IRP_MJ_CLOSE : F84F9C30
15:46:50:375 2352 IRP_MJ_READ : F84F3D9B
15:46:50:375 2352 IRP_MJ_WRITE : F84F3D9B
15:46:50:375 2352 IRP_MJ_QUERY_INFORMATION : 804F3418
15:46:50:375 2352 IRP_MJ_SET_INFORMATION : 804F3418
15:46:50:375 2352 IRP_MJ_QUERY_EA : 804F3418
15:46:50:375 2352 IRP_MJ_SET_EA : 804F3418
15:46:50:375 2352 IRP_MJ_FLUSH_BUFFERS : F84F4366
15:46:50:375 2352 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
15:46:50:375 2352 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
15:46:50:375 2352 IRP_MJ_DIRECTORY_CONTROL : 804F3418
15:46:50:375 2352 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
15:46:50:375 2352 IRP_MJ_DEVICE_CONTROL : F84F444D
15:46:50:375 2352 IRP_MJ_INTERNAL_DEVICE_CONTROL : F84F7FC3
15:46:50:375 2352 IRP_MJ_SHUTDOWN : F84F4366
15:46:50:375 2352 IRP_MJ_LOCK_CONTROL : 804F3418
15:46:50:375 2352 IRP_MJ_CLEANUP : 804F3418
15:46:50:375 2352 IRP_MJ_CREATE_MAILSLOT : 804F3418
15:46:50:375 2352 IRP_MJ_QUERY_SECURITY : 804F3418
15:46:50:375 2352 IRP_MJ_SET_SECURITY : 804F3418
15:46:50:375 2352 IRP_MJ_POWER : F84F5EF3
15:46:50:375 2352 IRP_MJ_SYSTEM_CONTROL : F84FAA24
15:46:50:375 2352 IRP_MJ_DEVICE_CHANGE : 804F3418
15:46:50:375 2352 IRP_MJ_QUERY_QUOTA : 804F3418
15:46:50:375 2352 IRP_MJ_SET_QUOTA : 804F3418
15:46:50:375 2352 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
15:46:50:375 2352 sion
15:46:50:375 2352 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
15:46:50:375 2352
15:46:50:375 2352 Driver Name: Disk
15:46:50:375 2352 IRP_MJ_CREATE : F84F9C30
15:46:50:375 2352 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
15:46:50:375 2352 IRP_MJ_CLOSE : F84F9C30
15:46:50:375 2352 IRP_MJ_READ : F84F3D9B
15:46:50:375 2352 IRP_MJ_WRITE : F84F3D9B
15:46:50:375 2352 IRP_MJ_QUERY_INFORMATION : 804F3418
15:46:50:375 2352 IRP_MJ_SET_INFORMATION : 804F3418
15:46:50:375 2352 IRP_MJ_QUERY_EA : 804F3418
15:46:50:375 2352 IRP_MJ_SET_EA : 804F3418
15:46:50:375 2352 IRP_MJ_FLUSH_BUFFERS : F84F4366
15:46:50:375 2352 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
15:46:50:375 2352 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
15:46:50:375 2352 IRP_MJ_DIRECTORY_CONTROL : 804F3418
15:46:50:375 2352 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
15:46:50:375 2352 IRP_MJ_DEVICE_CONTROL : F84F444D
15:46:50:375 2352 IRP_MJ_INTERNAL_DEVICE_CONTROL : F84F7FC3
15:46:50:375 2352 IRP_MJ_SHUTDOWN : F84F4366
15:46:50:375 2352 IRP_MJ_LOCK_CONTROL : 804F3418
15:46:50:375 2352 IRP_MJ_CLEANUP : 804F3418
15:46:50:375 2352 IRP_MJ_CREATE_MAILSLOT : 804F3418
15:46:50:375 2352 IRP_MJ_QUERY_SECURITY : 804F3418
15:46:50:375 2352 IRP_MJ_SET_SECURITY : 804F3418
15:46:50:375 2352 IRP_MJ_POWER : F84F5EF3
15:46:50:375 2352 IRP_MJ_SYSTEM_CONTROL : F84FAA24
15:46:50:375 2352 IRP_MJ_DEVICE_CHANGE : 804F3418
15:46:50:375 2352 IRP_MJ_QUERY_QUOTA : 804F3418
15:46:50:375 2352 IRP_MJ_SET_QUOTA : 804F3418
15:46:50:375 2352 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
15:46:50:375 2352 sion
15:46:50:390 2352 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
15:46:50:390 2352
15:46:50:390 2352 Driver Name: Disk
15:46:50:390 2352 IRP_MJ_CREATE : F84F9C30
15:46:50:390 2352 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
15:46:50:390 2352 IRP_MJ_CLOSE : F84F9C30
15:46:50:390 2352 IRP_MJ_READ : F84F3D9B
15:46:50:390 2352 IRP_MJ_WRITE : F84F3D9B
15:46:50:390 2352 IRP_MJ_QUERY_INFORMATION : 804F3418
15:46:50:390 2352 IRP_MJ_SET_INFORMATION : 804F3418
15:46:50:390 2352 IRP_MJ_QUERY_EA : 804F3418
15:46:50:390 2352 IRP_MJ_SET_EA : 804F3418
15:46:50:390 2352 IRP_MJ_FLUSH_BUFFERS : F84F4366
15:46:50:390 2352 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
15:46:50:390 2352 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
15:46:50:390 2352 IRP_MJ_DIRECTORY_CONTROL : 804F3418
15:46:50:390 2352 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
15:46:50:390 2352 IRP_MJ_DEVICE_CONTROL : F84F444D
15:46:50:390 2352 IRP_MJ_INTERNAL_DEVICE_CONTROL : F84F7FC3
15:46:50:390 2352 IRP_MJ_SHUTDOWN : F84F4366
15:46:50:390 2352 IRP_MJ_LOCK_CONTROL : 804F3418
15:46:50:390 2352 IRP_MJ_CLEANUP : 804F3418
15:46:50:390 2352 IRP_MJ_CREATE_MAILSLOT : 804F3418
15:46:50:390 2352 IRP_MJ_QUERY_SECURITY : 804F3418
15:46:50:390 2352 IRP_MJ_SET_SECURITY : 804F3418
15:46:50:390 2352 IRP_MJ_POWER : F84F5EF3
15:46:50:390 2352 IRP_MJ_SYSTEM_CONTROL : F84FAA24
15:46:50:390 2352 IRP_MJ_DEVICE_CHANGE : 804F3418
15:46:50:390 2352 IRP_MJ_QUERY_QUOTA : 804F3418
15:46:50:390 2352 IRP_MJ_SET_QUOTA : 804F3418
15:46:50:390 2352 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
15:46:50:390 2352 sion
15:46:50:390 2352 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
15:46:50:390 2352
15:46:50:390 2352 Driver Name: USBSTOR
15:46:50:390 2352 IRP_MJ_CREATE : F88B0218
15:46:50:390 2352 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
15:46:50:390 2352 IRP_MJ_CLOSE : F88B0218
15:46:50:390 2352 IRP_MJ_READ : F88B023C
15:46:50:390 2352 IRP_MJ_WRITE : F88B023C
15:46:50:390 2352 IRP_MJ_QUERY_INFORMATION : 804F3418
15:46:50:390 2352 IRP_MJ_SET_INFORMATION : 804F3418
15:46:50:390 2352 IRP_MJ_QUERY_EA : 804F3418
15:46:50:390 2352 IRP_MJ_SET_EA : 804F3418
15:46:50:390 2352 IRP_MJ_FLUSH_BUFFERS : 804F3418
15:46:50:390 2352 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
15:46:50:390 2352 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
15:46:50:390 2352 IRP_MJ_DIRECTORY_CONTROL : 804F3418
15:46:50:390 2352 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
15:46:50:390 2352 IRP_MJ_DEVICE_CONTROL : F88B0180
15:46:50:390 2352 IRP_MJ_INTERNAL_DEVICE_CONTROL : F88AB9E6
15:46:50:390 2352 IRP_MJ_SHUTDOWN : 804F3418
15:46:50:390 2352 IRP_MJ_LOCK_CONTROL : 804F3418
15:46:50:390 2352 IRP_MJ_CLEANUP : 804F3418
15:46:50:390 2352 IRP_MJ_CREATE_MAILSLOT : 804F3418
15:46:50:390 2352 IRP_MJ_QUERY_SECURITY : 804F3418
15:46:50:390 2352 IRP_MJ_SET_SECURITY : 804F3418
15:46:50:390 2352 IRP_MJ_POWER : F88AF5F0
15:46:50:390 2352 IRP_MJ_SYSTEM_CONTROL : F88ADA6E
15:46:50:390 2352 IRP_MJ_DEVICE_CHANGE : 804F3418
15:46:50:390 2352 IRP_MJ_QUERY_QUOTA : 804F3418
15:46:50:390 2352 IRP_MJ_SET_QUOTA : 804F3418
15:46:50:390 2352 siohd: 0
15:46:50:390 2352 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
15:46:50:390 2352
15:46:50:390 2352 Driver Name: USBSTOR
15:46:50:390 2352 IRP_MJ_CREATE : F88B0218
15:46:50:390 2352 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
15:46:50:390 2352 IRP_MJ_CLOSE : F88B0218
15:46:50:390 2352 IRP_MJ_READ : F88B023C
15:46:50:390 2352 IRP_MJ_WRITE : F88B023C
15:46:50:390 2352 IRP_MJ_QUERY_INFORMATION : 804F3418
15:46:50:390 2352 IRP_MJ_SET_INFORMATION : 804F3418
15:46:50:390 2352 IRP_MJ_QUERY_EA : 804F3418
15:46:50:390 2352 IRP_MJ_SET_EA : 804F3418
15:46:50:390 2352 IRP_MJ_FLUSH_BUFFERS : 804F3418
15:46:50:390 2352 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
15:46:50:421 2352 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
15:46:50:421 2352 IRP_MJ_DIRECTORY_CONTROL : 804F3418
15:46:50:421 2352 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
15:46:50:421 2352 IRP_MJ_DEVICE_CONTROL : F88B0180
15:46:50:421 2352 IRP_MJ_INTERNAL_DEVICE_CONTROL : F88AB9E6
15:46:50:421 2352 IRP_MJ_SHUTDOWN : 804F3418
15:46:50:421 2352 IRP_MJ_LOCK_CONTROL : 804F3418
15:46:50:421 2352 IRP_MJ_CLEANUP : 804F3418
15:46:50:421 2352 IRP_MJ_CREATE_MAILSLOT : 804F3418
15:46:50:421 2352 IRP_MJ_QUERY_SECURITY : 804F3418
15:46:50:421 2352 IRP_MJ_SET_SECURITY : 804F3418
15:46:50:421 2352 IRP_MJ_POWER : F88AF5F0
15:46:50:421 2352 IRP_MJ_SYSTEM_CONTROL : F88ADA6E
15:46:50:421 2352 IRP_MJ_DEVICE_CHANGE : 804F3418
15:46:50:421 2352 IRP_MJ_QUERY_QUOTA : 804F3418
15:46:50:421 2352 IRP_MJ_SET_QUOTA : 804F3418
15:46:50:421 2352 siohd: 0
15:46:50:421 2352 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
15:46:50:421 2352
15:46:50:421 2352 Driver Name: USBSTOR
15:46:50:421 2352 IRP_MJ_CREATE : F88B0218
15:46:50:421 2352 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
15:46:50:421 2352 IRP_MJ_CLOSE : F88B0218
15:46:50:421 2352 IRP_MJ_READ : F88B023C
15:46:50:421 2352 IRP_MJ_WRITE : F88B023C
15:46:50:421 2352 IRP_MJ_QUERY_INFORMATION : 804F3418
15:46:50:421 2352 IRP_MJ_SET_INFORMATION : 804F3418
15:46:50:421 2352 IRP_MJ_QUERY_EA : 804F3418
15:46:50:421 2352 IRP_MJ_SET_EA : 804F3418
15:46:50:421 2352 IRP_MJ_FLUSH_BUFFERS : 804F3418
15:46:50:421 2352 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
15:46:50:421 2352 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
15:46:50:421 2352 IRP_MJ_DIRECTORY_CONTROL : 804F3418
15:46:50:421 2352 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
15:46:50:421 2352 IRP_MJ_DEVICE_CONTROL : F88B0180
15:46:50:421 2352 IRP_MJ_INTERNAL_DEVICE_CONTROL : F88AB9E6
15:46:50:421 2352 IRP_MJ_SHUTDOWN : 804F3418
15:46:50:421 2352 IRP_MJ_LOCK_CONTROL : 804F3418
15:46:50:421 2352 IRP_MJ_CLEANUP : 804F3418
15:46:50:421 2352 IRP_MJ_CREATE_MAILSLOT : 804F3418
15:46:50:421 2352 IRP_MJ_QUERY_SECURITY : 804F3418
15:46:50:421 2352 IRP_MJ_SET_SECURITY : 804F3418
15:46:50:421 2352 IRP_MJ_POWER : F88AF5F0
15:46:50:421 2352 IRP_MJ_SYSTEM_CONTROL : F88ADA6E
15:46:50:421 2352 IRP_MJ_DEVICE_CHANGE : 804F3418
15:46:50:421 2352 IRP_MJ_QUERY_QUOTA : 804F3418
15:46:50:421 2352 IRP_MJ_SET_QUOTA : 804F3418
15:46:50:421 2352 siohd: 0
15:46:50:421 2352 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
15:46:50:421 2352
15:46:50:421 2352 Driver Name: USBSTOR
15:46:50:421 2352 IRP_MJ_CREATE : F88B0218
15:46:50:421 2352 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
15:46:50:421 2352 IRP_MJ_CLOSE : F88B0218
15:46:50:421 2352 IRP_MJ_READ : F88B023C
15:46:50:421 2352 IRP_MJ_WRITE : F88B023C
15:46:50:421 2352 IRP_MJ_QUERY_INFORMATION : 804F3418
15:46:50:421 2352 IRP_MJ_SET_INFORMATION : 804F3418
15:46:50:421 2352 IRP_MJ_QUERY_EA : 804F3418
15:46:50:421 2352 IRP_MJ_SET_EA : 804F3418
15:46:50:421 2352 IRP_MJ_FLUSH_BUFFERS : 804F3418
15:46:50:421 2352 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
15:46:50:421 2352 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
15:46:50:421 2352 IRP_MJ_DIRECTORY_CONTROL : 804F3418
15:46:50:421 2352 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
15:46:50:421 2352 IRP_MJ_DEVICE_CONTROL : F88B0180
15:46:50:421 2352 IRP_MJ_INTERNAL_DEVICE_CONTROL : F88AB9E6
15:46:50:421 2352 IRP_MJ_SHUTDOWN : 804F3418
15:46:50:421 2352 IRP_MJ_LOCK_CONTROL : 804F3418
15:46:50:421 2352 IRP_MJ_CLEANUP : 804F3418
15:46:50:421 2352 IRP_MJ_CREATE_MAILSLOT : 804F3418
15:46:50:421 2352 IRP_MJ_QUERY_SECURITY : 804F3418
15:46:50:421 2352 IRP_MJ_SET_SECURITY : 804F3418
15:46:50:421 2352 IRP_MJ_POWER : F88AF5F0
15:46:50:421 2352 IRP_MJ_SYSTEM_CONTROL : F88ADA6E
15:46:50:421 2352 IRP_MJ_DEVICE_CHANGE : 804F3418
15:46:50:421 2352 IRP_MJ_QUERY_QUOTA : 804F3418
15:46:50:421 2352 IRP_MJ_SET_QUOTA : 804F3418
15:46:50:421 2352 siohd: 0
15:46:50:421 2352 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
15:46:50:421 2352
15:46:50:421 2352 Driver Name: Disk
15:46:50:421 2352 IRP_MJ_CREATE : F84F9C30
15:46:50:421 2352 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
15:46:50:421 2352 IRP_MJ_CLOSE : F84F9C30
15:46:50:421 2352 IRP_MJ_READ : F84F3D9B
15:46:50:421 2352 IRP_MJ_WRITE : F84F3D9B
15:46:50:421 2352 IRP_MJ_QUERY_INFORMATION : 804F3418
15:46:50:421 2352 IRP_MJ_SET_INFORMATION : 804F3418
15:46:50:421 2352 IRP_MJ_QUERY_EA : 804F3418
15:46:50:421 2352 IRP_MJ_SET_EA : 804F3418
15:46:50:421 2352 IRP_MJ_FLUSH_BUFFERS : F84F4366
15:46:50:421 2352 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
15:46:50:421 2352 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
15:46:50:421 2352 IRP_MJ_DIRECTORY_CONTROL : 804F3418
15:46:50:421 2352 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
15:46:50:421 2352 IRP_MJ_DEVICE_CONTROL : F84F444D
15:46:50:421 2352 IRP_MJ_INTERNAL_DEVICE_CONTROL : F84F7FC3
15:46:50:421 2352 IRP_MJ_SHUTDOWN : F84F4366
15:46:50:421 2352 IRP_MJ_LOCK_CONTROL : 804F3418
15:46:50:421 2352 IRP_MJ_CLEANUP : 804F3418
15:46:50:421 2352 IRP_MJ_CREATE_MAILSLOT : 804F3418
15:46:50:421 2352 IRP_MJ_QUERY_SECURITY : 804F3418
15:46:50:421 2352 IRP_MJ_SET_SECURITY : 804F3418
15:46:50:421 2352 IRP_MJ_POWER : F84F5EF3
15:46:50:421 2352 IRP_MJ_SYSTEM_CONTROL : F84FAA24
15:46:50:421 2352 IRP_MJ_DEVICE_CHANGE : 804F3418
15:46:50:421 2352 IRP_MJ_QUERY_QUOTA : 804F3418
15:46:50:421 2352 IRP_MJ_SET_QUOTA : 804F3418
15:46:50:421 2352 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
15:46:50:421 2352 sion
15:46:50:437 2352 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
15:46:50:437 2352
15:46:50:437 2352 Driver Name: Disk
15:46:50:437 2352 IRP_MJ_CREATE : F84F9C30
15:46:50:437 2352 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
15:46:50:437 2352 IRP_MJ_CLOSE : F84F9C30
15:46:50:437 2352 IRP_MJ_READ : F84F3D9B
15:46:50:437 2352 IRP_MJ_WRITE : F84F3D9B
15:46:50:437 2352 IRP_MJ_QUERY_INFORMATION : 804F3418
15:46:50:437 2352 IRP_MJ_SET_INFORMATION : 804F3418
15:46:50:437 2352 IRP_MJ_QUERY_EA : 804F3418
15:46:50:437 2352 IRP_MJ_SET_EA : 804F3418
15:46:50:437 2352 IRP_MJ_FLUSH_BUFFERS : F84F4366
15:46:50:437 2352 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
15:46:50:437 2352 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
15:46:50:437 2352 IRP_MJ_DIRECTORY_CONTROL : 804F3418
15:46:50:437 2352 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
15:46:50:437 2352 IRP_MJ_DEVICE_CONTROL : F84F444D
15:46:50:437 2352 IRP_MJ_INTERNAL_DEVICE_CONTROL : F84F7FC3
15:46:50:437 2352 IRP_MJ_SHUTDOWN : F84F4366
15:46:50:437 2352 IRP_MJ_LOCK_CONTROL : 804F3418
15:46:50:437 2352 IRP_MJ_CLEANUP : 804F3418
15:46:50:437 2352 IRP_MJ_CREATE_MAILSLOT : 804F3418
15:46:50:437 2352 IRP_MJ_QUERY_SECURITY : 804F3418
15:46:50:437 2352 IRP_MJ_SET_SECURITY : 804F3418
15:46:50:437 2352 IRP_MJ_POWER : F84F5EF3
15:46:50:437 2352 IRP_MJ_SYSTEM_CONTROL : F84FAA24
15:46:50:437 2352 IRP_MJ_DEVICE_CHANGE : 804F3418
15:46:50:437 2352 IRP_MJ_QUERY_QUOTA : 804F3418
15:46:50:437 2352 IRP_MJ_SET_QUOTA : 804F3418
15:46:50:437 2352 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
15:46:50:437 2352 sion
15:46:50:437 2352 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
15:46:50:437 2352
15:46:50:437 2352 Driver Name: atapi
15:46:50:437 2352 IRP_MJ_CREATE : F8346572
15:46:50:437 2352 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
15:46:50:437 2352 IRP_MJ_CLOSE : F8346572
15:46:50:437 2352 IRP_MJ_READ : 804F3418
15:46:50:437 2352 IRP_MJ_WRITE : 804F3418
15:46:50:437 2352 IRP_MJ_QUERY_INFORMATION : 804F3418
15:46:50:437 2352 IRP_MJ_SET_INFORMATION : 804F3418
15:46:50:437 2352 IRP_MJ_QUERY_EA : 804F3418
15:46:50:437 2352 IRP_MJ_SET_EA : 804F3418
15:46:50:437 2352 IRP_MJ_FLUSH_BUFFERS : 804F3418
15:46:50:437 2352 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
15:46:50:437 2352 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
15:46:50:437 2352 IRP_MJ_DIRECTORY_CONTROL : 804F3418
15:46:50:437 2352 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
15:46:50:437 2352 IRP_MJ_DEVICE_CONTROL : 82F1090A
15:46:50:437 2352 IRP_MJ_INTERNAL_DEVICE_CONTROL : F83427B4
15:46:50:437 2352 IRP_MJ_SHUTDOWN : 804F3418
15:46:50:437 2352 IRP_MJ_LOCK_CONTROL : 804F3418
15:46:50:437 2352 IRP_MJ_CLEANUP : 804F3418
15:46:50:437 2352 IRP_MJ_CREATE_MAILSLOT : 804F3418
15:46:50:437 2352 IRP_MJ_QUERY_SECURITY : 804F3418
15:46:50:437 2352 IRP_MJ_SET_SECURITY : 804F3418
15:46:50:437 2352 IRP_MJ_POWER : F83465BC
15:46:50:437 2352 IRP_MJ_SYSTEM_CONTROL : F834D164
15:46:50:437 2352 IRP_MJ_DEVICE_CHANGE : 804F3418
15:46:50:437 2352 IRP_MJ_QUERY_QUOTA : 804F3418
15:46:50:437 2352 IRP_MJ_SET_QUOTA : 804F3418
15:46:50:515 2352 siohd: 0
15:46:50:515 2352 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Infected
15:46:50:515 2352 File C:\WINDOWS\system32\DRIVERS\atapi.sys infected by TDSS rootkit ... 15:46:50:515 2352 Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
15:46:50:515 2352 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3
15:46:50:921 2352 vfvi6
15:46:51:390 2352 !dsvbh1
15:46:56:109 2352 dsvbh2
15:46:56:109 2352 fdfb2
15:46:56:109 2352 Backup copy found, using it..
15:46:57:578 2352 will be cured on next reboot
15:46:57:578 2352 Reboot required for cure complete..
15:46:57:687 2352 Cure on reboot scheduled successfully
15:46:57:687 2352
15:46:57:687 2352 Completed
15:46:57:687 2352
15:46:57:687 2352 Results:
15:46:57:687 2352 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
15:46:57:687 2352 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
15:46:57:687 2352 File objects infected / cured / cured on reboot: 1 / 0 / 1
15:46:57:687 2352
15:46:57:687 2352 UnloadDriverW: NtUnloadDriver error 1
15:46:57:687 2352 KLMD_Unload: UnloadDriverW(klmd21) error 1
15:46:57:687 2352 KLMD(ARK) unloaded successfully
And absolutely none, my PC booted up PERFECTLY and there were no error messages and it even seems faster. Thank you so much for your help!!(:
#19
Posted 07 March 2010 - 05:07 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
And so died the last bit of the infection 
I will remove my tools now and give some recommendations, but I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean
A good workman always cleans up after himself so..Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems
Upgrading Java:
XP
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
SPRING CLEAN
Download TFC to your desktop
THEN
Download Flush Flash from Here and follow the easy to use instructions on the same page
NEXT
Download and run Puran Disc Defragmenter
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe
I will remove my tools now and give some recommendations, but I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean
A good workman always cleans up after himself so..Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
- Click Start.
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View Tab.
- Under the Hidden files and folders heading select Do not show hidden files and folders.
- Click Yes to confirm.
- Click OK.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systemsUpgrading Java:
- Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 17.
- Click the "Download" button to the right.
- Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
- Click on Continue.
- Click on the link to download Windows Offline Installation (jre-6u17-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java version.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u16-windows-i586-p.exe and select "Run as an Administrator.")
XP
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
- Select Start > All Programs > Accessories > System tools > System Restore.
- On the dialogue box that appears select Create a Restore Point
- Click NEXT
- Enter a name e.g. Clean
- Click CREATE
- Select Start > All Programs > Accessories > System tools > Disk Cleanup.
- In the Drop down box that appears select your main drive e.g. C
- Click OK
- The System will do some calculation and the display a dialogue box with TABS
- Select the More Options Tab.
- At the bottom will be a system restore box with a CLEANUP button click this
- Accept the Warning and select OK again, the program will close and you are done
SPRING CLEAN
Download TFC to your desktop
- Open the file and close any other windows.
- It will close all programs itself when run, make sure to let it run uninterrupted.
- Click the Start button to begin the process. The program should not take long to finish its job
- Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
THEN
Download Flush Flash from Here and follow the easy to use instructions on the same page
NEXT
Download and run Puran Disc Defragmenter
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
- SpywareBlaster to help prevent spyware from installing in the first place.
Malwarebytes. Run weekly to keep your system clean
To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe
#20
Posted 08 March 2010 - 04:02 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. 
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
