Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 23

Thread: Search Engine Redirect Removal (Need Help)

  1. #11
    Junior Member
    Join Date
    May 2010
    Location
    Minneapolis, Minnesota, USA
    Posts
    12

    Thumbs up Security Checker log

    Here is the log file. The computer seems not so sluggish now. I will get back to you soon as to any remaining problems that I may uncover as I use the computer today.

    Thanks for your help and prompt replies!!!!



    Results of screen317's Security Check version 0.99.4
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Security Center service is not running! This report may not be accurate!
    ESET Online Scanner v3
    McAfee SecurityCenter
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    HijackThis 2.0.2
    Java(TM) 6 Update 20
    Adobe Flash Player 10.0.45.2
    Adobe Reader 7.0.8
    Adobe Reader 7.0.5 Language Support
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.6.3)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    McAfee VIRUSS~1 mcshield.exe
    McAfee VIRUSS~1 mcsysmon.exe
    ````````````````````````````````
    DNS Vulnerability Check:


    ``````````End of Log````````````

  2. #12
    Junior Member
    Join Date
    May 2010
    Location
    Minneapolis, Minnesota, USA
    Posts
    12

    Unhappy Redirect Problem Still There

    I am sorry to report that I am still having the same search engine redirect problem as before.

  3. #13
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi TMJ1968

    Please download gmer.zip from Gmer and save it to your desktop.

    • Right click on gmer.zip and select Extract All....
    • Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
    • Click on the Browse button. Click on Desktop. Then click OK.
    • Click Next. It will start extracting.
    • Once done, check (tick) the Show extracted files box and click Finish.
    • Double click on gmer.exe to run it.
    • Select the Rootkit tab.
    • On the right hand side, check all the items to be scanned, but leave Show All box unchecked.
    • Select all drives that are connected to your system to be scanned.
    • Click on the Scan button.
    • When the scan is finished, click Copy to save the scan log to the Windows clipboard.
    • Open Notepad or a similar text editor.
    • Paste the clipboard contents into the text editor.
    • Save the Gmer scan log and post it in your next reply.
    • Close Gmer.
    • Open Command Prompt by going to Start > Run and type in cmd. Press Enter.
    • In Command Prompt, type in net stop gmer. Press Enter.
    • Type in exit to close Command Prompt.


    Note: Do not run any programs while Gmer is running.

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  4. #14
    Junior Member
    Join Date
    May 2010
    Location
    Minneapolis, Minnesota, USA
    Posts
    12

    Unhappy Cascading Problems--Ugh!!!!

    I followed your directions and downloaded GMER and tried to run it.

    After about one hour scanning (and seemingly making progress), I got the dreaded blue screen closing all programs and Windows due to something named:

    uwddqpow.sys
    address A21A3c3E base at A21A3000
    DateStamp 4b274f8d

    So I manually shut down the computer and rebooted. I tried to run GMER again, and again it seemed to making progress. Then, as it was scanning I:, my external hard disk, I again got blue screen and:

    STOP d0000144 Unknown Hard Error

    After again manually turing off computer I tried to restart in safe mode by using F8 during boot-up. That didn't work, and I also couldn't use msconfig to try to boot to safe mode (/SAFEBOOT was grayed out as an option and I couldn't check it).

    It seems like things are getting worse--ugh! I really appreciate your help now more than ever, and also could use some encouragement, if possible.

    ????

  5. #15
    Junior Member
    Join Date
    May 2010
    Location
    Minneapolis, Minnesota, USA
    Posts
    12

    Post Windows Update?

    Also, Windows is telling me that updates are available. Should I do the updates? I'll wait for your directions.


  6. #16
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi TMJ1968
    Should I do the updates
    wait a little
    uwddqpow.sys
    address A21A3c3E base at A21A3000
    DateStamp 4b274f8d
    Are you sure of that name.......we can try another tool

    • Download RootRepeal from the following location and save it to your desktop.
    • Unzip it to your Desktop
    • Double click RootRepeal.exe to start the program
    • Click on the Report tab at the bottom of the program window
    • Click the Scan button
    • In the Select Scan dialog, check:
      • Drivers
      • Files
      • Processes
      • SSDT
      • Stealth Objects
      • Hidden Services
      • Shadow SSDT
    • Click the OK button
    • Check the box for your main system drive (Usually C, and Click OK to start the scan

      The scan can take some time. DO NOT run any other programs while the scan is running
    • When the scan is complete, the Save Report button will become available
    • Click this and save the report to your Desktop as RootRepeal.txt
    • Go to File, then Exit to close the program


    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  7. #17
    Junior Member
    Join Date
    May 2010
    Location
    Minneapolis, Minnesota, USA
    Posts
    12

    Unhappy More of the Same

    I downloaded RootRepeal and started it...and the computer froze. I couldn't even get into the Task Manager (Ctrl-Alt-Del). I'm still stuck...

  8. #18
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi TMJ1968

    Lets run TDSS Killer by Kaspersky.

    -Download TDSS Killer and save to your Desktop. Also print out those instructions on the same page for running the scan.

    -Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

    -Go to Start ->Run. Type/Copy and Paste the following text into the prompt:

    Code:
    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\report.txt -v
    -Click OK.
    -If malicious services or files have been detected, the utility will prompt to reboot the PC in order to complete the disinfection procedure. Please reboot when prompted.

    -After reboot, the driver will delete malicious registry keys and files as well as remove itself from the services list.
    -A log file named report.txt should have been created and saved to the root directory (usually C:\report.txt).
    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  9. #19
    Junior Member
    Join Date
    May 2010
    Location
    Minneapolis, Minnesota, USA
    Posts
    12

    Smile Update

    I had to restart my computer before starting out with your instructions this morning. When I did so, the windows update automatically installed and required a restart. Upon restart (which was somewhat faster), a "May 10 Update Malware Removal Tool" opened and said that it had automatically removed some malware when it restarted, and suggested that I do a full scan. (Note: It did not tell me what was removed automatically upon restart.)

    So I did a full scan, which turned up only one thing, somethings called "win32/Alureon.H", which it then repaired.

    So then I ran TDSSKiller.exe, as you instructed in your last post, which appeared to find nothing. The log is below:




    13:21:49:718 2188 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
    13:21:49:718 2188 ================================================================================
    13:21:49:718 2188 SystemInfo:

    13:21:49:718 2188 OS Version: 5.1.2600 ServicePack: 3.0
    13:21:49:718 2188 Product type: Workstation
    13:21:49:718 2188 ComputerName: NESTEGG
    13:21:49:718 2188 UserName: Thomas Johnston
    13:21:49:718 2188 Windows directory: C:\WINDOWS
    13:21:49:718 2188 Processor architecture: Intel x86
    13:21:49:718 2188 Number of processors: 2
    13:21:49:718 2188 Page size: 0x1000
    13:21:49:734 2188 Boot type: Normal boot
    13:21:49:734 2188 ================================================================================
    13:21:49:734 2188 UnloadDriverW: NtUnloadDriver error 2
    13:21:49:734 2188 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
    13:21:49:750 2188 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
    13:21:49:750 2188 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
    13:21:49:750 2188 wfopen_ex: Trying to KLMD file open
    13:21:49:750 2188 wfopen_ex: File opened ok (Flags 2)
    13:21:49:750 2188 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
    13:21:49:750 2188 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
    13:21:49:750 2188 wfopen_ex: Trying to KLMD file open
    13:21:49:750 2188 wfopen_ex: File opened ok (Flags 2)
    13:21:49:750 2188 Initialize success
    13:21:49:750 2188
    13:21:49:750 2188 Scanning Services ...
    13:21:49:796 2188 Raw services enum returned 393 services
    13:21:49:796 2188
    13:21:49:796 2188 Scanning Kernel memory ...
    13:21:49:796 2188 Devices to scan: 12
    13:21:49:796 2188
    13:21:49:796 2188 Driver Name: Disk
    13:21:49:796 2188 IRP_MJ_CREATE : BA0CEBB0
    13:21:49:796 2188 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
    13:21:49:796 2188 IRP_MJ_CLOSE : BA0CEBB0
    13:21:49:796 2188 IRP_MJ_READ : BA0C8D1F
    13:21:49:796 2188 IRP_MJ_WRITE : BA0C8D1F
    13:21:49:796 2188 IRP_MJ_QUERY_INFORMATION : 804F4562
    13:21:49:796 2188 IRP_MJ_SET_INFORMATION : 804F4562
    13:21:49:796 2188 IRP_MJ_QUERY_EA : 804F4562
    13:21:49:796 2188 IRP_MJ_SET_EA : 804F4562
    13:21:49:796 2188 IRP_MJ_FLUSH_BUFFERS : BA0C92E2
    13:21:49:796 2188 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
    13:21:49:796 2188 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
    13:21:49:796 2188 IRP_MJ_DIRECTORY_CONTROL : 804F4562
    13:21:49:796 2188 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
    13:21:49:796 2188 IRP_MJ_DEVICE_CONTROL : BA0C93BB
    13:21:49:796 2188 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0CCF28
    13:21:49:796 2188 IRP_MJ_SHUTDOWN : BA0C92E2
    13:21:49:796 2188 IRP_MJ_LOCK_CONTROL : 804F4562
    13:21:49:796 2188 IRP_MJ_CLEANUP : 804F4562
    13:21:49:796 2188 IRP_MJ_CREATE_MAILSLOT : 804F4562
    13:21:49:796 2188 IRP_MJ_QUERY_SECURITY : 804F4562
    13:21:49:796 2188 IRP_MJ_SET_SECURITY : 804F4562
    13:21:49:796 2188 IRP_MJ_POWER : BA0CAC82
    13:21:49:796 2188 IRP_MJ_SYSTEM_CONTROL : BA0CF99E
    13:21:49:796 2188 IRP_MJ_DEVICE_CHANGE : 804F4562
    13:21:49:796 2188 IRP_MJ_QUERY_QUOTA : 804F4562
    13:21:49:796 2188 IRP_MJ_SET_QUOTA : 804F4562
    13:21:49:828 2188 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
    13:21:49:828 2188
    13:21:49:828 2188 Driver Name: Disk
    13:21:49:828 2188 IRP_MJ_CREATE : BA0CEBB0
    13:21:49:828 2188 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
    13:21:49:828 2188 IRP_MJ_CLOSE : BA0CEBB0
    13:21:49:828 2188 IRP_MJ_READ : BA0C8D1F
    13:21:49:828 2188 IRP_MJ_WRITE : BA0C8D1F
    13:21:49:828 2188 IRP_MJ_QUERY_INFORMATION : 804F4562
    13:21:49:828 2188 IRP_MJ_SET_INFORMATION : 804F4562
    13:21:49:828 2188 IRP_MJ_QUERY_EA : 804F4562
    13:21:49:828 2188 IRP_MJ_SET_EA : 804F4562
    13:21:49:828 2188 IRP_MJ_FLUSH_BUFFERS : BA0C92E2
    13:21:49:828 2188 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
    13:21:49:828 2188 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
    13:21:49:828 2188 IRP_MJ_DIRECTORY_CONTROL : 804F4562
    13:21:49:828 2188 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
    13:21:49:828 2188 IRP_MJ_DEVICE_CONTROL : BA0C93BB
    13:21:49:828 2188 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0CCF28
    13:21:49:828 2188 IRP_MJ_SHUTDOWN : BA0C92E2
    13:21:49:828 2188 IRP_MJ_LOCK_CONTROL : 804F4562
    13:21:49:828 2188 IRP_MJ_CLEANUP : 804F4562
    13:21:49:828 2188 IRP_MJ_CREATE_MAILSLOT : 804F4562
    13:21:49:828 2188 IRP_MJ_QUERY_SECURITY : 804F4562
    13:21:49:828 2188 IRP_MJ_SET_SECURITY : 804F4562
    13:21:49:828 2188 IRP_MJ_POWER : BA0CAC82
    13:21:49:828 2188 IRP_MJ_SYSTEM_CONTROL : BA0CF99E
    13:21:49:828 2188 IRP_MJ_DEVICE_CHANGE : 804F4562
    13:21:49:828 2188 IRP_MJ_QUERY_QUOTA : 804F4562
    13:21:49:828 2188 IRP_MJ_SET_QUOTA : 804F4562
    13:21:49:843 2188 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
    13:21:49:843 2188
    13:21:49:843 2188 Driver Name: Disk
    13:21:49:843 2188 IRP_MJ_CREATE : BA0CEBB0
    13:21:49:843 2188 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
    13:21:49:843 2188 IRP_MJ_CLOSE : BA0CEBB0
    13:21:49:843 2188 IRP_MJ_READ : BA0C8D1F
    13:21:49:843 2188 IRP_MJ_WRITE : BA0C8D1F
    13:21:49:843 2188 IRP_MJ_QUERY_INFORMATION : 804F4562
    13:21:49:843 2188 IRP_MJ_SET_INFORMATION : 804F4562
    13:21:49:843 2188 IRP_MJ_QUERY_EA : 804F4562
    13:21:49:843 2188 IRP_MJ_SET_EA : 804F4562
    13:21:49:843 2188 IRP_MJ_FLUSH_BUFFERS : BA0C92E2
    13:21:49:843 2188 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
    13:21:49:843 2188 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
    13:21:49:843 2188 IRP_MJ_DIRECTORY_CONTROL : 804F4562
    13:21:49:843 2188 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
    13:21:49:843 2188 IRP_MJ_DEVICE_CONTROL : BA0C93BB
    13:21:49:843 2188 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0CCF28
    13:21:49:843 2188 IRP_MJ_SHUTDOWN : BA0C92E2
    13:21:49:843 2188 IRP_MJ_LOCK_CONTROL : 804F4562
    13:21:49:843 2188 IRP_MJ_CLEANUP : 804F4562
    13:21:49:843 2188 IRP_MJ_CREATE_MAILSLOT : 804F4562
    13:21:49:843 2188 IRP_MJ_QUERY_SECURITY : 804F4562
    13:21:49:843 2188 IRP_MJ_SET_SECURITY : 804F4562
    13:21:49:843 2188 IRP_MJ_POWER : BA0CAC82
    13:21:49:843 2188 IRP_MJ_SYSTEM_CONTROL : BA0CF99E
    13:21:49:843 2188 IRP_MJ_DEVICE_CHANGE : 804F4562
    13:21:49:843 2188 IRP_MJ_QUERY_QUOTA : 804F4562
    13:21:49:843 2188 IRP_MJ_SET_QUOTA : 804F4562
    13:21:49:843 2188 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
    13:21:49:843 2188
    13:21:49:843 2188 Driver Name: Disk
    13:21:49:843 2188 IRP_MJ_CREATE : BA0CEBB0
    13:21:49:843 2188 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
    13:21:49:843 2188 IRP_MJ_CLOSE : BA0CEBB0
    13:21:49:843 2188 IRP_MJ_READ : BA0C8D1F
    13:21:49:843 2188 IRP_MJ_WRITE : BA0C8D1F
    13:21:49:843 2188 IRP_MJ_QUERY_INFORMATION : 804F4562
    13:21:49:843 2188 IRP_MJ_SET_INFORMATION : 804F4562
    13:21:49:843 2188 IRP_MJ_QUERY_EA : 804F4562
    13:21:49:843 2188 IRP_MJ_SET_EA : 804F4562
    13:21:49:843 2188 IRP_MJ_FLUSH_BUFFERS : BA0C92E2
    13:21:49:843 2188 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
    13:21:49:843 2188 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
    13:21:49:843 2188 IRP_MJ_DIRECTORY_CONTROL : 804F4562
    13:21:49:843 2188 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
    13:21:49:843 2188 IRP_MJ_DEVICE_CONTROL : BA0C93BB
    13:21:49:843 2188 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0CCF28
    13:21:49:843 2188 IRP_MJ_SHUTDOWN : BA0C92E2
    13:21:49:843 2188 IRP_MJ_LOCK_CONTROL : 804F4562
    13:21:49:843 2188 IRP_MJ_CLEANUP : 804F4562
    13:21:49:843 2188 IRP_MJ_CREATE_MAILSLOT : 804F4562
    13:21:49:843 2188 IRP_MJ_QUERY_SECURITY : 804F4562
    13:21:49:843 2188 IRP_MJ_SET_SECURITY : 804F4562
    13:21:49:843 2188 IRP_MJ_POWER : BA0CAC82
    13:21:49:843 2188 IRP_MJ_SYSTEM_CONTROL : BA0CF99E
    13:21:49:843 2188 IRP_MJ_DEVICE_CHANGE : 804F4562
    13:21:49:843 2188 IRP_MJ_QUERY_QUOTA : 804F4562
    13:21:49:843 2188 IRP_MJ_SET_QUOTA : 804F4562
    13:21:49:859 2188 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
    13:21:49:859 2188
    13:21:49:859 2188 Driver Name: USBSTOR
    13:21:49:859 2188 IRP_MJ_CREATE : BA42D218
    13:21:49:859 2188 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
    13:21:49:859 2188 IRP_MJ_CLOSE : BA42D218
    13:21:49:859 2188 IRP_MJ_READ : BA42D23C
    13:21:49:859 2188 IRP_MJ_WRITE : BA42D23C
    13:21:49:859 2188 IRP_MJ_QUERY_INFORMATION : 804F4562
    13:21:49:859 2188 IRP_MJ_SET_INFORMATION : 804F4562
    13:21:49:859 2188 IRP_MJ_QUERY_EA : 804F4562
    13:21:49:859 2188 IRP_MJ_SET_EA : 804F4562
    13:21:49:859 2188 IRP_MJ_FLUSH_BUFFERS : 804F4562
    13:21:49:859 2188 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
    13:21:49:859 2188 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
    13:21:49:859 2188 IRP_MJ_DIRECTORY_CONTROL : 804F4562
    13:21:49:859 2188 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
    13:21:49:859 2188 IRP_MJ_DEVICE_CONTROL : BA42D180
    13:21:49:859 2188 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA4289E6
    13:21:49:859 2188 IRP_MJ_SHUTDOWN : 804F4562
    13:21:49:859 2188 IRP_MJ_LOCK_CONTROL : 804F4562
    13:21:49:859 2188 IRP_MJ_CLEANUP : 804F4562
    13:21:49:859 2188 IRP_MJ_CREATE_MAILSLOT : 804F4562
    13:21:49:859 2188 IRP_MJ_QUERY_SECURITY : 804F4562
    13:21:49:859 2188 IRP_MJ_SET_SECURITY : 804F4562
    13:21:49:859 2188 IRP_MJ_POWER : BA42C5F0
    13:21:49:859 2188 IRP_MJ_SYSTEM_CONTROL : BA42AA6E
    13:21:49:859 2188 IRP_MJ_DEVICE_CHANGE : 804F4562
    13:21:49:859 2188 IRP_MJ_QUERY_QUOTA : 804F4562
    13:21:49:859 2188 IRP_MJ_SET_QUOTA : 804F4562
    13:21:49:875 2188 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
    13:21:49:875 2188
    13:21:49:875 2188 Driver Name: USBSTOR
    13:21:49:875 2188 IRP_MJ_CREATE : BA42D218
    13:21:49:875 2188 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
    13:21:49:875 2188 IRP_MJ_CLOSE : BA42D218
    13:21:49:875 2188 IRP_MJ_READ : BA42D23C
    13:21:49:875 2188 IRP_MJ_WRITE : BA42D23C
    13:21:49:875 2188 IRP_MJ_QUERY_INFORMATION : 804F4562
    13:21:49:875 2188 IRP_MJ_SET_INFORMATION : 804F4562
    13:21:49:875 2188 IRP_MJ_QUERY_EA : 804F4562
    13:21:49:875 2188 IRP_MJ_SET_EA : 804F4562
    13:21:49:875 2188 IRP_MJ_FLUSH_BUFFERS : 804F4562
    13:21:49:875 2188 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
    13:21:49:875 2188 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
    13:21:49:875 2188 IRP_MJ_DIRECTORY_CONTROL : 804F4562
    13:21:49:875 2188 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
    13:21:49:875 2188 IRP_MJ_DEVICE_CONTROL : BA42D180
    13:21:49:875 2188 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA4289E6
    13:21:49:875 2188 IRP_MJ_SHUTDOWN : 804F4562
    13:21:49:875 2188 IRP_MJ_LOCK_CONTROL : 804F4562
    13:21:49:875 2188 IRP_MJ_CLEANUP : 804F4562
    13:21:49:875 2188 IRP_MJ_CREATE_MAILSLOT : 804F4562
    13:21:49:875 2188 IRP_MJ_QUERY_SECURITY : 804F4562
    13:21:49:875 2188 IRP_MJ_SET_SECURITY : 804F4562
    13:21:49:875 2188 IRP_MJ_POWER : BA42C5F0
    13:21:49:875 2188 IRP_MJ_SYSTEM_CONTROL : BA42AA6E
    13:21:49:875 2188 IRP_MJ_DEVICE_CHANGE : 804F4562
    13:21:49:875 2188 IRP_MJ_QUERY_QUOTA : 804F4562
    13:21:49:875 2188 IRP_MJ_SET_QUOTA : 804F4562
    13:21:49:890 2188 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
    13:21:49:890 2188
    13:21:49:890 2188 Driver Name: USBSTOR
    13:21:49:890 2188 IRP_MJ_CREATE : BA42D218
    13:21:49:890 2188 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
    13:21:49:890 2188 IRP_MJ_CLOSE : BA42D218
    13:21:49:890 2188 IRP_MJ_READ : BA42D23C
    13:21:49:890 2188 IRP_MJ_WRITE : BA42D23C
    13:21:49:890 2188 IRP_MJ_QUERY_INFORMATION : 804F4562
    13:21:49:890 2188 IRP_MJ_SET_INFORMATION : 804F4562
    13:21:49:890 2188 IRP_MJ_QUERY_EA : 804F4562
    13:21:49:890 2188 IRP_MJ_SET_EA : 804F4562
    13:21:49:890 2188 IRP_MJ_FLUSH_BUFFERS : 804F4562
    13:21:49:890 2188 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
    13:21:49:890 2188 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
    13:21:49:890 2188 IRP_MJ_DIRECTORY_CONTROL : 804F4562
    13:21:49:890 2188 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
    13:21:49:890 2188 IRP_MJ_DEVICE_CONTROL : BA42D180
    13:21:49:890 2188 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA4289E6
    13:21:49:890 2188 IRP_MJ_SHUTDOWN : 804F4562
    13:21:49:890 2188 IRP_MJ_LOCK_CONTROL : 804F4562
    13:21:49:890 2188 IRP_MJ_CLEANUP : 804F4562
    13:21:49:890 2188 IRP_MJ_CREATE_MAILSLOT : 804F4562
    13:21:49:890 2188 IRP_MJ_QUERY_SECURITY : 804F4562
    13:21:49:890 2188 IRP_MJ_SET_SECURITY : 804F4562
    13:21:49:890 2188 IRP_MJ_POWER : BA42C5F0
    13:21:49:890 2188 IRP_MJ_SYSTEM_CONTROL : BA42AA6E
    13:21:49:890 2188 IRP_MJ_DEVICE_CHANGE : 804F4562
    13:21:49:890 2188 IRP_MJ_QUERY_QUOTA : 804F4562
    13:21:49:890 2188 IRP_MJ_SET_QUOTA : 804F4562
    13:21:49:890 2188 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
    13:21:49:890 2188
    13:21:49:890 2188 Driver Name: USBSTOR
    13:21:49:890 2188 IRP_MJ_CREATE : BA42D218
    13:21:49:890 2188 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
    13:21:49:890 2188 IRP_MJ_CLOSE : BA42D218
    13:21:49:890 2188 IRP_MJ_READ : BA42D23C
    13:21:49:890 2188 IRP_MJ_WRITE : BA42D23C
    13:21:49:890 2188 IRP_MJ_QUERY_INFORMATION : 804F4562
    13:21:49:890 2188 IRP_MJ_SET_INFORMATION : 804F4562
    13:21:49:890 2188 IRP_MJ_QUERY_EA : 804F4562
    13:21:49:890 2188 IRP_MJ_SET_EA : 804F4562
    13:21:49:890 2188 IRP_MJ_FLUSH_BUFFERS : 804F4562
    13:21:49:890 2188 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
    13:21:49:890 2188 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
    13:21:49:890 2188 IRP_MJ_DIRECTORY_CONTROL : 804F4562
    13:21:49:890 2188 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
    13:21:49:890 2188 IRP_MJ_DEVICE_CONTROL : BA42D180
    13:21:49:890 2188 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA4289E6
    13:21:49:890 2188 IRP_MJ_SHUTDOWN : 804F4562
    13:21:49:890 2188 IRP_MJ_LOCK_CONTROL : 804F4562
    13:21:49:890 2188 IRP_MJ_CLEANUP : 804F4562
    13:21:49:890 2188 IRP_MJ_CREATE_MAILSLOT : 804F4562
    13:21:49:890 2188 IRP_MJ_QUERY_SECURITY : 804F4562
    13:21:49:890 2188 IRP_MJ_SET_SECURITY : 804F4562
    13:21:49:890 2188 IRP_MJ_POWER : BA42C5F0
    13:21:49:890 2188 IRP_MJ_SYSTEM_CONTROL : BA42AA6E
    13:21:49:890 2188 IRP_MJ_DEVICE_CHANGE : 804F4562
    13:21:49:890 2188 IRP_MJ_QUERY_QUOTA : 804F4562
    13:21:49:890 2188 IRP_MJ_SET_QUOTA : 804F4562
    13:21:49:906 2188 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
    13:21:49:906 2188
    13:21:49:906 2188 Driver Name: Disk
    13:21:49:906 2188 IRP_MJ_CREATE : BA0CEBB0
    13:21:49:906 2188 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
    13:21:49:906 2188 IRP_MJ_CLOSE : BA0CEBB0
    13:21:49:906 2188 IRP_MJ_READ : BA0C8D1F
    13:21:49:906 2188 IRP_MJ_WRITE : BA0C8D1F
    13:21:49:906 2188 IRP_MJ_QUERY_INFORMATION : 804F4562
    13:21:49:906 2188 IRP_MJ_SET_INFORMATION : 804F4562
    13:21:49:906 2188 IRP_MJ_QUERY_EA : 804F4562
    13:21:49:906 2188 IRP_MJ_SET_EA : 804F4562
    13:21:49:906 2188 IRP_MJ_FLUSH_BUFFERS : BA0C92E2
    13:21:49:906 2188 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
    13:21:49:906 2188 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
    13:21:49:906 2188 IRP_MJ_DIRECTORY_CONTROL : 804F4562
    13:21:49:906 2188 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
    13:21:49:906 2188 IRP_MJ_DEVICE_CONTROL : BA0C93BB
    13:21:49:906 2188 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0CCF28
    13:21:49:906 2188 IRP_MJ_SHUTDOWN : BA0C92E2
    13:21:49:906 2188 IRP_MJ_LOCK_CONTROL : 804F4562
    13:21:49:906 2188 IRP_MJ_CLEANUP : 804F4562
    13:21:49:906 2188 IRP_MJ_CREATE_MAILSLOT : 804F4562
    13:21:49:906 2188 IRP_MJ_QUERY_SECURITY : 804F4562
    13:21:49:906 2188 IRP_MJ_SET_SECURITY : 804F4562
    13:21:49:906 2188 IRP_MJ_POWER : BA0CAC82
    13:21:49:906 2188 IRP_MJ_SYSTEM_CONTROL : BA0CF99E
    13:21:49:906 2188 IRP_MJ_DEVICE_CHANGE : 804F4562
    13:21:49:906 2188 IRP_MJ_QUERY_QUOTA : 804F4562
    13:21:49:906 2188 IRP_MJ_SET_QUOTA : 804F4562
    13:21:49:906 2188 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
    13:21:49:906 2188
    13:21:49:906 2188 Driver Name: Disk
    13:21:49:906 2188 IRP_MJ_CREATE : BA0CEBB0
    13:21:49:906 2188 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
    13:21:49:906 2188 IRP_MJ_CLOSE : BA0CEBB0
    13:21:49:906 2188 IRP_MJ_READ : BA0C8D1F
    13:21:49:906 2188 IRP_MJ_WRITE : BA0C8D1F
    13:21:49:906 2188 IRP_MJ_QUERY_INFORMATION : 804F4562
    13:21:49:906 2188 IRP_MJ_SET_INFORMATION : 804F4562
    13:21:49:906 2188 IRP_MJ_QUERY_EA : 804F4562
    13:21:49:906 2188 IRP_MJ_SET_EA : 804F4562
    13:21:49:906 2188 IRP_MJ_FLUSH_BUFFERS : BA0C92E2
    13:21:49:906 2188 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
    13:21:49:906 2188 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
    13:21:49:906 2188 IRP_MJ_DIRECTORY_CONTROL : 804F4562
    13:21:49:906 2188 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
    13:21:49:906 2188 IRP_MJ_DEVICE_CONTROL : BA0C93BB
    13:21:49:906 2188 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0CCF28
    13:21:49:906 2188 IRP_MJ_SHUTDOWN : BA0C92E2
    13:21:49:906 2188 IRP_MJ_LOCK_CONTROL : 804F4562
    13:21:49:906 2188 IRP_MJ_CLEANUP : 804F4562
    13:21:49:906 2188 IRP_MJ_CREATE_MAILSLOT : 804F4562
    13:21:49:906 2188 IRP_MJ_QUERY_SECURITY : 804F4562
    13:21:49:906 2188 IRP_MJ_SET_SECURITY : 804F4562
    13:21:49:906 2188 IRP_MJ_POWER : BA0CAC82
    13:21:49:906 2188 IRP_MJ_SYSTEM_CONTROL : BA0CF99E
    13:21:49:906 2188 IRP_MJ_DEVICE_CHANGE : 804F4562
    13:21:49:906 2188 IRP_MJ_QUERY_QUOTA : 804F4562
    13:21:49:906 2188 IRP_MJ_SET_QUOTA : 804F4562
    13:21:49:921 2188 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
    13:21:49:921 2188
    13:21:49:921 2188 Driver Name: Disk
    13:21:49:921 2188 IRP_MJ_CREATE : BA0CEBB0
    13:21:49:921 2188 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
    13:21:49:921 2188 IRP_MJ_CLOSE : BA0CEBB0
    13:21:49:921 2188 IRP_MJ_READ : BA0C8D1F
    13:21:49:921 2188 IRP_MJ_WRITE : BA0C8D1F
    13:21:49:921 2188 IRP_MJ_QUERY_INFORMATION : 804F4562
    13:21:49:921 2188 IRP_MJ_SET_INFORMATION : 804F4562
    13:21:49:921 2188 IRP_MJ_QUERY_EA : 804F4562
    13:21:49:921 2188 IRP_MJ_SET_EA : 804F4562
    13:21:49:921 2188 IRP_MJ_FLUSH_BUFFERS : BA0C92E2
    13:21:49:921 2188 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
    13:21:49:921 2188 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
    13:21:49:921 2188 IRP_MJ_DIRECTORY_CONTROL : 804F4562
    13:21:49:921 2188 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
    13:21:49:921 2188 IRP_MJ_DEVICE_CONTROL : BA0C93BB
    13:21:49:921 2188 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0CCF28
    13:21:49:921 2188 IRP_MJ_SHUTDOWN : BA0C92E2
    13:21:49:921 2188 IRP_MJ_LOCK_CONTROL : 804F4562
    13:21:49:921 2188 IRP_MJ_CLEANUP : 804F4562
    13:21:49:921 2188 IRP_MJ_CREATE_MAILSLOT : 804F4562
    13:21:49:921 2188 IRP_MJ_QUERY_SECURITY : 804F4562
    13:21:49:921 2188 IRP_MJ_SET_SECURITY : 804F4562
    13:21:49:921 2188 IRP_MJ_POWER : BA0CAC82
    13:21:49:921 2188 IRP_MJ_SYSTEM_CONTROL : BA0CF99E
    13:21:49:921 2188 IRP_MJ_DEVICE_CHANGE : 804F4562
    13:21:49:921 2188 IRP_MJ_QUERY_QUOTA : 804F4562
    13:21:49:921 2188 IRP_MJ_SET_QUOTA : 804F4562
    13:21:49:921 2188 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
    13:21:49:921 2188
    13:21:49:921 2188 Driver Name: nvata
    13:21:49:921 2188 IRP_MJ_CREATE : B9EE7894
    13:21:49:921 2188 IRP_MJ_CREATE_NAMED_PIPE : B9EE7874
    13:21:49:921 2188 IRP_MJ_CLOSE : B9EE7894
    13:21:49:921 2188 IRP_MJ_READ : B9EE7874
    13:21:49:921 2188 IRP_MJ_WRITE : B9EE7874
    13:21:49:921 2188 IRP_MJ_QUERY_INFORMATION : B9EE7874
    13:21:49:921 2188 IRP_MJ_SET_INFORMATION : B9EE7874
    13:21:49:921 2188 IRP_MJ_QUERY_EA : B9EE7874
    13:21:49:921 2188 IRP_MJ_SET_EA : B9EE7874
    13:21:49:921 2188 IRP_MJ_FLUSH_BUFFERS : B9EE7874
    13:21:49:921 2188 IRP_MJ_QUERY_VOLUME_INFORMATION : B9EE7874
    13:21:49:921 2188 IRP_MJ_SET_VOLUME_INFORMATION : B9EE7874
    13:21:49:921 2188 IRP_MJ_DIRECTORY_CONTROL : B9EE7874
    13:21:49:921 2188 IRP_MJ_FILE_SYSTEM_CONTROL : B9EE7874
    13:21:49:921 2188 IRP_MJ_DEVICE_CONTROL : B9EE78AE
    13:21:49:921 2188 IRP_MJ_INTERNAL_DEVICE_CONTROL : B9EE7D6E
    13:21:49:921 2188 IRP_MJ_SHUTDOWN : B9EE7874
    13:21:49:921 2188 IRP_MJ_LOCK_CONTROL : B9EE7874
    13:21:49:921 2188 IRP_MJ_CLEANUP : B9EE7874
    13:21:49:921 2188 IRP_MJ_CREATE_MAILSLOT : B9EE7874
    13:21:49:921 2188 IRP_MJ_QUERY_SECURITY : B9EE7874
    13:21:49:921 2188 IRP_MJ_SET_SECURITY : B9EE7874
    13:21:49:921 2188 IRP_MJ_POWER : B9EE7D0E
    13:21:49:921 2188 IRP_MJ_SYSTEM_CONTROL : B9EE7A9C
    13:21:49:921 2188 IRP_MJ_DEVICE_CHANGE : B9EE7874
    13:21:49:921 2188 IRP_MJ_QUERY_QUOTA : B9EE7874
    13:21:49:921 2188 IRP_MJ_SET_QUOTA : B9EE7874
    13:21:49:937 2188 C:\WINDOWS\system32\drivers\nvata.sys - Verdict: 1
    13:21:49:937 2188
    13:21:49:953 2188 Completed
    13:21:49:953 2188
    13:21:49:953 2188 Results:
    13:21:49:953 2188 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
    13:21:49:953 2188 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
    13:21:49:953 2188 File objects infected / cured / cured on reboot: 0 / 0 / 0
    13:21:49:953 2188
    13:21:49:953 2188 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
    13:21:49:953 2188 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
    13:21:49:953 2188 KLMD(ARK) unloaded successfully


    I will now attempt to run the RootRepeal scan and post the results.

    Thanks!

  10. #20
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi TMJ1968

    Do not run the RootRepeal.....it is not necessary

    Please download maxlook, saving the file to your desktop.
    Double click maxlook.exe to run it. Note - you must run it only once!

    1.Restart your computer.
    2.Before Windows loads, you will be prompted to choose which Operating System to start.
    3.Use the up and down arrow key to select Microsoft Windows Recovery Console
    4.You must enter which Windows installation to log onto. Type 1 and press 'Enter'.
    5.At the C:\Windows prompt, type the following bolded entries, and press 'Enter' (note the spaces):
    • batch look.bat



    You will see 1 file copied many times then return to the x:\windows> prompt.
    Type Exit to restart your computer then logon in normal mode.

    Click Start >> Run and then type the following in the run box

    maxlook -sig

    (note the space before the - sign)
    It will produce looklog.txt on the desktop and open it.
    Please post the results here.

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •