Jump to content


Photo
- - - - -

Suspected Zero Access Rootkit


  • This topic is locked This topic is locked
15 replies to this topic

#1 AngryToast89

AngryToast89

    New Member

  • Members
  • Pip
  • 9 posts

Posted 19 October 2011 - 06:18 AM

Hello,

My girlfriends 32bit Vista laptop appears to have contracted a ZeroAccess rootkit. Her lappy is unable to access Anti Virus/Malware websites such as this one (AVG, Super Anti Spyware, Kaspersky, BleepingComputer etc.); her google results are redirected; anti virus software currently installed on this machine are able to launch, but are forced to close shortly after a scan is initiated (AVG, Malwarebytes and Super Anti Spyware all suffer from this). The program seems to become corrupted once the virus has shut it down and requires reinstalling in order to attempt to scan again.

I have identified a suspect file named "3203397148:3809022017.exe" running in task manager that I can't kill. The same file is also flagged by Kaspersky's TDSS Killer (this is the only tool I have found that will scan without issue) but the tool is unable to cure it, and when the delete option is attempted it asks to restart in order to complete but upon reboot the file remains.

TDSS Killer also identifies "dtsoftbus01.sys" (In System32\Drivers) though after checking on virustotal.com (via MD5 search) there was no mention of this file.

Rkill is inaffective when trying to surpress the effects of the infection and attempt to run some AV software (I tried renaming Rkill to get it to work to no avail). TDSS Remover and Gmer suffer the same fate as other AV software when trying to scan for infections.

I have left Combofix to run for 30 minutes and it has sat at the:

"Scanning for infected files . . .
This typically doesn't take more than 10 minutes
However, scan time for badly infected machine may easily double"

Stage and has not progressed.

A DDS log is enclosed below. A log from Kaspersky's TDSS Killer is attatched.

Many Thanks.

DDS Log:
Attached File  DDS.txt   19.03KB   26 downloads




12:08:50.0886 2400 TDSS rootkit removing tool 2.6.10.0 Oct 17 2011 15:43:23
12:08:50.0917 2400 ============================================================
12:08:50.0917 2400 Current date / time: 2011/10/19 12:08:50.0917
12:08:50.0917 2400 SystemInfo:
12:08:50.0917 2400
12:08:50.0917 2400 OS Version: 6.0.6002 ServicePack: 2.0
12:08:50.0917 2400 Product type: Workstation
12:08:50.0917 2400 ComputerName: JESSICA-PC
12:08:50.0917 2400 UserName: Jessica
12:08:50.0917 2400 Windows directory: C:\Windows
12:08:50.0917 2400 System windows directory: C:\Windows
12:08:50.0917 2400 Processor architecture: Intel x86
12:08:50.0917 2400 Number of processors: 2
12:08:50.0917 2400 Page size: 0x1000
12:08:50.0917 2400 Boot type: Normal boot
12:08:50.0917 2400 ============================================================
12:08:53.0631 2400 Initialize success
12:09:01.0431 2616 ============================================================
12:09:01.0431 2616 Scan started
12:09:01.0431 2616 Mode: Manual; TDLFS;
12:09:01.0431 2616 ============================================================
12:09:03.0054 2616 1cf6efbe (8f2bb1827cac01aee6a16e30a1260199) C:\Windows\3203397148:3809022017.exe
12:09:03.0054 2616 Suspicious file (Hidden): C:\Windows\3203397148:3809022017.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
12:09:03.0054 2616 1cf6efbe ( HiddenFile.Multi.Generic ) - warning
12:09:03.0054 2616 1cf6efbe - detected HiddenFile.Multi.Generic (1)
12:09:03.0163 2616 Accelerometer (465b6baaba53a628f7252846d0e900ee) C:\Windows\system32\DRIVERS\Accelerometer.sys
12:09:03.0163 2616 Accelerometer - ok
12:09:03.0256 2616 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
12:09:03.0256 2616 ACPI - ok
12:09:03.0522 2616 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
12:09:03.0537 2616 adp94xx - ok
12:09:03.0693 2616 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
12:09:03.0709 2616 adpahci - ok
12:09:03.0756 2616 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
12:09:03.0756 2616 adpu160m - ok
12:09:03.0771 2616 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
12:09:03.0771 2616 adpu320 - ok
12:09:03.0912 2616 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
12:09:03.0912 2616 AFD - ok
12:09:04.0021 2616 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
12:09:04.0021 2616 agp440 - ok
12:09:04.0068 2616 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
12:09:04.0068 2616 aic78xx - ok
12:09:04.0083 2616 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys
12:09:04.0083 2616 aliide - ok
12:09:04.0302 2616 ALSysIO - ok
12:09:04.0676 2616 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
12:09:04.0676 2616 amdagp - ok
12:09:04.0832 2616 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys
12:09:04.0832 2616 amdide - ok
12:09:04.0957 2616 amdiox86 (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys
12:09:04.0957 2616 amdiox86 - ok
12:09:05.0206 2616 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
12:09:05.0206 2616 AmdK7 - ok
12:09:05.0721 2616 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
12:09:05.0721 2616 AmdK8 - ok
12:09:06.0064 2616 amdkmdag (ad77d5d46857ce0d9469e7e670ec4d34) C:\Windows\system32\DRIVERS\atikmdag.sys
12:09:06.0267 2616 amdkmdag - ok
12:09:06.0501 2616 amdkmdap (655053f7c0a3b551da84db7417a10e15) C:\Windows\system32\DRIVERS\atikmpag.sys
12:09:06.0517 2616 amdkmdap - ok
12:09:06.0595 2616 AODDriver4.0 - ok
12:09:06.0829 2616 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
12:09:06.0829 2616 arc - ok
12:09:06.0938 2616 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
12:09:06.0938 2616 arcsas - ok
12:09:07.0047 2616 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
12:09:07.0047 2616 AsyncMac - ok
12:09:07.0078 2616 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
12:09:07.0078 2616 atapi - ok
12:09:07.0156 2616 athr (02d34ac487df3da4e3f01874e61eb619) C:\Windows\system32\DRIVERS\athr.sys
12:09:07.0203 2616 athr - ok
12:09:07.0453 2616 atikmdag (ad77d5d46857ce0d9469e7e670ec4d34) C:\Windows\system32\DRIVERS\atikmdag.sys
12:09:07.0515 2616 atikmdag - ok
12:09:07.0687 2616 AtiPcie (5a1465ad2e7c1bc39cda12a355329096) C:\Windows\system32\DRIVERS\AtiPcie.sys
12:09:07.0687 2616 AtiPcie - ok
12:09:07.0796 2616 AVGIDSDriver (1c8d965bbcaa9ee5defdb54743437086) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
12:09:07.0796 2616 AVGIDSDriver - ok
12:09:07.0936 2616 AVGIDSEH (c59c9bc3f0612bd207ccdc5d8cb9ce39) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
12:09:07.0936 2616 AVGIDSEH - ok
12:09:08.0046 2616 AVGIDSFilter (c5559de2ec66cede15a1664f6d183d8e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
12:09:08.0046 2616 AVGIDSFilter - ok
12:09:08.0155 2616 AVGIDSShim (ae5e9667fa40206796d1bd5bd0427a8a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
12:09:08.0155 2616 AVGIDSShim - ok
12:09:08.0607 2616 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
12:09:08.0607 2616 Avgldx86 - ok
12:09:08.0779 2616 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
12:09:08.0779 2616 Avgmfx86 - ok
12:09:08.0904 2616 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
12:09:08.0904 2616 Avgrkx86 - ok
12:09:08.0966 2616 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
12:09:08.0966 2616 Avgtdix - ok
12:09:09.0106 2616 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
12:09:09.0106 2616 Beep - ok
12:09:09.0200 2616 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
12:09:09.0200 2616 blbdrive - ok
12:09:09.0418 2616 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
12:09:09.0418 2616 bowser - ok
12:09:09.0746 2616 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
12:09:09.0746 2616 BrFiltLo - ok
12:09:09.0886 2616 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
12:09:09.0902 2616 BrFiltUp - ok
12:09:10.0089 2616 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
12:09:10.0105 2616 Brserid - ok
12:09:10.0354 2616 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
12:09:10.0354 2616 BrSerWdm - ok
12:09:10.0495 2616 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
12:09:10.0495 2616 BrUsbMdm - ok
12:09:10.0542 2616 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
12:09:10.0542 2616 BrUsbSer - ok
12:09:10.0854 2616 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
12:09:10.0854 2616 BthEnum - ok
12:09:11.0010 2616 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
12:09:11.0010 2616 BTHMODEM - ok
12:09:11.0212 2616 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
12:09:11.0228 2616 BthPan - ok
12:09:11.0556 2616 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
12:09:11.0618 2616 BTHPORT - ok
12:09:11.0758 2616 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
12:09:11.0758 2616 BTHUSB - ok
12:09:11.0961 2616 btwaudio (229b2c1e776062a4033305d5a9d6e28d) C:\Windows\system32\drivers\btwaudio.sys
12:09:11.0961 2616 btwaudio - ok
12:09:12.0133 2616 btwavdt (97062053359f6908e1fb2791bfa54734) C:\Windows\system32\drivers\btwavdt.sys
12:09:12.0133 2616 btwavdt - ok
12:09:12.0304 2616 btwrchid (d9269b0e3e3cf46d677fd071a40fe6cd) C:\Windows\system32\DRIVERS\btwrchid.sys
12:09:12.0304 2616 btwrchid - ok
12:09:12.0445 2616 catchme - ok
12:09:12.0632 2616 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
12:09:12.0632 2616 cdfs - ok
12:09:12.0850 2616 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
12:09:12.0850 2616 cdrom - ok
12:09:14.0020 2616 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
12:09:14.0020 2616 circlass - ok
12:09:14.0660 2616 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
12:09:14.0676 2616 CLFS - ok
12:09:14.0816 2616 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
12:09:14.0816 2616 CmBatt - ok
12:09:14.0863 2616 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys
12:09:14.0878 2616 cmdide - ok
12:09:14.0925 2616 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
12:09:14.0941 2616 Compbatt - ok
12:09:15.0034 2616 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
12:09:15.0034 2616 crcdisk - ok
12:09:15.0081 2616 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
12:09:15.0097 2616 Crusoe - ok
12:09:15.0378 2616 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
12:09:15.0393 2616 DfsC - ok
12:09:15.0690 2616 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
12:09:15.0690 2616 disk - ok
12:09:15.0955 2616 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
12:09:15.0955 2616 Dot4 - ok
12:09:16.0002 2616 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
12:09:16.0002 2616 Dot4Print - ok
12:09:16.0080 2616 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
12:09:16.0080 2616 dot4usb - ok
12:09:16.0189 2616 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
12:09:16.0189 2616 drmkaud - ok
12:09:16.0267 2616 dtsoftbus01 (477a31bcb2989a88698daee3bee19e8d) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:09:16.0282 2616 Suspicious file (Forged): C:\Windows\system32\DRIVERS\dtsoftbus01.sys. Real md5: 477a31bcb2989a88698daee3bee19e8d, Fake md5: 555e54ac2f601a8821cef58961653991
12:09:16.0282 2616 dtsoftbus01 ( ForgedFile.Multi.Generic ) - warning
12:09:16.0282 2616 dtsoftbus01 - detected ForgedFile.Multi.Generic (1)
12:09:16.0392 2616 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
12:09:16.0392 2616 DXGKrnl - ok
12:09:16.0438 2616 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
12:09:16.0454 2616 E1G60 - ok
12:09:16.0610 2616 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
12:09:16.0610 2616 Ecache - ok
12:09:16.0688 2616 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
12:09:16.0688 2616 elxstor - ok
12:09:16.0782 2616 enecir (004b2ea6cc2598ec5f0552e43ce29cef) C:\Windows\system32\DRIVERS\enecir.sys
12:09:16.0782 2616 enecir - ok
12:09:16.0906 2616 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
12:09:16.0906 2616 ErrDev - ok
12:09:17.0140 2616 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
12:09:17.0140 2616 exfat - ok
12:09:17.0390 2616 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
12:09:17.0406 2616 fastfat - ok
12:09:17.0499 2616 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
12:09:17.0499 2616 fdc - ok
12:09:17.0577 2616 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
12:09:17.0593 2616 FileInfo - ok
12:09:17.0640 2616 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
12:09:17.0640 2616 Filetrace - ok
12:09:17.0671 2616 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
12:09:17.0671 2616 flpydisk - ok
12:09:17.0796 2616 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
12:09:17.0796 2616 FltMgr - ok
12:09:18.0030 2616 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
12:09:18.0030 2616 Fs_Rec - ok
12:09:18.0061 2616 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
12:09:18.0076 2616 gagp30kx - ok
12:09:18.0373 2616 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
12:09:18.0373 2616 GEARAspiWDM - ok
12:09:18.0482 2616 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
12:09:18.0498 2616 HdAudAddService - ok
12:09:18.0638 2616 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:09:18.0669 2616 HDAudBus - ok
12:09:18.0856 2616 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
12:09:18.0856 2616 HidBth - ok
12:09:18.0966 2616 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
12:09:18.0966 2616 HidIr - ok
12:09:19.0059 2616 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
12:09:19.0059 2616 HidUsb - ok
12:09:19.0278 2616 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
12:09:19.0371 2616 HpCISSs - ok
12:09:19.0636 2616 hpdskflt (d5c35e6416a379c445cda826b9fe452f) C:\Windows\system32\DRIVERS\hpdskflt.sys
12:09:19.0636 2616 hpdskflt - ok
12:09:19.0902 2616 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
12:09:19.0917 2616 HpqKbFiltr - ok
12:09:20.0073 2616 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
12:09:20.0089 2616 HTTP - ok
12:09:20.0182 2616 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
12:09:20.0182 2616 i2omp - ok
12:09:20.0463 2616 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
12:09:20.0479 2616 i8042prt - ok
12:09:20.0510 2616 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
12:09:20.0510 2616 iaStorV - ok
12:09:20.0635 2616 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
12:09:20.0635 2616 iirsp - ok
12:09:20.0744 2616 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys
12:09:20.0744 2616 intelide - ok
12:09:20.0791 2616 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
12:09:20.0791 2616 intelppm - ok
12:09:20.0853 2616 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:09:20.0853 2616 IpFilterDriver - ok
12:09:20.0884 2616 IpInIp - ok
12:09:20.0916 2616 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
12:09:20.0916 2616 IPMIDRV - ok
12:09:20.0962 2616 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
12:09:20.0978 2616 IPNAT - ok
12:09:21.0040 2616 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
12:09:21.0040 2616 IRENUM - ok
12:09:21.0087 2616 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
12:09:21.0087 2616 isapnp - ok
12:09:21.0150 2616 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
12:09:21.0150 2616 iScsiPrt - ok
12:09:21.0196 2616 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
12:09:21.0196 2616 iteatapi - ok
12:09:21.0259 2616 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
12:09:21.0259 2616 iteraid - ok
12:09:21.0352 2616 JMCR (4020a60f888eaab17865a0dd2422e8d0) C:\Windows\system32\DRIVERS\jmcr.sys
12:09:21.0352 2616 JMCR - ok
12:09:21.0430 2616 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
12:09:21.0430 2616 kbdclass - ok
12:09:21.0493 2616 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
12:09:21.0493 2616 kbdhid - ok
12:09:21.0758 2616 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
12:09:21.0774 2616 KSecDD - ok
12:09:21.0976 2616 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
12:09:21.0976 2616 lltdio - ok
12:09:22.0039 2616 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
12:09:22.0054 2616 LSI_FC - ok
12:09:22.0117 2616 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
12:09:22.0117 2616 LSI_SAS - ok
12:09:22.0148 2616 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
12:09:22.0148 2616 LSI_SCSI - ok
12:09:22.0179 2616 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
12:09:22.0179 2616 luafv - ok
12:09:22.0320 2616 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
12:09:22.0320 2616 MBAMProtector - ok
12:09:22.0538 2616 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
12:09:22.0538 2616 megasas - ok
12:09:22.0616 2616 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
12:09:22.0632 2616 MegaSR - ok
12:09:22.0678 2616 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
12:09:22.0678 2616 Modem - ok
12:09:22.0694 2616 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
12:09:22.0710 2616 monitor - ok
12:09:22.0725 2616 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
12:09:22.0725 2616 mouclass - ok
12:09:22.0772 2616 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
12:09:22.0772 2616 mouhid - ok
12:09:22.0819 2616 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
12:09:22.0819 2616 MountMgr - ok
12:09:22.0850 2616 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
12:09:22.0866 2616 mpio - ok
12:09:22.0881 2616 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
12:09:22.0881 2616 mpsdrv - ok
12:09:22.0912 2616 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
12:09:22.0912 2616 Mraid35x - ok
12:09:22.0959 2616 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
12:09:22.0975 2616 MRxDAV - ok
12:09:23.0053 2616 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:09:23.0053 2616 mrxsmb - ok
12:09:23.0115 2616 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:09:23.0115 2616 mrxsmb10 - ok
12:09:23.0146 2616 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:09:23.0162 2616 mrxsmb20 - ok
12:09:23.0209 2616 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
12:09:23.0209 2616 msahci - ok
12:09:23.0240 2616 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
12:09:23.0240 2616 msdsm - ok
12:09:23.0271 2616 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
12:09:23.0271 2616 Msfs - ok
12:09:23.0318 2616 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
12:09:23.0318 2616 msisadrv - ok
12:09:23.0380 2616 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
12:09:23.0380 2616 MSKSSRV - ok
12:09:23.0412 2616 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
12:09:23.0412 2616 MSPCLOCK - ok
12:09:23.0443 2616 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
12:09:23.0443 2616 MSPQM - ok
12:09:23.0536 2616 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
12:09:23.0536 2616 MsRPC - ok
12:09:23.0568 2616 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
12:09:23.0568 2616 mssmbios - ok
12:09:23.0599 2616 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
12:09:23.0599 2616 MSTEE - ok
12:09:23.0661 2616 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
12:09:23.0661 2616 Mup - ok
12:09:23.0755 2616 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
12:09:23.0755 2616 NativeWifiP - ok
12:09:23.0817 2616 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
12:09:23.0848 2616 NDIS - ok
12:09:23.0895 2616 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
12:09:23.0895 2616 NdisTapi - ok
12:09:23.0926 2616 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
12:09:23.0926 2616 Ndisuio - ok
12:09:24.0004 2616 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
12:09:24.0004 2616 NdisWan - ok
12:09:24.0020 2616 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
12:09:24.0020 2616 NDProxy - ok
12:09:24.0145 2616 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
12:09:24.0145 2616 NetBIOS - ok
12:09:24.0192 2616 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
12:09:24.0192 2616 netbt - ok
12:09:24.0316 2616 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
12:09:24.0441 2616 NETw3v32 - ok
12:09:24.0457 2616 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
12:09:24.0472 2616 nfrd960 - ok
12:09:24.0504 2616 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
12:09:24.0504 2616 Npfs - ok
12:09:24.0550 2616 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
12:09:24.0550 2616 nsiproxy - ok
12:09:24.0987 2616 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
12:09:25.0081 2616 Ntfs - ok
12:09:25.0299 2616 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
12:09:25.0299 2616 ntrigdigi - ok
12:09:25.0377 2616 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
12:09:25.0377 2616 Null - ok
12:09:25.0424 2616 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
12:09:25.0424 2616 nvraid - ok
12:09:25.0455 2616 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
12:09:25.0455 2616 nvstor - ok
12:09:25.0486 2616 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
12:09:25.0502 2616 nv_agp - ok
12:09:25.0518 2616 NwlnkFlt - ok
12:09:25.0533 2616 NwlnkFwd - ok
12:09:25.0642 2616 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
12:09:25.0642 2616 ohci1394 - ok
12:09:25.0736 2616 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
12:09:25.0736 2616 Parport - ok
12:09:25.0798 2616 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
12:09:25.0798 2616 partmgr - ok
12:09:25.0861 2616 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
12:09:25.0861 2616 Parvdm - ok
12:09:25.0986 2616 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
12:09:25.0986 2616 pci - ok
12:09:26.0142 2616 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
12:09:26.0142 2616 pciide - ok
12:09:26.0298 2616 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
12:09:26.0313 2616 pcmcia - ok
12:09:26.0500 2616 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
12:09:26.0547 2616 PEAUTH - ok
12:09:26.0812 2616 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
12:09:26.0812 2616 PptpMiniport - ok
12:09:26.0875 2616 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
12:09:26.0875 2616 Processor - ok
12:09:26.0953 2616 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
12:09:26.0953 2616 PSched - ok
12:09:27.0046 2616 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
12:09:27.0109 2616 ql2300 - ok
12:09:27.0140 2616 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
12:09:27.0156 2616 ql40xx - ok
12:09:27.0187 2616 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
12:09:27.0187 2616 QWAVEdrv - ok
12:09:27.0234 2616 RapportBuka (e2aa111b00f5205ffd52a57f48b4f642) C:\Windows\system32\drivers\RapportBuka.sys
12:09:27.0249 2616 RapportBuka - ok
12:09:27.0421 2616 RapportCerberus_29574 (dda98cc4f34977914c731b8155e1cbd5) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys
12:09:27.0421 2616 RapportCerberus_29574 - ok
12:09:27.0530 2616 RapportEI (90bc0b9ef6106b8f5f762bdf4f0ad723) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
12:09:27.0530 2616 RapportEI - ok
12:09:27.0655 2616 RapportKELL (8cc04334a2fda2b6d79631dbe62f5cd0) C:\Windows\system32\Drivers\RapportKELL.sys
12:09:27.0655 2616 RapportKELL - ok
12:09:27.0780 2616 RapportPG (a16ba67cf3f448bd163246dd725b7ffc) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
12:09:27.0780 2616 RapportPG - ok
12:09:28.0029 2616 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
12:09:28.0029 2616 RasAcd - ok
12:09:28.0232 2616 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:09:28.0232 2616 Rasl2tp - ok
12:09:28.0466 2616 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
12:09:28.0482 2616 RasPppoe - ok
12:09:28.0638 2616 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
12:09:28.0638 2616 RasSstp - ok
12:09:28.0794 2616 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
12:09:28.0809 2616 rdbss - ok
12:09:28.0887 2616 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:09:28.0887 2616 RDPCDD - ok
12:09:28.0934 2616 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
12:09:28.0950 2616 rdpdr - ok
12:09:28.0981 2616 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
12:09:28.0981 2616 RDPENCDD - ok
12:09:29.0028 2616 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
12:09:29.0043 2616 RDPWD - ok
12:09:29.0121 2616 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
12:09:29.0137 2616 RFCOMM - ok
12:09:29.0433 2616 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys
12:09:29.0464 2616 RimUsb - ok
12:09:29.0652 2616 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
12:09:29.0667 2616 RimVSerPort - ok
12:09:30.0073 2616 rk_remover-boot (d4b62e2585945fb1299c4140287ec32b) C:\Windows\system32\drivers\rk_remover.sys
12:09:30.0104 2616 rk_remover-boot - ok
12:09:30.0229 2616 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
12:09:30.0229 2616 ROOTMODEM - ok
12:09:30.0322 2616 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
12:09:30.0322 2616 rspndr - ok
12:09:30.0416 2616 RTL8169 (a1adc7b4c074744662207da6edcdfbb0) C:\Windows\system32\DRIVERS\Rtlh86.sys
12:09:30.0416 2616 RTL8169 - ok
12:09:30.0900 2616 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
12:09:30.0900 2616 SASDIFSV - ok
12:09:31.0071 2616 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
12:09:31.0071 2616 SASKUTIL - ok
12:09:31.0274 2616 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
12:09:31.0290 2616 sbp2port - ok
12:09:31.0430 2616 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
12:09:31.0430 2616 sdbus - ok
12:09:31.0539 2616 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:09:31.0539 2616 secdrv - ok
12:09:31.0648 2616 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
12:09:31.0648 2616 Serenum - ok
12:09:31.0742 2616 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
12:09:31.0758 2616 Serial - ok
12:09:31.0804 2616 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
12:09:31.0820 2616 sermouse - ok
12:09:31.0898 2616 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
12:09:31.0898 2616 sffdisk - ok
12:09:32.0085 2616 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
12:09:32.0085 2616 sffp_mmc - ok
12:09:32.0241 2616 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
12:09:32.0241 2616 sffp_sd - ok
12:09:32.0304 2616 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
12:09:32.0304 2616 sfloppy - ok
12:09:32.0397 2616 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
12:09:32.0397 2616 sisagp - ok
12:09:32.0428 2616 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
12:09:32.0428 2616 SiSRaid2 - ok
12:09:32.0460 2616 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
12:09:32.0460 2616 SiSRaid4 - ok
12:09:32.0522 2616 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
12:09:32.0522 2616 Smb - ok
12:09:32.0600 2616 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
12:09:32.0600 2616 spldr - ok
12:09:32.0834 2616 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
12:09:32.0850 2616 srv - ok
12:09:33.0130 2616 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
12:09:33.0130 2616 srv2 - ok
12:09:33.0926 2616 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
12:09:33.0926 2616 srvnet - ok
12:09:34.0082 2616 STHDA (e3c50b029bd08a35fc6a5f0b1cf5d300) C:\Windows\system32\DRIVERS\stwrt.sys
12:09:34.0082 2616 STHDA - ok
12:09:34.0176 2616 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
12:09:34.0176 2616 swenum - ok
12:09:34.0441 2616 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
12:09:34.0456 2616 Symc8xx - ok
12:09:34.0628 2616 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
12:09:34.0628 2616 Sym_hi - ok
12:09:34.0800 2616 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
12:09:34.0800 2616 Sym_u3 - ok
12:09:34.0956 2616 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys
12:09:34.0956 2616 SynTP - ok
12:09:35.0798 2616 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
12:09:35.0892 2616 Tcpip - ok
12:09:36.0079 2616 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
12:09:36.0079 2616 Tcpip6 - ok
12:09:36.0297 2616 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
12:09:36.0297 2616 tcpipreg - ok
12:09:36.0360 2616 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
12:09:36.0360 2616 TDPIPE - ok
12:09:36.0406 2616 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
12:09:36.0406 2616 TDTCP - ok
12:09:36.0469 2616 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
12:09:36.0469 2616 tdx - ok
12:09:36.0547 2616 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
12:09:36.0547 2616 TermDD - ok
12:09:36.0640 2616 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:09:36.0640 2616 tssecsrv - ok
12:09:36.0828 2616 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
12:09:36.0828 2616 tunmp - ok
12:09:36.0952 2616 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
12:09:36.0952 2616 tunnel - ok
12:09:37.0264 2616 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
12:09:37.0264 2616 uagp35 - ok
12:09:37.0810 2616 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
12:09:37.0826 2616 udfs - ok
12:09:38.0122 2616 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
12:09:38.0122 2616 uliagpkx - ok
12:09:38.0372 2616 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
12:09:38.0388 2616 uliahci - ok
12:09:38.0793 2616 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
12:09:38.0793 2616 UlSata - ok
12:09:39.0121 2616 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
12:09:39.0121 2616 ulsata2 - ok
12:09:39.0277 2616 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
12:09:39.0277 2616 umbus - ok
12:09:39.0526 2616 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
12:09:39.0542 2616 USBAAPL - ok
12:09:39.0885 2616 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
12:09:39.0885 2616 usbccgp - ok
12:09:40.0150 2616 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
12:09:40.0150 2616 usbcir - ok
12:09:40.0540 2616 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
12:09:40.0540 2616 usbehci - ok
12:09:40.0618 2616 usbfilter (edca5124b54bcf04e5c0538aa397a9c1) C:\Windows\system32\DRIVERS\usbfilter.sys
12:09:40.0618 2616 usbfilter - ok
12:09:40.0696 2616 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
12:09:40.0712 2616 usbhub - ok
12:09:40.0868 2616 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
12:09:40.0915 2616 usbohci - ok
12:09:41.0118 2616 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
12:09:41.0118 2616 usbprint - ok
12:09:41.0180 2616 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
12:09:41.0180 2616 usbscan - ok
12:09:41.0258 2616 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:09:41.0258 2616 USBSTOR - ok
12:09:41.0305 2616 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
12:09:41.0305 2616 usbuhci - ok
12:09:41.0352 2616 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
12:09:41.0367 2616 usbvideo - ok
12:09:41.0445 2616 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
12:09:41.0445 2616 vga - ok
12:09:41.0492 2616 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
12:09:41.0492 2616 VgaSave - ok
12:09:41.0539 2616 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
12:09:41.0539 2616 viaagp - ok
12:09:41.0586 2616 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
12:09:41.0586 2616 ViaC7 - ok
12:09:41.0617 2616 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys
12:09:41.0617 2616 viaide - ok
12:09:41.0664 2616 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
12:09:41.0664 2616 volmgr - ok
12:09:41.0726 2616 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
12:09:41.0742 2616 volmgrx - ok
12:09:41.0804 2616 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
12:09:41.0820 2616 volsnap - ok
12:09:41.0851 2616 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
12:09:41.0851 2616 vsmraid - ok
12:09:41.0913 2616 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
12:09:41.0929 2616 WacomPen - ok
12:09:41.0944 2616 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:09:41.0944 2616 Wanarp - ok
12:09:41.0960 2616 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:09:41.0960 2616 Wanarpv6 - ok
12:09:41.0991 2616 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
12:09:41.0991 2616 Wd - ok
12:09:42.0054 2616 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
12:09:42.0085 2616 Wdf01000 - ok
12:09:42.0241 2616 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:09:42.0241 2616 WmiAcpi - ok
12:09:42.0334 2616 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
12:09:42.0334 2616 WpdUsb - ok
12:09:42.0428 2616 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
12:09:42.0428 2616 ws2ifsl - ok
12:09:42.0490 2616 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:09:42.0506 2616 WUDFRd - ok
12:09:42.0568 2616 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
12:09:42.0568 2616 yukonwlh - ok
12:09:42.0678 2616 {55662437-DA8C-40c0-AADA-2C816A897A49} (556b5cfe8d21b256add7f87d7f4b4123) C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl
12:09:42.0678 2616 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
12:09:42.0740 2616 MBR (0x1B8) (588ae8f0c685c02ba11f30d9cd7e61a0) \Device\Harddisk0\DR0
12:09:43.0005 2616 \Device\Harddisk0\DR0 - ok
12:09:43.0021 2616 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
12:09:44.0035 2616 \Device\Harddisk1\DR1 - ok
12:09:44.0066 2616 Boot (0x1200) (c31982783eb067e540572d00d8d5ca8c) \Device\Harddisk0\DR0\Partition0
12:09:44.0066 2616 \Device\Harddisk0\DR0\Partition0 - ok
12:09:44.0347 2616 Boot (0x1200) (4a42d1de19aac8a536c6124c01f4f013) \Device\Harddisk0\DR0\Partition1
12:09:44.0347 2616 \Device\Harddisk0\DR0\Partition1 - ok
12:09:44.0362 2616 Boot (0x1200) (7ac0bf37f2ba995a4881b73cbcb8f326) \Device\Harddisk1\DR1\Partition0
12:09:44.0362 2616 \Device\Harddisk1\DR1\Partition0 - ok
12:09:44.0362 2616 ============================================================
12:09:44.0362 2616 Scan finished
12:09:44.0362 2616 ============================================================
12:09:44.0394 3564 Detected object count: 2
12:09:44.0394 3564 Actual detected object count: 2
12:10:01.0101 3564 1cf6efbe ( HiddenFile.Multi.Generic ) - skipped by user
12:10:01.0101 3564 1cf6efbe ( HiddenFile.Multi.Generic ) - User select action: Skip
12:10:01.0101 3564 dtsoftbus01 ( ForgedFile.Multi.Generic ) - skipped by user
12:10:01.0101 3564 dtsoftbus01 ( ForgedFile.Multi.Generic ) - User select action: Skip

Attached Files



#2 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 22 October 2011 - 08:40 PM

Hi and welcome to Malwarebytes.

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet. Before you download it, rename it to sega.com

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).


Click Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\sega.com" /killall /nombr


See if it will run successfully now. Stop it after half an hour of no activity.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 AngryToast89

AngryToast89

    New Member

  • Members
  • Pip
  • 9 posts

Posted 23 October 2011 - 07:23 AM

Thanks for your reply. Same issue as before I'm afraid.

Thanks.

#4 AngryToast89

AngryToast89

    New Member

  • Members
  • Pip
  • 9 posts

Posted 23 October 2011 - 06:42 PM

So I left Combofix to run for over 30 minutes and at some point it must have completed a scan as when I returned to the laptop it prompted me to reboot. I had a few issues after Combofix had done it's stuff: BSOD and failing to start among them. Managed to get that sorted now, I've ran a full scan on both AVG and Malwarebytes and they've removed plenty of infected files.

TDSS Killer is reporting a couple of suspicious files (RapportBuka.sys and rk_remover.sys both in system32\drivers) that I haven't done anything with yet

Here is a current DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19154 BrowserJavaVersion: 1.6.0_29
Run by Jessica at 0:35:26 on 2011-10-24
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3069.1589 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\AVG\AVG2012\avgui.exe
C:\Users\Jessica\Desktop\TDSSKiller.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.mytalktalk.co.uk
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: txthlpBHO Class: {060235dc-6d84-47bd-95d7-a4ef5099a59d} - c:\progra~1\texthe~1\readan~1\TE3219~1.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [DVDAgent] "c:\program files\hewlett-packard\media\dvd\DVDAgent.exe"
mRun: [TSMAgent] "c:\program files\hewlett-packard\touchsmart\media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\program files\hewlett-packard\touchsmart\media\kernel\clml\CLMLSvc.exe"
mRun: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [TVAgent] "c:\program files\hewlett-packard\media\tv\TVAgent.exe"
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{3A14EFA8-5D1A-4FA4-B63D-FD0E63F9B44F} : DhcpNameServer = 212.9.118.1
TCP: Interfaces\{F62CC206-91DF-4967-8A4D-4B3604EAC543} : DhcpNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jessica\appdata\roaming\mozilla\firefox\profiles\hoole2iv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\jessica\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg2012\Firefox4
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-9-25 56336]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-3-2 218688]
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-2-27 390528]
R1 RapportCerberus_29574;RapportCerberus_29574;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\29574\RapportCerberus32_29574.sys [2011-9-4 216912]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-9-25 70416]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-9-25 161936]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 113496]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/03/30 04:21:35];c:\program files\hewlett-packard\media\dvd\000.fcl [2008-11-29 87536]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-12 5265248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-19 20432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-18 366152]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-2-21 358176]
R2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\hewlett-packard\media\tv\kernel\tv\TVCapSvc.exe [2009-2-9 286824]
R2 TVSched;TV Task Scheduler (TVTS);c:\program files\hewlett-packard\media\tv\kernel\tv\TVSched.exe [2009-2-9 107952]
R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2011-4-8 37944]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-3-9 7723008]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-3-9 239616]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-9-4 54784]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-18 22216]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-3-30 22072]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-2-21 222512]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-12-5 109408]
S3 rk_remover-boot;rk_remover-boot;c:\windows\system32\drivers\rk_remover.sys [2011-10-19 53248]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_827e372d\AEstSrv.exe [2009-3-2 81920]
S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-3-9 176128]
S4 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2011-3-9 294400]
S4 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ati technologies\ati.ace\reservation manager\AMD Reservation Manager.exe [2010-6-17 140224]
S4 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\printer\center\KodakSvc.exe [2007-3-22 9728]
.
=============== Created Last 30 ================
.
2011-10-23 22:53:58 -------- d-----w- c:\users\jessica\appdata\roaming\AVG
2011-10-23 15:11:47 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2011-10-23 15:02:43 -------- d-----w- c:\users\jessica\appdata\roaming\AVG2012
2011-10-23 15:01:55 -------- d-----w- c:\programdata\AVG2012
2011-10-23 12:05:12 -------- d-s---w- C:\sega1379s
2011-10-23 11:40:59 -------- d-s---w- C:\sega840s
2011-10-23 11:39:49 -------- d-s---w- C:\sega12185s
2011-10-23 10:59:23 -------- d-s---w- C:\sega
2011-10-21 23:25:04 48016 --sha-w- c:\windows\system32\c_47915.nl_
2011-10-19 10:00:12 98816 ----a-w- c:\windows\sed.exe
2011-10-19 10:00:12 518144 ----a-w- c:\windows\SWREG.exe
2011-10-19 10:00:12 256000 ----a-w- c:\windows\PEV.exe
2011-10-19 10:00:12 208896 ----a-w- c:\windows\MBR.exe
2011-10-19 00:52:49 53248 ----a-w- c:\windows\system32\drivers\rk_remover.sys
2011-10-18 23:02:48 1008092 ----a-w- C:\mitchisawesome.com
2011-10-18 23:01:13 -------- d-----w- C:\TDSSKiller_Quarantine
2011-10-18 22:23:52 -------- d-----w- c:\users\jessica\appdata\roaming\Malwarebytes
2011-10-18 22:23:44 -------- d-----w- c:\programdata\Malwarebytes
2011-10-18 22:23:41 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-18 22:23:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-18 21:31:25 388096 ----a-r- c:\users\jessica\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-10-18 21:31:24 -------- d-----w- c:\program files\Trend Micro
2011-10-18 19:28:39 2730536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-10-18 19:28:35 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1b2a3d21-f87c-4a4b-b938-81a677a6890b}\mpengine.dll
2011-10-18 19:28:34 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-17 23:27:17 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-10-17 23:22:41 -------- d-sh--w- c:\users\jessica\appdata\local\1cf6efbe
2011-10-17 21:12:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-14 03:03:58 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-14 03:03:58 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-14 03:03:57 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-14 03:03:57 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-06 22:04:54 -------- d-----w- c:\program files\Lionhead Studios
2011-09-27 15:47:51 -------- d-----w- c:\program files\iPod
2011-09-27 15:47:49 -------- d-----w- c:\program files\iTunes
2011-09-27 15:36:42 -------- d-----w- c:\program files\Bonjour
2011-09-25 18:00:08 56336 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
==================== Find3M ====================
.
2011-10-23 15:11:18 20432 ----a-w- c:\windows\system32\hpservice.exe
2011-10-23 14:32:11 35384 ----a-w- c:\windows\system32\drivers\kbdclass.sys
2011-10-21 23:24:03 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-10-03 04:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-30 23:06:24 916480 ----a-w- c:\windows\system32\wininet.dll
2011-09-30 23:02:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:01:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:01:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 23:01:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 22:07:25 385024 ----a-w- c:\windows\system32\html.iec
2011-09-30 21:29:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:28:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-13 05:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-29 16:01:34 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-07-29 16:01:33 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-07-29 16:00:14 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-07-29 16:00:05 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
.
============= FINISH: 0:36:24.66 ===============

#5 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 23 October 2011 - 07:10 PM

Please post ComboFix's log so I can see it.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#6 AngryToast89

AngryToast89

    New Member

  • Members
  • Pip
  • 9 posts

Posted 25 October 2011 - 04:30 PM

I can't seem to find the log, it should just be in C:\ right?

#7 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 29 October 2011 - 02:40 AM

Check in C:\qoobox
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#8 AngryToast89

AngryToast89

    New Member

  • Members
  • Pip
  • 9 posts

Posted 03 November 2011 - 11:41 AM

That folder exists but there is only a log file called catchme.log in C:\Qoobox\Quarantine which contains only some random time stamps.

Thanks

#9 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 08 November 2011 - 01:54 PM

Hi,

My apologies for the delay.

Do a search for log.txt and ComboFix.txt and see if anything comes up.


If not, grab a fresh copy of ComboFix, run it, and post its log.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#10 AngryToast89

AngryToast89

    New Member

  • Members
  • Pip
  • 9 posts

Posted 09 November 2011 - 05:13 PM

I've just ran ComboFix again and this is the log it produced:




ComboFix 11-11-09.02 - Jessica 09/11/2011 21:46:50.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3069.1519 [GMT 0:00]
Running from: c:\users\Jessica\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Jessica\Documents\~WRL0414.tmp
c:\users\Jessica\Documents\~WRL0648.tmp
c:\users\Jessica\Documents\~WRL2438.tmp
c:\users\Jessica\Documents\~WRL2781.tmp
c:\windows\system32\
c:\windows\system32\c_47915.nl_
.
.
((((((((((((((((((((((((( Files Created from 2011-10-09 to 2011-11-09 )))))))))))))))))))))))))))))))
.
.
2011-11-09 22:04 . 2011-11-09 22:06 -------- d-----w- c:\users\Jessica\AppData\Local\temp
2011-11-09 22:04 . 2011-11-09 22:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-03 16:29 . 2011-11-03 16:30 -------- d-----w- c:\users\Jessica\AppData\Local\Google
2011-10-25 20:43 . 2011-10-25 20:43 -------- d-----w- c:\windows\Hewlett-Packard
2011-10-23 22:53 . 2011-10-23 22:55 -------- d-----w- c:\users\Jessica\AppData\Roaming\AVG
2011-10-23 15:52 . 2011-10-23 15:52 -------- d-----w- c:\program files\Common Files\Java
2011-10-23 15:11 . 2011-11-09 21:20 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2011-10-23 15:01 . 2011-10-23 16:27 -------- d-----w- c:\programdata\AVG2012
2011-10-23 10:59 . 2011-10-23 11:00 -------- d-----w- C:\sega
2011-10-19 00:52 . 2011-10-19 00:52 53248 ----a-w- c:\windows\system32\drivers\rk_remover.sys
2011-10-18 23:02 . 2011-10-18 22:46 1008092 ----a-w- C:\mitchisawesome.com
2011-10-18 23:01 . 2011-10-23 14:37 -------- d-----w- C:\TDSSKiller_Quarantine
2011-10-18 22:23 . 2011-10-18 22:23 -------- d-----w- c:\users\Jessica\AppData\Roaming\Malwarebytes
2011-10-18 22:23 . 2011-10-18 22:23 -------- d-----w- c:\programdata\Malwarebytes
2011-10-18 22:23 . 2011-10-23 14:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-18 22:23 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-18 21:31 . 2011-10-18 21:31 388096 ----a-r- c:\users\Jessica\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-18 21:31 . 2011-10-18 21:31 -------- d-----w- c:\program files\Trend Micro
2011-10-18 19:28 . 2011-09-21 08:00 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1B2A3D21-F87C-4A4B-B938-81A677A6890B}\mpengine.dll
2011-10-18 19:28 . 2011-05-24 18:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-17 23:27 . 2011-10-17 23:27 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-10-17 23:22 . 2011-10-23 15:24 -------- d-sh--w- c:\users\Jessica\AppData\Local\1cf6efbe
2011-10-17 23:22 . 2011-10-17 23:22 -------- d-----w- c:\windows\Sun
2011-10-17 21:12 . 2011-10-17 21:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-14 03:03 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-14 03:03 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-14 03:03 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-14 03:03 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-23 15:11 . 2008-03-18 23:24 20432 ----a-w- c:\windows\system32\hpservice.exe
2011-10-23 14:32 . 2008-01-21 02:23 35384 ----a-w- c:\windows\system32\drivers\kbdclass.sys
2011-10-21 23:24 . 2011-03-02 20:05 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-10-03 04:06 . 2010-11-25 01:33 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-25 18:00 . 2011-09-25 18:00 56336 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-09-13 05:30 . 2011-09-13 05:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-18 4615552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-29 1148200]
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-25 1316136]
"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-11-19 914224]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"TVAgent"="c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-02-09 206120]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-03 450652]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-08 336384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-10-18 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Jessica^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Jessica^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor]
2010-09-02 15:23 1638400 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2008-11-14 00:57 972080 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 09:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 01:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-10-10 20:24 206128 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 17:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-04-30 13:56 22058792 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2011-03-08 23:17 336384 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-05-27 22:31 1721640 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2008-11-15 05:02 218408 ------w- c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
2008-06-14 02:11 210216 ------w- c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2008-10-30 19:51 210216 ------w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]
2008-06-14 02:11 210216 ------w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2008-11-26 19:34 210216 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ALSysIO;ALSysIO;c:\users\Jessica\AppData\Local\Temp\ALSysIO.sys [x]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-11-19 222512]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-12-05 109408]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 rk_remover-boot;rk_remover-boot;c:\windows\system32\drivers\rk_remover.sys [2011-10-19 53248]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe [2009-03-02 81920]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-09 176128]
R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-09 294400]
R4 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 140224]
R4 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\printer\center\KodakSvc.exe [2007-03-22 9728]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-09-25 56336]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-07-11 229840]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-21 218688]
S1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-02-27 390528]
S1 RapportCerberus_29574;RapportCerberus_29574;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys [2011-09-04 216912]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-09-25 70416]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-09-25 161936]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-10-18 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-10-18 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-10-23 113496]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/03/30 04:21];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2008-11-29 01:04 87536]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-09-12 5265248]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-10-23 20432]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2011-10-23 358176]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2011-10-23 286824]
S2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2011-10-23 107952]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-03-09 7723008]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-03-09 239616]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-07-11 16720]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-09-04 54784]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-29 22072]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-955131487-560549476-2249814095-1000Core.job
- c:\users\Jessica\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-03 16:29]
.
2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-955131487-560549476-2249814095-1000UA.job
- c:\users\Jessica\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-03 16:29]
.
2011-10-17 c:\windows\Tasks\Kodak AiO Scheduled Maintenance.job
- c:\program files\Kodak\Printer\Center\Kodak.Statistics.exe [2007-03-22 17:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mytalktalk.co.uk
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\hoole2iv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG2012\Firefox4
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-06902195.sys
SafeBoot-19077549.sys
SafeBoot-32363124.sys
SafeBoot-84829398.sys
MSConfigStartUp-Aim - c:\program files\AIM\aim.exe
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-BlackBerryAutoUpdate - c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-IJJGlTIlJx - c:\users\Jessica\AppData\Local\Temp\IJJGlTIlJx.exe
MSConfigStartUp-RoxWatchTray - c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
MSConfigStartUp-TalkTalk - c:\program files\TalkTalk\bin\sprtcmd.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-09 22:06
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-11-09 22:10:19
ComboFix-quarantined-files.txt 2011-11-09 22:10
.
Pre-Run: 44,700,610,560 bytes free
Post-Run: 44,728,807,424 bytes free
.
- - End Of File - - 396DF4649E910B13C72DBCE3C7183CCB

#11 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 15 November 2011 - 05:36 PM

Hi,

Next, please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Next, download my Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#12 AngryToast89

AngryToast89

    New Member

  • Members
  • Pip
  • 9 posts

Posted 18 November 2011 - 09:19 AM

Currently running ESET Online Scanner in the meantime here is Checkup.txt:


Results of screen317's Security Check version 0.99.28
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG 2012
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 29
Adobe Flash Player 11.0.1.152
Adobe Reader 9 (Adobe Reader out of date!)
Mozilla Firefox ((3.6.24)) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

#13 AngryToast89

AngryToast89

    New Member

  • Members
  • Pip
  • 9 posts

Posted 18 November 2011 - 12:29 PM

ESET Log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

#14 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 22 November 2011 - 01:54 AM

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.



After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program(s) (if present):

ESET Online Scanner v3
Adobe Reader 9
Mozilla Firefox (3.6.24)


Restart your computer.

Get the latest version of Adobe Reader and Firefox.


Let me know what issues remain.

-screen317
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#15 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 06 December 2011 - 02:32 PM

Are you still with us? This topic will be closed in a few days if we do not hear back from you.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#16 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 19 December 2011 - 05:57 AM

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users