Jump to content

AngryToast89

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral
  1. ESET Log: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK
  2. Currently running ESET Online Scanner in the meantime here is Checkup.txt: Results of screen317's Security Check version 0.99.28 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 8 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! AVG 2012 Norton Internet Security WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 29 Adobe Flash Player 11.0.1.152 Adobe Reader 9 (Adobe Reader out of date!) Mozilla Firefox ((3.6.24)) Firefox Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe AVG avgwdsvc.exe AVG avgtray.exe AVG avgrsx.exe AVG avgnsx.exe AVG avgemc.exe ``````````End of Log````````````
  3. I've just ran ComboFix again and this is the log it produced: ComboFix 11-11-09.02 - Jessica 09/11/2011 21:46:50.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3069.1519 [GMT 0:00] Running from: c:\users\Jessica\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\users\Jessica\Documents\~WRL0414.tmp c:\users\Jessica\Documents\~WRL0648.tmp c:\users\Jessica\Documents\~WRL2438.tmp c:\users\Jessica\Documents\~WRL2781.tmp c:\windows\system32\ c:\windows\system32\c_47915.nl_ . . ((((((((((((((((((((((((( Files Created from 2011-10-09 to 2011-11-09 ))))))))))))))))))))))))))))))) . . 2011-11-09 22:04 . 2011-11-09 22:06 -------- d-----w- c:\users\Jessica\AppData\Local\temp 2011-11-09 22:04 . 2011-11-09 22:04 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-03 16:29 . 2011-11-03 16:30 -------- d-----w- c:\users\Jessica\AppData\Local\Google 2011-10-25 20:43 . 2011-10-25 20:43 -------- d-----w- c:\windows\Hewlett-Packard 2011-10-23 22:53 . 2011-10-23 22:55 -------- d-----w- c:\users\Jessica\AppData\Roaming\AVG 2011-10-23 15:52 . 2011-10-23 15:52 -------- d-----w- c:\program files\Common Files\Java 2011-10-23 15:11 . 2011-11-09 21:20 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE 2011-10-23 15:01 . 2011-10-23 16:27 -------- d-----w- c:\programdata\AVG2012 2011-10-23 10:59 . 2011-10-23 11:00 -------- d-----w- C:\sega 2011-10-19 00:52 . 2011-10-19 00:52 53248 ----a-w- c:\windows\system32\drivers\rk_remover.sys 2011-10-18 23:02 . 2011-10-18 22:46 1008092 ----a-w- C:\mitchisawesome.com 2011-10-18 23:01 . 2011-10-23 14:37 -------- d-----w- C:\TDSSKiller_Quarantine 2011-10-18 22:23 . 2011-10-18 22:23 -------- d-----w- c:\users\Jessica\AppData\Roaming\Malwarebytes 2011-10-18 22:23 . 2011-10-18 22:23 -------- d-----w- c:\programdata\Malwarebytes 2011-10-18 22:23 . 2011-10-23 14:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-10-18 22:23 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-18 21:31 . 2011-10-18 21:31 388096 ----a-r- c:\users\Jessica\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-10-18 21:31 . 2011-10-18 21:31 -------- d-----w- c:\program files\Trend Micro 2011-10-18 19:28 . 2011-09-21 08:00 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1B2A3D21-F87C-4A4B-B938-81A677A6890B}\mpengine.dll 2011-10-18 19:28 . 2011-05-24 18:14 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-10-17 23:27 . 2011-10-17 23:27 -------- d-sh--w- c:\windows\system32\%APPDATA% 2011-10-17 23:22 . 2011-10-23 15:24 -------- d-sh--w- c:\users\Jessica\AppData\Local\1cf6efbe 2011-10-17 23:22 . 2011-10-17 23:22 -------- d-----w- c:\windows\Sun 2011-10-17 21:12 . 2011-10-17 21:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-14 03:03 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2011-10-14 03:03 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll 2011-10-14 03:03 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll 2011-10-14 03:03 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-23 15:11 . 2008-03-18 23:24 20432 ----a-w- c:\windows\system32\hpservice.exe 2011-10-23 14:32 . 2008-01-21 02:23 35384 ----a-w- c:\windows\system32\drivers\kbdclass.sys 2011-10-21 23:24 . 2011-03-02 20:05 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2011-10-03 04:06 . 2010-11-25 01:33 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-09-25 18:00 . 2011-09-25 18:00 56336 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2011-09-13 05:30 . 2011-09-13 05:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-18 4615552] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-29 1148200] "TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-25 1316136] "CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-11-19 914224] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "TVAgent"="c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-02-09 206120] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-03 450652] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-08 336384] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-10-18 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk backup=c:\windows\pss\Bluetooth.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk backup=c:\windows\pss\Desktop Manager.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan.lnk backup=c:\windows\pss\McAfee Security Scan.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Jessica^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=c:\users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=c:\windows\pss\LimeWire On Startup.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Jessica^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=c:\users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor] 2010-09-02 15:23 1638400 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor] 2008-11-14 00:57 972080 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] 2008-10-24 09:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-11-10 01:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe] 2008-10-10 20:24 206128 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-07-05 17:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2008-04-30 13:56 22058792 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2011-03-08 23:17 336384 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2010-05-27 22:31 1721640 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu] 2008-11-15 05:02 218408 ------w- c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut] 2008-06-14 02:11 210216 ------w- c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut] 2008-10-30 19:51 210216 ------w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut] 2008-06-14 02:11 210216 ------w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut] 2008-11-26 19:34 210216 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 ALSysIO;ALSysIO;c:\users\Jessica\AppData\Local\Temp\ALSysIO.sys [x] R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x] R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-11-19 222512] R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-12-05 109408] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x] R3 rk_remover-boot;rk_remover-boot;c:\windows\system32\drivers\rk_remover.sys [2011-10-19 53248] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe [2009-03-02 81920] R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-09 176128] R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-09 294400] R4 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 140224] R4 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\printer\center\KodakSvc.exe [2007-03-22 9728] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592] S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-09-25 56336] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-07-11 229840] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-21 218688] S1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-02-27 390528] S1 RapportCerberus_29574;RapportCerberus_29574;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys [2011-09-04 216912] S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-09-25 70416] S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-09-25 161936] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-10-18 12880] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-10-18 67664] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-10-23 113496] S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/03/30 04:21];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2008-11-29 01:04 87536] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-09-12 5265248] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776] S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-10-23 20432] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152] S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2011-10-23 358176] S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2011-10-23 286824] S2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2011-10-23 107952] S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-03-09 7723008] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-03-09 239616] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-07-11 16720] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-09-04 54784] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-29 22072] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2011-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-955131487-560549476-2249814095-1000Core.job - c:\users\Jessica\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-03 16:29] . 2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-955131487-560549476-2249814095-1000UA.job - c:\users\Jessica\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-03 16:29] . 2011-10-17 c:\windows\Tasks\Kodak AiO Scheduled Maintenance.job - c:\program files\Kodak\Printer\Center\Kodak.Statistics.exe [2007-03-22 17:04] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.mytalktalk.co.uk mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\hoole2iv.default\ FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG2012\Firefox4 FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false . - - - - ORPHANS REMOVED - - - - . SafeBoot-06902195.sys SafeBoot-19077549.sys SafeBoot-32363124.sys SafeBoot-84829398.sys MSConfigStartUp-Aim - c:\program files\AIM\aim.exe MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe MSConfigStartUp-BlackBerryAutoUpdate - c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe MSConfigStartUp-IJJGlTIlJx - c:\users\Jessica\AppData\Local\Temp\IJJGlTIlJx.exe MSConfigStartUp-RoxWatchTray - c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe MSConfigStartUp-TalkTalk - c:\program files\TalkTalk\bin\sprtcmd.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-11-09 22:06 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}] "ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2011-11-09 22:10:19 ComboFix-quarantined-files.txt 2011-11-09 22:10 . Pre-Run: 44,700,610,560 bytes free Post-Run: 44,728,807,424 bytes free . - - End Of File - - 396DF4649E910B13C72DBCE3C7183CCB
  4. Soooo my girlfriend's housemate's laptop is also infected with form of virus. I ran ComboFix some time ago (around two weeks ago) which seems to have deleted a whole bunch of stuff (Log below), but the laptop still cannot access anti virus websites and her AV software (Kaspersky) will not install. MBAM detects an .exe file located (C:\Documents and Settings\LocalService\Local Settings\Application Data which I cannot access) and a file in the registry, when MBAM attempts to remove them even after reboot the files remain. Any help would be appreciated. DDS Log: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Louise Dawson at 23:59:12 on 2011-11-03 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.579 [GMT 0:00] . AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\WebCam\M3000\M3000Mnt.exe C:\Documents and Settings\Louise Dawson\My Documents\tinySpell\tinyspell.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Acer\Acer VCM\AcerVCM.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\Acer\Acer VCM\RS_Service.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\WINDOWS\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80134&lng=en mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph01104905l0304wui5w57723169 uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe" //mailurl:mailto:elisa.platania@gmail.com uURLSearchHooks: H - No File mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\documents and settings\localservice\local settings\application data\hercmkrf\pkjrwkxv.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\ievkbd.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll" TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [ProductReg] c:\program files\acer\wr_popup\ProductReg.exe uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [tinySpell] c:\documents and settings\louise dawson\my documents\tinyspell\tinyspell.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [PkjRwkxv] c:\documents and settings\localservice\local settings\application data\hercmkrf\pkjrwkxv.exe mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [LManager] c:\progra~1\launch~1\LManager.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll Notify: igfxcui - igfxdev.dll Notify: klogon - c:\windows\system32\klogon.dll AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\louise dawson\application data\mozilla\firefox\profiles\zjppoa5v.default\ FF - prefs.js: browser.search.selectedEngine - Inbox Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80134&language=en&qkw= FF - component: c:\documents and settings\louise dawson\application data\mozilla\firefox\profiles\zjppoa5v.default\extensions\inboxcomtoolbar@inbox.com\components\plugins.dll FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru_bak - c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Inbox Toolbar: inboxcomtoolbar@inbox.com - %profile%\extensions\inboxcomtoolbar@inbox.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\kaspersky lab\kaspersky anti-virus 2011\ffext\linkfilter@kaspersky.ru . ============= SERVICES / DRIVERS =============== . R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2010-6-9 132184] R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352] R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-10-8 475736] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-5-27 54760] R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-7-31 237568] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2010-5-7 32856] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-8-1 38912] R3 M3000Srv;WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [2009-8-18 145152] R4 Micorsoft Windows Service;Micorsoft Windows Service;\??\c:\docume~1\louise~1\locals~1\temp\wvkywhti.sys --> c:\docume~1\louise~1\locals~1\temp\wvkywhti.sys [?] S2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe [2010-11-2 365336] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-7-31 1684736] S3 cpuz132;cpuz132;\??\c:\docume~1\aspire\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\aspire\locals~1\temp\cpuz132\cpuz132_x32.sys [?] S3 rk_remover-boot;rk_remover-boot;c:\windows\system32\drivers\rk_remover.sys [2011-11-3 53248] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-7-31 162816] S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?] S4 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336] S4 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648] S4 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872] S4 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-7-31 24064] S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232] . =============== Created Last 30 ================ . 2011-11-03 23:29:01 505342 ----a-r- c:\documents and settings\louise dawson\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-11-03 23:29:00 -------- d-----w- c:\program files\Trend Micro 2011-11-03 23:10:01 114148 ----a-w- c:\windows\system32\wscntfymgr.exe 2011-11-03 22:57:22 53248 ----a-w- c:\windows\system32\drivers\rk_remover.sys 2011-10-20 15:44:53 -------- d-----w- c:\documents and settings\louise dawson\local settings\application data\Identities 2011-10-08 22:06:12 114148 ----a-w- c:\windows\Explorermgr.exe 2011-10-08 22:04:31 114148 ----a-w- c:\windows\RTHDCPLmgr.exe 2011-10-08 22:01:34 150200 ------w- c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll 2011-10-08 21:30:36 -------- d-sha-r- C:\cmdcons 2011-10-08 21:28:08 98816 ----a-w- c:\windows\sed.exe 2011-10-08 21:28:08 518144 ----a-w- c:\windows\SWREG.exe 2011-10-08 21:28:08 256000 ----a-w- c:\windows\PEV.exe 2011-10-08 21:28:08 208896 ----a-w- c:\windows\MBR.exe 2011-10-08 20:45:47 97545 ----a-w- c:\windows\system32\drivers\klick.dat 2011-10-08 20:45:47 115465 ----a-w- c:\windows\system32\drivers\klin.dat 2011-10-08 20:43:23 -------- d-----w- c:\program files\Kaspersky Lab 2011-10-08 20:40:07 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab Setup Files 2011-10-07 21:29:51 114148 ----a-w- c:\windows\system32\igfxpersmgr.exe 2011-10-07 21:29:51 114148 ----a-w- c:\program files\messenger\msmsgsmgr.exe 2011-10-07 21:29:50 114148 ----a-w- c:\windows\system32\igfxtraymgr.exe 2011-10-07 21:29:50 114148 ----a-w- c:\windows\system32\hkcmdmgr.exe 2011-10-07 21:20:14 -------- d-----w- c:\windows\SxsCaPendDel 2011-10-07 20:57:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-07 20:52:12 -------- d-----w- c:\windows\system32\wbem\repository\FS 2011-10-07 20:52:12 -------- d-----w- c:\windows\system32\wbem\Repository . ==================== Find3M ==================== . 2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll . ============= FINISH: 0:00:41.98 =============== ComboFix Log: ComboFix 11-10-08.04 - Louise Dawson 08/10/2011 22:32:53.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.626 [GMT 1:00] Running from: c:\documents and settings\Louise Dawson\Desktop\ComboFix.exe AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\LocalService\Local Settings\Application Data\dbkkrcoi.log c:\documents and settings\LocalService\Local Settings\Application Data\ftehebsl.log c:\documents and settings\LocalService\Local Settings\Application Data\jitwgksj.log c:\documents and settings\LocalService\Local Settings\Application Data\qlmjxmgu.log c:\documents and settings\LocalService\Local Settings\Application Data\rcqwtjnr.log c:\documents and settings\LocalService\Local Settings\Application Data\sygmrqni.log c:\documents and settings\LocalService\Local Settings\Application Data\vuheafwm.log c:\documents and settings\Louise Dawson\Local Settings\Application Data\dbkkrcoi.log c:\documents and settings\Louise Dawson\Local Settings\Application Data\ftehebsl.log c:\documents and settings\Louise Dawson\Local Settings\Application Data\jitwgksj.log c:\documents and settings\Louise Dawson\Local Settings\Application Data\qlmjxmgu.log c:\documents and settings\Louise Dawson\Local Settings\Application Data\rcqwtjnr.log c:\documents and settings\Louise Dawson\Local Settings\Application Data\sygmrqni.log c:\documents and settings\Louise Dawson\Local Settings\Application Data\vuheafwm.log c:\documents and settings\Louise Dawson\My Documents\~WRD4004.tmp c:\windows\system32\_000006_.tmp.dll c:\windows\system32\_000007_.tmp.dll c:\windows\system32\_000008_.tmp.dll c:\windows\system32\_000009_.tmp.dll c:\windows\system32\_000023_.tmp.dll c:\windows\system32\_000024_.tmp.dll c:\windows\system32\_000025_.tmp.dll c:\windows\system32\_000026_.tmp.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_MICORSOFT_WINDOWS_SERVICE -------\Service_Micorsoft Windows Service . . ((((((((((((((((((((((((( Files Created from 2011-09-08 to 2011-10-08 ))))))))))))))))))))))))))))))) . . 2011-10-08 20:45 . 2011-10-08 20:45 97545 ----a-w- c:\windows\system32\drivers\klick.dat 2011-10-08 20:45 . 2011-10-08 20:45 115465 ----a-w- c:\windows\system32\drivers\klin.dat 2011-10-08 20:43 . 2011-10-08 20:43 -------- d-----w- c:\program files\Kaspersky Lab 2011-10-08 20:40 . 2011-10-08 20:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2011-10-07 21:29 . 2011-10-08 21:21 114148 ----a-w- c:\windows\system32\igfxpersmgr.exe 2011-10-07 21:29 . 2011-10-08 21:21 114148 ----a-w- c:\program files\Messenger\msmsgsmgr.exe 2011-10-07 21:29 . 2011-10-08 21:21 114148 ----a-w- c:\windows\system32\igfxtraymgr.exe 2011-10-07 21:29 . 2011-10-08 21:21 114148 ----a-w- c:\windows\system32\hkcmdmgr.exe 2011-10-07 21:20 . 2011-10-07 21:31 -------- d-----w- c:\windows\SxsCaPendDel 2011-10-07 20:57 . 2011-10-07 20:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-07 20:54 . 2011-10-08 21:23 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\hercmkrf 2011-10-07 20:52 . 2011-10-07 20:52 -------- d-----w- c:\windows\system32\wbem\Repository . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-09 09:12 . 2009-08-01 03:16 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-07-22 20:51 . 2011-07-22 20:51 94208 ----a-w- c:\windows\system32\dpl100.dll 2011-07-15 13:29 . 2009-08-01 03:16 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2009-04-15 254382] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "tinySpell"="c:\documents and settings\Louise Dawson\My Documents\tinySpell\tinyspell.exe" [2010-08-22 221184] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "M3000Mnt"="M3000Rmv.dll " [X] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-30 875016] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752] "RTHDCPL"="RTHDCPL.EXE" [2009-02-24 17529856] "AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 172560] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824] "PCRx"="c:\program files\PCRx\PCRxTray.exe" [2011-09-26 422496] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-7-31 684524] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="c:\windows\system32\userinit.exe,,c:\documents and settings\LocalService\Local Settings\Application Data\hercmkrf\pkjrwkxv.exe" . SafeBoot registry key needs repairs. This machine cannot enter Safe Mode. . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] @="Driver Group" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] @="DiskDrive" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] @="Hdc" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] @="Keyboard" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] @="Mouse" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] @="System" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @="Volume" . [HKLM\~\startupfolder\C:^Documents and Settings^Aspire^Start Menu^Programs^Startup^Intel iPOS Netbook v1.lnk] path=c:\documents and settings\Aspire\Start Menu\Programs\Startup\Intel iPOS Netbook v1.lnk backup=c:\windows\pss\Intel iPOS Netbook v1.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2009-07-31 20:32 24064 ------w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "McComponentHostService"=3 (0x3) "gusvc"=3 (0x3) "GoogleDesktopManager-080708-050100"=3 (0x3) "BBUpdate"=2 (0x2) "BBSvc"=3 (0x3) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Acer\\Acer VCM\\VC.exe"= . R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [09/06/2010 16:43 11352] R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [31/07/2009 22:16 237568] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [07/05/2010 11:06 32856] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 19:27 19472] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [01/08/2009 04:16 38912] R3 M3000Srv;WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [18/08/2009 12:42 145152] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [31/07/2009 21:30 1684736] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [31/07/2009 21:25 162816] S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?] S4 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [07/07/2011 19:31 195336] S4 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [15/06/2011 17:33 249648] S4 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [31/07/2009 21:32 24064] S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 13:49 227232] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MICORSOFT_WINDOWS_SERVICE . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80134&lng=en mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph01104905l0304wui5w57723169 uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:elisa.platania@gmail.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 212.9.118.1 FF - ProfilePath - c:\documents and settings\Louise Dawson\Application Data\Mozilla\Firefox\Profiles\zjppoa5v.default\ FF - prefs.js: browser.search.selectedEngine - Inbox Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80134&language=en&qkw= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru_bak - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Inbox Toolbar: inboxcomtoolbar@inbox.com - %profile%\extensions\inboxcomtoolbar@inbox.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru . - - - - ORPHANS REMOVED - - - - . HKCU-Run-PkjRwkxv - c:\documents and settings\LocalService\Local Settings\Application Data\hercmkrf\pkjrwkxv.exe AddRemove-McAfee Security Scan - c:\program files\McAfee Security Scan\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-10-08 22:48 Windows 5.1.2600 Service Pack 3 NTFS . detected NTDLL code modification: ZwQueryDirectoryFile . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . . c:\documents and settings\Louise Dawson\Start Menu\Programs\Startup\pkjrwkxv.exe 114148 bytes executable C:\pkjrwkxv.exe 114148 bytes executable . scan completed successfully hidden files: 2 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(3360) c:\windows\system32\WININET.dll c:\documents and settings\Louise Dawson\My Documents\tinySpell\tskh1920.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\windows\RTHDCPL.EXE c:\windows\system32\wdfmgr.exe c:\windows\system32\igfxsrvc.exe c:\windows\WebCam\M3000\M3000Mnt.exe c:\windows\system32\wscntfy.exe c:\windows\system32\igfxext.exe . ************************************************************************** . Completion time: 2011-10-08 22:54:19 - machine was rebooted ComboFix-quarantined-files.txt 2011-10-08 21:54 . Pre-Run: 21,198,393,344 bytes free Post-Run: 22,653,923,328 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - 200305A12F45F432C6E3F07680D2F54D
  5. That folder exists but there is only a log file called catchme.log in C:\Qoobox\Quarantine which contains only some random time stamps. Thanks
  6. I can't seem to find the log, it should just be in C:\ right?
  7. So I left Combofix to run for over 30 minutes and at some point it must have completed a scan as when I returned to the laptop it prompted me to reboot. I had a few issues after Combofix had done it's stuff: BSOD and failing to start among them. Managed to get that sorted now, I've ran a full scan on both AVG and Malwarebytes and they've removed plenty of infected files. TDSS Killer is reporting a couple of suspicious files (RapportBuka.sys and rk_remover.sys both in system32\drivers) that I haven't done anything with yet Here is a current DDS log: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.19154 BrowserJavaVersion: 1.6.0_29 Run by Jessica at 0:35:26 on 2011-10-24 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3069.1589 [GMT 1:00] . AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\PROGRA~1\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Hpservice.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\SMINST\BLService.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\Program Files\AVG\AVG2012\avgemcx.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Program Files\AVG\AVG2012\avgui.exe C:\Users\Jessica\Desktop\TDSSKiller.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.mytalktalk.co.uk uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb uInternet Settings,ProxyOverride = *.local BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: txthlpBHO Class: {060235dc-6d84-47bd-95d7-a4ef5099a59d} - c:\progra~1\texthe~1\readan~1\TE3219~1.DLL BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [DVDAgent] "c:\program files\hewlett-packard\media\dvd\DVDAgent.exe" mRun: [TSMAgent] "c:\program files\hewlett-packard\touchsmart\media\TSMAgent.exe" mRun: [CLMLServer for HP TouchSmart] "c:\program files\hewlett-packard\touchsmart\media\kernel\clml\CLMLSvc.exe" mRun: [smartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [TVAgent] "c:\program files\hewlett-packard\media\tv\TVAgent.exe" mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe" mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{3A14EFA8-5D1A-4FA4-B63D-FD0E63F9B44F} : DhcpNameServer = 212.9.118.1 TCP: Interfaces\{F62CC206-91DF-4967-8A4D-4B3604EAC543} : DhcpNameServer = 192.168.0.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" . ================= FIREFOX =================== . FF - ProfilePath - c:\users\jessica\appdata\roaming\mozilla\firefox\profiles\hoole2iv.default\ FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query= FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\users\jessica\appdata\roaming\facebook\npfbplugin_1_0_3.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg2012\Firefox4 FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592] R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-9-25 56336] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-3-2 218688] R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-2-27 390528] R1 RapportCerberus_29574;RapportCerberus_29574;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\29574\RapportCerberus32_29574.sys [2011-9-4 216912] R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-9-25 70416] R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-9-25 161936] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 113496] R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/03/30 04:21:35];c:\program files\hewlett-packard\media\dvd\000.fcl [2008-11-29 87536] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-12 5265248] R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776] R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504] R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-19 20432] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-18 366152] R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-2-21 358176] R2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\hewlett-packard\media\tv\kernel\tv\TVCapSvc.exe [2009-2-9 286824] R2 TVSched;TV Task Scheduler (TVTS);c:\program files\hewlett-packard\media\tv\kernel\tv\TVSched.exe [2009-2-9 107952] R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2011-4-8 37944] R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-3-9 7723008] R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-3-9 239616] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720] R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-9-4 54784] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-18 22216] R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-3-30 22072] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-2-21 222512] S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-12-5 109408] S3 rk_remover-boot;rk_remover-boot;c:\windows\system32\drivers\rk_remover.sys [2011-10-19 53248] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_827e372d\AEstSrv.exe [2009-3-2 81920] S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-3-9 176128] S4 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2011-3-9 294400] S4 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ati technologies\ati.ace\reservation manager\AMD Reservation Manager.exe [2010-6-17 140224] S4 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\printer\center\KodakSvc.exe [2007-3-22 9728] . =============== Created Last 30 ================ . 2011-10-23 22:53:58 -------- d-----w- c:\users\jessica\appdata\roaming\AVG 2011-10-23 15:11:47 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE 2011-10-23 15:02:43 -------- d-----w- c:\users\jessica\appdata\roaming\AVG2012 2011-10-23 15:01:55 -------- d-----w- c:\programdata\AVG2012 2011-10-23 12:05:12 -------- d-s---w- C:\sega1379s 2011-10-23 11:40:59 -------- d-s---w- C:\sega840s 2011-10-23 11:39:49 -------- d-s---w- C:\sega12185s 2011-10-23 10:59:23 -------- d-s---w- C:\sega 2011-10-21 23:25:04 48016 --sha-w- c:\windows\system32\c_47915.nl_ 2011-10-19 10:00:12 98816 ----a-w- c:\windows\sed.exe 2011-10-19 10:00:12 518144 ----a-w- c:\windows\SWREG.exe 2011-10-19 10:00:12 256000 ----a-w- c:\windows\PEV.exe 2011-10-19 10:00:12 208896 ----a-w- c:\windows\MBR.exe 2011-10-19 00:52:49 53248 ----a-w- c:\windows\system32\drivers\rk_remover.sys 2011-10-18 23:02:48 1008092 ----a-w- C:\mitchisawesome.com 2011-10-18 23:01:13 -------- d-----w- C:\TDSSKiller_Quarantine 2011-10-18 22:23:52 -------- d-----w- c:\users\jessica\appdata\roaming\Malwarebytes 2011-10-18 22:23:44 -------- d-----w- c:\programdata\Malwarebytes 2011-10-18 22:23:41 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-18 22:23:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-10-18 21:31:25 388096 ----a-r- c:\users\jessica\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-10-18 21:31:24 -------- d-----w- c:\program files\Trend Micro 2011-10-18 19:28:39 2730536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll 2011-10-18 19:28:35 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1b2a3d21-f87c-4a4b-b938-81a677a6890b}\mpengine.dll 2011-10-18 19:28:34 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-10-17 23:27:17 -------- d-sh--w- c:\windows\system32\%APPDATA% 2011-10-17 23:22:41 -------- d-sh--w- c:\users\jessica\appdata\local\1cf6efbe 2011-10-17 21:12:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-14 03:03:58 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2011-10-14 03:03:58 238080 ----a-w- c:\windows\system32\oleacc.dll 2011-10-14 03:03:57 563712 ----a-w- c:\windows\system32\oleaut32.dll 2011-10-14 03:03:57 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2011-10-06 22:04:54 -------- d-----w- c:\program files\Lionhead Studios 2011-09-27 15:47:51 -------- d-----w- c:\program files\iPod 2011-09-27 15:47:49 -------- d-----w- c:\program files\iTunes 2011-09-27 15:36:42 -------- d-----w- c:\program files\Bonjour 2011-09-25 18:00:08 56336 ----a-w- c:\windows\system32\drivers\RapportKELL.sys . ==================== Find3M ==================== . 2011-10-23 15:11:18 20432 ----a-w- c:\windows\system32\hpservice.exe 2011-10-23 14:32:11 35384 ----a-w- c:\windows\system32\drivers\kbdclass.sys 2011-10-21 23:24:03 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2011-10-03 04:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-09-30 23:06:24 916480 ----a-w- c:\windows\system32\wininet.dll 2011-09-30 23:02:06 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-09-30 23:01:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-09-30 23:01:34 71680 ----a-w- c:\windows\system32\iesetup.dll 2011-09-30 23:01:34 109056 ----a-w- c:\windows\system32\iesysprep.dll 2011-09-30 22:07:25 385024 ----a-w- c:\windows\system32\html.iec 2011-09-30 21:29:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2011-09-30 21:28:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-09-13 05:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys 2011-07-29 16:01:34 293376 ----a-w- c:\windows\system32\psisdecd.dll 2011-07-29 16:01:33 217088 ----a-w- c:\windows\system32\psisrndr.ax 2011-07-29 16:00:14 57856 ----a-w- c:\windows\system32\MSDvbNP.ax 2011-07-29 16:00:05 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax . ============= FINISH: 0:36:24.66 ===============
  8. Thanks for your reply. Same issue as before I'm afraid. Thanks.
  9. Hello, My girlfriends 32bit Vista laptop appears to have contracted a ZeroAccess rootkit. Her lappy is unable to access Anti Virus/Malware websites such as this one (AVG, Super Anti Spyware, Kaspersky, BleepingComputer etc.); her google results are redirected; anti virus software currently installed on this machine are able to launch, but are forced to close shortly after a scan is initiated (AVG, Malwarebytes and Super Anti Spyware all suffer from this). The program seems to become corrupted once the virus has shut it down and requires reinstalling in order to attempt to scan again. I have identified a suspect file named "3203397148:3809022017.exe" running in task manager that I can't kill. The same file is also flagged by Kaspersky's TDSS Killer (this is the only tool I have found that will scan without issue) but the tool is unable to cure it, and when the delete option is attempted it asks to restart in order to complete but upon reboot the file remains. TDSS Killer also identifies "dtsoftbus01.sys" (In System32\Drivers) though after checking on virustotal.com (via MD5 search) there was no mention of this file. Rkill is inaffective when trying to surpress the effects of the infection and attempt to run some AV software (I tried renaming Rkill to get it to work to no avail). TDSS Remover and Gmer suffer the same fate as other AV software when trying to scan for infections. I have left Combofix to run for 30 minutes and it has sat at the: "Scanning for infected files . . . This typically doesn't take more than 10 minutes However, scan time for badly infected machine may easily double" Stage and has not progressed. A DDS log is enclosed below. A log from Kaspersky's TDSS Killer is attatched. Many Thanks. DDS Log: DDS.txt 12:08:50.0886 2400 TDSS rootkit removing tool 2.6.10.0 Oct 17 2011 15:43:23 12:08:50.0917 2400 ============================================================ 12:08:50.0917 2400 Current date / time: 2011/10/19 12:08:50.0917 12:08:50.0917 2400 SystemInfo: 12:08:50.0917 2400 12:08:50.0917 2400 OS Version: 6.0.6002 ServicePack: 2.0 12:08:50.0917 2400 Product type: Workstation 12:08:50.0917 2400 ComputerName: JESSICA-PC 12:08:50.0917 2400 UserName: Jessica 12:08:50.0917 2400 Windows directory: C:\Windows 12:08:50.0917 2400 System windows directory: C:\Windows 12:08:50.0917 2400 Processor architecture: Intel x86 12:08:50.0917 2400 Number of processors: 2 12:08:50.0917 2400 Page size: 0x1000 12:08:50.0917 2400 Boot type: Normal boot 12:08:50.0917 2400 ============================================================ 12:08:53.0631 2400 Initialize success 12:09:01.0431 2616 ============================================================ 12:09:01.0431 2616 Scan started 12:09:01.0431 2616 Mode: Manual; TDLFS; 12:09:01.0431 2616 ============================================================ 12:09:03.0054 2616 1cf6efbe (8f2bb1827cac01aee6a16e30a1260199) C:\Windows\3203397148:3809022017.exe 12:09:03.0054 2616 Suspicious file (Hidden): C:\Windows\3203397148:3809022017.exe. md5: 8f2bb1827cac01aee6a16e30a1260199 12:09:03.0054 2616 1cf6efbe ( HiddenFile.Multi.Generic ) - warning 12:09:03.0054 2616 1cf6efbe - detected HiddenFile.Multi.Generic (1) 12:09:03.0163 2616 Accelerometer (465b6baaba53a628f7252846d0e900ee) C:\Windows\system32\DRIVERS\Accelerometer.sys 12:09:03.0163 2616 Accelerometer - ok 12:09:03.0256 2616 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 12:09:03.0256 2616 ACPI - ok 12:09:03.0522 2616 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 12:09:03.0537 2616 adp94xx - ok 12:09:03.0693 2616 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 12:09:03.0709 2616 adpahci - ok 12:09:03.0756 2616 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 12:09:03.0756 2616 adpu160m - ok 12:09:03.0771 2616 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 12:09:03.0771 2616 adpu320 - ok 12:09:03.0912 2616 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 12:09:03.0912 2616 AFD - ok 12:09:04.0021 2616 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 12:09:04.0021 2616 agp440 - ok 12:09:04.0068 2616 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 12:09:04.0068 2616 aic78xx - ok 12:09:04.0083 2616 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys 12:09:04.0083 2616 aliide - ok 12:09:04.0302 2616 ALSysIO - ok 12:09:04.0676 2616 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 12:09:04.0676 2616 amdagp - ok 12:09:04.0832 2616 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys 12:09:04.0832 2616 amdide - ok 12:09:04.0957 2616 amdiox86 (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys 12:09:04.0957 2616 amdiox86 - ok 12:09:05.0206 2616 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 12:09:05.0206 2616 AmdK7 - ok 12:09:05.0721 2616 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 12:09:05.0721 2616 AmdK8 - ok 12:09:06.0064 2616 amdkmdag (ad77d5d46857ce0d9469e7e670ec4d34) C:\Windows\system32\DRIVERS\atikmdag.sys 12:09:06.0267 2616 amdkmdag - ok 12:09:06.0501 2616 amdkmdap (655053f7c0a3b551da84db7417a10e15) C:\Windows\system32\DRIVERS\atikmpag.sys 12:09:06.0517 2616 amdkmdap - ok 12:09:06.0595 2616 AODDriver4.0 - ok 12:09:06.0829 2616 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 12:09:06.0829 2616 arc - ok 12:09:06.0938 2616 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 12:09:06.0938 2616 arcsas - ok 12:09:07.0047 2616 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 12:09:07.0047 2616 AsyncMac - ok 12:09:07.0078 2616 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 12:09:07.0078 2616 atapi - ok 12:09:07.0156 2616 athr (02d34ac487df3da4e3f01874e61eb619) C:\Windows\system32\DRIVERS\athr.sys 12:09:07.0203 2616 athr - ok 12:09:07.0453 2616 atikmdag (ad77d5d46857ce0d9469e7e670ec4d34) C:\Windows\system32\DRIVERS\atikmdag.sys 12:09:07.0515 2616 atikmdag - ok 12:09:07.0687 2616 AtiPcie (5a1465ad2e7c1bc39cda12a355329096) C:\Windows\system32\DRIVERS\AtiPcie.sys 12:09:07.0687 2616 AtiPcie - ok 12:09:07.0796 2616 AVGIDSDriver (1c8d965bbcaa9ee5defdb54743437086) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys 12:09:07.0796 2616 AVGIDSDriver - ok 12:09:07.0936 2616 AVGIDSEH (c59c9bc3f0612bd207ccdc5d8cb9ce39) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys 12:09:07.0936 2616 AVGIDSEH - ok 12:09:08.0046 2616 AVGIDSFilter (c5559de2ec66cede15a1664f6d183d8e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys 12:09:08.0046 2616 AVGIDSFilter - ok 12:09:08.0155 2616 AVGIDSShim (ae5e9667fa40206796d1bd5bd0427a8a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys 12:09:08.0155 2616 AVGIDSShim - ok 12:09:08.0607 2616 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys 12:09:08.0607 2616 Avgldx86 - ok 12:09:08.0779 2616 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys 12:09:08.0779 2616 Avgmfx86 - ok 12:09:08.0904 2616 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys 12:09:08.0904 2616 Avgrkx86 - ok 12:09:08.0966 2616 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys 12:09:08.0966 2616 Avgtdix - ok 12:09:09.0106 2616 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 12:09:09.0106 2616 Beep - ok 12:09:09.0200 2616 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 12:09:09.0200 2616 blbdrive - ok 12:09:09.0418 2616 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 12:09:09.0418 2616 bowser - ok 12:09:09.0746 2616 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 12:09:09.0746 2616 BrFiltLo - ok 12:09:09.0886 2616 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 12:09:09.0902 2616 BrFiltUp - ok 12:09:10.0089 2616 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 12:09:10.0105 2616 Brserid - ok 12:09:10.0354 2616 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 12:09:10.0354 2616 BrSerWdm - ok 12:09:10.0495 2616 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 12:09:10.0495 2616 BrUsbMdm - ok 12:09:10.0542 2616 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 12:09:10.0542 2616 BrUsbSer - ok 12:09:10.0854 2616 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys 12:09:10.0854 2616 BthEnum - ok 12:09:11.0010 2616 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys 12:09:11.0010 2616 BTHMODEM - ok 12:09:11.0212 2616 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys 12:09:11.0228 2616 BthPan - ok 12:09:11.0556 2616 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys 12:09:11.0618 2616 BTHPORT - ok 12:09:11.0758 2616 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys 12:09:11.0758 2616 BTHUSB - ok 12:09:11.0961 2616 btwaudio (229b2c1e776062a4033305d5a9d6e28d) C:\Windows\system32\drivers\btwaudio.sys 12:09:11.0961 2616 btwaudio - ok 12:09:12.0133 2616 btwavdt (97062053359f6908e1fb2791bfa54734) C:\Windows\system32\drivers\btwavdt.sys 12:09:12.0133 2616 btwavdt - ok 12:09:12.0304 2616 btwrchid (d9269b0e3e3cf46d677fd071a40fe6cd) C:\Windows\system32\DRIVERS\btwrchid.sys 12:09:12.0304 2616 btwrchid - ok 12:09:12.0445 2616 catchme - ok 12:09:12.0632 2616 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 12:09:12.0632 2616 cdfs - ok 12:09:12.0850 2616 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 12:09:12.0850 2616 cdrom - ok 12:09:14.0020 2616 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys 12:09:14.0020 2616 circlass - ok 12:09:14.0660 2616 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 12:09:14.0676 2616 CLFS - ok 12:09:14.0816 2616 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 12:09:14.0816 2616 CmBatt - ok 12:09:14.0863 2616 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys 12:09:14.0878 2616 cmdide - ok 12:09:14.0925 2616 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 12:09:14.0941 2616 Compbatt - ok 12:09:15.0034 2616 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 12:09:15.0034 2616 crcdisk - ok 12:09:15.0081 2616 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 12:09:15.0097 2616 Crusoe - ok 12:09:15.0378 2616 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 12:09:15.0393 2616 DfsC - ok 12:09:15.0690 2616 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 12:09:15.0690 2616 disk - ok 12:09:15.0955 2616 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys 12:09:15.0955 2616 Dot4 - ok 12:09:16.0002 2616 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys 12:09:16.0002 2616 Dot4Print - ok 12:09:16.0080 2616 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys 12:09:16.0080 2616 dot4usb - ok 12:09:16.0189 2616 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 12:09:16.0189 2616 drmkaud - ok 12:09:16.0267 2616 dtsoftbus01 (477a31bcb2989a88698daee3bee19e8d) C:\Windows\system32\DRIVERS\dtsoftbus01.sys 12:09:16.0282 2616 Suspicious file (Forged): C:\Windows\system32\DRIVERS\dtsoftbus01.sys. Real md5: 477a31bcb2989a88698daee3bee19e8d, Fake md5: 555e54ac2f601a8821cef58961653991 12:09:16.0282 2616 dtsoftbus01 ( ForgedFile.Multi.Generic ) - warning 12:09:16.0282 2616 dtsoftbus01 - detected ForgedFile.Multi.Generic (1) 12:09:16.0392 2616 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 12:09:16.0392 2616 DXGKrnl - ok 12:09:16.0438 2616 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 12:09:16.0454 2616 E1G60 - ok 12:09:16.0610 2616 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 12:09:16.0610 2616 Ecache - ok 12:09:16.0688 2616 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 12:09:16.0688 2616 elxstor - ok 12:09:16.0782 2616 enecir (004b2ea6cc2598ec5f0552e43ce29cef) C:\Windows\system32\DRIVERS\enecir.sys 12:09:16.0782 2616 enecir - ok 12:09:16.0906 2616 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 12:09:16.0906 2616 ErrDev - ok 12:09:17.0140 2616 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 12:09:17.0140 2616 exfat - ok 12:09:17.0390 2616 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 12:09:17.0406 2616 fastfat - ok 12:09:17.0499 2616 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 12:09:17.0499 2616 fdc - ok 12:09:17.0577 2616 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 12:09:17.0593 2616 FileInfo - ok 12:09:17.0640 2616 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 12:09:17.0640 2616 Filetrace - ok 12:09:17.0671 2616 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 12:09:17.0671 2616 flpydisk - ok 12:09:17.0796 2616 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 12:09:17.0796 2616 FltMgr - ok 12:09:18.0030 2616 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 12:09:18.0030 2616 Fs_Rec - ok 12:09:18.0061 2616 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 12:09:18.0076 2616 gagp30kx - ok 12:09:18.0373 2616 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys 12:09:18.0373 2616 GEARAspiWDM - ok 12:09:18.0482 2616 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys 12:09:18.0498 2616 HdAudAddService - ok 12:09:18.0638 2616 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 12:09:18.0669 2616 HDAudBus - ok 12:09:18.0856 2616 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 12:09:18.0856 2616 HidBth - ok 12:09:18.0966 2616 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys 12:09:18.0966 2616 HidIr - ok 12:09:19.0059 2616 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 12:09:19.0059 2616 HidUsb - ok 12:09:19.0278 2616 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 12:09:19.0371 2616 HpCISSs - ok 12:09:19.0636 2616 hpdskflt (d5c35e6416a379c445cda826b9fe452f) C:\Windows\system32\DRIVERS\hpdskflt.sys 12:09:19.0636 2616 hpdskflt - ok 12:09:19.0902 2616 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 12:09:19.0917 2616 HpqKbFiltr - ok 12:09:20.0073 2616 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 12:09:20.0089 2616 HTTP - ok 12:09:20.0182 2616 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 12:09:20.0182 2616 i2omp - ok 12:09:20.0463 2616 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 12:09:20.0479 2616 i8042prt - ok 12:09:20.0510 2616 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 12:09:20.0510 2616 iaStorV - ok 12:09:20.0635 2616 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 12:09:20.0635 2616 iirsp - ok 12:09:20.0744 2616 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys 12:09:20.0744 2616 intelide - ok 12:09:20.0791 2616 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 12:09:20.0791 2616 intelppm - ok 12:09:20.0853 2616 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 12:09:20.0853 2616 IpFilterDriver - ok 12:09:20.0884 2616 IpInIp - ok 12:09:20.0916 2616 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 12:09:20.0916 2616 IPMIDRV - ok 12:09:20.0962 2616 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 12:09:20.0978 2616 IPNAT - ok 12:09:21.0040 2616 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 12:09:21.0040 2616 IRENUM - ok 12:09:21.0087 2616 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 12:09:21.0087 2616 isapnp - ok 12:09:21.0150 2616 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 12:09:21.0150 2616 iScsiPrt - ok 12:09:21.0196 2616 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 12:09:21.0196 2616 iteatapi - ok 12:09:21.0259 2616 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 12:09:21.0259 2616 iteraid - ok 12:09:21.0352 2616 JMCR (4020a60f888eaab17865a0dd2422e8d0) C:\Windows\system32\DRIVERS\jmcr.sys 12:09:21.0352 2616 JMCR - ok 12:09:21.0430 2616 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 12:09:21.0430 2616 kbdclass - ok 12:09:21.0493 2616 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 12:09:21.0493 2616 kbdhid - ok 12:09:21.0758 2616 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 12:09:21.0774 2616 KSecDD - ok 12:09:21.0976 2616 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 12:09:21.0976 2616 lltdio - ok 12:09:22.0039 2616 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 12:09:22.0054 2616 LSI_FC - ok 12:09:22.0117 2616 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 12:09:22.0117 2616 LSI_SAS - ok 12:09:22.0148 2616 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 12:09:22.0148 2616 LSI_SCSI - ok 12:09:22.0179 2616 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 12:09:22.0179 2616 luafv - ok 12:09:22.0320 2616 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys 12:09:22.0320 2616 MBAMProtector - ok 12:09:22.0538 2616 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 12:09:22.0538 2616 megasas - ok 12:09:22.0616 2616 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 12:09:22.0632 2616 MegaSR - ok 12:09:22.0678 2616 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 12:09:22.0678 2616 Modem - ok 12:09:22.0694 2616 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 12:09:22.0710 2616 monitor - ok 12:09:22.0725 2616 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 12:09:22.0725 2616 mouclass - ok 12:09:22.0772 2616 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 12:09:22.0772 2616 mouhid - ok 12:09:22.0819 2616 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 12:09:22.0819 2616 MountMgr - ok 12:09:22.0850 2616 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 12:09:22.0866 2616 mpio - ok 12:09:22.0881 2616 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 12:09:22.0881 2616 mpsdrv - ok 12:09:22.0912 2616 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 12:09:22.0912 2616 Mraid35x - ok 12:09:22.0959 2616 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 12:09:22.0975 2616 MRxDAV - ok 12:09:23.0053 2616 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 12:09:23.0053 2616 mrxsmb - ok 12:09:23.0115 2616 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 12:09:23.0115 2616 mrxsmb10 - ok 12:09:23.0146 2616 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 12:09:23.0162 2616 mrxsmb20 - ok 12:09:23.0209 2616 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys 12:09:23.0209 2616 msahci - ok 12:09:23.0240 2616 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 12:09:23.0240 2616 msdsm - ok 12:09:23.0271 2616 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 12:09:23.0271 2616 Msfs - ok 12:09:23.0318 2616 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 12:09:23.0318 2616 msisadrv - ok 12:09:23.0380 2616 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 12:09:23.0380 2616 MSKSSRV - ok 12:09:23.0412 2616 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 12:09:23.0412 2616 MSPCLOCK - ok 12:09:23.0443 2616 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 12:09:23.0443 2616 MSPQM - ok 12:09:23.0536 2616 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 12:09:23.0536 2616 MsRPC - ok 12:09:23.0568 2616 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 12:09:23.0568 2616 mssmbios - ok 12:09:23.0599 2616 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 12:09:23.0599 2616 MSTEE - ok 12:09:23.0661 2616 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 12:09:23.0661 2616 Mup - ok 12:09:23.0755 2616 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 12:09:23.0755 2616 NativeWifiP - ok 12:09:23.0817 2616 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 12:09:23.0848 2616 NDIS - ok 12:09:23.0895 2616 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 12:09:23.0895 2616 NdisTapi - ok 12:09:23.0926 2616 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 12:09:23.0926 2616 Ndisuio - ok 12:09:24.0004 2616 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 12:09:24.0004 2616 NdisWan - ok 12:09:24.0020 2616 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 12:09:24.0020 2616 NDProxy - ok 12:09:24.0145 2616 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 12:09:24.0145 2616 NetBIOS - ok 12:09:24.0192 2616 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 12:09:24.0192 2616 netbt - ok 12:09:24.0316 2616 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys 12:09:24.0441 2616 NETw3v32 - ok 12:09:24.0457 2616 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 12:09:24.0472 2616 nfrd960 - ok 12:09:24.0504 2616 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 12:09:24.0504 2616 Npfs - ok 12:09:24.0550 2616 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 12:09:24.0550 2616 nsiproxy - ok 12:09:24.0987 2616 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 12:09:25.0081 2616 Ntfs - ok 12:09:25.0299 2616 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 12:09:25.0299 2616 ntrigdigi - ok 12:09:25.0377 2616 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 12:09:25.0377 2616 Null - ok 12:09:25.0424 2616 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 12:09:25.0424 2616 nvraid - ok 12:09:25.0455 2616 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 12:09:25.0455 2616 nvstor - ok 12:09:25.0486 2616 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 12:09:25.0502 2616 nv_agp - ok 12:09:25.0518 2616 NwlnkFlt - ok 12:09:25.0533 2616 NwlnkFwd - ok 12:09:25.0642 2616 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 12:09:25.0642 2616 ohci1394 - ok 12:09:25.0736 2616 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 12:09:25.0736 2616 Parport - ok 12:09:25.0798 2616 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 12:09:25.0798 2616 partmgr - ok 12:09:25.0861 2616 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 12:09:25.0861 2616 Parvdm - ok 12:09:25.0986 2616 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 12:09:25.0986 2616 pci - ok 12:09:26.0142 2616 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys 12:09:26.0142 2616 pciide - ok 12:09:26.0298 2616 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 12:09:26.0313 2616 pcmcia - ok 12:09:26.0500 2616 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 12:09:26.0547 2616 PEAUTH - ok 12:09:26.0812 2616 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 12:09:26.0812 2616 PptpMiniport - ok 12:09:26.0875 2616 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys 12:09:26.0875 2616 Processor - ok 12:09:26.0953 2616 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 12:09:26.0953 2616 PSched - ok 12:09:27.0046 2616 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 12:09:27.0109 2616 ql2300 - ok 12:09:27.0140 2616 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 12:09:27.0156 2616 ql40xx - ok 12:09:27.0187 2616 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 12:09:27.0187 2616 QWAVEdrv - ok 12:09:27.0234 2616 RapportBuka (e2aa111b00f5205ffd52a57f48b4f642) C:\Windows\system32\drivers\RapportBuka.sys 12:09:27.0249 2616 RapportBuka - ok 12:09:27.0421 2616 RapportCerberus_29574 (dda98cc4f34977914c731b8155e1cbd5) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys 12:09:27.0421 2616 RapportCerberus_29574 - ok 12:09:27.0530 2616 RapportEI (90bc0b9ef6106b8f5f762bdf4f0ad723) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys 12:09:27.0530 2616 RapportEI - ok 12:09:27.0655 2616 RapportKELL (8cc04334a2fda2b6d79631dbe62f5cd0) C:\Windows\system32\Drivers\RapportKELL.sys 12:09:27.0655 2616 RapportKELL - ok 12:09:27.0780 2616 RapportPG (a16ba67cf3f448bd163246dd725b7ffc) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys 12:09:27.0780 2616 RapportPG - ok 12:09:28.0029 2616 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 12:09:28.0029 2616 RasAcd - ok 12:09:28.0232 2616 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 12:09:28.0232 2616 Rasl2tp - ok 12:09:28.0466 2616 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 12:09:28.0482 2616 RasPppoe - ok 12:09:28.0638 2616 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 12:09:28.0638 2616 RasSstp - ok 12:09:28.0794 2616 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 12:09:28.0809 2616 rdbss - ok 12:09:28.0887 2616 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 12:09:28.0887 2616 RDPCDD - ok 12:09:28.0934 2616 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 12:09:28.0950 2616 rdpdr - ok 12:09:28.0981 2616 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 12:09:28.0981 2616 RDPENCDD - ok 12:09:29.0028 2616 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 12:09:29.0043 2616 RDPWD - ok 12:09:29.0121 2616 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys 12:09:29.0137 2616 RFCOMM - ok 12:09:29.0433 2616 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys 12:09:29.0464 2616 RimUsb - ok 12:09:29.0652 2616 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys 12:09:29.0667 2616 RimVSerPort - ok 12:09:30.0073 2616 rk_remover-boot (d4b62e2585945fb1299c4140287ec32b) C:\Windows\system32\drivers\rk_remover.sys 12:09:30.0104 2616 rk_remover-boot - ok 12:09:30.0229 2616 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys 12:09:30.0229 2616 ROOTMODEM - ok 12:09:30.0322 2616 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 12:09:30.0322 2616 rspndr - ok 12:09:30.0416 2616 RTL8169 (a1adc7b4c074744662207da6edcdfbb0) C:\Windows\system32\DRIVERS\Rtlh86.sys 12:09:30.0416 2616 RTL8169 - ok 12:09:30.0900 2616 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 12:09:30.0900 2616 SASDIFSV - ok 12:09:31.0071 2616 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 12:09:31.0071 2616 SASKUTIL - ok 12:09:31.0274 2616 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 12:09:31.0290 2616 sbp2port - ok 12:09:31.0430 2616 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys 12:09:31.0430 2616 sdbus - ok 12:09:31.0539 2616 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 12:09:31.0539 2616 secdrv - ok 12:09:31.0648 2616 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 12:09:31.0648 2616 Serenum - ok 12:09:31.0742 2616 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 12:09:31.0758 2616 Serial - ok 12:09:31.0804 2616 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 12:09:31.0820 2616 sermouse - ok 12:09:31.0898 2616 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 12:09:31.0898 2616 sffdisk - ok 12:09:32.0085 2616 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 12:09:32.0085 2616 sffp_mmc - ok 12:09:32.0241 2616 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 12:09:32.0241 2616 sffp_sd - ok 12:09:32.0304 2616 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 12:09:32.0304 2616 sfloppy - ok 12:09:32.0397 2616 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 12:09:32.0397 2616 sisagp - ok 12:09:32.0428 2616 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 12:09:32.0428 2616 SiSRaid2 - ok 12:09:32.0460 2616 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 12:09:32.0460 2616 SiSRaid4 - ok 12:09:32.0522 2616 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 12:09:32.0522 2616 Smb - ok 12:09:32.0600 2616 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 12:09:32.0600 2616 spldr - ok 12:09:32.0834 2616 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 12:09:32.0850 2616 srv - ok 12:09:33.0130 2616 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 12:09:33.0130 2616 srv2 - ok 12:09:33.0926 2616 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 12:09:33.0926 2616 srvnet - ok 12:09:34.0082 2616 STHDA (e3c50b029bd08a35fc6a5f0b1cf5d300) C:\Windows\system32\DRIVERS\stwrt.sys 12:09:34.0082 2616 STHDA - ok 12:09:34.0176 2616 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 12:09:34.0176 2616 swenum - ok 12:09:34.0441 2616 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 12:09:34.0456 2616 Symc8xx - ok 12:09:34.0628 2616 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 12:09:34.0628 2616 Sym_hi - ok 12:09:34.0800 2616 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 12:09:34.0800 2616 Sym_u3 - ok 12:09:34.0956 2616 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys 12:09:34.0956 2616 SynTP - ok 12:09:35.0798 2616 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys 12:09:35.0892 2616 Tcpip - ok 12:09:36.0079 2616 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys 12:09:36.0079 2616 Tcpip6 - ok 12:09:36.0297 2616 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 12:09:36.0297 2616 tcpipreg - ok 12:09:36.0360 2616 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 12:09:36.0360 2616 TDPIPE - ok 12:09:36.0406 2616 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 12:09:36.0406 2616 TDTCP - ok 12:09:36.0469 2616 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 12:09:36.0469 2616 tdx - ok 12:09:36.0547 2616 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 12:09:36.0547 2616 TermDD - ok 12:09:36.0640 2616 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 12:09:36.0640 2616 tssecsrv - ok 12:09:36.0828 2616 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 12:09:36.0828 2616 tunmp - ok 12:09:36.0952 2616 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 12:09:36.0952 2616 tunnel - ok 12:09:37.0264 2616 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 12:09:37.0264 2616 uagp35 - ok 12:09:37.0810 2616 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 12:09:37.0826 2616 udfs - ok 12:09:38.0122 2616 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 12:09:38.0122 2616 uliagpkx - ok 12:09:38.0372 2616 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 12:09:38.0388 2616 uliahci - ok 12:09:38.0793 2616 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 12:09:38.0793 2616 UlSata - ok 12:09:39.0121 2616 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 12:09:39.0121 2616 ulsata2 - ok 12:09:39.0277 2616 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 12:09:39.0277 2616 umbus - ok 12:09:39.0526 2616 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys 12:09:39.0542 2616 USBAAPL - ok 12:09:39.0885 2616 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 12:09:39.0885 2616 usbccgp - ok 12:09:40.0150 2616 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 12:09:40.0150 2616 usbcir - ok 12:09:40.0540 2616 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 12:09:40.0540 2616 usbehci - ok 12:09:40.0618 2616 usbfilter (edca5124b54bcf04e5c0538aa397a9c1) C:\Windows\system32\DRIVERS\usbfilter.sys 12:09:40.0618 2616 usbfilter - ok 12:09:40.0696 2616 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 12:09:40.0712 2616 usbhub - ok 12:09:40.0868 2616 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys 12:09:40.0915 2616 usbohci - ok 12:09:41.0118 2616 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 12:09:41.0118 2616 usbprint - ok 12:09:41.0180 2616 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 12:09:41.0180 2616 usbscan - ok 12:09:41.0258 2616 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 12:09:41.0258 2616 USBSTOR - ok 12:09:41.0305 2616 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 12:09:41.0305 2616 usbuhci - ok 12:09:41.0352 2616 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 12:09:41.0367 2616 usbvideo - ok 12:09:41.0445 2616 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 12:09:41.0445 2616 vga - ok 12:09:41.0492 2616 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 12:09:41.0492 2616 VgaSave - ok 12:09:41.0539 2616 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 12:09:41.0539 2616 viaagp - ok 12:09:41.0586 2616 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 12:09:41.0586 2616 ViaC7 - ok 12:09:41.0617 2616 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys 12:09:41.0617 2616 viaide - ok 12:09:41.0664 2616 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 12:09:41.0664 2616 volmgr - ok 12:09:41.0726 2616 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 12:09:41.0742 2616 volmgrx - ok 12:09:41.0804 2616 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 12:09:41.0820 2616 volsnap - ok 12:09:41.0851 2616 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 12:09:41.0851 2616 vsmraid - ok 12:09:41.0913 2616 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 12:09:41.0929 2616 WacomPen - ok 12:09:41.0944 2616 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 12:09:41.0944 2616 Wanarp - ok 12:09:41.0960 2616 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 12:09:41.0960 2616 Wanarpv6 - ok 12:09:41.0991 2616 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 12:09:41.0991 2616 Wd - ok 12:09:42.0054 2616 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 12:09:42.0085 2616 Wdf01000 - ok 12:09:42.0241 2616 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 12:09:42.0241 2616 WmiAcpi - ok 12:09:42.0334 2616 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 12:09:42.0334 2616 WpdUsb - ok 12:09:42.0428 2616 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 12:09:42.0428 2616 ws2ifsl - ok 12:09:42.0490 2616 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 12:09:42.0506 2616 WUDFRd - ok 12:09:42.0568 2616 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys 12:09:42.0568 2616 yukonwlh - ok 12:09:42.0678 2616 {55662437-DA8C-40c0-AADA-2C816A897A49} (556b5cfe8d21b256add7f87d7f4b4123) C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl 12:09:42.0678 2616 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok 12:09:42.0740 2616 MBR (0x1B8) (588ae8f0c685c02ba11f30d9cd7e61a0) \Device\Harddisk0\DR0 12:09:43.0005 2616 \Device\Harddisk0\DR0 - ok 12:09:43.0021 2616 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1 12:09:44.0035 2616 \Device\Harddisk1\DR1 - ok 12:09:44.0066 2616 Boot (0x1200) (c31982783eb067e540572d00d8d5ca8c) \Device\Harddisk0\DR0\Partition0 12:09:44.0066 2616 \Device\Harddisk0\DR0\Partition0 - ok 12:09:44.0347 2616 Boot (0x1200) (4a42d1de19aac8a536c6124c01f4f013) \Device\Harddisk0\DR0\Partition1 12:09:44.0347 2616 \Device\Harddisk0\DR0\Partition1 - ok 12:09:44.0362 2616 Boot (0x1200) (7ac0bf37f2ba995a4881b73cbcb8f326) \Device\Harddisk1\DR1\Partition0 12:09:44.0362 2616 \Device\Harddisk1\DR1\Partition0 - ok 12:09:44.0362 2616 ============================================================ 12:09:44.0362 2616 Scan finished 12:09:44.0362 2616 ============================================================ 12:09:44.0394 3564 Detected object count: 2 12:09:44.0394 3564 Actual detected object count: 2 12:10:01.0101 3564 1cf6efbe ( HiddenFile.Multi.Generic ) - skipped by user 12:10:01.0101 3564 1cf6efbe ( HiddenFile.Multi.Generic ) - User select action: Skip 12:10:01.0101 3564 dtsoftbus01 ( ForgedFile.Multi.Generic ) - skipped by user 12:10:01.0101 3564 dtsoftbus01 ( ForgedFile.Multi.Generic ) - User select action: Skip Attach.txt TDSS Rootkill Report.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.