AngryToast89

Suspected Zero Access Rootkit

16 posts in this topic

Hello,

My girlfriends 32bit Vista laptop appears to have contracted a ZeroAccess rootkit. Her lappy is unable to access Anti Virus/Malware websites such as this one (AVG, Super Anti Spyware, Kaspersky, BleepingComputer etc.); her google results are redirected; anti virus software currently installed on this machine are able to launch, but are forced to close shortly after a scan is initiated (AVG, Malwarebytes and Super Anti Spyware all suffer from this). The program seems to become corrupted once the virus has shut it down and requires reinstalling in order to attempt to scan again.

I have identified a suspect file named "3203397148:3809022017.exe" running in task manager that I can't kill. The same file is also flagged by Kaspersky's TDSS Killer (this is the only tool I have found that will scan without issue) but the tool is unable to cure it, and when the delete option is attempted it asks to restart in order to complete but upon reboot the file remains.

TDSS Killer also identifies "dtsoftbus01.sys" (In System32\Drivers) though after checking on virustotal.com (via MD5 search) there was no mention of this file.

Rkill is inaffective when trying to surpress the effects of the infection and attempt to run some AV software (I tried renaming Rkill to get it to work to no avail). TDSS Remover and Gmer suffer the same fate as other AV software when trying to scan for infections.

I have left Combofix to run for 30 minutes and it has sat at the:

"Scanning for infected files . . .

This typically doesn't take more than 10 minutes

However, scan time for badly infected machine may easily double"

Stage and has not progressed.

A DDS log is enclosed below. A log from Kaspersky's TDSS Killer is attatched.

Many Thanks.

DDS Log:

DDS.txt

12:08:50.0886 2400 TDSS rootkit removing tool 2.6.10.0 Oct 17 2011 15:43:23

12:08:50.0917 2400 ============================================================

12:08:50.0917 2400 Current date / time: 2011/10/19 12:08:50.0917

12:08:50.0917 2400 SystemInfo:

12:08:50.0917 2400

12:08:50.0917 2400 OS Version: 6.0.6002 ServicePack: 2.0

12:08:50.0917 2400 Product type: Workstation

12:08:50.0917 2400 ComputerName: JESSICA-PC

12:08:50.0917 2400 UserName: Jessica

12:08:50.0917 2400 Windows directory: C:\Windows

12:08:50.0917 2400 System windows directory: C:\Windows

12:08:50.0917 2400 Processor architecture: Intel x86

12:08:50.0917 2400 Number of processors: 2

12:08:50.0917 2400 Page size: 0x1000

12:08:50.0917 2400 Boot type: Normal boot

12:08:50.0917 2400 ============================================================

12:08:53.0631 2400 Initialize success

12:09:01.0431 2616 ============================================================

12:09:01.0431 2616 Scan started

12:09:01.0431 2616 Mode: Manual; TDLFS;

12:09:01.0431 2616 ============================================================

12:09:03.0054 2616 1cf6efbe (8f2bb1827cac01aee6a16e30a1260199) C:\Windows\3203397148:3809022017.exe

12:09:03.0054 2616 Suspicious file (Hidden): C:\Windows\3203397148:3809022017.exe. md5: 8f2bb1827cac01aee6a16e30a1260199

12:09:03.0054 2616 1cf6efbe ( HiddenFile.Multi.Generic ) - warning

12:09:03.0054 2616 1cf6efbe - detected HiddenFile.Multi.Generic (1)

12:09:03.0163 2616 Accelerometer (465b6baaba53a628f7252846d0e900ee) C:\Windows\system32\DRIVERS\Accelerometer.sys

12:09:03.0163 2616 Accelerometer - ok

12:09:03.0256 2616 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

12:09:03.0256 2616 ACPI - ok

12:09:03.0522 2616 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

12:09:03.0537 2616 adp94xx - ok

12:09:03.0693 2616 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

12:09:03.0709 2616 adpahci - ok

12:09:03.0756 2616 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

12:09:03.0756 2616 adpu160m - ok

12:09:03.0771 2616 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

12:09:03.0771 2616 adpu320 - ok

12:09:03.0912 2616 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

12:09:03.0912 2616 AFD - ok

12:09:04.0021 2616 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

12:09:04.0021 2616 agp440 - ok

12:09:04.0068 2616 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

12:09:04.0068 2616 aic78xx - ok

12:09:04.0083 2616 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys

12:09:04.0083 2616 aliide - ok

12:09:04.0302 2616 ALSysIO - ok

12:09:04.0676 2616 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

12:09:04.0676 2616 amdagp - ok

12:09:04.0832 2616 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys

12:09:04.0832 2616 amdide - ok

12:09:04.0957 2616 amdiox86 (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys

12:09:04.0957 2616 amdiox86 - ok

12:09:05.0206 2616 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

12:09:05.0206 2616 AmdK7 - ok

12:09:05.0721 2616 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

12:09:05.0721 2616 AmdK8 - ok

12:09:06.0064 2616 amdkmdag (ad77d5d46857ce0d9469e7e670ec4d34) C:\Windows\system32\DRIVERS\atikmdag.sys

12:09:06.0267 2616 amdkmdag - ok

12:09:06.0501 2616 amdkmdap (655053f7c0a3b551da84db7417a10e15) C:\Windows\system32\DRIVERS\atikmpag.sys

12:09:06.0517 2616 amdkmdap - ok

12:09:06.0595 2616 AODDriver4.0 - ok

12:09:06.0829 2616 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

12:09:06.0829 2616 arc - ok

12:09:06.0938 2616 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

12:09:06.0938 2616 arcsas - ok

12:09:07.0047 2616 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

12:09:07.0047 2616 AsyncMac - ok

12:09:07.0078 2616 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

12:09:07.0078 2616 atapi - ok

12:09:07.0156 2616 athr (02d34ac487df3da4e3f01874e61eb619) C:\Windows\system32\DRIVERS\athr.sys

12:09:07.0203 2616 athr - ok

12:09:07.0453 2616 atikmdag (ad77d5d46857ce0d9469e7e670ec4d34) C:\Windows\system32\DRIVERS\atikmdag.sys

12:09:07.0515 2616 atikmdag - ok

12:09:07.0687 2616 AtiPcie (5a1465ad2e7c1bc39cda12a355329096) C:\Windows\system32\DRIVERS\AtiPcie.sys

12:09:07.0687 2616 AtiPcie - ok

12:09:07.0796 2616 AVGIDSDriver (1c8d965bbcaa9ee5defdb54743437086) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys

12:09:07.0796 2616 AVGIDSDriver - ok

12:09:07.0936 2616 AVGIDSEH (c59c9bc3f0612bd207ccdc5d8cb9ce39) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

12:09:07.0936 2616 AVGIDSEH - ok

12:09:08.0046 2616 AVGIDSFilter (c5559de2ec66cede15a1664f6d183d8e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys

12:09:08.0046 2616 AVGIDSFilter - ok

12:09:08.0155 2616 AVGIDSShim (ae5e9667fa40206796d1bd5bd0427a8a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys

12:09:08.0155 2616 AVGIDSShim - ok

12:09:08.0607 2616 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys

12:09:08.0607 2616 Avgldx86 - ok

12:09:08.0779 2616 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys

12:09:08.0779 2616 Avgmfx86 - ok

12:09:08.0904 2616 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys

12:09:08.0904 2616 Avgrkx86 - ok

12:09:08.0966 2616 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys

12:09:08.0966 2616 Avgtdix - ok

12:09:09.0106 2616 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

12:09:09.0106 2616 Beep - ok

12:09:09.0200 2616 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

12:09:09.0200 2616 blbdrive - ok

12:09:09.0418 2616 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

12:09:09.0418 2616 bowser - ok

12:09:09.0746 2616 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

12:09:09.0746 2616 BrFiltLo - ok

12:09:09.0886 2616 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

12:09:09.0902 2616 BrFiltUp - ok

12:09:10.0089 2616 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

12:09:10.0105 2616 Brserid - ok

12:09:10.0354 2616 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

12:09:10.0354 2616 BrSerWdm - ok

12:09:10.0495 2616 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

12:09:10.0495 2616 BrUsbMdm - ok

12:09:10.0542 2616 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

12:09:10.0542 2616 BrUsbSer - ok

12:09:10.0854 2616 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys

12:09:10.0854 2616 BthEnum - ok

12:09:11.0010 2616 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys

12:09:11.0010 2616 BTHMODEM - ok

12:09:11.0212 2616 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys

12:09:11.0228 2616 BthPan - ok

12:09:11.0556 2616 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys

12:09:11.0618 2616 BTHPORT - ok

12:09:11.0758 2616 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys

12:09:11.0758 2616 BTHUSB - ok

12:09:11.0961 2616 btwaudio (229b2c1e776062a4033305d5a9d6e28d) C:\Windows\system32\drivers\btwaudio.sys

12:09:11.0961 2616 btwaudio - ok

12:09:12.0133 2616 btwavdt (97062053359f6908e1fb2791bfa54734) C:\Windows\system32\drivers\btwavdt.sys

12:09:12.0133 2616 btwavdt - ok

12:09:12.0304 2616 btwrchid (d9269b0e3e3cf46d677fd071a40fe6cd) C:\Windows\system32\DRIVERS\btwrchid.sys

12:09:12.0304 2616 btwrchid - ok

12:09:12.0445 2616 catchme - ok

12:09:12.0632 2616 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

12:09:12.0632 2616 cdfs - ok

12:09:12.0850 2616 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

12:09:12.0850 2616 cdrom - ok

12:09:14.0020 2616 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys

12:09:14.0020 2616 circlass - ok

12:09:14.0660 2616 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

12:09:14.0676 2616 CLFS - ok

12:09:14.0816 2616 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

12:09:14.0816 2616 CmBatt - ok

12:09:14.0863 2616 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys

12:09:14.0878 2616 cmdide - ok

12:09:14.0925 2616 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

12:09:14.0941 2616 Compbatt - ok

12:09:15.0034 2616 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

12:09:15.0034 2616 crcdisk - ok

12:09:15.0081 2616 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

12:09:15.0097 2616 Crusoe - ok

12:09:15.0378 2616 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

12:09:15.0393 2616 DfsC - ok

12:09:15.0690 2616 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

12:09:15.0690 2616 disk - ok

12:09:15.0955 2616 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

12:09:15.0955 2616 Dot4 - ok

12:09:16.0002 2616 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

12:09:16.0002 2616 Dot4Print - ok

12:09:16.0080 2616 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

12:09:16.0080 2616 dot4usb - ok

12:09:16.0189 2616 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

12:09:16.0189 2616 drmkaud - ok

12:09:16.0267 2616 dtsoftbus01 (477a31bcb2989a88698daee3bee19e8d) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

12:09:16.0282 2616 Suspicious file (Forged): C:\Windows\system32\DRIVERS\dtsoftbus01.sys. Real md5: 477a31bcb2989a88698daee3bee19e8d, Fake md5: 555e54ac2f601a8821cef58961653991

12:09:16.0282 2616 dtsoftbus01 ( ForgedFile.Multi.Generic ) - warning

12:09:16.0282 2616 dtsoftbus01 - detected ForgedFile.Multi.Generic (1)

12:09:16.0392 2616 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

12:09:16.0392 2616 DXGKrnl - ok

12:09:16.0438 2616 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

12:09:16.0454 2616 E1G60 - ok

12:09:16.0610 2616 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

12:09:16.0610 2616 Ecache - ok

12:09:16.0688 2616 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

12:09:16.0688 2616 elxstor - ok

12:09:16.0782 2616 enecir (004b2ea6cc2598ec5f0552e43ce29cef) C:\Windows\system32\DRIVERS\enecir.sys

12:09:16.0782 2616 enecir - ok

12:09:16.0906 2616 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

12:09:16.0906 2616 ErrDev - ok

12:09:17.0140 2616 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

12:09:17.0140 2616 exfat - ok

12:09:17.0390 2616 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

12:09:17.0406 2616 fastfat - ok

12:09:17.0499 2616 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

12:09:17.0499 2616 fdc - ok

12:09:17.0577 2616 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

12:09:17.0593 2616 FileInfo - ok

12:09:17.0640 2616 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

12:09:17.0640 2616 Filetrace - ok

12:09:17.0671 2616 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

12:09:17.0671 2616 flpydisk - ok

12:09:17.0796 2616 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

12:09:17.0796 2616 FltMgr - ok

12:09:18.0030 2616 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

12:09:18.0030 2616 Fs_Rec - ok

12:09:18.0061 2616 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

12:09:18.0076 2616 gagp30kx - ok

12:09:18.0373 2616 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys

12:09:18.0373 2616 GEARAspiWDM - ok

12:09:18.0482 2616 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys

12:09:18.0498 2616 HdAudAddService - ok

12:09:18.0638 2616 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

12:09:18.0669 2616 HDAudBus - ok

12:09:18.0856 2616 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

12:09:18.0856 2616 HidBth - ok

12:09:18.0966 2616 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys

12:09:18.0966 2616 HidIr - ok

12:09:19.0059 2616 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

12:09:19.0059 2616 HidUsb - ok

12:09:19.0278 2616 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

12:09:19.0371 2616 HpCISSs - ok

12:09:19.0636 2616 hpdskflt (d5c35e6416a379c445cda826b9fe452f) C:\Windows\system32\DRIVERS\hpdskflt.sys

12:09:19.0636 2616 hpdskflt - ok

12:09:19.0902 2616 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

12:09:19.0917 2616 HpqKbFiltr - ok

12:09:20.0073 2616 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

12:09:20.0089 2616 HTTP - ok

12:09:20.0182 2616 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

12:09:20.0182 2616 i2omp - ok

12:09:20.0463 2616 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

12:09:20.0479 2616 i8042prt - ok

12:09:20.0510 2616 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

12:09:20.0510 2616 iaStorV - ok

12:09:20.0635 2616 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

12:09:20.0635 2616 iirsp - ok

12:09:20.0744 2616 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys

12:09:20.0744 2616 intelide - ok

12:09:20.0791 2616 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

12:09:20.0791 2616 intelppm - ok

12:09:20.0853 2616 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

12:09:20.0853 2616 IpFilterDriver - ok

12:09:20.0884 2616 IpInIp - ok

12:09:20.0916 2616 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

12:09:20.0916 2616 IPMIDRV - ok

12:09:20.0962 2616 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

12:09:20.0978 2616 IPNAT - ok

12:09:21.0040 2616 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

12:09:21.0040 2616 IRENUM - ok

12:09:21.0087 2616 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

12:09:21.0087 2616 isapnp - ok

12:09:21.0150 2616 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

12:09:21.0150 2616 iScsiPrt - ok

12:09:21.0196 2616 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

12:09:21.0196 2616 iteatapi - ok

12:09:21.0259 2616 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

12:09:21.0259 2616 iteraid - ok

12:09:21.0352 2616 JMCR (4020a60f888eaab17865a0dd2422e8d0) C:\Windows\system32\DRIVERS\jmcr.sys

12:09:21.0352 2616 JMCR - ok

12:09:21.0430 2616 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

12:09:21.0430 2616 kbdclass - ok

12:09:21.0493 2616 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

12:09:21.0493 2616 kbdhid - ok

12:09:21.0758 2616 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

12:09:21.0774 2616 KSecDD - ok

12:09:21.0976 2616 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

12:09:21.0976 2616 lltdio - ok

12:09:22.0039 2616 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

12:09:22.0054 2616 LSI_FC - ok

12:09:22.0117 2616 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

12:09:22.0117 2616 LSI_SAS - ok

12:09:22.0148 2616 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

12:09:22.0148 2616 LSI_SCSI - ok

12:09:22.0179 2616 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

12:09:22.0179 2616 luafv - ok

12:09:22.0320 2616 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys

12:09:22.0320 2616 MBAMProtector - ok

12:09:22.0538 2616 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

12:09:22.0538 2616 megasas - ok

12:09:22.0616 2616 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

12:09:22.0632 2616 MegaSR - ok

12:09:22.0678 2616 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

12:09:22.0678 2616 Modem - ok

12:09:22.0694 2616 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

12:09:22.0710 2616 monitor - ok

12:09:22.0725 2616 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

12:09:22.0725 2616 mouclass - ok

12:09:22.0772 2616 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

12:09:22.0772 2616 mouhid - ok

12:09:22.0819 2616 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

12:09:22.0819 2616 MountMgr - ok

12:09:22.0850 2616 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

12:09:22.0866 2616 mpio - ok

12:09:22.0881 2616 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

12:09:22.0881 2616 mpsdrv - ok

12:09:22.0912 2616 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

12:09:22.0912 2616 Mraid35x - ok

12:09:22.0959 2616 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

12:09:22.0975 2616 MRxDAV - ok

12:09:23.0053 2616 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

12:09:23.0053 2616 mrxsmb - ok

12:09:23.0115 2616 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

12:09:23.0115 2616 mrxsmb10 - ok

12:09:23.0146 2616 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

12:09:23.0162 2616 mrxsmb20 - ok

12:09:23.0209 2616 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys

12:09:23.0209 2616 msahci - ok

12:09:23.0240 2616 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

12:09:23.0240 2616 msdsm - ok

12:09:23.0271 2616 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

12:09:23.0271 2616 Msfs - ok

12:09:23.0318 2616 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

12:09:23.0318 2616 msisadrv - ok

12:09:23.0380 2616 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

12:09:23.0380 2616 MSKSSRV - ok

12:09:23.0412 2616 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

12:09:23.0412 2616 MSPCLOCK - ok

12:09:23.0443 2616 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

12:09:23.0443 2616 MSPQM - ok

12:09:23.0536 2616 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

12:09:23.0536 2616 MsRPC - ok

12:09:23.0568 2616 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

12:09:23.0568 2616 mssmbios - ok

12:09:23.0599 2616 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

12:09:23.0599 2616 MSTEE - ok

12:09:23.0661 2616 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

12:09:23.0661 2616 Mup - ok

12:09:23.0755 2616 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

12:09:23.0755 2616 NativeWifiP - ok

12:09:23.0817 2616 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

12:09:23.0848 2616 NDIS - ok

12:09:23.0895 2616 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

12:09:23.0895 2616 NdisTapi - ok

12:09:23.0926 2616 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

12:09:23.0926 2616 Ndisuio - ok

12:09:24.0004 2616 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

12:09:24.0004 2616 NdisWan - ok

12:09:24.0020 2616 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

12:09:24.0020 2616 NDProxy - ok

12:09:24.0145 2616 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

12:09:24.0145 2616 NetBIOS - ok

12:09:24.0192 2616 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

12:09:24.0192 2616 netbt - ok

12:09:24.0316 2616 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys

12:09:24.0441 2616 NETw3v32 - ok

12:09:24.0457 2616 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

12:09:24.0472 2616 nfrd960 - ok

12:09:24.0504 2616 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

12:09:24.0504 2616 Npfs - ok

12:09:24.0550 2616 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

12:09:24.0550 2616 nsiproxy - ok

12:09:24.0987 2616 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

12:09:25.0081 2616 Ntfs - ok

12:09:25.0299 2616 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

12:09:25.0299 2616 ntrigdigi - ok

12:09:25.0377 2616 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

12:09:25.0377 2616 Null - ok

12:09:25.0424 2616 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

12:09:25.0424 2616 nvraid - ok

12:09:25.0455 2616 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

12:09:25.0455 2616 nvstor - ok

12:09:25.0486 2616 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

12:09:25.0502 2616 nv_agp - ok

12:09:25.0518 2616 NwlnkFlt - ok

12:09:25.0533 2616 NwlnkFwd - ok

12:09:25.0642 2616 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

12:09:25.0642 2616 ohci1394 - ok

12:09:25.0736 2616 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

12:09:25.0736 2616 Parport - ok

12:09:25.0798 2616 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

12:09:25.0798 2616 partmgr - ok

12:09:25.0861 2616 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

12:09:25.0861 2616 Parvdm - ok

12:09:25.0986 2616 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

12:09:25.0986 2616 pci - ok

12:09:26.0142 2616 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

12:09:26.0142 2616 pciide - ok

12:09:26.0298 2616 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

12:09:26.0313 2616 pcmcia - ok

12:09:26.0500 2616 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

12:09:26.0547 2616 PEAUTH - ok

12:09:26.0812 2616 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

12:09:26.0812 2616 PptpMiniport - ok

12:09:26.0875 2616 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys

12:09:26.0875 2616 Processor - ok

12:09:26.0953 2616 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

12:09:26.0953 2616 PSched - ok

12:09:27.0046 2616 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

12:09:27.0109 2616 ql2300 - ok

12:09:27.0140 2616 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

12:09:27.0156 2616 ql40xx - ok

12:09:27.0187 2616 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

12:09:27.0187 2616 QWAVEdrv - ok

12:09:27.0234 2616 RapportBuka (e2aa111b00f5205ffd52a57f48b4f642) C:\Windows\system32\drivers\RapportBuka.sys

12:09:27.0249 2616 RapportBuka - ok

12:09:27.0421 2616 RapportCerberus_29574 (dda98cc4f34977914c731b8155e1cbd5) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys

12:09:27.0421 2616 RapportCerberus_29574 - ok

12:09:27.0530 2616 RapportEI (90bc0b9ef6106b8f5f762bdf4f0ad723) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys

12:09:27.0530 2616 RapportEI - ok

12:09:27.0655 2616 RapportKELL (8cc04334a2fda2b6d79631dbe62f5cd0) C:\Windows\system32\Drivers\RapportKELL.sys

12:09:27.0655 2616 RapportKELL - ok

12:09:27.0780 2616 RapportPG (a16ba67cf3f448bd163246dd725b7ffc) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

12:09:27.0780 2616 RapportPG - ok

12:09:28.0029 2616 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

12:09:28.0029 2616 RasAcd - ok

12:09:28.0232 2616 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

12:09:28.0232 2616 Rasl2tp - ok

12:09:28.0466 2616 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

12:09:28.0482 2616 RasPppoe - ok

12:09:28.0638 2616 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

12:09:28.0638 2616 RasSstp - ok

12:09:28.0794 2616 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

12:09:28.0809 2616 rdbss - ok

12:09:28.0887 2616 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

12:09:28.0887 2616 RDPCDD - ok

12:09:28.0934 2616 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

12:09:28.0950 2616 rdpdr - ok

12:09:28.0981 2616 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

12:09:28.0981 2616 RDPENCDD - ok

12:09:29.0028 2616 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

12:09:29.0043 2616 RDPWD - ok

12:09:29.0121 2616 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys

12:09:29.0137 2616 RFCOMM - ok

12:09:29.0433 2616 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys

12:09:29.0464 2616 RimUsb - ok

12:09:29.0652 2616 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys

12:09:29.0667 2616 RimVSerPort - ok

12:09:30.0073 2616 rk_remover-boot (d4b62e2585945fb1299c4140287ec32b) C:\Windows\system32\drivers\rk_remover.sys

12:09:30.0104 2616 rk_remover-boot - ok

12:09:30.0229 2616 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys

12:09:30.0229 2616 ROOTMODEM - ok

12:09:30.0322 2616 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

12:09:30.0322 2616 rspndr - ok

12:09:30.0416 2616 RTL8169 (a1adc7b4c074744662207da6edcdfbb0) C:\Windows\system32\DRIVERS\Rtlh86.sys

12:09:30.0416 2616 RTL8169 - ok

12:09:30.0900 2616 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

12:09:30.0900 2616 SASDIFSV - ok

12:09:31.0071 2616 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

12:09:31.0071 2616 SASKUTIL - ok

12:09:31.0274 2616 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

12:09:31.0290 2616 sbp2port - ok

12:09:31.0430 2616 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys

12:09:31.0430 2616 sdbus - ok

12:09:31.0539 2616 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

12:09:31.0539 2616 secdrv - ok

12:09:31.0648 2616 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

12:09:31.0648 2616 Serenum - ok

12:09:31.0742 2616 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

12:09:31.0758 2616 Serial - ok

12:09:31.0804 2616 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

12:09:31.0820 2616 sermouse - ok

12:09:31.0898 2616 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

12:09:31.0898 2616 sffdisk - ok

12:09:32.0085 2616 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

12:09:32.0085 2616 sffp_mmc - ok

12:09:32.0241 2616 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

12:09:32.0241 2616 sffp_sd - ok

12:09:32.0304 2616 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

12:09:32.0304 2616 sfloppy - ok

12:09:32.0397 2616 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

12:09:32.0397 2616 sisagp - ok

12:09:32.0428 2616 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

12:09:32.0428 2616 SiSRaid2 - ok

12:09:32.0460 2616 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

12:09:32.0460 2616 SiSRaid4 - ok

12:09:32.0522 2616 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

12:09:32.0522 2616 Smb - ok

12:09:32.0600 2616 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

12:09:32.0600 2616 spldr - ok

12:09:32.0834 2616 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

12:09:32.0850 2616 srv - ok

12:09:33.0130 2616 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

12:09:33.0130 2616 srv2 - ok

12:09:33.0926 2616 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

12:09:33.0926 2616 srvnet - ok

12:09:34.0082 2616 STHDA (e3c50b029bd08a35fc6a5f0b1cf5d300) C:\Windows\system32\DRIVERS\stwrt.sys

12:09:34.0082 2616 STHDA - ok

12:09:34.0176 2616 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

12:09:34.0176 2616 swenum - ok

12:09:34.0441 2616 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

12:09:34.0456 2616 Symc8xx - ok

12:09:34.0628 2616 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

12:09:34.0628 2616 Sym_hi - ok

12:09:34.0800 2616 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

12:09:34.0800 2616 Sym_u3 - ok

12:09:34.0956 2616 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys

12:09:34.0956 2616 SynTP - ok

12:09:35.0798 2616 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys

12:09:35.0892 2616 Tcpip - ok

12:09:36.0079 2616 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys

12:09:36.0079 2616 Tcpip6 - ok

12:09:36.0297 2616 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

12:09:36.0297 2616 tcpipreg - ok

12:09:36.0360 2616 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

12:09:36.0360 2616 TDPIPE - ok

12:09:36.0406 2616 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

12:09:36.0406 2616 TDTCP - ok

12:09:36.0469 2616 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

12:09:36.0469 2616 tdx - ok

12:09:36.0547 2616 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

12:09:36.0547 2616 TermDD - ok

12:09:36.0640 2616 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

12:09:36.0640 2616 tssecsrv - ok

12:09:36.0828 2616 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

12:09:36.0828 2616 tunmp - ok

12:09:36.0952 2616 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

12:09:36.0952 2616 tunnel - ok

12:09:37.0264 2616 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

12:09:37.0264 2616 uagp35 - ok

12:09:37.0810 2616 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

12:09:37.0826 2616 udfs - ok

12:09:38.0122 2616 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

12:09:38.0122 2616 uliagpkx - ok

12:09:38.0372 2616 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

12:09:38.0388 2616 uliahci - ok

12:09:38.0793 2616 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

12:09:38.0793 2616 UlSata - ok

12:09:39.0121 2616 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

12:09:39.0121 2616 ulsata2 - ok

12:09:39.0277 2616 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

12:09:39.0277 2616 umbus - ok

12:09:39.0526 2616 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

12:09:39.0542 2616 USBAAPL - ok

12:09:39.0885 2616 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

12:09:39.0885 2616 usbccgp - ok

12:09:40.0150 2616 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

12:09:40.0150 2616 usbcir - ok

12:09:40.0540 2616 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

12:09:40.0540 2616 usbehci - ok

12:09:40.0618 2616 usbfilter (edca5124b54bcf04e5c0538aa397a9c1) C:\Windows\system32\DRIVERS\usbfilter.sys

12:09:40.0618 2616 usbfilter - ok

12:09:40.0696 2616 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

12:09:40.0712 2616 usbhub - ok

12:09:40.0868 2616 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

12:09:40.0915 2616 usbohci - ok

12:09:41.0118 2616 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

12:09:41.0118 2616 usbprint - ok

12:09:41.0180 2616 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

12:09:41.0180 2616 usbscan - ok

12:09:41.0258 2616 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

12:09:41.0258 2616 USBSTOR - ok

12:09:41.0305 2616 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

12:09:41.0305 2616 usbuhci - ok

12:09:41.0352 2616 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

12:09:41.0367 2616 usbvideo - ok

12:09:41.0445 2616 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

12:09:41.0445 2616 vga - ok

12:09:41.0492 2616 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

12:09:41.0492 2616 VgaSave - ok

12:09:41.0539 2616 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

12:09:41.0539 2616 viaagp - ok

12:09:41.0586 2616 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

12:09:41.0586 2616 ViaC7 - ok

12:09:41.0617 2616 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys

12:09:41.0617 2616 viaide - ok

12:09:41.0664 2616 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

12:09:41.0664 2616 volmgr - ok

12:09:41.0726 2616 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

12:09:41.0742 2616 volmgrx - ok

12:09:41.0804 2616 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

12:09:41.0820 2616 volsnap - ok

12:09:41.0851 2616 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

12:09:41.0851 2616 vsmraid - ok

12:09:41.0913 2616 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

12:09:41.0929 2616 WacomPen - ok

12:09:41.0944 2616 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

12:09:41.0944 2616 Wanarp - ok

12:09:41.0960 2616 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

12:09:41.0960 2616 Wanarpv6 - ok

12:09:41.0991 2616 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

12:09:41.0991 2616 Wd - ok

12:09:42.0054 2616 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

12:09:42.0085 2616 Wdf01000 - ok

12:09:42.0241 2616 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

12:09:42.0241 2616 WmiAcpi - ok

12:09:42.0334 2616 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

12:09:42.0334 2616 WpdUsb - ok

12:09:42.0428 2616 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

12:09:42.0428 2616 ws2ifsl - ok

12:09:42.0490 2616 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

12:09:42.0506 2616 WUDFRd - ok

12:09:42.0568 2616 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys

12:09:42.0568 2616 yukonwlh - ok

12:09:42.0678 2616 {55662437-DA8C-40c0-AADA-2C816A897A49} (556b5cfe8d21b256add7f87d7f4b4123) C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl

12:09:42.0678 2616 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok

12:09:42.0740 2616 MBR (0x1B8) (588ae8f0c685c02ba11f30d9cd7e61a0) \Device\Harddisk0\DR0

12:09:43.0005 2616 \Device\Harddisk0\DR0 - ok

12:09:43.0021 2616 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

12:09:44.0035 2616 \Device\Harddisk1\DR1 - ok

12:09:44.0066 2616 Boot (0x1200) (c31982783eb067e540572d00d8d5ca8c) \Device\Harddisk0\DR0\Partition0

12:09:44.0066 2616 \Device\Harddisk0\DR0\Partition0 - ok

12:09:44.0347 2616 Boot (0x1200) (4a42d1de19aac8a536c6124c01f4f013) \Device\Harddisk0\DR0\Partition1

12:09:44.0347 2616 \Device\Harddisk0\DR0\Partition1 - ok

12:09:44.0362 2616 Boot (0x1200) (7ac0bf37f2ba995a4881b73cbcb8f326) \Device\Harddisk1\DR1\Partition0

12:09:44.0362 2616 \Device\Harddisk1\DR1\Partition0 - ok

12:09:44.0362 2616 ============================================================

12:09:44.0362 2616 Scan finished

12:09:44.0362 2616 ============================================================

12:09:44.0394 3564 Detected object count: 2

12:09:44.0394 3564 Actual detected object count: 2

12:10:01.0101 3564 1cf6efbe ( HiddenFile.Multi.Generic ) - skipped by user

12:10:01.0101 3564 1cf6efbe ( HiddenFile.Multi.Generic ) - User select action: Skip

12:10:01.0101 3564 dtsoftbus01 ( ForgedFile.Multi.Generic ) - skipped by user

12:10:01.0101 3564 dtsoftbus01 ( ForgedFile.Multi.Generic ) - User select action: Skip

Attach.txt

TDSS Rootkill Report.txt

Share this post


Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet. Before you download it, rename it to sega.com

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\sega.com" /killall /nombr

See if it will run successfully now. Stop it after half an hour of no activity.

Share this post


Link to post
Share on other sites

So I left Combofix to run for over 30 minutes and at some point it must have completed a scan as when I returned to the laptop it prompted me to reboot. I had a few issues after Combofix had done it's stuff: BSOD and failing to start among them. Managed to get that sorted now, I've ran a full scan on both AVG and Malwarebytes and they've removed plenty of infected files.

TDSS Killer is reporting a couple of suspicious files (RapportBuka.sys and rk_remover.sys both in system32\drivers) that I haven't done anything with yet

Here is a current DDS log:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.19154 BrowserJavaVersion: 1.6.0_29

Run by Jessica at 0:35:26 on 2011-10-24

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3069.1589 [GMT 1:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\SMINST\BLService.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe

C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\AVG\AVG2012\avgemcx.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\AVG\AVG2012\avgui.exe

C:\Users\Jessica\Desktop\TDSSKiller.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.mytalktalk.co.uk

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb

uInternet Settings,ProxyOverride = *.local

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: txthlpBHO Class: {060235dc-6d84-47bd-95d7-a4ef5099a59d} - c:\progra~1\texthe~1\readan~1\TE3219~1.DLL

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [DVDAgent] "c:\program files\hewlett-packard\media\dvd\DVDAgent.exe"

mRun: [TSMAgent] "c:\program files\hewlett-packard\touchsmart\media\TSMAgent.exe"

mRun: [CLMLServer for HP TouchSmart] "c:\program files\hewlett-packard\touchsmart\media\kernel\clml\CLMLSvc.exe"

mRun: [smartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [TVAgent] "c:\program files\hewlett-packard\media\tv\TVAgent.exe"

mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{3A14EFA8-5D1A-4FA4-B63D-FD0E63F9B44F} : DhcpNameServer = 212.9.118.1

TCP: Interfaces\{F62CC206-91DF-4967-8A4D-4B3604EAC543} : DhcpNameServer = 192.168.0.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\jessica\appdata\roaming\mozilla\firefox\profiles\hoole2iv.default\

FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=

FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll

FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll

FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll

FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\jessica\appdata\roaming\facebook\npfbplugin_1_0_3.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg2012\Firefox4

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-9-25 56336]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-3-2 218688]

R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-2-27 390528]

R1 RapportCerberus_29574;RapportCerberus_29574;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\29574\RapportCerberus32_29574.sys [2011-9-4 216912]

R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-9-25 70416]

R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-9-25 161936]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 113496]

R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/03/30 04:21:35];c:\program files\hewlett-packard\media\dvd\000.fcl [2008-11-29 87536]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-12 5265248]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-19 20432]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-18 366152]

R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-2-21 358176]

R2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\hewlett-packard\media\tv\kernel\tv\TVCapSvc.exe [2009-2-9 286824]

R2 TVSched;TV Task Scheduler (TVTS);c:\program files\hewlett-packard\media\tv\kernel\tv\TVSched.exe [2009-2-9 107952]

R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2011-4-8 37944]

R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-3-9 7723008]

R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-3-9 239616]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]

R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-9-4 54784]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-18 22216]

R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-3-30 22072]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-2-21 222512]

S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-12-5 109408]

S3 rk_remover-boot;rk_remover-boot;c:\windows\system32\drivers\rk_remover.sys [2011-10-19 53248]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_827e372d\AEstSrv.exe [2009-3-2 81920]

S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-3-9 176128]

S4 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2011-3-9 294400]

S4 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ati technologies\ati.ace\reservation manager\AMD Reservation Manager.exe [2010-6-17 140224]

S4 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\printer\center\KodakSvc.exe [2007-3-22 9728]

.

=============== Created Last 30 ================

.

2011-10-23 22:53:58 -------- d-----w- c:\users\jessica\appdata\roaming\AVG

2011-10-23 15:11:47 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE

2011-10-23 15:02:43 -------- d-----w- c:\users\jessica\appdata\roaming\AVG2012

2011-10-23 15:01:55 -------- d-----w- c:\programdata\AVG2012

2011-10-23 12:05:12 -------- d-s---w- C:\sega1379s

2011-10-23 11:40:59 -------- d-s---w- C:\sega840s

2011-10-23 11:39:49 -------- d-s---w- C:\sega12185s

2011-10-23 10:59:23 -------- d-s---w- C:\sega

2011-10-21 23:25:04 48016 --sha-w- c:\windows\system32\c_47915.nl_

2011-10-19 10:00:12 98816 ----a-w- c:\windows\sed.exe

2011-10-19 10:00:12 518144 ----a-w- c:\windows\SWREG.exe

2011-10-19 10:00:12 256000 ----a-w- c:\windows\PEV.exe

2011-10-19 10:00:12 208896 ----a-w- c:\windows\MBR.exe

2011-10-19 00:52:49 53248 ----a-w- c:\windows\system32\drivers\rk_remover.sys

2011-10-18 23:02:48 1008092 ----a-w- C:\mitchisawesome.com

2011-10-18 23:01:13 -------- d-----w- C:\TDSSKiller_Quarantine

2011-10-18 22:23:52 -------- d-----w- c:\users\jessica\appdata\roaming\Malwarebytes

2011-10-18 22:23:44 -------- d-----w- c:\programdata\Malwarebytes

2011-10-18 22:23:41 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-18 22:23:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-18 21:31:25 388096 ----a-r- c:\users\jessica\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-10-18 21:31:24 -------- d-----w- c:\program files\Trend Micro

2011-10-18 19:28:39 2730536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll

2011-10-18 19:28:35 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1b2a3d21-f87c-4a4b-b938-81a677a6890b}\mpengine.dll

2011-10-18 19:28:34 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-10-17 23:27:17 -------- d-sh--w- c:\windows\system32\%APPDATA%

2011-10-17 23:22:41 -------- d-sh--w- c:\users\jessica\appdata\local\1cf6efbe

2011-10-17 21:12:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-14 03:03:58 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2011-10-14 03:03:58 238080 ----a-w- c:\windows\system32\oleacc.dll

2011-10-14 03:03:57 563712 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-14 03:03:57 4096 ----a-w- c:\windows\system32\oleaccrc.dll

2011-10-06 22:04:54 -------- d-----w- c:\program files\Lionhead Studios

2011-09-27 15:47:51 -------- d-----w- c:\program files\iPod

2011-09-27 15:47:49 -------- d-----w- c:\program files\iTunes

2011-09-27 15:36:42 -------- d-----w- c:\program files\Bonjour

2011-09-25 18:00:08 56336 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

.

==================== Find3M ====================

.

2011-10-23 15:11:18 20432 ----a-w- c:\windows\system32\hpservice.exe

2011-10-23 14:32:11 35384 ----a-w- c:\windows\system32\drivers\kbdclass.sys

2011-10-21 23:24:03 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2011-10-03 04:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-30 23:06:24 916480 ----a-w- c:\windows\system32\wininet.dll

2011-09-30 23:02:06 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-09-30 23:01:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-09-30 23:01:34 71680 ----a-w- c:\windows\system32\iesetup.dll

2011-09-30 23:01:34 109056 ----a-w- c:\windows\system32\iesysprep.dll

2011-09-30 22:07:25 385024 ----a-w- c:\windows\system32\html.iec

2011-09-30 21:29:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2011-09-30 21:28:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-09-13 05:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-07-29 16:01:34 293376 ----a-w- c:\windows\system32\psisdecd.dll

2011-07-29 16:01:33 217088 ----a-w- c:\windows\system32\psisrndr.ax

2011-07-29 16:00:14 57856 ----a-w- c:\windows\system32\MSDvbNP.ax

2011-07-29 16:00:05 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax

.

============= FINISH: 0:36:24.66 ===============

Share this post


Link to post
Share on other sites

That folder exists but there is only a log file called catchme.log in C:\Qoobox\Quarantine which contains only some random time stamps.

Thanks

Share this post


Link to post
Share on other sites

Hi,

My apologies for the delay.

Do a search for log.txt and ComboFix.txt and see if anything comes up.

If not, grab a fresh copy of ComboFix, run it, and post its log.

Share this post


Link to post
Share on other sites

I've just ran ComboFix again and this is the log it produced:

ComboFix 11-11-09.02 - Jessica 09/11/2011 21:46:50.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3069.1519 [GMT 0:00]

Running from: c:\users\Jessica\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\users\Jessica\Documents\~WRL0414.tmp

c:\users\Jessica\Documents\~WRL0648.tmp

c:\users\Jessica\Documents\~WRL2438.tmp

c:\users\Jessica\Documents\~WRL2781.tmp

c:\windows\system32\

c:\windows\system32\c_47915.nl_

.

.

((((((((((((((((((((((((( Files Created from 2011-10-09 to 2011-11-09 )))))))))))))))))))))))))))))))

.

.

2011-11-09 22:04 . 2011-11-09 22:06 -------- d-----w- c:\users\Jessica\AppData\Local\temp

2011-11-09 22:04 . 2011-11-09 22:04 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-03 16:29 . 2011-11-03 16:30 -------- d-----w- c:\users\Jessica\AppData\Local\Google

2011-10-25 20:43 . 2011-10-25 20:43 -------- d-----w- c:\windows\Hewlett-Packard

2011-10-23 22:53 . 2011-10-23 22:55 -------- d-----w- c:\users\Jessica\AppData\Roaming\AVG

2011-10-23 15:52 . 2011-10-23 15:52 -------- d-----w- c:\program files\Common Files\Java

2011-10-23 15:11 . 2011-11-09 21:20 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE

2011-10-23 15:01 . 2011-10-23 16:27 -------- d-----w- c:\programdata\AVG2012

2011-10-23 10:59 . 2011-10-23 11:00 -------- d-----w- C:\sega

2011-10-19 00:52 . 2011-10-19 00:52 53248 ----a-w- c:\windows\system32\drivers\rk_remover.sys

2011-10-18 23:02 . 2011-10-18 22:46 1008092 ----a-w- C:\mitchisawesome.com

2011-10-18 23:01 . 2011-10-23 14:37 -------- d-----w- C:\TDSSKiller_Quarantine

2011-10-18 22:23 . 2011-10-18 22:23 -------- d-----w- c:\users\Jessica\AppData\Roaming\Malwarebytes

2011-10-18 22:23 . 2011-10-18 22:23 -------- d-----w- c:\programdata\Malwarebytes

2011-10-18 22:23 . 2011-10-23 14:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-18 22:23 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-18 21:31 . 2011-10-18 21:31 388096 ----a-r- c:\users\Jessica\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-10-18 21:31 . 2011-10-18 21:31 -------- d-----w- c:\program files\Trend Micro

2011-10-18 19:28 . 2011-09-21 08:00 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1B2A3D21-F87C-4A4B-B938-81A677A6890B}\mpengine.dll

2011-10-18 19:28 . 2011-05-24 18:14 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-10-17 23:27 . 2011-10-17 23:27 -------- d-sh--w- c:\windows\system32\%APPDATA%

2011-10-17 23:22 . 2011-10-23 15:24 -------- d-sh--w- c:\users\Jessica\AppData\Local\1cf6efbe

2011-10-17 23:22 . 2011-10-17 23:22 -------- d-----w- c:\windows\Sun

2011-10-17 21:12 . 2011-10-17 21:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-14 03:03 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2011-10-14 03:03 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll

2011-10-14 03:03 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-14 03:03 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-23 15:11 . 2008-03-18 23:24 20432 ----a-w- c:\windows\system32\hpservice.exe

2011-10-23 14:32 . 2008-01-21 02:23 35384 ----a-w- c:\windows\system32\drivers\kbdclass.sys

2011-10-21 23:24 . 2011-03-02 20:05 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2011-10-03 04:06 . 2010-11-25 01:33 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-25 18:00 . 2011-09-25 18:00 56336 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

2011-09-13 05:30 . 2011-09-13 05:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-18 4615552]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-29 1148200]

"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-25 1316136]

"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-11-19 914224]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"TVAgent"="c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-02-09 206120]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-03 450652]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-08 336384]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-10-18 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

backup=c:\windows\pss\Bluetooth.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk

backup=c:\windows\pss\Desktop Manager.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan.lnk

backup=c:\windows\pss\McAfee Security Scan.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Jessica^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]

path=c:\users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk

backup=c:\windows\pss\LimeWire On Startup.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^Jessica^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor]

2010-09-02 15:23 1638400 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]

2008-11-14 00:57 972080 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

2008-10-24 09:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-11-10 01:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]

2008-10-10 20:24 206128 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-07-05 17:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2008-04-30 13:56 22058792 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2011-03-08 23:17 336384 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2010-05-27 22:31 1721640 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]

2008-11-15 05:02 218408 ------w- c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]

2008-06-14 02:11 210216 ------w- c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]

2008-10-30 19:51 210216 ------w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]

2008-06-14 02:11 210216 ------w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]

2008-11-26 19:34 210216 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 ALSysIO;ALSysIO;c:\users\Jessica\AppData\Local\Temp\ALSysIO.sys [x]

R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-11-19 222512]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-12-05 109408]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]

R3 rk_remover-boot;rk_remover-boot;c:\windows\system32\drivers\rk_remover.sys [2011-10-19 53248]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe [2009-03-02 81920]

R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-09 176128]

R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-09 294400]

R4 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 140224]

R4 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\printer\center\KodakSvc.exe [2007-03-22 9728]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]

S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-09-25 56336]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-07-11 229840]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-21 218688]

S1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-02-27 390528]

S1 RapportCerberus_29574;RapportCerberus_29574;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys [2011-09-04 216912]

S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-09-25 70416]

S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-09-25 161936]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-10-18 12880]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-10-18 67664]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-10-23 113496]

S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/03/30 04:21];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2008-11-29 01:04 87536]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-09-12 5265248]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]

S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-10-23 20432]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2011-10-23 358176]

S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2011-10-23 286824]

S2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2011-10-23 107952]

S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-03-09 7723008]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-03-09 239616]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-07-11 16720]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-09-04 54784]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-29 22072]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-955131487-560549476-2249814095-1000Core.job

- c:\users\Jessica\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-03 16:29]

.

2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-955131487-560549476-2249814095-1000UA.job

- c:\users\Jessica\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-03 16:29]

.

2011-10-17 c:\windows\Tasks\Kodak AiO Scheduled Maintenance.job

- c:\program files\Kodak\Printer\Center\Kodak.Statistics.exe [2007-03-22 17:04]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.mytalktalk.co.uk

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\hoole2iv.default\

FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG2012\Firefox4

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-06902195.sys

SafeBoot-19077549.sys

SafeBoot-32363124.sys

SafeBoot-84829398.sys

MSConfigStartUp-Aim - c:\program files\AIM\aim.exe

MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

MSConfigStartUp-BlackBerryAutoUpdate - c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe

MSConfigStartUp-IJJGlTIlJx - c:\users\Jessica\AppData\Local\Temp\IJJGlTIlJx.exe

MSConfigStartUp-RoxWatchTray - c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

MSConfigStartUp-TalkTalk - c:\program files\TalkTalk\bin\sprtcmd.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-09 22:06

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]

"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2011-11-09 22:10:19

ComboFix-quarantined-files.txt 2011-11-09 22:10

.

Pre-Run: 44,700,610,560 bytes free

Post-Run: 44,728,807,424 bytes free

.

- - End Of File - - 396DF4649E910B13C72DBCE3C7183CCB

Share this post


Link to post
Share on other sites

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Share this post


Link to post
Share on other sites

Currently running ESET Online Scanner in the meantime here is Checkup.txt:

Results of screen317's Security Check version 0.99.28

Windows Vista Service Pack 2 x86 (UAC is enabled)

Internet Explorer 8 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

AVG 2012

Norton Internet Security

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 29

Adobe Flash Player 11.0.1.152

Adobe Reader 9 (Adobe Reader out of date!)

Mozilla Firefox ((3.6.24)) Firefox Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

AVG avgwdsvc.exe

AVG avgtray.exe

AVG avgrsx.exe

AVG avgnsx.exe

AVG avgemc.exe

``````````End of Log````````````

Share this post


Link to post
Share on other sites

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program(s) (if present):

ESET Online Scanner v3

Adobe Reader 9

Mozilla Firefox (3.6.24)

Restart your computer.

Get the latest version of Adobe Reader and Firefox.

Let me know what issues remain.

-screen317

Share this post


Link to post
Share on other sites

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.