opened issue. It appears to be a rootkit. The second is something that's executing on a PID for svchost.exe and that
initiates internet chatter that leaves droppings in the NetworkService profile's temporary internet, cookies and
browser history caches.
I had hoped that I could cure this/these on my own, and failed. I do not believe that I've made any uncorrectable
steps (e.g., I backed up registry keys before deleting, etc.)
The tools I've used in the attempt have been: aVast; Malwarebytes' Anti-Malware; SUPERAntiSpyware; Spyware S&D;
TDSSKiller; HijackThis; GMER/MBR.exe; Windows Defender; Ad-Aware; ATF-Cleander; HouseCall; HitManPro; and ComboFix.
As the GMER log indicated a suspicious modification to atapi.sys, I attempted to replace it by using the recovery
console and the expand command to get a copy from the service pack cab. I've downloaded, but not really used, OTL.
One of the symptoms of my infection has been the inability to run ComboFix (attempts ending in a BSOD with a message
about mbr.sys - sound familiar). Yesterday I noticed a post that suggested executing ComboFix from safe mode. I
attempted that and it succeeded (log attached).
Other odd symptoms include the creation of the FEATURE_BROWSER_EMULATION registry key and population of the key with
the key/value pair 'svchost.exe=0x00001f40'.
Whatever's tickling the internet has the ability to get to sites where various bad things are found and during this
time I've been infected three times with fake AV software that has used either ave.exe or, most recently, both
ave.exe and av.exe to install/run junk. I've used MBAM to get rid of those in combination with a registry file that
restores the keys that get hammered.
I have never run ComboFix (or any other tool) in a non-default fashion (simply executed the program/started a
I have three goals: 1) Get rid of the virus(es); 2) a device driver on the SCSI controller (must be on-board) seems
to have gone missing (the box reports "new hardware found" and cannot find a driver to repair the issue); and 3) the
aVast task bar client no longer starts on user log-on.
Can someone help? I'm close to my wit's end. Thanks in advance.