Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TR/Dropper.Gen Infection


  • This topic is locked This topic is locked
27 replies to this topic

#1 Rustum

Rustum

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cape Town, SA
  • Local time:11:19 PM

Posted 17 December 2011 - 06:19 AM

Hi.

I am helping out my partner, whose laptop seems to be infected with TR/Dropper.Gen. Her machine: laptop running Win XP Prof SP3.

Avira reported the malware when she tried to open a document in Winword 2007, although I don't think that document as such was infected. Since then, Avira will regularly report a file is infected. And now, neither Chrome nor IExplore will run or allow browsing. Taskmanager gives the following error report when I try to run Chrome: "failed to initialize properly (0x0000142)". I have run full Avira and Malwarebytes scans in safe mode - they report nothing then. Malwarebytes reports nothing in normal mode. The last full Avira scan in normal mode didn't report anything wrong either, as far as both of us can recall.

We're in the same location, so I am reporting from my machine. Naturally, I am moving requested DDS and GMER logs (posted below and attached) from her machine via memory stick to mine. (Any precautions I should take other than up to date Avira running? I don't want to get infected and end up entirely locked out from help. I am using a limited account on my machine when using the memory stick to grab data from her machine.)

One last thing: when I saved the GMER log, I forgot to save it as txt and have it as a log file? Is that OK or should I rerun GMER?

I hope this explains the problem in sufficient detail and hope someone can help us.

Thank you in anticipation.

DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512
Run by Hetta at 11:29:00 on 2011-12-17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.469 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about: blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1322770028859
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{584BCBF7-C557-4007-9A6B-83FA3E242ECD} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-11-7 56208]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-4-29 11608]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-16 228208]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-11-7 71440]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-11-7 164112]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-4-29 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-4-29 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-4-29 66616]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-12-18 189736]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-11-7 931640]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-3-4 428640]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\RapportIaso.sys [2011-8-7 21520]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-6 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-6 136176]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]
S3 SVRPEDRV;SVRPEDRV;\??\c:\docume~1\hetta\locals~1\temp\rarsfx0\s10vwf\pedrv.sys --> c:\docume~1\hetta\locals~1\temp\rarsfx0\s10vwf\PEDrv.sys [?]
.
=============== Created Last 30 ================
.
2011-12-17 09:26:19 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{eee33853-f784-41a1-aa4b-fab2046fb0b0}\offreg.dll
2011-12-13 17:08:07 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{eee33853-f784-41a1-aa4b-fab2046fb0b0}\mpengine.dll
2011-12-02 12:56:23 -------- d-----w- c:\program files\CCleaner
2011-12-02 12:17:55 852480 -c----w- c:\windows\system32\dllcache\vgx.dll
2011-12-02 12:14:52 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-12-02 12:14:52 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-12-02 12:01:22 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2011-12-02 11:21:11 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-12-02 11:15:19 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-12-02 10:37:31 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-12-02 10:36:16 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-12-02 10:21:49 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-12-02 10:20:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-12-02 10:19:15 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-12-02 08:04:56 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-12-02 08:02:14 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2011-12-02 08:01:56 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-12-02 08:00:49 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2011-12-02 08:00:48 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2011-12-02 08:00:47 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2011-12-02 08:00:47 110592 -c----w- c:\windows\system32\dllcache\services.exe
2011-12-02 08:00:46 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-12-02 08:00:46 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2011-12-02 08:00:45 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2011-12-02 08:00:45 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2011-12-02 08:00:44 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-12-02 08:00:43 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-12-02 08:00:41 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-12-02 07:36:33 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-12-02 07:28:40 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-12-02 07:28:40 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-12-02 05:33:30 19569 ----a-w- c:\windows\005364_.tmp
2011-12-02 01:11:23 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2011-12-02 01:06:02 -------- d-----w- c:\program files\MSXML 6.0
2011-12-01 21:15:51 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2011-12-01 21:15:16 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-12-01 20:52:03 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2011-12-01 20:48:54 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-12-01 20:48:40 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2011-12-01 19:19:31 -------- d-----w- c:\windows\ServicePackFiles
2011-12-01 19:19:25 95744 ----a-w- c:\windows\system32\SET610.tmp
2011-12-01 19:19:24 471552 ----a-w- c:\windows\system32\SET60A.tmp
2011-12-01 19:17:59 16896 ----a-w- c:\windows\system32\SET454.tmp
2011-12-01 19:16:59 87040 ----a-w- c:\windows\system32\SET2F0.tmp
2011-12-01 19:15:59 8461312 ----a-w- c:\windows\system32\SET1D0.tmp
2011-12-01 19:11:08 19569 ----a-w- c:\windows\003477_.tmp
2011-12-01 19:10:58 -------- d-----w- c:\windows\system32\ReinstallBackups
2011-12-01 18:38:17 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2011-12-01 18:38:16 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2011-12-01 18:38:14 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll
2011-12-01 18:38:12 73728 -c--a-w- c:\windows\system32\dllcache\w3ext.dll
2011-12-01 18:38:12 5632 -c--a-w- c:\windows\system32\dllcache\w3svapi.dll
2011-12-01 18:38:12 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll
2011-12-01 18:38:12 4608 -c--a-w- c:\windows\system32\dllcache\w3ctrs51.dll
2011-12-01 18:38:11 86073 -c--a-w- c:\windows\system32\dllcache\voicesub.dll
2011-12-01 18:38:09 426041 -c--a-w- c:\windows\system32\dllcache\voicepad.dll
2011-12-01 18:36:55 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2011-12-01 18:35:59 7168 -c--a-w- c:\windows\system32\dllcache\isapips.dll
2011-12-01 18:34:54 57399 -c--a-w- c:\windows\system32\dllcache\cplexe.exe
2011-12-01 18:33:54 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll
2011-12-01 18:33:41 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2011-12-01 18:33:41 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2011-12-01 18:33:40 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2011-12-01 18:33:40 169984 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2011-12-01 18:33:40 14336 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2011-12-01 18:33:39 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2011-12-01 18:30:28 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2011-12-01 18:30:28 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
2011-12-01 18:29:51 32768 ----a-w- c:\program files\internet explorer\connection wizard\icwdl.dll
2011-12-01 18:29:50 86016 ----a-w- c:\program files\internet explorer\connection wizard\icwconn2.exe
2011-12-01 18:29:50 214528 ----a-w- c:\program files\internet explorer\connection wizard\icwconn1.exe
2011-12-01 18:29:50 20480 ----a-w- c:\program files\internet explorer\connection wizard\inetwiz.exe
2011-12-01 18:26:30 88192 ----a-w- c:\windows\system32\drivers\irda.sys
2011-12-01 18:26:30 28160 ----a-w- c:\windows\system32\irmon.dll
2011-12-01 18:26:30 151552 ----a-w- c:\windows\system32\irftp.exe
2011-12-01 18:26:29 8192 ----a-w- c:\windows\system32\wshirda.dll
2011-12-01 18:15:01 19584 ----a-w- c:\windows\system32\drivers\rasirda.sys
2011-12-01 18:09:14 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-12-01 18:09:14 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-12-01 18:09:14 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-12-01 18:09:14 13312 ----a-w- c:\windows\system32\irclass.dll
2011-12-01 18:08:39 13753 ----a-r- c:\windows\SET152.tmp
2011-12-01 18:08:35 1086058 ----a-r- c:\windows\SET146.tmp
2011-12-01 18:08:30 1042903 ----a-r- c:\windows\SET143.tmp
.
==================== Find3M ====================
.
2011-12-05 15:12:24 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-07 19:28:38 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-11-02 17:24:38 87608 -c--a-w- c:\documents and settings\hetta\application data\inst.exe
2011-11-02 17:24:38 47360 -c--a-w- c:\documents and settings\hetta\application data\pcouffin.sys
2011-11-01 20:35:20 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-11-01 20:35:20 667136 ----a-w- c:\windows\system32\wininet.dll
2011-11-01 20:35:20 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-11-01 15:02:49 369664 ----a-w- c:\windows\system32\html.iec
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 03:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 00:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 09:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 11:30:32.32 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:19 PM

Posted 22 December 2011 - 07:13 PM

Hi,

run this on the USB you are using, it will help to disinfect it

Download Flash_Disinfector.exe from HERE and save it to your desktop.

  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.


NEXT

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Rustum

Rustum
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cape Town, SA
  • Local time:11:19 PM

Posted 22 December 2011 - 08:51 PM

Hi CatByte

thank you for helping.

Firstly, some issues with Flash Disinfector. When I run it, Avira picks it up as a 'virus or unwanted program' and it therefore doesn't run. In addition, Windows gives an error message to the effect of not having access or permission to the drive. I am a bit confused re your instruction: do I run it from my (healthy) desktop while the flash is inserted, or do I run it on the flash itself? (I do scan the flash with Avira and MBAM when I plug it into my healthy machine; I just hoep my machine doesn't get infected.)

In any event, I attach the Combofix log. Just after installing the recovery console and creating what I think was a system restore point, Combofix gave an error message, "error saving" for 2 files, but I clicked through and Combofix did run. The 2 files were: C:\win\erdnt\HIVBackup\software and (I forget the full path) C:\...\HIV\users\NTUser.DAT. At the end of Combofix, an error message about these 2 files popped up again. For each of C:\ComboFix\HIV\software and C:\ComboFix\HIV\Users\00000005\NTUser.DAT, the message was "RegSaveKeyX:1016-A I/O operation initiated by the registry failed. The registry could not read in, or write out, or flush, one of the files that contain the system image of the registry." (My partner, who's asleep now, works in the HIV field, so it may be some of her software or data files.)

EDIT: I forgot to add: When I first transferred Combofix via flashdrive, the infected machine prompted a format of the flashdrive. I thought it odd, so thought to boot into safe mode. But it wouldn't boot into safe mode. A normal boot then first required a CHKDSK procedure. After that, the flashdrive was accepted.

Attached Files


Edited by Rustum, 22 December 2011 - 08:56 PM.


#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:19 PM

Posted 22 December 2011 - 09:08 PM

Hi

flash disinfector will only work on XP machines,
you should be OK with your AV checking out the USB drive

I believe that error message was ComboFix was unable to back up the registry.

Please do the following:

Note: please allow ComboFix to update if it asks to do so

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
c:\windows\005364_.tmp
c:\windows\system32\SET610.tmp
c:\windows\system32\SET60A.tmp
c:\windows\system32\SET454.tmp
c:\windows\003477_.tmp
c:\windows\SET152.tmp
c:\windows\SET146.tmp
c:\windows\SET143.tmp

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT



Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 Rustum

Rustum
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cape Town, SA
  • Local time:11:19 PM

Posted 23 December 2011 - 03:57 AM

Hi.

1. ComboFix: I tried running ComboFix with that script, but nothing.
Firstly, it opens its small window, running quickly through files in green font.
That closes and then nothing happens. I left it for a long time, but nothing happened.
I ran it again, with the script, then got an error message: error opening file for writng: C:\32788R22FWJFW\handle.3XE. I retried, then ignored.
Finally, the blue command prompt window opened but it detected that the Antivirus was running (I had deactivated Avira before that) and asked to shut down Avira. Avira indicated that it was shut down in its control centre, but Taskmanager showed it still running. I couldn't shut it down via Taskmanager.
I clicked through, nevertheless, but nothing happened. It got as far as saying "attempting to create a restore point", but no further than that. I left it for a few hours, but nothing.

I noticed that Spybot and SuperAntiSpyware was still installed from a 2 years ago, but not active. I uninstalled them.

I rebooted the machine and repeated the process. Everything happened as above. I waited a while, then decided to go to the next step.

2. TDSSKiller: ran the scan; it found nothing.

Here is the log:

10:37:52.0375 2192 TDSS rootkit removing tool 2.6.24.0 Dec 22 2011 18:21:27
10:37:54.0375 2192 ============================================================
10:37:54.0375 2192 Current date / time: 2011/12/23 10:37:54.0375
10:37:54.0375 2192 SystemInfo:
10:37:54.0375 2192
10:37:54.0468 2192 OS Version: 5.1.2600 ServicePack: 3.0
10:37:54.0515 2192 Product type: Workstation
10:37:54.0515 2192 ComputerName: HETTA-TOSH
10:37:54.0531 2192 UserName: Hetta
10:37:54.0531 2192 Windows directory: C:\WINDOWS
10:37:54.0546 2192 System windows directory: C:\WINDOWS
10:37:54.0562 2192 Processor architecture: Intel x86
10:37:54.0562 2192 Number of processors: 2
10:37:54.0562 2192 Page size: 0x1000
10:37:54.0562 2192 Boot type: Normal boot
10:37:54.0562 2192 ============================================================
10:38:03.0187 2192 Initialize success
10:38:37.0328 2928 ============================================================
10:38:37.0437 2928 Scan started
10:38:37.0437 2928 Mode: Manual;
10:38:37.0437 2928 ============================================================
10:38:45.0203 2928 Abiosdsk - ok
10:38:45.0281 2928 abp480n5 - ok
10:38:45.0468 2928 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:38:55.0078 2928 ACPI - ok
10:38:55.0250 2928 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
10:38:55.0796 2928 ACPIEC - ok
10:38:55.0906 2928 adpu160m - ok
10:38:56.0031 2928 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:39:00.0796 2928 aec - ok
10:39:01.0125 2928 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:39:01.0578 2928 AFD - ok
10:39:02.0093 2928 AgereSoftModem (b3192376c7a3814b5341efc2202022f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
10:39:03.0125 2928 AgereSoftModem - ok
10:39:03.0312 2928 Aha154x - ok
10:39:03.0375 2928 aic78u2 - ok
10:39:03.0437 2928 aic78xx - ok
10:39:03.0531 2928 AliIde - ok
10:39:03.0546 2928 amsint - ok
10:39:03.0718 2928 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:39:03.0937 2928 Arp1394 - ok
10:39:04.0046 2928 asc - ok
10:39:04.0171 2928 asc3350p - ok
10:39:04.0265 2928 asc3550 - ok
10:39:04.0390 2928 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:39:04.0468 2928 AsyncMac - ok
10:39:04.0562 2928 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:39:04.0562 2928 atapi - ok
10:39:04.0609 2928 Atdisk - ok
10:39:04.0984 2928 ati2mtag (c5e4e9247396a6595a60857cc780a332) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
10:39:05.0843 2928 ati2mtag - ok
10:39:06.0125 2928 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:39:06.0250 2928 Atmarpc - ok
10:39:06.0328 2928 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:39:06.0515 2928 audstub - ok
10:39:06.0687 2928 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
10:39:06.0812 2928 avgio - ok
10:39:06.0984 2928 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
10:39:07.0140 2928 avgntflt - ok
10:39:07.0265 2928 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
10:39:07.0468 2928 avipbb - ok
10:39:07.0671 2928 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:39:07.0734 2928 Beep - ok
10:39:07.0984 2928 catchme - ok
10:39:08.0093 2928 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:39:08.0265 2928 cbidf2k - ok
10:39:08.0531 2928 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:39:08.0578 2928 CCDECODE - ok
10:39:08.0625 2928 cd20xrnt - ok
10:39:08.0781 2928 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:39:08.0875 2928 Cdaudio - ok
10:39:09.0125 2928 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:39:09.0250 2928 Cdfs - ok
10:39:09.0390 2928 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:39:09.0468 2928 Cdrom - ok
10:39:09.0625 2928 Changer - ok
10:39:09.0765 2928 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
10:39:09.0812 2928 CmBatt - ok
10:39:09.0937 2928 CmdIde - ok
10:39:09.0984 2928 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:39:10.0031 2928 Compbatt - ok
10:39:10.0062 2928 Cpqarray - ok
10:39:10.0093 2928 dac2w2k - ok
10:39:10.0203 2928 dac960nt - ok
10:39:10.0312 2928 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:39:10.0359 2928 Disk - ok
10:39:10.0515 2928 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:39:10.0687 2928 dmboot - ok
10:39:10.0812 2928 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
10:39:10.0937 2928 dmio - ok
10:39:11.0421 2928 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:39:11.0484 2928 dmload - ok
10:39:11.0578 2928 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:39:11.0640 2928 DMusic - ok
10:39:11.0750 2928 dpti2o - ok
10:39:11.0812 2928 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:39:11.0890 2928 drmkaud - ok
10:39:12.0140 2928 e1express (e1fa10ed8f9f700c1be1eae05a80ef57) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
10:39:12.0546 2928 e1express - ok
10:39:12.0718 2928 EntDrv51 - ok
10:39:12.0984 2928 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:39:13.0093 2928 Fastfat - ok
10:39:13.0140 2928 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
10:39:13.0218 2928 Fdc - ok
10:39:13.0375 2928 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:39:13.0500 2928 Fips - ok
10:39:13.0593 2928 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
10:39:13.0640 2928 Flpydisk - ok
10:39:13.0734 2928 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:39:13.0812 2928 FltMgr - ok
10:39:13.0953 2928 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:39:14.0015 2928 Fs_Rec - ok
10:39:14.0234 2928 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:39:14.0390 2928 Ftdisk - ok
10:39:14.0515 2928 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
10:39:14.0625 2928 GEARAspiWDM - ok
10:39:14.0890 2928 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:39:14.0984 2928 Gpc - ok
10:39:15.0078 2928 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:39:15.0218 2928 HDAudBus - ok
10:39:15.0484 2928 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:39:15.0515 2928 hidusb - ok
10:39:15.0578 2928 hpn - ok
10:39:15.0609 2928 hpt3xx - ok
10:39:15.0703 2928 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:39:15.0968 2928 HTTP - ok
10:39:16.0109 2928 hwdatacard (e65d18e37522294bd9ccea29a0965a65) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
10:39:16.0171 2928 hwdatacard - ok
10:39:16.0218 2928 i2omgmt - ok
10:39:16.0312 2928 i2omp - ok
10:39:16.0437 2928 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:39:16.0515 2928 i8042prt - ok
10:39:16.0609 2928 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:39:16.0671 2928 Imapi - ok
10:39:16.0937 2928 ini910u - ok
10:39:18.0437 2928 IntcAzAudAddService (7c09d605fcae64e3cb11ebf90fb1e3a1) C:\WINDOWS\system32\drivers\RtkHDAud.sys
10:39:20.0265 2928 IntcAzAudAddService - ok
10:39:20.0375 2928 IntelIde - ok
10:39:20.0531 2928 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:39:20.0640 2928 intelppm - ok
10:39:20.0734 2928 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:39:20.0828 2928 Ip6Fw - ok
10:39:21.0031 2928 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:39:21.0125 2928 IpFilterDriver - ok
10:39:21.0265 2928 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:39:21.0312 2928 IpInIp - ok
10:39:21.0390 2928 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:39:21.0531 2928 IpNat - ok
10:39:21.0734 2928 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:39:21.0781 2928 IPSec - ok
10:39:21.0906 2928 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
10:39:21.0968 2928 irda - ok
10:39:22.0046 2928 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:39:22.0093 2928 IRENUM - ok
10:39:22.0171 2928 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:39:22.0203 2928 isapnp - ok
10:39:22.0343 2928 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:39:22.0390 2928 Kbdclass - ok
10:39:22.0500 2928 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:39:22.0593 2928 kbdhid - ok
10:39:22.0843 2928 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:39:22.0937 2928 kmixer - ok
10:39:23.0046 2928 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:39:23.0203 2928 KSecDD - ok
10:39:23.0343 2928 lbrtfdc - ok
10:39:23.0484 2928 LVRS (35c2b196a8773d1f33905831daf16c2b) C:\WINDOWS\system32\DRIVERS\lvrs.sys
10:39:23.0703 2928 LVRS - ok
10:39:23.0984 2928 LVUVC (0d6b0ccd22caa668e559b4bb7e86abf1) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
10:39:24.0671 2928 LVUVC - ok
10:39:25.0078 2928 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:39:25.0265 2928 mnmdd - ok
10:39:25.0468 2928 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:39:25.0531 2928 Modem - ok
10:39:25.0593 2928 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:39:25.0640 2928 Mouclass - ok
10:39:25.0843 2928 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:39:25.0953 2928 mouhid - ok
10:39:26.0187 2928 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:39:26.0234 2928 MountMgr - ok
10:39:26.0343 2928 mraid35x - ok
10:39:26.0390 2928 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:39:26.0515 2928 MRxDAV - ok
10:39:26.0640 2928 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:39:26.0812 2928 MRxSmb - ok
10:39:26.0953 2928 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:39:27.0015 2928 Msfs - ok
10:39:27.0171 2928 MSIRCOMM (95c6432151ccff8617352f8e616a1aa4) C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
10:39:27.0203 2928 MSIRCOMM - ok
10:39:27.0265 2928 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:39:27.0328 2928 MSKSSRV - ok
10:39:27.0390 2928 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:39:27.0453 2928 MSPCLOCK - ok
10:39:27.0625 2928 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:39:27.0734 2928 MSPQM - ok
10:39:27.0890 2928 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:39:27.0953 2928 mssmbios - ok
10:39:28.0062 2928 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
10:39:28.0140 2928 MSTEE - ok
10:39:28.0343 2928 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:39:28.0484 2928 Mup - ok
10:39:28.0687 2928 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:39:28.0812 2928 NABTSFEC - ok
10:39:28.0937 2928 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:39:29.0031 2928 NDIS - ok
10:39:29.0140 2928 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:39:29.0171 2928 NdisIP - ok
10:39:29.0296 2928 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:39:29.0343 2928 NdisTapi - ok
10:39:29.0453 2928 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:39:29.0500 2928 Ndisuio - ok
10:39:29.0593 2928 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:39:29.0656 2928 NdisWan - ok
10:39:29.0875 2928 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:39:30.0062 2928 NDProxy - ok
10:39:30.0203 2928 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:39:30.0265 2928 NetBIOS - ok
10:39:30.0453 2928 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:39:30.0593 2928 NetBT - ok
10:39:31.0046 2928 NETw5x32 (0888844230083ce3b47395102bca8207) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
10:39:31.0875 2928 NETw5x32 - ok
10:39:32.0125 2928 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:39:32.0218 2928 NIC1394 - ok
10:39:32.0359 2928 nmwcd - ok
10:39:32.0421 2928 nmwcdc - ok
10:39:32.0515 2928 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:39:32.0546 2928 Npfs - ok
10:39:32.0750 2928 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:39:32.0812 2928 Ntfs - ok
10:39:32.0968 2928 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:39:33.0015 2928 Null - ok
10:39:33.0078 2928 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:39:33.0125 2928 NwlnkFlt - ok
10:39:33.0250 2928 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:39:33.0328 2928 NwlnkFwd - ok
10:39:33.0468 2928 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:39:33.0562 2928 ohci1394 - ok
10:39:33.0656 2928 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
10:39:33.0703 2928 Parport - ok
10:39:33.0859 2928 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:39:33.0906 2928 PartMgr - ok
10:39:34.0078 2928 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:39:34.0125 2928 ParVdm - ok
10:39:34.0187 2928 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
10:39:34.0250 2928 pccsmcfd - ok
10:39:34.0390 2928 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:39:34.0437 2928 PCI - ok
10:39:34.0578 2928 PCIDump - ok
10:39:34.0656 2928 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:39:34.0718 2928 PCIIde - ok
10:39:34.0812 2928 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
10:39:34.0843 2928 Pcmcia - ok
10:39:34.0890 2928 pcouffin - ok
10:39:34.0921 2928 PDCOMP - ok
10:39:34.0968 2928 PDFRAME - ok
10:39:35.0000 2928 PDRELI - ok
10:39:35.0125 2928 PDRFRAME - ok
10:39:35.0218 2928 perc2 - ok
10:39:35.0265 2928 perc2hib - ok
10:39:35.0406 2928 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:39:35.0453 2928 PptpMiniport - ok
10:39:35.0515 2928 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:39:35.0546 2928 PSched - ok
10:39:35.0625 2928 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:39:35.0703 2928 Ptilink - ok
10:39:36.0000 2928 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:39:36.0093 2928 PxHelp20 - ok
10:39:36.0234 2928 ql1080 - ok
10:39:36.0265 2928 Ql10wnt - ok
10:39:36.0359 2928 ql12160 - ok
10:39:36.0390 2928 ql1240 - ok
10:39:36.0453 2928 ql1280 - ok
10:39:36.0812 2928 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
10:39:37.0000 2928 RapportCerberus_34302 - ok
10:39:37.0281 2928 RapportEI (e72edf9410fa365c0c383f7366fbf7c9) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
10:39:37.0375 2928 RapportEI - ok
10:39:37.0687 2928 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
10:39:37.0812 2928 RapportIaso - ok
10:39:38.0062 2928 RapportKELL (541bb19a74b1c28279a204c417321e52) C:\WINDOWS\system32\Drivers\RapportKELL.sys
10:39:38.0125 2928 RapportKELL - ok
10:39:38.0328 2928 RapportPG (0773fab5c2bd7342ba248b3c8cdef3c3) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
10:39:38.0406 2928 RapportPG - ok
10:39:38.0593 2928 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:39:38.0687 2928 RasAcd - ok
10:39:38.0796 2928 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
10:39:38.0859 2928 Rasirda - ok
10:39:38.0937 2928 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:39:39.0031 2928 Rasl2tp - ok
10:39:39.0187 2928 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:39:39.0281 2928 RasPppoe - ok
10:39:39.0421 2928 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:39:39.0468 2928 Raspti - ok
10:39:39.0656 2928 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:39:39.0750 2928 Rdbss - ok
10:39:39.0937 2928 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:39:40.0000 2928 RDPCDD - ok
10:39:40.0078 2928 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:39:40.0156 2928 rdpdr - ok
10:39:40.0265 2928 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
10:39:40.0359 2928 RDPWD - ok
10:39:40.0515 2928 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:39:40.0546 2928 redbook - ok
10:39:40.0703 2928 rspndr (a3b23fb3f295694091f51865f98588b2) C:\WINDOWS\system32\DRIVERS\rspndr.sys
10:39:40.0796 2928 rspndr - ok
10:39:40.0921 2928 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
10:39:41.0031 2928 sdbus - ok
10:39:41.0343 2928 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:39:41.0390 2928 Secdrv - ok
10:39:41.0562 2928 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:39:41.0609 2928 serenum - ok
10:39:41.0671 2928 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
10:39:41.0734 2928 Serial - ok
10:39:41.0921 2928 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:39:41.0953 2928 Sfloppy - ok
10:39:42.0046 2928 Simbad - ok
10:39:42.0125 2928 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:39:42.0171 2928 SLIP - ok
10:39:42.0218 2928 SMCIRDA (62556d170f22c43a544481e4ee16d2e2) C:\WINDOWS\system32\DRIVERS\smcirda.sys
10:39:42.0265 2928 SMCIRDA - ok
10:39:42.0421 2928 Sparrow - ok
10:39:42.0734 2928 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:39:42.0796 2928 splitter - ok
10:39:43.0062 2928 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:39:43.0125 2928 sr - ok
10:39:43.0281 2928 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:39:43.0375 2928 Srv - ok
10:39:43.0437 2928 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
10:39:43.0484 2928 ssmdrv - ok
10:39:43.0703 2928 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:39:43.0843 2928 streamip - ok
10:39:44.0046 2928 SVRPEDRV - ok
10:39:44.0468 2928 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:39:44.0500 2928 swenum - ok
10:39:44.0734 2928 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:39:44.0843 2928 swmidi - ok
10:39:45.0000 2928 symc810 - ok
10:39:45.0031 2928 symc8xx - ok
10:39:45.0062 2928 sym_hi - ok
10:39:45.0109 2928 sym_u3 - ok
10:39:45.0250 2928 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:39:45.0312 2928 sysaudio - ok
10:39:45.0593 2928 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:39:45.0765 2928 Tcpip - ok
10:39:46.0125 2928 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:39:46.0203 2928 TDPIPE - ok
10:39:46.0281 2928 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:39:46.0312 2928 TDTCP - ok
10:39:46.0390 2928 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:39:46.0453 2928 TermDD - ok
10:39:46.0656 2928 tifm21 (244cfbffdefb77f3df571a8cd108fc06) C:\WINDOWS\system32\drivers\tifm21.sys
10:39:46.0765 2928 tifm21 - ok
10:39:47.0000 2928 TosIde - ok
10:39:47.0234 2928 Tosrfcom - ok
10:39:47.0296 2928 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
10:39:47.0343 2928 tosrfec - ok
10:39:47.0468 2928 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:39:47.0562 2928 Udfs - ok
10:39:47.0625 2928 ultra - ok
10:39:47.0843 2928 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:39:48.0140 2928 Update - ok
10:39:48.0265 2928 upperdev - ok
10:39:48.0390 2928 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
10:39:48.0437 2928 usbaudio - ok
10:39:48.0671 2928 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:39:48.0718 2928 usbccgp - ok
10:39:48.0828 2928 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:39:48.0859 2928 usbehci - ok
10:39:49.0062 2928 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:39:49.0109 2928 usbhub - ok
10:39:49.0171 2928 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:39:49.0203 2928 usbprint - ok
10:39:49.0296 2928 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:39:49.0359 2928 usbscan - ok
10:39:49.0437 2928 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
10:39:49.0468 2928 usbser - ok
10:39:49.0562 2928 UsbserFilt - ok
10:39:49.0687 2928 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:39:49.0703 2928 USBSTOR - ok
10:39:49.0765 2928 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:39:49.0828 2928 usbuhci - ok
10:39:49.0968 2928 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
10:39:50.0062 2928 usbvideo - ok
10:39:50.0593 2928 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:39:50.0687 2928 VgaSave - ok
10:39:50.0796 2928 ViaIde - ok
10:39:50.0875 2928 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:39:50.0921 2928 VolSnap - ok
10:39:51.0140 2928 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:39:51.0187 2928 Wanarp - ok
10:39:51.0296 2928 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
10:39:51.0453 2928 Wdf01000 - ok
10:39:51.0562 2928 WDICA - ok
10:39:51.0718 2928 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:39:51.0750 2928 wdmaud - ok
10:39:51.0937 2928 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
10:39:52.0046 2928 WpdUsb - ok
10:39:52.0140 2928 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:39:52.0234 2928 WSTCODEC - ok
10:39:52.0484 2928 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:39:52.0593 2928 WudfPf - ok
10:39:53.0218 2928 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:39:53.0328 2928 WudfRd - ok
10:39:53.0421 2928 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
10:39:58.0453 2928 \Device\Harddisk0\DR0 - ok
10:39:58.0468 2928 MBR (0x1B8) (b095fb07a72ed15ecd211f14b1f57aae) \Device\Harddisk1\DR4
10:40:00.0531 2928 \Device\Harddisk1\DR4 - ok
10:40:00.0562 2928 Boot (0x1200) (1ca27b515e9eb22a1839a3f6afd84dc8) \Device\Harddisk0\DR0\Partition0
10:40:00.0562 2928 \Device\Harddisk0\DR0\Partition0 - ok
10:40:00.0562 2928 ============================================================
10:40:00.0562 2928 Scan finished
10:40:00.0562 2928 ============================================================
10:40:01.0046 3128 Detected object count: 0
10:40:01.0046 3128 Actual detected object count: 0
10:40:21.0546 3680 ============================================================
10:40:21.0609 3680 Scan started
10:40:21.0609 3680 Mode: Manual;
10:40:21.0609 3680 ============================================================
10:40:27.0281 3680 Abiosdsk - ok
10:40:27.0406 3680 abp480n5 - ok
10:40:27.0609 3680 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:40:27.0640 3680 ACPI - ok
10:40:28.0000 3680 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
10:40:28.0031 3680 ACPIEC - ok
10:40:28.0171 3680 adpu160m - ok
10:40:28.0343 3680 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:40:28.0359 3680 aec - ok
10:40:28.0859 3680 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:40:29.0031 3680 AFD - ok
10:40:29.0687 3680 AgereSoftModem (b3192376c7a3814b5341efc2202022f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
10:40:29.0906 3680 AgereSoftModem - ok
10:40:30.0234 3680 Aha154x - ok
10:40:30.0343 3680 aic78u2 - ok
10:40:30.0515 3680 aic78xx - ok
10:40:30.0859 3680 AliIde - ok
10:40:30.0953 3680 amsint - ok
10:40:31.0171 3680 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:40:31.0234 3680 Arp1394 - ok
10:40:31.0593 3680 asc - ok
10:40:31.0765 3680 asc3350p - ok
10:40:31.0937 3680 asc3550 - ok
10:40:32.0406 3680 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:40:32.0484 3680 AsyncMac - ok
10:40:32.0640 3680 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:40:32.0687 3680 atapi - ok
10:40:33.0031 3680 Atdisk - ok
10:40:33.0843 3680 ati2mtag (c5e4e9247396a6595a60857cc780a332) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
10:40:34.0531 3680 ati2mtag - ok
10:40:35.0156 3680 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:40:35.0171 3680 Atmarpc - ok
10:40:35.0656 3680 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:40:35.0687 3680 audstub - ok
10:40:35.0937 3680 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
10:40:36.0046 3680 avgio - ok
10:40:36.0593 3680 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
10:40:36.0609 3680 avgntflt - ok
10:40:37.0281 3680 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
10:40:37.0500 3680 avipbb - ok
10:40:38.0078 3680 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:40:38.0125 3680 Beep - ok
10:40:38.0546 3680 catchme - ok
10:40:39.0140 3680 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:40:39.0171 3680 cbidf2k - ok
10:40:39.0609 3680 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:40:39.0640 3680 CCDECODE - ok
10:40:39.0750 3680 cd20xrnt - ok
10:40:40.0031 3680 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:40:40.0125 3680 Cdaudio - ok
10:40:40.0484 3680 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:40:40.0515 3680 Cdfs - ok
10:40:40.0687 3680 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:40:40.0703 3680 Cdrom - ok
10:40:40.0953 3680 Changer - ok
10:40:41.0468 3680 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
10:40:41.0484 3680 CmBatt - ok
10:40:41.0843 3680 CmdIde - ok
10:40:41.0921 3680 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:40:41.0953 3680 Compbatt - ok
10:40:42.0109 3680 Cpqarray - ok
10:40:42.0687 3680 dac2w2k - ok
10:40:43.0203 3680 dac960nt - ok
10:40:44.0046 3680 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:40:44.0062 3680 Disk - ok
10:40:44.0671 3680 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:40:44.0812 3680 dmboot - ok
10:40:45.0281 3680 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
10:40:45.0359 3680 dmio - ok
10:40:45.0531 3680 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:40:45.0593 3680 dmload - ok
10:40:46.0015 3680 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:40:46.0062 3680 DMusic - ok
10:40:46.0281 3680 dpti2o - ok
10:40:46.0656 3680 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:40:46.0703 3680 drmkaud - ok
10:40:46.0921 3680 e1express (e1fa10ed8f9f700c1be1eae05a80ef57) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
10:40:46.0921 3680 e1express - ok
10:40:47.0109 3680 EntDrv51 - ok
10:40:48.0203 3680 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:40:48.0359 3680 Fastfat - ok
10:40:49.0031 3680 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
10:40:49.0093 3680 Fdc - ok
10:40:49.0234 3680 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:40:49.0265 3680 Fips - ok
10:40:49.0468 3680 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
10:40:49.0484 3680 Flpydisk - ok
10:40:49.0859 3680 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:40:49.0875 3680 FltMgr - ok
10:40:50.0109 3680 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:40:50.0156 3680 Fs_Rec - ok
10:40:50.0328 3680 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:40:50.0343 3680 Ftdisk - ok
10:40:50.0750 3680 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
10:40:50.0765 3680 GEARAspiWDM - ok
10:40:51.0234 3680 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:40:51.0375 3680 Gpc - ok
10:40:51.0593 3680 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:40:51.0734 3680 HDAudBus - ok
10:40:52.0218 3680 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:40:52.0250 3680 hidusb - ok
10:40:52.0375 3680 hpn - ok
10:40:52.0703 3680 hpt3xx - ok
10:40:53.0281 3680 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:40:53.0390 3680 HTTP - ok
10:40:53.0609 3680 hwdatacard (e65d18e37522294bd9ccea29a0965a65) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
10:40:53.0625 3680 hwdatacard - ok
10:40:54.0093 3680 i2omgmt - ok
10:40:54.0609 3680 i2omp - ok
10:40:55.0171 3680 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:40:55.0187 3680 i8042prt - ok
10:40:55.0390 3680 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:40:55.0453 3680 Imapi - ok
10:40:55.0671 3680 ini910u - ok
10:40:57.0296 3680 IntcAzAudAddService (7c09d605fcae64e3cb11ebf90fb1e3a1) C:\WINDOWS\system32\drivers\RtkHDAud.sys
10:40:58.0921 3680 IntcAzAudAddService - ok
10:40:59.0234 3680 IntelIde - ok
10:40:59.0656 3680 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:40:59.0703 3680 intelppm - ok
10:41:00.0250 3680 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:41:00.0296 3680 Ip6Fw - ok
10:41:00.0656 3680 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:41:00.0765 3680 IpFilterDriver - ok
10:41:01.0187 3680 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:41:01.0234 3680 IpInIp - ok
10:41:01.0375 3680 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:41:01.0421 3680 IpNat - ok
10:41:02.0093 3680 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:41:02.0156 3680 IPSec - ok
10:41:02.0343 3680 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
10:41:02.0343 3680 irda - ok
10:41:02.0734 3680 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:41:02.0984 3680 IRENUM - ok
10:41:03.0375 3680 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:41:03.0375 3680 isapnp - ok
10:41:03.0578 3680 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:41:03.0593 3680 Kbdclass - ok
10:41:03.0765 3680 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:41:03.0796 3680 kbdhid - ok
10:41:04.0437 3680 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:41:04.0468 3680 kmixer - ok
10:41:04.0703 3680 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:41:04.0781 3680 KSecDD - ok
10:41:05.0250 3680 lbrtfdc - ok
10:41:05.0656 3680 LVRS (35c2b196a8773d1f33905831daf16c2b) C:\WINDOWS\system32\DRIVERS\lvrs.sys
10:41:05.0734 3680 LVRS - ok
10:41:07.0031 3680 LVUVC (0d6b0ccd22caa668e559b4bb7e86abf1) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
10:41:08.0703 3680 LVUVC - ok
10:41:09.0234 3680 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:41:09.0250 3680 mnmdd - ok
10:41:09.0359 3680 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:41:09.0406 3680 Modem - ok
10:41:09.0531 3680 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:41:09.0531 3680 Mouclass - ok
10:41:09.0875 3680 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:41:09.0875 3680 mouhid - ok
10:41:10.0281 3680 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:41:10.0296 3680 MountMgr - ok
10:41:10.0531 3680 mraid35x - ok
10:41:10.0765 3680 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:41:10.0812 3680 MRxDAV - ok
10:41:11.0390 3680 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:41:11.0593 3680 MRxSmb - ok
10:41:11.0968 3680 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:41:12.0015 3680 Msfs - ok
10:41:12.0187 3680 MSIRCOMM (95c6432151ccff8617352f8e616a1aa4) C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
10:41:12.0187 3680 MSIRCOMM - ok
10:41:12.0859 3680 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:41:12.0890 3680 MSKSSRV - ok
10:41:13.0000 3680 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:41:13.0046 3680 MSPCLOCK - ok
10:41:13.0406 3680 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:41:13.0421 3680 MSPQM - ok
10:41:13.0640 3680 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:41:13.0671 3680 mssmbios - ok
10:41:14.0250 3680 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
10:41:14.0250 3680 MSTEE - ok
10:41:14.0453 3680 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:41:14.0500 3680 Mup - ok
10:41:14.0640 3680 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:41:14.0656 3680 NABTSFEC - ok
10:41:15.0109 3680 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:41:15.0171 3680 NDIS - ok
10:41:15.0234 3680 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:41:15.0234 3680 NdisIP - ok
10:41:15.0500 3680 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:41:15.0531 3680 NdisTapi - ok
10:41:15.0968 3680 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:41:15.0968 3680 Ndisuio - ok
10:41:16.0171 3680 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:41:16.0171 3680 NdisWan - ok
10:41:16.0312 3680 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:41:16.0359 3680 NDProxy - ok
10:41:16.0609 3680 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:41:16.0656 3680 NetBIOS - ok
10:41:16.0968 3680 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:41:16.0984 3680 NetBT - ok
10:41:18.0390 3680 NETw5x32 (0888844230083ce3b47395102bca8207) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
10:41:19.0828 3680 NETw5x32 - ok
10:41:20.0093 3680 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:41:20.0125 3680 NIC1394 - ok
10:41:20.0296 3680 nmwcd - ok
10:41:20.0312 3680 nmwcdc - ok
10:41:20.0546 3680 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:41:20.0546 3680 Npfs - ok
10:41:21.0046 3680 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:41:21.0125 3680 Ntfs - ok
10:41:21.0671 3680 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:41:21.0718 3680 Null - ok
10:41:22.0500 3680 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:41:22.0531 3680 NwlnkFlt - ok
10:41:23.0125 3680 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:41:23.0156 3680 NwlnkFwd - ok
10:41:23.0593 3680 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:41:23.0687 3680 ohci1394 - ok
10:41:24.0093 3680 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
10:41:24.0125 3680 Parport - ok
10:41:24.0218 3680 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:41:24.0250 3680 PartMgr - ok
10:41:24.0625 3680 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:41:24.0640 3680 ParVdm - ok
10:41:24.0968 3680 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
10:41:24.0984 3680 pccsmcfd - ok
10:41:25.0343 3680 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:41:25.0500 3680 PCI - ok
10:41:25.0921 3680 PCIDump - ok
10:41:26.0281 3680 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:41:26.0312 3680 PCIIde - ok
10:41:26.0875 3680 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
10:41:26.0921 3680 Pcmcia - ok
10:41:27.0093 3680 pcouffin - ok
10:41:27.0296 3680 PDCOMP - ok
10:41:27.0671 3680 PDFRAME - ok
10:41:27.0890 3680 PDRELI - ok
10:41:28.0156 3680 PDRFRAME - ok
10:41:28.0218 3680 perc2 - ok
10:41:28.0437 3680 perc2hib - ok
10:41:28.0734 3680 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:41:28.0750 3680 PptpMiniport - ok
10:41:28.0937 3680 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:41:29.0015 3680 PSched - ok
10:41:29.0468 3680 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:41:29.0484 3680 Ptilink - ok
10:41:29.0781 3680 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:41:29.0781 3680 PxHelp20 - ok
10:41:30.0078 3680 ql1080 - ok
10:41:30.0218 3680 Ql10wnt - ok
10:41:30.0281 3680 ql12160 - ok
10:41:30.0421 3680 ql1240 - ok
10:41:30.0578 3680 ql1280 - ok
10:41:31.0281 3680 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
10:41:31.0359 3680 RapportCerberus_34302 - ok
10:41:31.0765 3680 RapportEI (e72edf9410fa365c0c383f7366fbf7c9) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
10:41:31.0890 3680 RapportEI - ok
10:41:32.0531 3680 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
10:41:32.0625 3680 RapportIaso - ok
10:41:33.0296 3680 RapportKELL (541bb19a74b1c28279a204c417321e52) C:\WINDOWS\system32\Drivers\RapportKELL.sys
10:41:33.0312 3680 RapportKELL - ok
10:41:33.0656 3680 RapportPG (0773fab5c2bd7342ba248b3c8cdef3c3) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
10:41:33.0703 3680 RapportPG - ok
10:41:34.0078 3680 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:41:34.0093 3680 RasAcd - ok
10:41:34.0234 3680 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
10:41:34.0234 3680 Rasirda - ok
10:41:34.0390 3680 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:41:34.0406 3680 Rasl2tp - ok
10:41:34.0734 3680 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:41:34.0750 3680 RasPppoe - ok
10:41:34.0968 3680 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:41:35.0000 3680 Raspti - ok
10:41:35.0453 3680 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:41:35.0468 3680 Rdbss - ok
10:41:35.0671 3680 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:41:35.0687 3680 RDPCDD - ok
10:41:36.0015 3680 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:41:36.0093 3680 rdpdr - ok
10:41:36.0312 3680 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
10:41:36.0343 3680 RDPWD - ok
10:41:36.0734 3680 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:41:36.0875 3680 redbook - ok
10:41:37.0296 3680 rspndr (a3b23fb3f295694091f51865f98588b2) C:\WINDOWS\system32\DRIVERS\rspndr.sys
10:41:37.0312 3680 rspndr - ok
10:41:37.0484 3680 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
10:41:37.0484 3680 sdbus - ok
10:41:37.0625 3680 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:41:37.0671 3680 Secdrv - ok
10:41:38.0000 3680 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:41:38.0000 3680 serenum - ok
10:41:38.0375 3680 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
10:41:38.0406 3680 Serial - ok
10:41:38.0828 3680 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:41:38.0843 3680 Sfloppy - ok
10:41:39.0421 3680 Simbad - ok
10:41:39.0593 3680 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:41:39.0593 3680 SLIP - ok
10:41:39.0906 3680 SMCIRDA (62556d170f22c43a544481e4ee16d2e2) C:\WINDOWS\system32\DRIVERS\smcirda.sys
10:41:40.0046 3680 SMCIRDA - ok
10:41:40.0421 3680 Sparrow - ok
10:41:40.0609 3680 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:41:40.0609 3680 splitter - ok
10:41:41.0046 3680 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:41:41.0046 3680 sr - ok
10:41:41.0875 3680 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:41:41.0890 3680 Srv - ok
10:41:42.0140 3680 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
10:41:42.0203 3680 ssmdrv - ok
10:41:42.0468 3680 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:41:42.0500 3680 streamip - ok
10:41:43.0062 3680 SVRPEDRV - ok
10:41:43.0265 3680 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:41:43.0359 3680 swenum - ok
10:41:43.0546 3680 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:41:43.0562 3680 swmidi - ok
10:41:43.0796 3680 symc810 - ok
10:41:44.0000 3680 symc8xx - ok
10:41:44.0078 3680 sym_hi - ok
10:41:44.0218 3680 sym_u3 - ok
10:41:44.0453 3680 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:41:44.0468 3680 sysaudio - ok
10:41:44.0765 3680 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:41:45.0015 3680 Tcpip - ok
10:41:45.0421 3680 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:41:45.0421 3680 TDPIPE - ok
10:41:45.0937 3680 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:41:45.0937 3680 TDTCP - ok
10:41:46.0187 3680 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:41:46.0250 3680 TermDD - ok
10:41:46.0406 3680 tifm21 (244cfbffdefb77f3df571a8cd108fc06) C:\WINDOWS\system32\drivers\tifm21.sys
10:41:46.0515 3680 tifm21 - ok
10:41:46.0781 3680 TosIde - ok
10:41:46.0984 3680 Tosrfcom - ok
10:41:47.0078 3680 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
10:41:47.0125 3680 tosrfec - ok
10:41:47.0328 3680 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:41:47.0343 3680 Udfs - ok
10:41:47.0671 3680 ultra - ok
10:41:48.0140 3680 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:41:48.0296 3680 Update - ok
10:41:48.0765 3680 upperdev - ok
10:41:49.0578 3680 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
10:41:49.0625 3680 usbaudio - ok
10:41:49.0953 3680 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:41:50.0031 3680 usbccgp - ok
10:41:50.0234 3680 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:41:50.0250 3680 usbehci - ok
10:41:50.0625 3680 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:41:50.0625 3680 usbhub - ok
10:41:50.0843 3680 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:41:50.0984 3680 usbprint - ok
10:41:51.0312 3680 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:41:51.0328 3680 usbscan - ok
10:41:51.0546 3680 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
10:41:51.0562 3680 usbser - ok
10:41:51.0781 3680 UsbserFilt - ok
10:41:51.0937 3680 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:41:51.0968 3680 USBSTOR - ok
10:41:52.0281 3680 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:41:52.0296 3680 usbuhci - ok
10:41:52.0531 3680 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
10:41:52.0546 3680 usbvideo - ok
10:41:52.0875 3680 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:41:52.0906 3680 VgaSave - ok
10:41:53.0171 3680 ViaIde - ok
10:41:53.0328 3680 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:41:53.0375 3680 VolSnap - ok
10:41:53.0625 3680 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:41:53.0625 3680 Wanarp - ok
10:41:54.0031 3680 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
10:41:54.0203 3680 Wdf01000 - ok
10:41:54.0390 3680 WDICA - ok
10:41:54.0656 3680 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:41:54.0921 3680 wdmaud - ok
10:41:55.0593 3680 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
10:41:55.0593 3680 WpdUsb - ok
10:41:56.0187 3680 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:41:56.0187 3680 WSTCODEC - ok
10:41:56.0406 3680 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:41:56.0531 3680 WudfPf - ok
10:41:56.0968 3680 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:41:56.0984 3680 WudfRd - ok
10:41:57.0078 3680 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
10:42:05.0578 3680 \Device\Harddisk0\DR0 - ok
10:42:05.0593 3680 MBR (0x1B8) (b095fb07a72ed15ecd211f14b1f57aae) \Device\Harddisk1\DR4
10:42:07.0500 3680 \Device\Harddisk1\DR4 - ok
10:42:07.0609 3680 Boot (0x1200) (1ca27b515e9eb22a1839a3f6afd84dc8) \Device\Harddisk0\DR0\Partition0
10:42:07.0640 3680 \Device\Harddisk0\DR0\Partition0 - ok
10:42:07.0640 3680 ============================================================
10:42:07.0640 3680 Scan finished
10:42:07.0640 3680 ============================================================
10:42:07.0750 3608 Detected object count: 0
10:42:07.0750 3608 Actual detected object count: 0

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:19 PM

Posted 23 December 2011 - 09:17 AM

Hi,

The download and unpacking may have been corrupted by your AV, you may need to uninstall it until we get this machine cleaned so it doesn't interfere

please delete the copy of ComboFix that you have on your desktop and download a fresh copy

try booting into safe mode to run it, make certain no other windows are open

To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account

Edited by CatByte, 23 December 2011 - 09:17 AM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 Rustum

Rustum
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cape Town, SA
  • Local time:11:19 PM

Posted 24 December 2011 - 05:30 AM

Hi Catbyte

I paste the Combofix log below. I uninstalled Avira, booted into safe mode (no network connection) and ran Combofix + Script. It still detected antivirus scanner, but I clicked through and it ran to the end. I notice that at the start of the log it lists AVG's firewall as disabled, although AVG has long ago been uninstalled.

Here's the Combofix log:

ComboFix 11-12-23.01 - Administrator 2011/12/24 12:00:09.1.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.791 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
FILE ::
"c:\windows\003477_.tmp"
"c:\windows\005364_.tmp"
"c:\windows\SET143.tmp"
"c:\windows\SET146.tmp"
"c:\windows\SET152.tmp"
"c:\windows\system32\SET454.tmp"
"c:\windows\system32\SET60A.tmp"
"c:\windows\system32\SET610.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\003477_.tmp
c:\windows\005364_.tmp
c:\windows\SET143.tmp
c:\windows\SET146.tmp
c:\windows\SET152.tmp
c:\windows\system32\SET3B0.tmp
c:\windows\system32\SET3B1.tmp
c:\windows\system32\SET3B4.tmp
c:\windows\system32\SET3B5.tmp
c:\windows\system32\SET3B6.tmp
c:\windows\system32\SET3B7.tmp
c:\windows\system32\SET3BA.tmp
c:\windows\system32\SET3BB.tmp
c:\windows\system32\SET3BC.tmp
c:\windows\system32\SET3BD.tmp
c:\windows\system32\SET3BE.tmp
c:\windows\system32\SET3BF.tmp
c:\windows\system32\SET3C2.tmp
c:\windows\system32\SET3C3.tmp
c:\windows\system32\SET3C4.tmp
c:\windows\system32\SET3C5.tmp
c:\windows\system32\SET3C6.tmp
c:\windows\system32\SET3C7.tmp
c:\windows\system32\SET3C8.tmp
c:\windows\system32\SET3C9.tmp
c:\windows\system32\SET3CA.tmp
c:\windows\system32\SET3CB.tmp
c:\windows\system32\SET3CC.tmp
c:\windows\system32\SET3CD.tmp
c:\windows\system32\SET3CE.tmp
c:\windows\system32\SET3CF.tmp
c:\windows\system32\SET3D1.tmp
c:\windows\system32\SET3D2.tmp
c:\windows\system32\SET3D3.tmp
c:\windows\system32\SET3D4.tmp
c:\windows\system32\SET3D6.tmp
c:\windows\system32\SET3E0.tmp
c:\windows\system32\SET3F0.tmp
c:\windows\system32\SET3F1.tmp
c:\windows\system32\SET3F6.tmp
c:\windows\system32\SET400.tmp
c:\windows\system32\SET41B.tmp
c:\windows\system32\SET41D.tmp
c:\windows\system32\SET424.tmp
c:\windows\system32\SET425.tmp
c:\windows\system32\SET426.tmp
c:\windows\system32\SET428.tmp
c:\windows\system32\SET429.tmp
c:\windows\system32\SET42A.tmp
c:\windows\system32\SET42B.tmp
c:\windows\system32\SET42D.tmp
c:\windows\system32\SET42E.tmp
c:\windows\system32\SET430.tmp
c:\windows\system32\SET431.tmp
c:\windows\system32\SET432.tmp
c:\windows\system32\SET434.tmp
c:\windows\system32\SET437.tmp
c:\windows\system32\SET439.tmp
c:\windows\system32\SET43A.tmp
c:\windows\system32\SET43F.tmp
c:\windows\system32\SET440.tmp
c:\windows\system32\SET448.tmp
c:\windows\system32\SET44F.tmp
c:\windows\system32\SET450.tmp
c:\windows\system32\SET454.tmp
c:\windows\system32\SET457.tmp
c:\windows\system32\SET45A.tmp
c:\windows\system32\SET45B.tmp
c:\windows\system32\SET45C.tmp
c:\windows\system32\SET45F.tmp
c:\windows\system32\SET460.tmp
c:\windows\system32\SET462.tmp
c:\windows\system32\SET463.tmp
c:\windows\system32\SET464.tmp
c:\windows\system32\SET467.tmp
c:\windows\system32\SET468.tmp
c:\windows\system32\SET46C.tmp
c:\windows\system32\SET46D.tmp
c:\windows\system32\SET470.tmp
c:\windows\system32\SET472.tmp
c:\windows\system32\SET477.tmp
c:\windows\system32\SET47A.tmp
c:\windows\system32\SET47C.tmp
c:\windows\system32\SET47F.tmp
c:\windows\system32\SET482.tmp
c:\windows\system32\SET484.tmp
c:\windows\system32\SET58.tmp
c:\windows\system32\SET60A.tmp
c:\windows\system32\SET610.tmp
c:\windows\system32\SET98.tmp
c:\windows\system32\SET99.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-11-24 to 2011-12-24 )))))))))))))))))))))))))))))))
.
.
2011-12-24 09:53 . 2011-12-24 09:53 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{3AA97363-BF05-46A9-8E6D-7FA62DD03177}\offreg.dll
2011-12-23 00:24 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{3AA97363-BF05-46A9-8E6D-7FA62DD03177}\mpengine.dll
2011-12-17 06:04 . 2011-12-17 06:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-12-14 10:23 . 2011-12-14 10:23 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-12-02 12:56 . 2011-12-02 13:51 -------- d-----w- c:\program files\CCleaner
2011-12-02 12:17 . 2011-04-29 19:07 852480 -c----w- c:\windows\system32\dllcache\vgx.dll
2011-12-02 12:14 . 2011-02-08 13:33 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-12-02 12:14 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-12-02 12:01 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2011-12-02 11:21 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-12-02 11:15 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-12-02 10:37 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-12-02 10:36 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-12-02 10:21 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-12-02 10:20 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-12-02 10:19 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-12-02 08:04 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-12-02 08:02 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2011-12-02 08:01 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-12-02 08:00 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2011-12-02 08:00 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2011-12-02 08:00 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2011-12-02 08:00 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2011-12-02 08:00 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-12-02 08:00 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2011-12-02 08:00 . 2010-12-09 15:15 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2011-12-02 08:00 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2011-12-02 08:00 . 2011-10-25 13:37 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-12-02 08:00 . 2011-10-25 13:33 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-12-02 08:00 . 2011-10-25 12:52 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-12-02 07:36 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-12-02 07:28 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-12-02 07:28 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-12-02 01:11 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2011-12-02 01:06 . 2011-12-02 01:06 -------- d-----w- c:\program files\MSXML 6.0
2011-12-01 21:15 . 2011-03-04 06:45 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2011-12-01 21:15 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-12-01 20:52 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2011-12-01 20:48 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-12-01 20:48 . 2010-06-14 07:41 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2011-12-01 19:24 . 2009-07-31 08:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2011-12-01 19:24 . 2008-04-13 20:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2011-12-01 19:19 . 2011-12-01 19:24 -------- d-----w- c:\windows\ServicePackFiles
2011-12-01 18:38 . 2004-08-04 12:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2011-12-01 18:38 . 2004-08-04 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2011-12-01 18:38 . 2004-08-04 12:00 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll
2011-12-01 18:38 . 2004-08-04 12:00 73728 -c--a-w- c:\windows\system32\dllcache\w3ext.dll
2011-12-01 18:38 . 2004-08-04 12:00 5632 -c--a-w- c:\windows\system32\dllcache\w3svapi.dll
2011-12-01 18:38 . 2004-08-04 12:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll
2011-12-01 18:38 . 2004-08-04 12:00 4608 -c--a-w- c:\windows\system32\dllcache\w3ctrs51.dll
2011-12-01 18:38 . 2008-04-14 03:41 86073 -c--a-w- c:\windows\system32\dllcache\voicesub.dll
2011-12-01 18:38 . 2008-04-14 03:41 426041 -c--a-w- c:\windows\system32\dllcache\voicepad.dll
2011-12-01 18:36 . 2001-08-17 20:36 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2011-12-01 18:35 . 2004-08-04 12:00 7168 -c--a-w- c:\windows\system32\dllcache\isapips.dll
2011-12-01 18:34 . 2004-08-04 12:00 57399 -c--a-w- c:\windows\system32\dllcache\cplexe.exe
2011-12-01 18:33 . 2004-08-04 12:00 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll
2011-12-01 18:33 . 2004-08-04 12:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2011-12-01 18:33 . 2004-08-04 12:00 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2011-12-01 18:33 . 2004-08-04 12:00 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2011-12-01 18:33 . 2004-08-04 12:00 169984 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2011-12-01 18:33 . 2004-08-04 12:00 14336 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2011-12-01 18:33 . 2004-08-04 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2011-12-01 18:30 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2011-12-01 18:30 . 2004-08-04 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2011-12-01 18:29 . 2008-04-14 03:41 32768 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwdl.dll
2011-12-01 18:29 . 2008-04-14 03:42 86016 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn2.exe
2011-12-01 18:29 . 2008-04-14 03:42 214528 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe
2011-12-01 18:29 . 2008-04-14 03:42 20480 ----a-w- c:\program files\Internet Explorer\Connection Wizard\inetwiz.exe
2011-12-01 18:26 . 2008-04-14 03:42 151552 ----a-w- c:\windows\system32\irftp.exe
2011-12-01 18:26 . 2008-04-14 03:41 28160 ----a-w- c:\windows\system32\irmon.dll
2011-12-01 18:26 . 2008-04-13 22:24 88192 ----a-w- c:\windows\system32\drivers\irda.sys
2011-12-01 18:26 . 2008-04-14 03:42 8192 ----a-w- c:\windows\system32\wshirda.dll
2011-12-01 18:15 . 2001-08-17 11:51 19584 ----a-w- c:\windows\system32\drivers\rasirda.sys
2011-12-01 18:09 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-12-01 18:09 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-12-01 18:09 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-12-01 18:09 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2011-11-30 19:06 . 2011-11-30 19:06 -------- d-----w- c:\program files\Apple Software Update
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 13:25 . 2004-08-04 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 10:47 . 2009-06-24 15:57 6823496 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-11-01 20:35 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-11-01 20:35 . 2004-08-04 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2011-11-01 20:35 . 2004-08-04 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-11-01 16:07 . 2004-08-04 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-11-01 15:02 . 2004-08-04 12:00 369664 ----a-w- c:\windows\system32\html.iec
2011-10-28 05:31 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2004-08-04 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2008-11-17 16:54 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 03:06 . 2011-03-17 06:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 00:37 . 2009-03-18 09:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 17:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 09:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-05 16206848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt\0sprestrt
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk
backup=c:\windows\pss\Audible Download Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Hetta^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Hetta\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-05-10 08:12 90112 -c--a-w- c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-01-15 14:14 147456 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
c:\program files\Google\Google Talk\googletalk.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-17 05:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-14 09:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2011-01-13 02:01 6129496 ----a-w- c:\program files\Logitech\Vid HD\Vid.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-03-01 21:14 190808 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
2009-12-18 09:24 197928 ----a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MbWzdFPAP-EXL540]
F:\PdtGuide.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 15:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 11:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006/11/03 06:19 PM 13592]
S0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011/12/14 12:23 PM 56208]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [2011/12/16 08:19 AM 228208]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011/12/14 12:23 PM 71440]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011/12/14 12:23 PM 164112]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009/12/18 11:25 AM 189736]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010/06/06 08:03 PM 136176]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011/12/14 12:23 PM 931640]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011/03/04 03:31 AM 428640]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010/06/06 08:03 PM 136176]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys --> c:\windows\system32\Drivers\pcouffin.sys [?]
S3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [2011/08/07 02:23 PM 21520]
S3 SVRPEDRV;SVRPEDRV;\??\c:\docume~1\Hetta\LOCALS~1\Temp\RarSFX0\S10VWF\PEDrv.sys --> c:\docume~1\Hetta\LOCALS~1\Temp\RarSFX0\S10VWF\PEDrv.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2011-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-06 18:03]
.
2011-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-06 18:03]
.
2011-12-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
MSConfigStartUp-Google Update - c:\documents and settings\Hetta\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
AddRemove-HijackThis - c:\documents and settings\Hetta\My Documents\Downloads\HijackThis.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-24 12:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(236)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-12-24 12:15:01
ComboFix-quarantined-files.txt 2011-12-24 10:14
ComboFix2.txt 2011-12-23 01:28
.
Pre-Run: 40,511,086,592 bytes free
Post-Run: 40,492,040,192 bytes free
.
- - End Of File - - 6A8533324F13105B357A5C8F6102FAC3

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:19 PM

Posted 24 December 2011 - 08:56 AM

Hi,

Please run the removal tool from AVG (choose the one for the AV removal that included the Firewall)

http://www.avg.com/ca-en/utilities

then run the following:


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish



NEXT


Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 Rustum

Rustum
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cape Town, SA
  • Local time:11:19 PM

Posted 24 December 2011 - 09:20 AM

Hi,

two things.

1. I'm still locked out from internet access; i.e. Chrome gives error message "This webpage is not available" in normal mode. So, I'm doing this in safe mode where I have access only to IE 6 (don't ask). And I can't distinguish a specific removal tool which includes the firewall, so I am running the generic 32-bit removal tool. (It seems to be running fine.)
2. Then, am I doing all of the other steps while Avira remains uninstalled (REM: I removed AVIRA it a few steps back.)

Thanks.

#10 Rustum

Rustum
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cape Town, SA
  • Local time:11:19 PM

Posted 24 December 2011 - 09:23 AM

Oops, sorry. Re #2 above - I mean, is it safe to run, connected to internet, without an anti-virus program running?

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:19 PM

Posted 24 December 2011 - 09:24 AM

yes, do the other steps with the AV uninstalled so it doesn't interfere,

Just connect to run the scans, then disconnect from the net while the AV is uninstalled.

Have you tried uninstalling Chrome then re-installing it?

run this Temp File cleaner once uninstalled, before you re-install it (do this after the MBAM and ESET scans are complete)


Download TFC to your desktop
Mirror
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 Rustum

Rustum
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cape Town, SA
  • Local time:11:19 PM

Posted 24 December 2011 - 09:38 AM

OK.

Sorry to be a bother about this, but I ask mainly because your ESET instructions sound counterintuitive and I just want to confirm: Remove threats option unchecked?

Thanks.

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:19 PM

Posted 24 December 2011 - 09:59 AM

correct, we DON'T want ESET to remove anything (it detects a fair amount of false positives, plus it detects threats in old restore points which we don't want it to remove)

Once I see the log produced by ESET then I can remove the items that need to be removed.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 Rustum

Rustum
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cape Town, SA
  • Local time:11:19 PM

Posted 24 December 2011 - 11:03 AM

I ran the AVG removal tool, MBAM and ESET in safe mode as administrator. The other logon, a named account, also has admin rights - I don't know if this is an important detail, but I am intrigued that neither MBAM nor ESET found anything. I post the MBAM log below; ESET didn't give option for a log. (Have previous scans and Combofix showed anything malicious at all?)

In the meantime, I am going to re-install AVIRA and Chrome in normal mode under the named account before I give you a report back on how the machine is running (I will also uninstall other redundant security software from previous incidents - do a general cleanup, so to speak, before I run TFC.)

Thanks a lot for all your help so far; I hope that we're close to a clean bill of health.

The MBAM log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122403

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 6.0.2900.5512

2011/12/24 04:27:57 PM
mbam-log-2011-12-24 (16-27-57).txt

Scan type: Quick scan
Objects scanned: 179452
Time elapsed: 2 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:19 PM

Posted 24 December 2011 - 12:50 PM

Hi

Please do the following:

Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

Posted Image Your Java is out of date.
Java™ 6 Update 29 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.
An update should begin; > follow the prompts.


Clear Java cache

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup) If you do not see the icon, look to your left and click 'Switch to Classic View'.
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.



NEXT



Please post a fresh DDS Log and advise if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users