Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

sirefef.eb infection, browser hijack


  • This topic is locked This topic is locked
8 replies to this topic

#1 HenryJ

HenryJ

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 22 March 2012 - 03:04 PM

I am running Windows XP Professional SP 3. My antivirus(CA etrust) reports win32/sirefef.eb has been cured and needs to restart the computer. It doesn't go away after a restart, I continue to get a notification. When I attempt to open Internet Explorer it opens a window and immediately closes unless I open it as the machine administrator. When I do open the browser, I get a popup to a women's health site, a bestofyoutube/mevio site or ifood and google searches also redirect. The last time I was able to open IE successfully, Windows Security Alert popped up and asked me Keep blocking, Unblock or ask me later. I selected unblock and have not been able to use it properly since.

Before posting, I started the computer in safe mode, used rkill and ran Malwarebytes. I ran two scans, the first one I had to interrupt and the second one, I did allow to complete. It did find TrojanProxy.Agent and Trojan.Downloader in the registry and in the file system. Upon restart, the virus was still there.

I have had issues just seeing the logs when attempting to upload. I see it on the desktop but it doesn't appear as a selection. I finally had to save the log to the root of the drive just to attach it.
Below are the DDS and GMER logs. Attached are the files attach.txt,ark.txt (gmer) and two mbam logs.

I would appreciate help in getting rid of this infection.

thanks in advance.
Henry


.

Attached Files



BC AdBot (Login to Remove)

 


#2 HenryJ

HenryJ
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 22 March 2012 - 03:16 PM

as you might have noticed. I did not attach the mbam logs. I have also noticed that windows updates can not be downloaded.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:59 PM

Posted 27 March 2012 - 01:08 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please run the DDS tool again. Post the DDS.txt log not the extra.txt log as you previously did.

#4 HenryJ

HenryJ
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 28 March 2012 - 02:15 PM

I actually found the files that I previously couldn't find.
Since I was logged in as another user, I was able to find the downloaded files on the desktop of that user
Below are the three requested logs: tddskiller log, aswMBR log and dds.txt log. Attached is the zipped MBR.dat

the tdds killer did find an infection to cure (Virus.Win32.ZAccess.k). I did restart the machine and my antivirus did not pick up that sirefef.eb infection.

thank you for your help.
Henry

below is the tddskiller log
13:22:34.0468 3696 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
13:22:35.0234 3696 ============================================================
13:22:35.0234 3696 Current date / time: 2012/03/28 13:22:35.0234
13:22:35.0234 3696 SystemInfo:
13:22:35.0234 3696
13:22:35.0234 3696 OS Version: 5.1.2600 ServicePack: 3.0
13:22:35.0234 3696 Product type: Workstation
13:22:35.0234 3696 ComputerName: FXSCAN
13:22:35.0234 3696 UserName: pfxScanner
13:22:35.0234 3696 Windows directory: C:\WINDOWS
13:22:35.0234 3696 System windows directory: C:\WINDOWS
13:22:35.0234 3696 Processor architecture: Intel x86
13:22:35.0234 3696 Number of processors: 4
13:22:35.0234 3696 Page size: 0x1000
13:22:35.0234 3696 Boot type: Normal boot
13:22:35.0234 3696 ============================================================
13:22:35.0828 3696 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:22:35.0828 3696 \Device\Harddisk0\DR0:
13:22:35.0828 3696 MBR used
13:22:35.0828 3696 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2738A, BlocksNum 0x129DDD72
13:22:35.0875 3696 Initialize success
13:22:35.0875 3696 ============================================================
13:24:22.0765 1928 ============================================================
13:24:22.0765 1928 Scan started
13:24:22.0765 1928 Mode: Manual;
13:24:22.0765 1928 ============================================================
13:24:23.0578 1928 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
13:24:23.0578 1928 !SASCORE - ok
13:24:24.0109 1928 Abiosdsk - ok
13:24:24.0156 1928 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
13:24:24.0187 1928 abp480n5 - ok
13:24:24.0250 1928 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:24:24.0250 1928 ACPI - ok
13:24:24.0250 1928 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:24:24.0359 1928 ACPIEC - ok
13:24:24.0468 1928 ADIHdAudAddService (9d13680a2f0a4d61870da624e8e2f305) C:\WINDOWS\system32\drivers\ADIHdAud.sys
13:24:24.0468 1928 ADIHdAudAddService - ok
13:24:24.0531 1928 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
13:24:24.0578 1928 adpu160m - ok
13:24:24.0640 1928 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:24:24.0687 1928 aec - ok
13:24:24.0750 1928 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:24:24.0750 1928 AFD - ok
13:24:24.0796 1928 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
13:24:24.0828 1928 agp440 - ok
13:24:24.0843 1928 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
13:24:24.0906 1928 agpCPQ - ok
13:24:24.0906 1928 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
13:24:24.0953 1928 Aha154x - ok
13:24:24.0953 1928 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
13:24:25.0000 1928 aic78u2 - ok
13:24:25.0015 1928 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
13:24:25.0078 1928 aic78xx - ok
13:24:25.0406 1928 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
13:24:25.0421 1928 Alerter - ok
13:24:25.0453 1928 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
13:24:25.0453 1928 ALG - ok
13:24:25.0515 1928 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
13:24:25.0546 1928 AliIde - ok
13:24:25.0562 1928 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
13:24:25.0593 1928 alim1541 - ok
13:24:26.0234 1928 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
13:24:26.0281 1928 amdagp - ok
13:24:26.0312 1928 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
13:24:26.0359 1928 amsint - ok
13:24:26.0421 1928 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
13:24:26.0421 1928 AppMgmt - ok
13:24:26.0468 1928 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
13:24:26.0500 1928 asc - ok
13:24:26.0515 1928 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
13:24:26.0562 1928 asc3350p - ok
13:24:26.0609 1928 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
13:24:26.0640 1928 asc3550 - ok
13:24:26.0703 1928 Aspi32 (20d04091eba710f6988f710507d85868) C:\WINDOWS\system32\drivers\Aspi32.sys
13:24:26.0734 1928 Aspi32 - ok
13:24:26.0828 1928 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:24:26.0843 1928 aspnet_state - ok
13:24:26.0953 1928 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:24:26.0984 1928 AsyncMac - ok
13:24:27.0000 1928 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:24:27.0046 1928 atapi - ok
13:24:27.0046 1928 Atdisk - ok
13:24:27.0062 1928 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:24:27.0093 1928 Atmarpc - ok
13:24:27.0140 1928 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
13:24:27.0140 1928 AudioSrv - ok
13:24:27.0156 1928 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:24:27.0187 1928 audstub - ok
13:24:27.0234 1928 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
13:24:27.0281 1928 BANTExt - ok
13:24:27.0296 1928 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:24:27.0328 1928 Beep - ok
13:24:27.0375 1928 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
13:24:27.0390 1928 BITS - ok
13:24:27.0437 1928 bmdrvr (6b4f0751782cf724398b12b64a2da2b4) C:\WINDOWS\system32\drivers\bmdrvr.sys
13:24:27.0468 1928 bmdrvr - ok
13:24:27.0593 1928 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
13:24:27.0593 1928 Browser - ok
13:24:27.0671 1928 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
13:24:27.0703 1928 cbidf - ok
13:24:27.0703 1928 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:24:27.0703 1928 cbidf2k - ok
13:24:27.0781 1928 CCHAFR - ok
13:24:27.0781 1928 CCHAQA - ok
13:24:27.0796 1928 CCHCLASS - ok
13:24:27.0796 1928 CCHEXIMG - ok
13:24:27.0796 1928 CCHEXPDF - ok
13:24:27.0812 1928 CCHIMAGE - ok
13:24:27.0812 1928 CCHIPI - ok
13:24:27.0812 1928 CCHMOD - ok
13:24:27.0812 1928 CCHMULTI - ok
13:24:27.0828 1928 CCHSSOCR - ok
13:24:27.0828 1928 CCHWATCH - ok
13:24:27.0843 1928 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
13:24:27.0890 1928 cd20xrnt - ok
13:24:27.0921 1928 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:24:27.0953 1928 Cdaudio - ok
13:24:27.0968 1928 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:24:28.0000 1928 Cdfs - ok
13:24:28.0062 1928 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:24:28.0093 1928 Cdrom - ok
13:24:28.0109 1928 Changer - ok
13:24:28.0156 1928 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
13:24:28.0156 1928 CiSvc - ok
13:24:28.0171 1928 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
13:24:28.0171 1928 ClipSrv - ok
13:24:28.0234 1928 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:24:28.0281 1928 clr_optimization_v2.0.50727_32 - ok
13:24:28.0406 1928 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
13:24:28.0453 1928 CmdIde - ok
13:24:28.0453 1928 COMSysApp - ok
13:24:28.0468 1928 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
13:24:28.0500 1928 Cpqarray - ok
13:24:28.0562 1928 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
13:24:28.0578 1928 CryptSvc - ok
13:24:28.0578 1928 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
13:24:28.0625 1928 dac2w2k - ok
13:24:28.0625 1928 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
13:24:28.0671 1928 dac960nt - ok
13:24:28.0718 1928 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
13:24:28.0718 1928 DcomLaunch - ok
13:24:28.0781 1928 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
13:24:28.0781 1928 Dhcp - ok
13:24:28.0890 1928 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:24:28.0937 1928 Disk - ok
13:24:28.0937 1928 dmadmin - ok
13:24:28.0968 1928 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:24:29.0078 1928 dmboot - ok
13:24:29.0171 1928 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:24:29.0203 1928 dmio - ok
13:24:29.0218 1928 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:24:29.0250 1928 dmload - ok
13:24:29.0281 1928 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
13:24:29.0296 1928 dmserver - ok
13:24:29.0343 1928 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:24:29.0390 1928 DMusic - ok
13:24:29.0453 1928 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
13:24:29.0453 1928 Dnscache - ok
13:24:29.0484 1928 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
13:24:29.0500 1928 Dot3svc - ok
13:24:29.0515 1928 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
13:24:29.0562 1928 dpti2o - ok
13:24:29.0609 1928 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:24:29.0640 1928 drmkaud - ok
13:24:29.0656 1928 e1kexpress (df9261eb1bcb4983dddb765b3950fc97) C:\WINDOWS\system32\DRIVERS\e1k5132.sys
13:24:29.0703 1928 e1kexpress - ok
13:24:29.0750 1928 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
13:24:29.0750 1928 EapHost - ok
13:24:29.0781 1928 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
13:24:29.0781 1928 ERSvc - ok
13:24:29.0843 1928 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:24:29.0843 1928 Eventlog - ok
13:24:29.0859 1928 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
13:24:29.0859 1928 EventSystem - ok
13:24:29.0906 1928 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:24:29.0937 1928 Fastfat - ok
13:24:30.0000 1928 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:24:30.0000 1928 FastUserSwitchingCompatibility - ok
13:24:30.0015 1928 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
13:24:30.0015 1928 Fax - ok
13:24:30.0031 1928 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
13:24:30.0078 1928 Fdc - ok
13:24:30.0171 1928 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:24:30.0218 1928 Fips - ok
13:24:30.0234 1928 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
13:24:30.0265 1928 Flpydisk - ok
13:24:30.0296 1928 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:24:30.0343 1928 FltMgr - ok
13:24:30.0500 1928 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:24:30.0531 1928 FontCache3.0.0.0 - ok
13:24:30.0687 1928 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:24:30.0718 1928 Fs_Rec - ok
13:24:30.0765 1928 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:24:30.0812 1928 Ftdisk - ok
13:24:30.0968 1928 GoToAssist (5cc2b1d06ac1962af5fbbcf88d781dd8) C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe
13:24:30.0984 1928 GoToAssist - ok
13:24:31.0125 1928 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:24:31.0171 1928 Gpc - ok
13:24:31.0218 1928 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
13:24:31.0218 1928 gupdate - ok
13:24:31.0312 1928 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
13:24:31.0343 1928 gupdatem - ok
13:24:31.0421 1928 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:24:31.0437 1928 gusvc - ok
13:24:31.0562 1928 hcmon (1c51e9db4a24c4a6b7ad5be4bc4b19a6) C:\WINDOWS\system32\drivers\hcmon.sys
13:24:31.0625 1928 hcmon - ok
13:24:31.0718 1928 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:24:31.0765 1928 HDAudBus - ok
13:24:31.0875 1928 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:24:31.0875 1928 helpsvc - ok
13:24:31.0921 1928 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
13:24:31.0921 1928 HidServ - ok
13:24:32.0000 1928 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:24:32.0031 1928 hidusb - ok
13:24:32.0093 1928 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
13:24:32.0109 1928 hkmsvc - ok
13:24:32.0140 1928 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
13:24:32.0171 1928 hpn - ok
13:24:32.0234 1928 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:24:32.0265 1928 HTTP - ok
13:24:32.0312 1928 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
13:24:32.0312 1928 HTTPFilter - ok
13:24:32.0359 1928 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
13:24:32.0390 1928 i2omgmt - ok
13:24:32.0421 1928 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
13:24:32.0453 1928 i2omp - ok
13:24:32.0546 1928 IAANTMON (52e8a3cc8269adb27d25182284c5e650) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
13:24:32.0546 1928 IAANTMON - ok
13:24:32.0906 1928 ialm (a01bb8da8d73bca83702a4cf1cd56dce) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
13:24:33.0250 1928 ialm - ok
13:24:33.0453 1928 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\WINDOWS\system32\drivers\iaStor.sys
13:24:33.0453 1928 iaStor - ok
13:24:33.0625 1928 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:24:33.0656 1928 idsvc - ok
13:24:33.0750 1928 iGateway (404544c1b48aac95a839f5d48cf82ba6) C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
13:24:33.0750 1928 iGateway - ok
13:24:33.0906 1928 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:24:33.0937 1928 Imapi - ok
13:24:33.0984 1928 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
13:24:33.0984 1928 ImapiService - ok
13:24:34.0015 1928 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
13:24:34.0046 1928 ini910u - ok
13:24:34.0156 1928 InoRPC (4f7d1520bbe672fd9364a9f6f1def47c) C:\Program Files\CA\eTrustITM\InoRpc.exe
13:24:34.0156 1928 InoRPC - ok
13:24:34.0171 1928 InoRT (a08267418c7fd4cc79cbe392373209db) C:\Program Files\CA\eTrustITM\InoRT.exe
13:24:34.0171 1928 InoRT - ok
13:24:34.0234 1928 InoTask (289d11b07c61f1e8f65312081b26ac6b) C:\Program Files\CA\eTrustITM\InoTask.exe
13:24:34.0234 1928 InoTask - ok
13:24:34.0359 1928 INO_FLPY (4eb3cd8cd2210807ada276542eb99b06) C:\WINDOWS\system32\Drivers\ino_flpy.sys
13:24:34.0406 1928 INO_FLPY - ok
13:24:34.0453 1928 INO_FLTR (ebfb9e788557aded04aef87247ae56dd) C:\WINDOWS\system32\Drivers\ino_fltr.sys
13:24:34.0500 1928 INO_FLTR - ok
13:24:34.0734 1928 InputAccel (f6c09dc144d79485648d6aeec5087456) C:\ProSystem fx Scan\IA\Server\binnt\ias.exe
13:24:34.0750 1928 InputAccel - ok
13:24:34.0906 1928 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:24:34.0953 1928 IntelIde - ok
13:24:34.0984 1928 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:24:35.0015 1928 intelppm - ok
13:24:35.0062 1928 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:24:35.0093 1928 Ip6Fw - ok
13:24:35.0171 1928 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:24:35.0203 1928 IpFilterDriver - ok
13:24:35.0203 1928 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:24:35.0250 1928 IpInIp - ok
13:24:35.0281 1928 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:24:35.0328 1928 IpNat - ok
13:24:35.0390 1928 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:24:35.0421 1928 IPSec - ok
13:24:35.0453 1928 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:24:35.0500 1928 IRENUM - ok
13:24:35.0609 1928 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:24:35.0640 1928 isapnp - ok
13:24:35.0734 1928 ivusb (de96bbf842059a67d876b692076d8875) C:\WINDOWS\system32\DRIVERS\ivusb.sys
13:24:35.0765 1928 ivusb - ok
13:24:35.0906 1928 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:24:35.0937 1928 Kbdclass - ok
13:24:36.0031 1928 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:24:36.0062 1928 kbdhid - ok
13:24:36.0156 1928 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:24:36.0156 1928 kmixer - ok
13:24:36.0203 1928 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:24:36.0218 1928 KSecDD - ok
13:24:36.0281 1928 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
13:24:36.0312 1928 LanmanServer - ok
13:24:36.0343 1928 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
13:24:36.0343 1928 lanmanworkstation - ok
13:24:36.0375 1928 lbrtfdc - ok
13:24:36.0453 1928 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
13:24:36.0453 1928 LmHosts - ok
13:24:36.0562 1928 LMS (0dcc83896660268ed3a0325ec353f650) C:\Program Files\Intel\AMT\LMS.exe
13:24:36.0562 1928 LMS - ok
13:24:36.0718 1928 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
13:24:36.0734 1928 Messenger - ok
13:24:36.0781 1928 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:24:36.0812 1928 mnmdd - ok
13:24:36.0984 1928 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
13:24:37.0000 1928 mnmsrvc - ok
13:24:37.0078 1928 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:24:37.0109 1928 Modem - ok
13:24:37.0156 1928 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:24:37.0187 1928 Mouclass - ok
13:24:37.0218 1928 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:24:37.0250 1928 mouhid - ok
13:24:37.0312 1928 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:24:37.0343 1928 MountMgr - ok
13:24:37.0375 1928 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
13:24:37.0406 1928 mraid35x - ok
13:24:37.0484 1928 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:24:37.0531 1928 MRxDAV - ok
13:24:37.0578 1928 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:24:37.0609 1928 MRxSmb - ok
13:24:37.0812 1928 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
13:24:37.0812 1928 MSDTC - ok
13:24:37.0875 1928 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:24:37.0906 1928 Msfs - ok
13:24:37.0921 1928 MSIServer - ok
13:24:37.0937 1928 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:24:37.0984 1928 MSKSSRV - ok
13:24:37.0984 1928 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:24:38.0015 1928 MSPCLOCK - ok
13:24:38.0031 1928 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:24:38.0062 1928 MSPQM - ok
13:24:38.0109 1928 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:24:38.0109 1928 mssmbios - ok
13:24:38.0171 1928 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:24:38.0171 1928 Mup - ok
13:24:38.0218 1928 NAL (8c48260fd6c281da171bdcc7b7396379) C:\WINDOWS\system32\Drivers\iqvw32.sys
13:24:38.0250 1928 NAL - ok
13:24:38.0281 1928 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
13:24:38.0296 1928 napagent - ok
13:24:38.0328 1928 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:24:38.0375 1928 NDIS - ok
13:24:38.0437 1928 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:24:38.0437 1928 NdisTapi - ok
13:24:38.0453 1928 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:24:38.0484 1928 Ndisuio - ok
13:24:38.0500 1928 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:24:38.0531 1928 NdisWan - ok
13:24:38.0562 1928 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:24:38.0578 1928 NDProxy - ok
13:24:38.0640 1928 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:24:38.0671 1928 NetBIOS - ok
13:24:38.0703 1928 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:24:38.0750 1928 NetBT - ok
13:24:38.0796 1928 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:24:38.0796 1928 NetDDE - ok
13:24:38.0812 1928 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:24:38.0812 1928 NetDDEdsdm - ok
13:24:38.0906 1928 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:24:38.0906 1928 Netlogon - ok
13:24:38.0953 1928 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
13:24:38.0953 1928 Netman - ok
13:24:39.0078 1928 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:24:39.0093 1928 NetTcpPortSharing - ok
13:24:39.0218 1928 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
13:24:39.0234 1928 Nla - ok
13:24:39.0296 1928 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:24:39.0328 1928 Npfs - ok
13:24:39.0421 1928 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:24:39.0500 1928 Ntfs - ok
13:24:39.0671 1928 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:24:39.0671 1928 NtLmSsp - ok
13:24:39.0718 1928 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
13:24:39.0734 1928 NtmsSvc - ok
13:24:39.0765 1928 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:24:39.0796 1928 Null - ok
13:24:39.0875 1928 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:24:39.0921 1928 NwlnkFlt - ok
13:24:40.0031 1928 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:24:40.0062 1928 NwlnkFwd - ok
13:24:40.0109 1928 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:24:40.0156 1928 Parport - ok
13:24:40.0187 1928 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:24:40.0234 1928 PartMgr - ok
13:24:40.0359 1928 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:24:40.0390 1928 ParVdm - ok
13:24:40.0453 1928 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
13:24:40.0484 1928 PBADRV - ok
13:24:40.0500 1928 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:24:40.0531 1928 PCI - ok
13:24:40.0562 1928 PCIDump - ok
13:24:40.0609 1928 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:24:40.0656 1928 PCIIde - ok
13:24:40.0671 1928 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:24:40.0718 1928 Pcmcia - ok
13:24:40.0765 1928 PDCOMP - ok
13:24:40.0765 1928 PDFRAME - ok
13:24:40.0781 1928 PDRELI - ok
13:24:40.0781 1928 PDRFRAME - ok
13:24:40.0796 1928 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
13:24:40.0828 1928 perc2 - ok
13:24:40.0843 1928 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
13:24:40.0875 1928 perc2hib - ok
13:24:40.0984 1928 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:24:40.0984 1928 PlugPlay - ok
13:24:41.0062 1928 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:24:41.0062 1928 PolicyAgent - ok
13:24:41.0125 1928 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:24:41.0171 1928 PptpMiniport - ok
13:24:41.0171 1928 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:24:41.0171 1928 ProtectedStorage - ok
13:24:41.0187 1928 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:24:41.0281 1928 PSched - ok
13:24:41.0296 1928 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:24:41.0328 1928 Ptilink - ok
13:24:41.0453 1928 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:24:41.0500 1928 PxHelp20 - ok
13:24:41.0531 1928 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
13:24:41.0578 1928 ql1080 - ok
13:24:41.0593 1928 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
13:24:41.0640 1928 Ql10wnt - ok
13:24:41.0687 1928 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
13:24:41.0718 1928 ql12160 - ok
13:24:41.0765 1928 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
13:24:41.0812 1928 ql1240 - ok
13:24:41.0859 1928 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
13:24:41.0890 1928 ql1280 - ok
13:24:42.0015 1928 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
13:24:42.0015 1928 RapportCerberus_34302 - ok
13:24:42.0203 1928 RapportEI (5074fe56c70b31909c6b3129280c4cf2) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
13:24:42.0203 1928 RapportEI - ok
13:24:42.0312 1928 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
13:24:42.0312 1928 RapportIaso - ok
13:24:42.0468 1928 RapportKELL (d6c7c196ad59375e9dde68d70db6e7a1) C:\WINDOWS\system32\Drivers\RapportKELL.sys
13:24:42.0468 1928 RapportKELL - ok
13:24:42.0640 1928 RapportMgmtService (c7d3492630472dc0546715dd4157b6c2) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
13:24:42.0671 1928 RapportMgmtService - ok
13:24:42.0687 1928 RapportPG (1205f9ccc78d152a5cc509f5ee32800d) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
13:24:42.0687 1928 RapportPG - ok
13:24:42.0875 1928 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:24:42.0906 1928 RasAcd - ok
13:24:42.0953 1928 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
13:24:42.0968 1928 RasAuto - ok
13:24:43.0000 1928 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:24:43.0031 1928 Rasl2tp - ok
13:24:43.0062 1928 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
13:24:43.0078 1928 RasMan - ok
13:24:43.0078 1928 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:24:43.0140 1928 RasPppoe - ok
13:24:43.0156 1928 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:24:43.0187 1928 Raspti - ok
13:24:43.0234 1928 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:24:43.0265 1928 Rdbss - ok
13:24:43.0296 1928 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:24:43.0328 1928 RDPCDD - ok
13:24:43.0359 1928 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:24:43.0437 1928 rdpdr - ok
13:24:43.0484 1928 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
13:24:43.0484 1928 RDPWD - ok
13:24:43.0546 1928 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
13:24:43.0546 1928 RDSessMgr - ok
13:24:43.0609 1928 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:24:43.0640 1928 redbook - ok
13:24:43.0671 1928 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
13:24:43.0687 1928 RemoteAccess - ok
13:24:43.0734 1928 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
13:24:43.0750 1928 RemoteRegistry - ok
13:24:43.0796 1928 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
13:24:43.0812 1928 RpcLocator - ok
13:24:43.0875 1928 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
13:24:43.0875 1928 RpcSs - ok
13:24:43.0890 1928 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
13:24:43.0890 1928 RSVP - ok
13:24:43.0937 1928 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:24:43.0937 1928 SamSs - ok
13:24:44.0015 1928 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:24:44.0015 1928 SASDIFSV - ok
13:24:44.0015 1928 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:24:44.0031 1928 SASKUTIL - ok
13:24:44.0187 1928 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
13:24:44.0203 1928 SCardSvr - ok
13:24:44.0234 1928 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
13:24:44.0250 1928 Schedule - ok
13:24:44.0281 1928 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:24:44.0328 1928 Secdrv - ok
13:24:44.0468 1928 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
13:24:44.0468 1928 seclogon - ok
13:24:44.0625 1928 SecureStorageService (d7f978c1b6387544fe132eb5b915ed1a) C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
13:24:44.0687 1928 SecureStorageService - ok
13:24:44.0843 1928 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
13:24:44.0843 1928 SENS - ok
13:24:44.0906 1928 Sentinel (aebba7428a6c40cce3c5abde45190b24) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
13:24:44.0953 1928 Sentinel - ok
13:24:45.0000 1928 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:24:45.0031 1928 Serenum - ok
13:24:45.0046 1928 Serial (2799dbfca854258e5590e6f902a00727) C:\WINDOWS\system32\DRIVERS\serial.sys
13:24:45.0078 1928 Serial ( Virus.Win32.ZAccess.k ) - infected
13:24:45.0078 1928 Serial - detected Virus.Win32.ZAccess.k (0)
13:24:45.0125 1928 SFAUDIO (b6401608579b6431994425ba7653f774) C:\WINDOWS\system32\drivers\sfaudio.sys
13:24:45.0156 1928 SFAUDIO - ok
13:24:45.0203 1928 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:24:45.0250 1928 Sfloppy - ok
13:24:45.0343 1928 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
13:24:45.0359 1928 SharedAccess - ok
13:24:45.0421 1928 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:24:45.0421 1928 ShellHWDetection - ok
13:24:45.0421 1928 Simbad - ok
13:24:45.0453 1928 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
13:24:45.0500 1928 sisagp - ok
13:24:45.0640 1928 SMmonitor (32cb8e01c0370e4b7345920090d5dc57) C:\Program Files\Dell\MD Storage Software\MD Storage Manager\client\monitor\SMmonitor.exe
13:24:45.0656 1928 SMmonitor - ok
13:24:45.0765 1928 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
13:24:45.0796 1928 Sparrow - ok
13:24:45.0843 1928 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:24:45.0875 1928 splitter - ok
13:24:45.0921 1928 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
13:24:45.0921 1928 Spooler - ok
13:24:45.0984 1928 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:24:46.0015 1928 sr - ok
13:24:46.0078 1928 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
13:24:46.0078 1928 srservice - ok
13:24:46.0187 1928 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:24:46.0187 1928 Srv - ok
13:24:46.0250 1928 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
13:24:46.0250 1928 SSDPSRV - ok
13:24:46.0296 1928 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
13:24:46.0312 1928 stisvc - ok
13:24:46.0359 1928 stllssvr (e476c66713c842f58e61a95826ed1d57) c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
13:24:46.0359 1928 stllssvr - ok
13:24:46.0500 1928 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:24:46.0531 1928 swenum - ok
13:24:46.0578 1928 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:24:46.0625 1928 swmidi - ok
13:24:46.0625 1928 SwPrv - ok
13:24:46.0640 1928 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
13:24:46.0671 1928 symc810 - ok
13:24:46.0703 1928 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
13:24:46.0734 1928 symc8xx - ok
13:24:46.0765 1928 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
13:24:46.0796 1928 sym_hi - ok
13:24:46.0812 1928 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
13:24:46.0875 1928 sym_u3 - ok
13:24:47.0015 1928 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:24:47.0046 1928 sysaudio - ok
13:24:47.0125 1928 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
13:24:47.0125 1928 SysmonLog - ok
13:24:47.0171 1928 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
13:24:47.0187 1928 TapiSrv - ok
13:24:47.0250 1928 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:24:47.0250 1928 Tcpip - ok
13:24:47.0343 1928 tcsd_win32.exe (69f1a38a6dbfe682491cb61a596662e3) C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
13:24:47.0375 1928 tcsd_win32.exe - ok
13:24:47.0718 1928 TdmService (a62f1de032e59c4bb35557a2219cb160) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
13:24:47.0750 1928 TdmService - ok
13:24:47.0937 1928 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:24:47.0968 1928 TDPIPE - ok
13:24:48.0000 1928 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:24:48.0046 1928 TDTCP - ok
13:24:48.0062 1928 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:24:48.0093 1928 TermDD - ok
13:24:48.0156 1928 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
13:24:48.0171 1928 TermService - ok
13:24:48.0234 1928 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:24:48.0234 1928 Themes - ok
13:24:48.0265 1928 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
13:24:48.0265 1928 TlntSvr - ok
13:24:48.0296 1928 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
13:24:48.0343 1928 TosIde - ok
13:24:48.0375 1928 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
13:24:48.0375 1928 TrkWks - ok
13:24:48.0406 1928 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:24:48.0437 1928 Udfs - ok
13:24:48.0468 1928 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
13:24:48.0500 1928 ultra - ok
13:24:48.0609 1928 UNS (7436d141af626e76d40e5924550af378) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
13:24:48.0656 1928 UNS - ok
13:24:48.0843 1928 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:24:48.0890 1928 Update - ok
13:24:49.0000 1928 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
13:24:49.0000 1928 upnphost - ok
13:24:49.0031 1928 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
13:24:49.0046 1928 UPS - ok
13:24:49.0062 1928 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:24:49.0093 1928 usbccgp - ok
13:24:49.0140 1928 usbehci (4bac8df07f1d8434fc640e677a62204e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:24:49.0187 1928 usbehci - ok
13:24:49.0234 1928 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:24:49.0281 1928 usbhub - ok
13:24:49.0328 1928 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:24:49.0359 1928 usbscan - ok
13:24:49.0453 1928 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:24:49.0484 1928 USBSTOR - ok
13:24:49.0562 1928 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:24:49.0593 1928 usbuhci - ok
13:24:49.0625 1928 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:24:49.0671 1928 VgaSave - ok
13:24:49.0703 1928 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
13:24:49.0734 1928 viaagp - ok
13:24:49.0750 1928 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
13:24:49.0781 1928 ViaIde - ok
13:24:49.0875 1928 VMUSBArbService (6c551c8b0672c926b80fa8199c8682e7) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
13:24:49.0890 1928 VMUSBArbService - ok
13:24:49.0968 1928 vmware-converter-agent (75bc28f58c95b90dffa5367310bc82eb) C:\Program Files\VMware\VMware vCenter Converter Standalone Agent\vmware-converter-a.exe
13:24:49.0968 1928 vmware-converter-agent - ok
13:24:50.0093 1928 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:24:50.0140 1928 VolSnap - ok
13:24:50.0203 1928 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
13:24:50.0203 1928 VSS - ok
13:24:50.0265 1928 vstor2-mntapi10-shared (0dc78e40a4d1303488670b2f289add80) C:\WINDOWS\system32\drivers\vstor2-mntapi10-shared.sys
13:24:50.0265 1928 vstor2-mntapi10-shared - ok
13:24:50.0375 1928 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
13:24:50.0375 1928 w32time - ok
13:24:50.0453 1928 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:24:50.0500 1928 Wanarp - ok
13:24:50.0593 1928 WavxDMgr (e1369c7a53c76eb681afd0eba348b45a) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
13:24:50.0640 1928 WavxDMgr - ok
13:24:50.0703 1928 WDICA - ok
13:24:50.0781 1928 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:24:50.0812 1928 wdmaud - ok
13:24:50.0921 1928 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
13:24:50.0921 1928 WebClient - ok
13:24:51.0000 1928 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:24:51.0000 1928 winmgmt - ok
13:24:51.0125 1928 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
13:24:51.0156 1928 WinRM - ok
13:24:51.0234 1928 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
13:24:51.0234 1928 WmdmPmSN - ok
13:24:51.0343 1928 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
13:24:51.0359 1928 Wmi - ok
13:24:51.0421 1928 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
13:24:51.0421 1928 WmiAcpi - ok
13:24:51.0500 1928 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:24:51.0515 1928 WmiApSrv - ok
13:24:51.0515 1928 WSearch - ok
13:24:51.0578 1928 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
13:24:51.0578 1928 wuauserv - ok
13:24:51.0671 1928 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
13:24:51.0671 1928 WZCSVC - ok
13:24:51.0718 1928 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
13:24:51.0734 1928 xmlprov - ok
13:24:51.0781 1928 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:24:51.0843 1928 \Device\Harddisk0\DR0 - ok
13:24:51.0843 1928 Boot (0x1200) (36f3e4025f0d7e7708162daf0aefe2fe) \Device\Harddisk0\DR0\Partition0
13:24:51.0843 1928 \Device\Harddisk0\DR0\Partition0 - ok
13:24:51.0843 1928 ============================================================
13:24:51.0843 1928 Scan finished
13:24:51.0843 1928 ============================================================
13:24:51.0859 5304 Detected object count: 1
13:24:51.0859 5304 Actual detected object count: 1
13:25:08.0781 5304 C:\WINDOWS\system32\DRIVERS\serial.sys - copied to quarantine
13:25:09.0281 5304 C:\WINDOWS\$NtUninstallKB33174$\3225567700\@ - copied to quarantine
13:25:09.0281 5304 C:\WINDOWS\$NtUninstallKB33174$\3225567700\cfg.ini - copied to quarantine
13:25:09.0296 5304 C:\WINDOWS\$NtUninstallKB33174$\3225567700\Desktop.ini - copied to quarantine
13:25:09.0328 5304 C:\WINDOWS\$NtUninstallKB33174$\3225567700\L\rohepcid - copied to quarantine
13:25:09.0328 5304 C:\WINDOWS\$NtUninstallKB33174$\3225567700\oemid - copied to quarantine
13:25:09.0359 5304 C:\WINDOWS\$NtUninstallKB33174$\3225567700\U\00000001.@ - copied to quarantine
13:25:09.0406 5304 C:\WINDOWS\$NtUninstallKB33174$\3225567700\U\00000002.@ - copied to quarantine
13:25:09.0437 5304 C:\WINDOWS\$NtUninstallKB33174$\3225567700\U\00000004.@ - copied to quarantine
13:25:09.0484 5304 C:\WINDOWS\$NtUninstallKB33174$\3225567700\U\80000000.@ - copied to quarantine
13:25:09.0515 5304 C:\WINDOWS\$NtUninstallKB33174$\3225567700\U\80000004.@ - copied to quarantine
13:25:09.0546 5304 C:\WINDOWS\$NtUninstallKB33174$\3225567700\U\80000032.@ - copied to quarantine
13:25:09.0562 5304 C:\WINDOWS\$NtUninstallKB33174$\3225567700\version - copied to quarantine
13:25:09.0781 5304 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\serial.sys) error 1813
13:25:12.0109 5304 Backup copy found, using it..
13:25:12.0140 5304 C:\WINDOWS\system32\DRIVERS\serial.sys - will be cured on reboot
13:25:13.0468 5304 C:\WINDOWS\$NtUninstallKB33174$\3225567700\@ - will be deleted on reboot
13:25:13.0468 5304 C:\WINDOWS\$NtUninstallKB33174$\3225567700\cfg.ini - will be deleted on reboot
13:25:13.0468 5304 C:\WINDOWS\$NtUninstallKB33174$\3225567700\Desktop.ini - will be deleted on reboot
13:25:13.0484 5304 C:\WINDOWS\$NtUninstallKB33174$\3225567700\oemid - will be deleted on reboot
13:25:13.0484 5304 C:\WINDOWS\$NtUninstallKB33174$\3225567700\U\00000001.@ - will be deleted on reboot
13:25:13.0484 5304 C:\WINDOWS\$NtUninstallKB33174$\3225567700\U\00000002.@ - will be deleted on reboot
13:25:13.0484 5304 C:\WINDOWS\$NtUninstallKB33174$\3225567700\U\00000004.@ - will be deleted on reboot
13:25:13.0484 5304 C:\WINDOWS\$NtUninstallKB33174$\3225567700\U\80000000.@ - will be deleted on reboot
13:25:13.0484 5304 C:\WINDOWS\$NtUninstallKB33174$\3225567700\U\80000004.@ - will be deleted on reboot
13:25:13.0484 5304 C:\WINDOWS\$NtUninstallKB33174$\3225567700\U\80000032.@ - will be deleted on reboot
13:25:13.0484 5304 C:\WINDOWS\$NtUninstallKB33174$\3225567700\version - will be deleted on reboot
13:25:13.0484 5304 C:\WINDOWS\$NtUninstallKB33174$\4016490863 - will be deleted on reboot
13:25:13.0484 5304 Serial ( Virus.Win32.ZAccess.k ) - User select action: Cure



below is the aswmbr log:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-28 13:43:03
-----------------------------
13:43:03.250 OS Version: Windows 5.1.2600 Service Pack 3
13:43:03.250 Number of processors: 4 586 0x170A
13:43:03.250 ComputerName: FXSCAN UserName:
13:43:06.281 Initialize success
13:46:01.171 AVAST engine defs: 12032801
13:49:26.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
13:49:26.312 Disk 0 Vendor: ST316031 CC45 Size: 152587MB BusType: 8
13:49:26.328 Disk 0 MBR read successfully
13:49:26.328 Disk 0 MBR scan
13:49:26.359 Disk 0 Windows VISTA default MBR code
13:49:26.359 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
13:49:26.375 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152507 MB offset 160650
13:49:26.390 Disk 0 scanning sectors +312496380
13:49:26.484 Disk 0 scanning C:\WINDOWS\system32\drivers
13:49:42.781 Service scanning
13:50:05.609 Modules scanning
13:50:13.656 Disk 0 trace - called modules:
13:50:13.671 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
13:50:14.171 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad1a4d8]
13:50:14.171 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0x8ad1d028]
13:50:15.953 AVAST engine scan C:\WINDOWS
13:50:24.062 AVAST engine scan C:\WINDOWS\system32
13:53:37.796 AVAST engine scan C:\WINDOWS\system32\drivers
13:53:54.281 AVAST engine scan C:\Documents and Settings\Administrator
13:57:29.093 AVAST engine scan C:\Documents and Settings\All Users
13:58:31.625 Scan finished successfully
14:00:53.937 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
14:00:53.937 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"




DDS.txt log below:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by pfxScanner at 14:09:00 on 2012-03-28
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3036.2130 [GMT -5:00]
.
AV: eTrust ITM *Enabled/Outdated* {33EA71EA-56CF-40B5-A06B-BD3A27397C44}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\ProSystem fx Scan\IA\Client\binnt\iaaqa.exe
C:\ProSystem fx Scan\IA\Client\binnt\iaeximg.exe
C:\ProSystem fx Scan\IA\Client\binnt\iaimage.exe
C:\ProSystem fx Scan\IA\Client\binnt\iaipi.exe
C:\ProSystem fx Scan\IA\Client\binnt\iamulti.exe
C:\ProSystem fx Scan\IA\Client\binnt\ssocr.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\CA\eTrustITM\InoTask.exe
C:\ProSystem fx Scan\IA\Server\binnt\ias.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\ProSystem fx Scan\IA\Client\binnt\xocr32b.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Program Files\VMware\VMware vCenter Converter Standalone Agent\vmware-converter-a.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\CA\eTrustITM\realmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\ProSystem fx Scan\IA\Client\binnt\ABBYYOCR.exe
C:\ProSystem fx Scan\IA\Client\binnt\cchclass.exe
C:\ProSystem fx Scan\IA\Client\binnt\cchexpdf.exe
C:\ProSystem fx Scan\IA\Client\binnt\cchmod.exe
C:\ProSystem fx Scan\IA\Client\binnt\cchwatch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://localhost:5250/spin/ITMClient/ITMClient.csp?product=0&TopLevelTab=4&BigButton=2
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre1.6.0_22\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre1.6.0_22\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup
mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Realtime Monitor] "c:\program files\ca\etrustitm\realmon.exe" -s
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
LSP: mswsock.dll
DPF: {13F71666-05F2-11D2-B2F6-00A0C9A08B64} - hxxps://gosystemrs.fasttax.com/OCX/comconv.cab
DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab
DPF: {227F25BE-BCDC-11D0-BA80-0000F6181652} - hxxps://gosystemrs.fasttax.com/OCX/RSLoginModule.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {455182EE-8F93-11D2-BA3C-00C04F7F6533} - hxxps://gosystemrs.fasttax.com/OCX/RSTabbedList.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: {7B640A40-EEC1-11D2-B526-00C04F8DEE99} - hxxps://gosystemrs.fasttax.com/OCX/WebAttachments.cab
DPF: {82BFFC8C-B4BD-11D4-9908-000102053AFB} - hxxps://gosystemrs.fasttax.com/OCX/webnotifier.cab
DPF: {86B092BC-7ABA-11D4-98E7-000102053AFB} - hxxps://gosystemrs.fasttax.com/OCX/Downloader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {973EA5BE-9ED6-11D3-AB1D-00C04F7468E4} - hxxps://gosystemrs.fasttax.com/OCX/DCParse.cab
DPF: {97A90946-2984-11D3-AAE7-00C04F7468E4} - hxxps://gosystemrs.fasttax.com/OCX/frmsrc.cab
DPF: {C945E31A-102E-4A0D-8854-D599D7AED5FA} - hxxps://gosystemrs.fasttax.com/OCX/vsflex8.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://dell.webex.com/client/WBXclient-T27L10NSP31-13320/support/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{01DCC796-37A0-4FDC-BED8-9D3F320EAE3C} : NameServer = 192.168.10.4,192.168.10.7
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 wvauth
.
============= SERVICES / DRIVERS ===============
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-3-11 56208]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2010-2-3 24064]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-3-11 71440]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-3-11 164112]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R2 CCHAFR;ProSystem fx Scan AFR OCR;c:\prosystem fx scan\ia\client\binnt\abbyyocr.exe -login:*@fxscan -autostart -servicemode --> c:\prosystem fx scan\ia\client\binnt\ABBYYOCR.exe -login:*@FXSCAN -autostart -servicemode [?]
R2 CCHAQA;ProSystem fx Scan Quality Assurance;c:\prosystem fx scan\ia\client\binnt\iaaqa.exe -login:*@fxscan -autostart -servicemode --> c:\prosystem fx scan\ia\client\binnt\iaaqa.exe -login:*@FXSCAN -autostart -servicemode [?]
R2 CCHCLASS;ProSystem fx Scan Classification;c:\prosystem fx scan\ia\client\binnt\cchclass.exe -login:*@fxscan -autostart -servicemode --> c:\prosystem fx scan\ia\client\binnt\cchclass.exe -login:*@FXSCAN -autostart -servicemode [?]
R2 CCHEXIMG;ProSystem fx Scan Image Export;c:\prosystem fx scan\ia\client\binnt\iaeximg.exe -login:*@fxscan -autostart -servicemode --> c:\prosystem fx scan\ia\client\binnt\iaeximg.exe -login:*@FXSCAN -autostart -servicemode [?]
R2 CCHEXPDF;ProSystem fx Scan PDF Export;c:\prosystem fx scan\ia\client\binnt\cchexpdf.exe -login:*@fxscan -autostart -servicemode --> c:\prosystem fx scan\ia\client\binnt\cchexpdf.exe -login:*@FXSCAN -autostart -servicemode [?]
R2 CCHIMAGE;ProSystem fx Scan Image Rotation;c:\prosystem fx scan\ia\client\binnt\iaimage.exe -login:*@fxscan -autostart -servicemode --> c:\prosystem fx scan\ia\client\binnt\iaimage.exe -login:*@FXSCAN -autostart -servicemode [?]
R2 CCHIPI;ProSystem fx Scan Image Enhancement;c:\prosystem fx scan\ia\client\binnt\iaipi.exe -login:*@fxscan -autostart -servicemode --> c:\prosystem fx scan\ia\client\binnt\iaipi.exe -login:*@FXSCAN -autostart -servicemode [?]
R2 CCHMOD;ProSystem fx Scan Border Removal;c:\prosystem fx scan\ia\client\binnt\cchmod.exe -login:*@fxscan -autostart -servicemode --> c:\prosystem fx scan\ia\client\binnt\cchmod.exe -login:*@FXSCAN -autostart -servicemode [?]
R2 CCHMULTI;ProSystem fx Scan Multi;c:\prosystem fx scan\ia\client\binnt\iamulti.exe -login:*@fxscan -autostart -servicemode --> c:\prosystem fx scan\ia\client\binnt\iamulti.exe -login:*@FXSCAN -autostart -servicemode [?]
R2 CCHSSOCR;ProSystem fx Scan ScanSoft OCR;c:\prosystem fx scan\ia\client\binnt\ssocr.exe -login:*@fxscan -autostart -servicemode --> c:\prosystem fx scan\ia\client\binnt\ssocr.exe -login:*@FXSCAN -autostart -servicemode [?]
R2 CCHWATCH;ProSystem fx Scan Folder Monitor;c:\prosystem fx scan\ia\client\binnt\cchwatch.exe -login:*@fxscan -autostart -servicemode --> c:\prosystem fx scan\ia\client\binnt\cchwatch.exe -login:*@FXSCAN -autostart -servicemode [?]
R2 InputAccel;InputAccel Server;c:\prosystem fx scan\ia\server\binnt\ias.exe [2010-2-10 1015808]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-3-11 931640]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2010-2-3 2066968]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2011-6-1 609904]
R2 vmware-converter-agent;VMware vCenter Converter Standalone Agent;c:\program files\vmware\vmware vcenter converter standalone agent\vmware-converter-a.exe [2011-8-19 423536]
R2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);c:\windows\system32\drivers\vstor2-mntapi10-shared.sys [2011-7-12 22768]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-2-3 157152]
R3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\RapportIaso.sys [2011-8-7 21520]
S0 21196490;21196490;c:\windows\system32\drivers\41563740.sys --> c:\windows\system32\drivers\41563740.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664]
S3 bmdrvr;Modified Clusters Tracking Driver;c:\windows\system32\drivers\bmdrvr.sys [2011-3-15 54384]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]
S3 SMmonitor;Modular Disk Storage Manager Event Monitor;c:\program files\dell\md storage software\md storage manager\client\monitor\SMmonitor.exe [2011-12-1 69632]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-25 14336]
.
=============== Created Last 30 ================
.
2012-03-28 18:25:08 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-21 13:52:15 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-11 18:48:50 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
==================== Find3M ====================
.
2012-03-28 18:27:20 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2012-02-16 20:18:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:26:17 1869184 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 14:09:33.45 ===============

Attached Files

  • Attached File  MBR.zip   557bytes   1 downloads


#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:59 PM

Posted 29 March 2012 - 07:23 AM

Looking better but still some work to do.

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs and let me know what problem persists.
===

#6 HenryJ

HenryJ
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 01 April 2012 - 09:14 PM

My computer seems to be working properly now. I have updated my antivirus. Anything else?

Thanks

Attached are the requested items.

Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
CA eTrustITM Agent
Antivirus out of date!
```````````````````````````````
Anti-malware/Other Utilities Check:

SUPERAntiSpyware
CCleaner
Java™ 6 Update 22
Java version out of date!
Adobe Flash Player 11.1.102.62
Adobe Reader X (10.1.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent

CA eTrustITM InoRpc.exe
CA eTrustITM InoRT.exe
CA eTrustITM InoTask.exe
CA eTrustITM realmon.exe
``````````End of Log````````````

Attached Files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:59 PM

Posted 02 April 2012 - 09:44 AM

CA eTrustITM Agent
Antivirus out of date!

Make sure you keep this program up to date.

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 22


===

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

#8 HenryJ

HenryJ
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 02 April 2012 - 10:09 AM

thanks for your help.
I will perform those updates and uninstall combofix.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:59 PM

Posted 08 April 2012 - 08:37 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users