mikkimonkki

Is it possible for a virus to completely work it`s way into the Hard Drive and Recovery Discs?

Recommended Posts

Hi

I ask the introductory question "Is it possible for a virus to completely work it`s way into the Hard Drive and Recovery Discs?" because each time I format my Computer the same items are found! i.e."Gen Trojan IK, Trace Reg dll Tv Tune x 2 & Riskware Win 32 KillApp". This leads to eventually the whole Computer shutting down.

I then have to format the Computer and start again by adding the Recovery Disc`s which adds the software etc;

Would you please be so very kind in advising me how to get rid of these parasites...?

I know you are so very busy, I do appreciate your time and expertise and knowledge.

I have only just joined Emisisoft, however I do really rate your Anti-Malware and products, I will be telling every body of your 10 star software!

Thanks

Mikkimonkki

Share this post


Link to post
Share on other sites

Hi Mikkimonkki, welcome to the forum

Posting the names of the alleged infection does not provide any information.

Since you posted into this section please follow the rules of this section

See the referred link below.

In addition please read about Traces & Riskware - those are not necessarily dangerous

"KillApp" can belong to the legitimate Application that can be pre-installed, say in most of contemporary HP laptops

Anyway nothing can be said without providing sufficient information

=======

Read the following instructions

START HERE, if you don't we are just going to send you back to this thread <--click

Prepare and post (attach) the required log files into this thread

Wait for reply from ShadowPuterDude, Katana, or JeanInMontana

for assistance and further instructions.

=======

Translation Links for Forum Instructions

My regards

Share this post


Link to post
Share on other sites

Logfile of HiJackFree v4.5

Scan saved at 15:59:19, on 18/12/2010

Platform: Windows Vista64 (Windows NT 6.0.6002)

MSIE: Internet Explorer v 8.0 (8.0.6001.18999)

Running processes:

C:\Windows\SysNative\smss.exe

C:\Windows\SysNative\csrss.exe

C:\Windows\SysNative\wininit.exe

C:\Windows\SysNative\csrss.exe

C:\Windows\SysNative\services.exe

C:\Windows\SysNative\lsass.exe

C:\Windows\SysNative\lsm.exe

C:\Windows\SysNative\winlogon.exe

C:\Windows\SysNative\svchost.exe

C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe

C:\Windows\SysNative\svchost.exe

C:\Windows\SysNative\Ati2evxx.exe

C:\Windows\SysNative\svchost.exe

C:\Windows\SysNative\svchost.exe

C:\Windows\SysNative\svchost.exe

C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_6ef279c8\stacsv64.exe

C:\Windows\SysNative\svchost.exe

C:\Windows\SysNative\SLsvc.exe

C:\Windows\SysNative\svchost.exe

C:\Windows\SysNative\Ati2evxx.exe

C:\Windows\SysNative\hpservice.exe

C:\Windows\SysNative\svchost.exe

C:\Windows\SysNative\spoolsv.exe

C:\Windows\SysNative\svchost.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\SysNative\svchost.exe

C:\Windows\SysWOW64\svchost.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe

C:\Windows\SysNative\svchost.exe

C:\Program Files (x86)\SMINST\BLService.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Windows\SysNative\svchost.exe

C:\Windows\SysNative\svchost.exe

C:\Windows\SysNative\SearchIndexer.exe

C:\Windows\SysNative\wbem\WmiPrvSE.exe

C:\Windows\SysWOW64\dllhost.exe

C:\Windows\SysNative\taskeng.exe

C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe

C:\Windows\SysNative\taskeng.exe

C:\Windows\SysNative\dwm.exe

C:\Windows\explorer.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe

C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\WordWeb\wweb32.exe

C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysNative\notepad.exe

C:\Program Files (x86)\Emsisoft Anti-Malware\a2start.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Emsisoft HiJackFree\a2hijackfree.exe

C:\Windows\SysNative\SearchProtocolHost.exe

C:\Windows\SysNative\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\IPSBHO.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"

O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"

O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [WordWeb] "C:\Program Files (x86)\WordWeb\wweb32.exe" -startup

O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2guard.exe" /d=60

O4 - HKLM\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKLM\..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN

O4 - HKLM\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O7 - Regedit - Enabled

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra "Tools" menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFBAR.ICO

O14 - IERESET.INF: SearchAssistant=

O14 - IERESET.INF: CustomizeSearch=

O21 - ShellServiceObjectDelayLoad: WebCheck -

O22 - SharedTaskScheduler: Component Categories cache daemon - C:\Windows\system32\browseui.dll

O23 - Service: Emsisoft Anti-Malware 5.0 - Service - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe

O23 - Service: Application Experience Service - C:\Windows\system32\svchost.exe

O23 - Service: Application Layer Gateway Service - C:\Windows\System32\alg.exe

O23 - Service: Application Information Service - C:\Windows\system32\svchost.exe

O23 - Service: Apple Mobile Device - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Windows Audio Service - C:\Windows\System32\svchost.exe

O23 - Service: Windows Audio Service - C:\Windows\System32\svchost.exe

O23 - Service: Base Filtering Engine - C:\Windows\system32\svchost.exe

O23 - Service: Background Intelligent Transfer Service - C:\Windows\System32\svchost.exe

O23 - Service: Bonjour Service - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Computer Browser Service DLL - C:\Windows\System32\svchost.exe

O23 - Service: Bluetooth Support Service - C:\Windows\system32\svchost.exe

O23 - Service: Microsoft Smartcard Certificate Propagation Service - C:\Windows\system32\svchost.exe

O23 - Service: Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

O23 - Service: Microsoft .NET Framework NGEN v2.0.50727_X64 - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

O23 - Service: Microsoft .NET Framework NGEN v4.0.30319_X86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

O23 - Service: Microsoft .NET Framework NGEN v4.0.30319_X64 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

O23 - Service: Com4QLBEx - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: COMSysApp - C:\Windows\system32\dllhost.exe

O23 - Service: Cryptographic Services - C:\Windows\system32\svchost.exe

O23 - Service: DFS Replication Resources - C:\Windows\system32\DFSR.exe

O23 - Service: DHCP Client Service - C:\Windows\system32\svchost.exe

O23 - Service: DNS Client API DLL - C:\Windows\system32\svchost.exe

O23 - Service: Wired AutoConfig Service - C:\Windows\system32\svchost.exe

O23 - Service: Microsoft EAPHost service - C:\Windows\System32\svchost.exe

O23 - Service: Windows Media Center Receiver Service - C:\Windows\ehome\ehRecvr.exe

O23 - Service: Windows Media Center Scheduler Service - C:\Windows\ehome\ehsched.exe

O23 - Service: Windows Media Center Service Launcher - C:\Windows\\system32\svchost.exe

O23 - Service: ReadyBoost Service - C:\Windows\system32\svchost.exe

O23 - Service: Event Logging Service - C:\Windows\System32\svchost.exe

O23 - Service: EventSystem - C:\Windows\system32\svchost.exe

O23 - Service: WS Discovery Service - C:\Windows\system32\svchost.exe

O23 - Service: Function Discovery Resource Publication Service - C:\Windows\system32\svchost.exe

O23 - Service: Windows Font Cache Service - C:\Windows\system32\svchost.exe

O23 - Service: Windows Presentation Foundation Host - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

O23 - Service: GameConsoleService - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: Google Update Service (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HID Service - C:\Windows\system32\svchost.exe

O23 - Service: Key Management Service - C:\Windows\System32\svchost.exe

O23 - Service: HP Health Check Service - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service - C:\Windows\system32\Hpservice.exe

O23 - Service: Service Model Installer Resource Library - C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

O23 - Service: IKE extension - C:\Windows\system32\svchost.exe

O23 - Service: PnP-X IP Bus Enumerator DLL - C:\Windows\system32\svchost.exe

O23 - Service: Service that offers IPv6 connectivity over an IPv4 network. - C:\Windows\System32\svchost.exe

O23 - Service: iPod Service - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: KeyIso - C:\Windows\system32\lsass.exe

O23 - Service: KtmRm - C:\Windows\System32\svchost.exe

O23 - Service: Server Service DLL - C:\Windows\system32\svchost.exe

O23 - Service: Workstation Service DLL - C:\Windows\System32\svchost.exe

O23 - Service: LightScribeService Direct Disc Labeling Service - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Link-Layer Topology Discovery Resources - C:\Windows\System32\svchost.exe

O23 - Service: TCPIP NetBios Transport Services DLL - C:\Windows\system32\svchost.exe

O23 - Service: Media Center Resources - C:\Windows\system32\svchost.exe

O23 - Service: Multimedia Class Scheduler Service - C:\Windows\system32\svchost.exe

O23 - Service: Windows Firewall API - C:\Windows\system32\svchost.exe

O23 - Service: MSDTC - C:\Windows\System32\msdtc.exe

O23 - Service: iSCSI Discovery api - C:\Windows\system32\svchost.exe

O23 - Service: Windows® Installer International Messages - C:\Windows\system32\msiexec

O23 - Service: Quarantine Agent Service Run-Time - C:\Windows\System32\svchost.exe

O23 - Service: Net Logon Services DLL - C:\Windows\system32\lsass.exe

O23 - Service: Network Connections Manager - C:\Windows\System32\svchost.exe

O23 - Service: Network Profile Management UI - C:\Windows\System32\svchost.exe

O23 - Service: Service Model Installer Resource Library - C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

O23 - Service: Norton Internet Security - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe

O23 - Service: Network Location Awareness 2 - C:\Windows\System32\svchost.exe

O23 - Service: Network Store Interface RPC server - C:\Windows\system32\svchost.exe

O23 - Service: Microsoft Office Diagnostics Service - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

O23 - Service: Office Source Engine - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

O23 - Service: Peer-to-Peer Services - C:\Windows\System32\svchost.exe

O23 - Service: Peer-to-Peer Services - C:\Windows\System32\svchost.exe

O23 - Service: Program Compatibility Assistant Service - C:\Windows\system32\svchost.exe

O23 - Service: x86 Performance Counter Host - C:\Windows\SysWow64\perfhost.exe

O23 - Service: Performance Logs & Alerts - C:\Windows\System32\svchost.exe

O23 - Service: User-mode Plug-and-Play Service - C:\Windows\system32\svchost.exe

O23 - Service: Peer-to-Peer Services - C:\Windows\System32\svchost.exe

O23 - Service: Peer-to-Peer Services - C:\Windows\System32\svchost.exe

O23 - Service: Policy Storage dll - C:\Windows\system32\svchost.exe

O23 - Service: ProfSvc - C:\Windows\system32\svchost.exe

O23 - Service: Protected Storage default provider - C:\Windows\system32\lsass.exe

O23 - Service: Windows NT - C:\Windows\\system32\svchost.exe

O23 - Service: Remote Access AutoDial Manager - C:\Windows\system32\svchost.exe

O23 - Service: Remote Access Connection Manager - C:\Windows\system32\svchost.exe

O23 - Service: Dynamic Interface Manager - C:\Windows\system32\svchost.exe

O23 - Service: Remote Registry Service - C:\Windows\system32\svchost.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

O23 - Service: Rpc Locator - C:\Windows\system32\locator.exe

O23 - Service: Smart Card Resource Management Server - C:\Windows\system32\svchost.exe

O23 - Service: Task Scheduler Service - C:\Windows\system32\svchost.exe

O23 - Service: Microsoft Smartcard Certificate Propagation Service - C:\Windows\system32\svchost.exe

O23 - Service: Microsoft® Windows Backup Service - C:\Windows\system32\svchost.exe

O23 - Service: System Event Notification Service (SENS) - C:\Windows\system32\svchost.exe

O23 - Service: Terminal Services Configuration service - C:\Windows\System32\svchost.exe

O23 - Service: Microsoft NAT Helper Components - C:\Windows\System32\svchost.exe

O23 - Service: Windows Shell Services Dll - C:\Windows\System32\svchost.exe

O23 - Service: Microsoft Software Licensing Service - C:\Windows\system32\SLsvc.exe

O23 - Service: Software Licensing UI Notification Service - C:\Windows\system32\svchost.exe

O23 - Service: SNMP Trap - C:\Windows\System32\snmptrap.exe

O23 - Service: SSDP Service DLL - C:\Windows\system32\svchost.exe

O23 - Service: Provides the facility of using Secure Socket Tunneling Protocol (SSTP) to connect to remote computers (using VPN). - C:\Windows\system32\svchost.exe

O23 - Service: Audio Service - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe

O23 - Service: Still Image Devices Service - C:\Windows\system32\svchost.exe

O23 - Service: Microsoft® Volume Shadow Copy Service software provider - C:\Windows\System32\svchost.exe

O23 - Service: Superfetch Service Host - C:\Windows\system32\svchost.exe

O23 - Service: Microsoft Tablet PC Input Service - C:\Windows\System32\svchost.exe

O23 - Service: Microsoft® Windows Telephony Server - C:\Windows\System32\svchost.exe

O23 - Service: TBS Service - C:\Windows\System32\svchost.exe

O23 - Service: Terminal Server Remote Connections Manager - C:\Windows\System32\svchost.exe

O23 - Service: Windows Shell Services Dll - C:\Windows\System32\svchost.exe

O23 - Service: Multimedia Class Scheduler Service - C:\Windows\system32\svchost.exe

O23 - Service: Interactive services detection - C:\Windows\system32\UI0Detect.exe

O23 - Service: UPnP Device Host - C:\Windows\system32\svchost.exe

O23 - Service: Desktop Window Manager - C:\Windows\System32\svchost.exe

O23 - Service: Virtual Disk Service - C:\Windows\System32\vds.exe

O23 - Service: Microsoft® Volume Shadow Copy Service - C:\Windows\system32\vssvc.exe

O23 - Service: Windows Time Service - C:\Windows\system32\svchost.exe

O23 - Service: Windows Connect Now - Config Registrar Service - C:\Windows\System32\svchost.exe

O23 - Service: WcsPlugInService DLL - C:\Windows\system32\svchost.exe

O23 - Service: Web DAV Service DLL - C:\Windows\system32\svchost.exe

O23 - Service: Event Collector Service - C:\Windows\system32\svchost.exe

O23 - Service: Problem Reports and Solutions - C:\Windows\System32\svchost.exe

O23 - Service: Windows Error Reporting Service - C:\Windows\System32\svchost.exe

O23 - Service: WinDefend - C:\Windows\System32\svchost.exe

O23 - Service: Windows HTTP Services - C:\Windows\system32\svchost.exe

O23 - Service: WMI - C:\Windows\system32\svchost.exe

O23 - Service: WSMan Service - C:\Windows\System32\svchost.exe

O23 - Service: Windows WLAN AutoConfig Service DLL - C:\Windows\system32\svchost.exe

O23 - Service: WMI Performance Reverse Adapter - C:\Windows\system32\wbem\WmiApSrv.exe

O23 - Service: WMPNetworkSvc - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe

O23 - Service: WPC Filtering Service - C:\Windows\system32\svchost.exe

O23 - Service: Portable Device Enumerator - C:\Windows\system32\svchost.exe

O23 - Service: wpffontcache_v0400.exe - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe

O23 - Service: Windows Security Center Service - C:\Windows\System32\svchost.exe

O23 - Service: Microsoft Windows Search Indexer - C:\Windows\system32\SearchIndexer.exe

O23 - Service: Windows Update Agent - C:\Windows\system32\svchost.exe

O23 - Service: Windows Driver Foundation - User-mode Driver Framework Service - C:\Windows\system32\svchost.exe

O23 - Service: Power Control [2010/12/13 15:25:03] - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl

Emsisoft Anti-Malware - Version 5.1

Last update: 18/12/2010 15:46:02

Scan settings:

Scan type: Quick Scan

Objects: Memory, Traces, Cookies

Scan archives: Off

Heuristics: Off

ADS Scan: On

Scan start: 18/12/2010 15:46:41

Scanned

Files: 395

Traces: 586181

Cookies: 10

Processes: 76

Found

Files: 0

Traces: 0

Cookies: 0

Processes: 0

Registry keys: 0

Scan end: 18/12/2010 15:48:43

Scan time: 0:02:02

I think what I have included here is correct?

Please forgive me if it is not, as it is my first time ....

No disrespect is mean`t

Thank you for replying to me so quick... it took me along while to understand the instructions... I am disabled... I suffer from panic attacks...also.

Mikkimonkki

Share this post


Link to post
Share on other sites

All logs are to be attached to your replies, unless otherwise instructed to do differently by the Malware Removal Specialist handling your support thread.

There is always the possibility that something malicious could find it's way onto the recovery partition and your self-created recovery discs; if those discs were created on an infected system. It is also possible to receive infected recovery discs from the system manufacturer.

Run a "Smart Scan" with EAM and attach the resulting log.

Share this post


Link to post
Share on other sites

Your logs are not showing malware.

Gen Trojan IK is a generic heuristic detection from the Ikarus AV engine. Generic detections have the highest potential for False Positive detections. Generic detections should always be throughly investigated before any action is taken.

Trace detections are just that, traces detected as having been left behind when something was removed. For the most part these pose no threat, and can be safely removed. However, with that said, there is also a potential for False Positive detections in traces as well. These should also be investigated before action is taken.

Otherwise, I see nothing that causes me to believe that your system is infected.

Share this post


Link to post
Share on other sites

Thank you for your reply. :D

Does that mean, because you have said that there seems to be no infection on my system, that we have to stop searching for any heuristic activity ?

Mikkimonkki :)

Share this post


Link to post
Share on other sites

There is no need to investigate further, as your logs show nothing that would lead my to believe that your system is infected.

Share this post


Link to post
Share on other sites

Thank you for your advice Shadowputerdude. :)

At the moment my computer is behaving under the watchful control of Emisisoft Anti-Malware, which does support your belief that there is no infection on my computer at present. However, with reference to my initial question "Is it possible for a virus to completely work it`s way into the hard drive and recovery discs?" because if I ever had to re-install my recovery computer, I know that my computer will be reinfected with the trojanIK and other problems I mentioned earlier.

The obvious answer is, of course, not to install these discs at all. However, until recently I had no problems after an install, this was of course before I was introduced to Emisisoft Anti-malware, however, can I be sure that these discs were already infected, or did they get infected by malware hitching a ride which learn`t some super new code of which we do not know about yet? lol

Mikkimonkki :D

Share this post


Link to post
Share on other sites

It is impossible for malware to infect Read-Only media. Such as the CD/DVD set that came with your computer. It is possible, though extremely rare, for malware to infect the hidden recovery partition on the hard drive.

Share this post


Link to post
Share on other sites

Thread Closed

Reason: Resolved

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread

Español

Tema cerrado

Razón: Resuelto

Los procedimientos contenidos en este tema son para este usuario y este usuario solamente. Intentando seguir las instrucciones de este tema en su sistema podría resultar en daños en el sistema operativo más allá de reparación. No utilizar cualquiera de las herramientas mencionadas en este tema sin la supervisión de un especialista en eliminación de malware.

Todos los carteles solicitando la asistencia de eliminación de malware están obligados a seguir todos los procedimientos en el hilo titulado Empiece aquí, y si no nos vamos a enviar de vuelta a este hilo

Deutsch

Thema geschlossen

Grund: Aufgelöst

Die Verfahren in diesem Thread enthalten sind für den Benutzer und dieser Benutzer. Der Versuch, die Anweisungen in diesem Thread auf Ihrem System benutzen könnte zu einer Beschädigung des Betriebssystems nicht mehr zu reparieren führen. Verwenden Sie keine der Tools in diesem Thread ohne Aufsicht eines Malware Removal Specialist erwähnt.

Alle Poster ersuchenden Malware Removal Unterstützung sind erforderlich, um alle Verfahren in dem Thread mit dem Titel folgen START HIER, wenn Sie nicht sind wir nur gehen Sie zurück an diesen Thread

Français

Discussion fermée

Motif: Résolu

Les procédures contenues dans ce fil sont pour cet utilisateur et ce seul utilisateur. Essayez d'utiliser les instructions de ce fil sur votre système pourrait endommager le système d'exploitation au-delà de la réparation. Ne pas utiliser l'un des outils mentionnés dans ce fil sans la supervision d'un spécialiste de suppression de programmes malveillants.

Toutes les affiches demandant Malware aide au déménagement sont tenus de suivre toutes les procédures dans le thread intitulé start Ici, si vous n'aimez pas, nous allons nous contenter de vous renvoyer à ce fil

Italiana

Discussione chiusa

Motivo: Risolto

Le procedure contenute in questo thread sono per questo utente e solo a questo utente. Il tentativo di utilizzare le istruzioni in questo thread sul vostro sistema potrebbe causare danni al sistema operativo al di là di riparazione. Non utilizzare uno degli strumenti citati in questo thread, senza la supervisione di un Malware Removal Specialist.

Tutti i poster richiesta di rimozione malware di assistenza sono tenuti a seguire tutte le procedure nel thread intitolato START QUI, se non ci sono solo andare a mandare indietro a questo thread

Nederlandse

Thread Closed

Reden: Opgelost

De procedures die in deze draad zijn voor deze gebruiker en deze gebruiker. Proberen om de instructies te gebruiken in deze thread op uw systeem zou kunnen leiden tot beschadiging van het besturingssysteem niet meer te repareren. Geen gebruik maken van een van de instrumenten genoemd in deze draad, zonder toezicht van een Malware Removal Specialist.

Alle posters verzoekende Malware Removal bijstand nodig zijn om alle procedures in de thread met de titel START HIER volgen, als je niet we zijn gewoon aan u terug te sturen naar deze draad

Polska

Wątek zamknięty

Powód: Rozwiązane

Procedury zawarte w tym wątku są dla tego użytkownika i to użytkownika. Próba użycia instrukcji w tym wątku na komputerze może doprowadzić do uszkodzenia systemu operacyjnego naprawić. Nie używać żadnych narzędzi, o których mowa w tym wątku bez nadzoru Malware Removal Specialist.

Wszystkie plakaty wniosek Malware Removal pomocy są zobowiązane do przestrzegania wszystkich procedur w wątku pt START HERE, jeśli nie jesteśmy po prostu się wysłać z powrotem do tego wątku

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.