Active hacking attempts on my computer.

**my.computer** · 2011-07-21, 03:27

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Computer at 18:15:34 on 2011-07-20
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2046.1162 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Computer\Desktop\dds.com
C:\Windows\system32\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\computer\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\computer\appdata\roaming\mozilla\firefox\profiles\24mz2ulb.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-6-22 53816]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsle9659b4b;MpKsle9659b4b;c:\programdata\microsoft\microsoft antimalware\definition updates\{90b60bd4-cc40-48b6-b5bb-3570d355deb5}\MpKsle9659b4b.sys [2011-7-20 28752]
R1 RapportCerberus_26762;RapportCerberus_26762;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\26762\RapportCerberus_26762.sys [2011-6-13 57144]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-6-22 66360]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-6-22 158904]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-19 366640]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-6-22 870200]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-4-29 1153368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-29 22712]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
R3 qic157;qic157;c:\windows\system32\drivers\qic157.sys [2009-7-13 8192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-4-29 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-29 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-29 1343400]
.
=============== Created Last 30 ================
.
2011-07-21 00:55:39 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{90b60bd4-cc40-48b6-b5bb-3570d355deb5}\MpKsle9659b4b.sys
2011-07-21 00:55:10 7074640 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{90b60bd4-cc40-48b6-b5bb-3570d355deb5}\mpengine.dll
2011-07-21 00:42:28 -------- d-----w- c:\users\computer\appdata\local\Adobe
2011-07-20 18:36:34 -------- d-sh--w- C:\$RECYCLE.BIN
2011-07-20 17:51:21 98816 ----a-w- c:\windows\sed.exe
2011-07-20 17:51:21 518144 ----a-w- c:\windows\SWREG.exe
2011-07-20 17:51:21 256000 ----a-w- c:\windows\PEV.exe
2011-07-20 17:51:21 208896 ----a-w- c:\windows\MBR.exe
2011-07-20 17:51:11 -------- d-----w- C:\Combo-Fix
2011-07-20 17:15:15 -------- d-----w- c:\users\computer\appdata\local\Apple
2011-07-20 17:14:44 -------- d-----w- c:\users\computer\appdata\local\Apple Computer
2011-07-20 02:22:45 -------- d-----w- c:\program files\ESET
2011-07-19 17:31:27 -------- d-----w- c:\program files\iPod
2011-07-19 17:31:26 -------- d-----w- c:\program files\iTunes
2011-07-16 00:26:06 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-07-16 00:26:05 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-07-16 00:26:05 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-07-16 00:26:04 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-07-16 00:26:04 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-07-16 00:26:03 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-07-16 00:21:41 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-07-02 04:26:47 -------- d-----w- c:\windows\system32\appmgmt
2011-06-29 15:53:41 229224 ----a-w- c:\windows\system32\drivers\VMM.sys
2011-06-29 15:53:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-29 15:53:06 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll
2011-06-29 15:53:03 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-29 15:49:46 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 15:49:42 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-29 15:49:37 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-29 15:49:34 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-06-29 15:49:02 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-29 15:49:01 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-27 23:50:13 -------- d-----w- c:\users\computer\appdata\local\Diagnostics
2011-06-23 01:01:26 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
==================== Find3M ====================
.
2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-19 02:00:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-03 05:59:23 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-06-03 03:48:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-05-14 06:30:30 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-05-14 06:23:24 271872 ----a-w- c:\windows\system32\conhost.exe
2011-05-04 11:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 04:34:43 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- c:\windows\system32\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-05-03 16:08:00 4756216 ----a-w- c:\windows\system32\GameMon.des
2011-04-30 03:15:43 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-04-29 02:46:33 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 02:46:15 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 02:46:10 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:17:36 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-27 02:17:28 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-27 02:17:22 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 04:31:30 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-04-25 02:18:03 338944 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 18:17:05.39 ===============

More Details: Another program Called raport has reported many incidents of key-logging, Blocked cookie access belonging to the Trusteer Rapport program. Along with blocked IP adresses as shown :

"The following IP addresses were tagged as suspicious. When you access a protected website, Rapport checks the IP address against a list of known good addresses for this website. If the address is not found in the list, Rapport replaces it with a known good address for the website. There is no action you need to take."
Jul 20 2011 17:54 IP address 96.6.62.196 doesn't match Santander UK
Jul 20 2011 17:41 IP address 96.6.62.196 doesn't match Santander UK
Jul 20 2011 17:41 IP address 96.6.62.196 doesn't match Santander UK
Jul 19 2011 21:09 IP address 96.6.62.196 doesn't match Santander UK
Jul 15 2011 17:20 IP address 96.6.62.196 doesn't match Santander UK

It has also demonstrated this attempts to screen capture.

Jul 20 2011 17:42 AcroRd32.exe is permanently blocked from capturing sensitive data
Jul 19 2011 16:06 dwm.exe is permanently blocked from capturing sensitive data
Jul 19 2011 10:15 dwm.exe is permanently blocked from capturing sensitive data
Jul 15 2011 09:47 dwm.exe is permanently blocked from capturing sensitive data
Jul 14 2011 21:35 AcroRd32.exe is permanently blocked from capturing sensitive data

I have Malware Anit-Malware Bytes, Spybot S&D, And an updated Microsoft security essentials, all showing no threats. I have downloaded an EsetOnline scanner but haven't scanned it recently.

I do have a disk image of the system from when it was almost-new.

**Blade81** · 2011-07-27, 10:39

Hi

I think you missed Please do NOT run 'FIXES' (ComboFix etc) without being asked (ran ComboFix though it shouldn't be used without supervision) sticky.

Look for old c:\ComboFix.txt file and post back its contents. Post fresh dds logs too.

**my.computer** · 2011-07-27, 19:21

Combofix

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Computer at 10:18:00 on 2011-07-27
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2046.1169 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [COMODO] c:\program files\comodo\comodo geekbuddy\CLPSLA.exe
mRun: [CPA] c:\program files\comodo\comodo geekbuddy\VALA.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
StartupFolder: c:\users\computer\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1 192.168.0.1
TCP: Interfaces\{AB1A79BD-E2E3-4F7C-A4CC-57FDC7834751} : NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{AB1A79BD-E2E3-4F7C-A4CC-57FDC7834751} : DhcpNameServer = 192.168.0.1 192.168.0.1
AppInit_DLLs: c:\windows\system32\guard32.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\computer\appdata\roaming\mozilla\firefox\profiles\24mz2ulb.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-6-22 53816]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-6-30 238960]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-6-30 37592]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl7100aae5;MpKsl7100aae5;c:\programdata\microsoft\microsoft antimalware\definition updates\{ceba329a-a064-4604-93e8-0d41ee04a40a}\MpKsl7100aae5.sys [2011-7-27 28752]
R1 RapportCerberus_26762;RapportCerberus_26762;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\26762\RapportCerberus_26762.sys [2011-6-13 57144]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-6-22 66360]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-6-22 158904]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo geekbuddy\CLPSLS.exe [2011-5-25 154424]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-6-22 870200]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-4-29 1153368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
R3 qic157;qic157;c:\windows\system32\drivers\qic157.sys [2009-7-13 8192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-29 22712]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-4-29 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-29 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-29 1343400]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-19 366640]
.
=============== Created Last 30 ================
.
2011-07-27 17:06:47 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ceba329a-a064-4604-93e8-0d41ee04a40a}\MpKsl7100aae5.sys
2011-07-26 23:47:09 6881616 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ceba329a-a064-4604-93e8-0d41ee04a40a}\mpengine.dll
2011-07-21 22:39:42 -------- d--h--w- C:\VritualRoot
2011-07-21 22:32:12 -------- d-----w- c:\programdata\Comodo
2011-07-21 22:32:06 -------- d-----w- c:\program files\COMODO
2011-07-21 22:32:05 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-07-21 22:32:05 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-07-21 22:32:05 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-07-21 22:31:10 -------- d-----w- c:\programdata\Comodo Downloader
2011-07-21 04:05:25 271872 ----a-w- c:\windows\system32\conhost.exe
2011-07-21 04:05:24 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-07-21 00:42:28 -------- d-----w- c:\users\computer\appdata\local\Adobe
2011-07-20 18:36:34 -------- d-sh--w- C:\$RECYCLE.BIN
2011-07-20 17:51:21 98816 ----a-w- c:\windows\sed.exe
2011-07-20 17:51:21 518144 ----a-w- c:\windows\SWREG.exe
2011-07-20 17:51:21 256000 ----a-w- c:\windows\PEV.exe
2011-07-20 17:51:21 208896 ----a-w- c:\windows\MBR.exe
2011-07-20 17:51:11 -------- d-----w- C:\Combo-Fix
2011-07-20 17:15:15 -------- d-----w- c:\users\computer\appdata\local\Apple
2011-07-20 17:14:44 -------- d-----w- c:\users\computer\appdata\local\Apple Computer
2011-07-20 02:22:45 -------- d-----w- c:\program files\ESET
2011-07-19 17:31:27 -------- d-----w- c:\program files\iPod
2011-07-19 17:31:26 -------- d-----w- c:\program files\iTunes
2011-07-16 00:26:06 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-07-16 00:26:05 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-07-16 00:26:05 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-07-16 00:26:04 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-07-16 00:26:04 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-07-16 00:26:03 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-07-16 00:21:41 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-07-02 04:26:47 -------- d-----w- c:\windows\system32\appmgmt
2011-06-30 16:38:06 37592 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-06-30 16:38:04 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-06-30 16:38:04 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-06-30 16:37:26 285256 ----a-w- c:\windows\system32\guard32.dll
2011-06-29 15:53:41 229224 ----a-w- c:\windows\system32\drivers\VMM.sys
2011-06-29 15:53:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-29 15:53:06 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll
2011-06-29 15:53:03 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-29 15:49:46 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 15:49:42 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-29 15:49:37 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-29 15:49:34 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-06-29 15:49:02 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-29 15:49:01 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-27 23:50:13 -------- d-----w- c:\users\computer\appdata\local\Diagnostics
.
==================== Find3M ====================
.
2011-07-21 18:03:40 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-23 01:01:26 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-06-03 05:59:23 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-06-03 03:48:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-05-10 15:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 15:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-05-04 11:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 04:34:43 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- c:\windows\system32\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-05-03 16:08:00 4756216 ----a-w- c:\windows\system32\GameMon.des
2011-04-30 03:15:43 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-04-29 02:46:33 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 02:46:15 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 02:46:10 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
.
============= FINISH: 10:20:18.74 ===============

**my.computer** · 2011-07-27, 19:24

ComboFix 11-07-20.02 - Computer 07/20/2011 11:27:13.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2046.1401 [GMT -7:00]
Running from: c:\users\Computer\Desktop\Combo-Fix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-06-20 to 2011-07-20 )))))))))))))))))))))))))))))))
.
.
2011-07-20 18:34 . 2011-07-20 18:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-20 18:18 . 2011-07-20 18:18 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{232561FC-3220-4F2C-81CB-0339428A47CA}\MpKslc8994783.sys
2011-07-20 18:08 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{232561FC-3220-4F2C-81CB-0339428A47CA}\mpengine.dll
2011-07-20 17:51 . 2011-07-20 18:05 -------- d-----w- C:\Combo-Fix
2011-07-20 17:15 . 2011-07-20 17:15 -------- d-----w- c:\users\Computer\AppData\Local\Apple
2011-07-20 17:14 . 2011-07-20 17:14 -------- d-----w- c:\users\Computer\AppData\Local\Apple Computer
2011-07-20 02:22 . 2011-07-20 02:22 -------- d-----w- c:\program files\ESET
2011-07-19 17:31 . 2011-07-19 17:31 -------- d-----w- c:\program files\iPod
2011-07-19 17:31 . 2011-07-19 17:32 -------- d-----w- c:\program files\iTunes
2011-07-19 17:24 . 2011-07-19 17:24 -------- d-----w- c:\program files\Apple Software Update
2011-07-16 00:26 . 2011-03-25 02:57 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-07-16 00:26 . 2011-03-25 02:58 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-07-16 00:26 . 2011-03-25 02:58 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-07-16 00:26 . 2011-03-25 02:57 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-07-16 00:26 . 2011-03-25 02:57 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-07-16 00:26 . 2011-03-25 02:58 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-07-16 00:21 . 2011-06-11 02:29 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-07-02 21:34 . 2011-07-02 21:34 -------- d-----w- c:\users\Default\AppData\Roaming\Trusteer
2011-06-29 15:53 . 2011-06-29 15:53 229224 ----a-w- c:\windows\system32\drivers\VMM.sys
2011-06-29 15:53 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-29 15:53 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-06-29 15:53 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-29 15:49 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 15:49 . 2011-02-25 05:34 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-29 15:49 . 2011-05-03 04:30 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-29 15:49 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-06-29 15:49 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-29 15:49 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-27 23:50 . 2011-06-27 23:50 -------- d-----w- c:\users\Computer\AppData\Local\Diagnostics
2011-06-23 01:01 . 2011-06-23 01:01 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-06-20 23:08 . 2011-06-20 23:08 -------- d-----w- c:\program files\Common Files\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-07 02:52 . 2011-04-30 02:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 02:52 . 2011-04-30 02:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-19 02:00 . 2011-05-25 01:10 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-18 19:30 . 2011-06-18 19:26 164880 ---ha-w- c:\users\Computer\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2011-06-07 15:55 . 2011-05-29 20:01 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-04 11:52 . 2011-05-26 00:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-03 16:08 . 2011-05-25 01:21 4756216 ----a-w- c:\windows\system32\GameMon.des
2011-04-30 03:15 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-04-30 02:56 . 2011-04-30 02:56 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-30 02:56 . 2011-04-30 02:56 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-30 02:56 . 2011-04-30 02:56 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-30 02:56 . 2011-04-30 02:56 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-30 02:56 . 2011-04-30 02:56 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-30 02:56 . 2011-04-30 02:56 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-30 02:56 . 2011-04-30 02:56 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-30 02:56 . 2011-04-30 02:56 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-30 02:56 . 2011-04-30 02:56 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-30 02:56 . 2011-04-30 02:56 367104 ----a-w- c:\windows\system32\html.iec
2011-04-30 02:56 . 2011-04-30 02:56 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-30 02:56 . 2011-04-30 02:56 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-30 02:56 . 2011-04-30 02:56 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-30 02:56 . 2011-04-30 02:56 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-30 02:56 . 2011-04-30 02:56 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-30 02:56 . 2011-04-30 02:56 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-30 02:56 . 2011-04-30 02:56 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-30 02:56 . 2011-04-30 02:56 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-30 02:56 . 2011-04-30 02:56 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-30 02:13 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-06-16 04:17 . 2011-07-02 04:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-08 421160]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
.
c:\users\Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl5226b7f5;MpKsl5226b7f5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5DEBC353-3374-4E8C-B9F3-CE861A267D18}\MpKsl5226b7f5.sys [x]
R1 MpKsl6b4ad54e;MpKsl6b4ad54e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CAA1D684-A3DF-47E9-9C41-107891E0346E}\MpKsl6b4ad54e.sys [x]
R1 MpKsl8fc3ebe6;MpKsl8fc3ebe6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{15BBC93F-3A67-4770-B3AE-4B2615F57285}\MpKsl8fc3ebe6.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2011-05-03 4756216]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-30 1343400]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-06-23 53816]
S1 MpKslc8994783;MpKslc8994783;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{232561FC-3220-4F2C-81CB-0339428A47CA}\MpKslc8994783.sys [2011-07-20 28752]
S1 RapportCerberus_26762;RapportCerberus_26762;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys [2011-06-14 57144]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-06-23 66360]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-06-23 158904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-06-23 870200]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-07 22712]
S3 qic157;qic157;c:\windows\system32\DRIVERS\qic157.sys [2009-07-13 8192]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLC8994783
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1 192.168.0.1
FF - ProfilePath - c:\users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\24mz2ulb.default\
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-07-20 11:38:17
ComboFix-quarantined-files.txt 2011-07-20 18:38
ComboFix2.txt 2011-07-20 18:05
.
Pre-Run: 205,865,074,688 bytes free
Post-Run: 205,805,924,352 bytes free
.
- - End Of File - - A1E550E659309B8CEC077E2FC87E8FAD

**Blade81** · 2011-07-27, 21:01

Hi,

Look for ComboFix2.txt file in c:\combofix or c:\qoobox folder and post back its contents.

**my.computer** · 2011-07-27, 21:06

ComboFix 11-07-20.02 - Computer 07/20/2011 10:53:46.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2046.1105 [GMT -7:00]
Running from: c:\users\Computer\Desktop\Combo-Fix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Computer\Desktop\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-20 to 2011-07-20 )))))))))))))))))))))))))))))))
.
.
2011-07-20 18:01 . 2011-07-20 18:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-20 17:15 . 2011-07-20 17:15 -------- d-----w- c:\users\Computer\AppData\Local\Apple
2011-07-20 17:14 . 2011-07-20 17:14 -------- d-----w- c:\users\Computer\AppData\Local\Apple Computer
2011-07-20 17:12 . 2011-07-20 17:12 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A066D19F-5CF7-4154-B83D-CCF84B27AF6A}\MpKslb7cde9e8.sys
2011-07-20 03:50 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A066D19F-5CF7-4154-B83D-CCF84B27AF6A}\mpengine.dll
2011-07-20 02:22 . 2011-07-20 02:22 -------- d-----w- c:\program files\ESET
2011-07-19 17:31 . 2011-07-19 17:31 -------- d-----w- c:\program files\iPod
2011-07-19 17:31 . 2011-07-19 17:32 -------- d-----w- c:\program files\iTunes
2011-07-19 17:24 . 2011-07-19 17:24 -------- d-----w- c:\program files\Apple Software Update
2011-07-16 00:26 . 2011-03-25 02:57 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-07-16 00:26 . 2011-03-25 02:58 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-07-16 00:26 . 2011-03-25 02:58 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-07-16 00:26 . 2011-03-25 02:57 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-07-16 00:26 . 2011-03-25 02:57 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-07-16 00:26 . 2011-03-25 02:58 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-07-16 00:21 . 2011-06-11 02:29 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-07-02 21:34 . 2011-07-02 21:34 -------- d-----w- c:\users\Default\AppData\Roaming\Trusteer
2011-06-29 15:53 . 2011-06-29 15:53 229224 ----a-w- c:\windows\system32\drivers\VMM.sys
2011-06-29 15:53 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-29 15:53 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-06-29 15:53 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-29 15:49 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 15:49 . 2011-02-25 05:34 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-29 15:49 . 2011-05-03 04:30 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-29 15:49 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-06-29 15:49 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-29 15:49 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-27 23:50 . 2011-06-27 23:50 -------- d-----w- c:\users\Computer\AppData\Local\Diagnostics
2011-06-23 01:01 . 2011-06-23 01:01 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-06-20 23:08 . 2011-06-20 23:08 -------- d-----w- c:\program files\Common Files\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-07 02:52 . 2011-04-30 02:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 02:52 . 2011-04-30 02:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-19 02:00 . 2011-05-25 01:10 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-18 19:30 . 2011-06-18 19:26 164880 ---ha-w- c:\users\Computer\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2011-06-07 15:55 . 2011-05-29 20:01 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-04 11:52 . 2011-05-26 00:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-03 16:08 . 2011-05-25 01:21 4756216 ----a-w- c:\windows\system32\GameMon.des
2011-04-30 03:15 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-04-30 02:56 . 2011-04-30 02:56 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-30 02:56 . 2011-04-30 02:56 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-30 02:56 . 2011-04-30 02:56 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-30 02:56 . 2011-04-30 02:56 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-30 02:56 . 2011-04-30 02:56 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-30 02:56 . 2011-04-30 02:56 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-30 02:56 . 2011-04-30 02:56 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-30 02:56 . 2011-04-30 02:56 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-30 02:56 . 2011-04-30 02:56 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-30 02:56 . 2011-04-30 02:56 367104 ----a-w- c:\windows\system32\html.iec
2011-04-30 02:56 . 2011-04-30 02:56 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-30 02:56 . 2011-04-30 02:56 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-30 02:56 . 2011-04-30 02:56 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-30 02:56 . 2011-04-30 02:56 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-30 02:56 . 2011-04-30 02:56 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-30 02:56 . 2011-04-30 02:56 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-30 02:56 . 2011-04-30 02:56 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-30 02:56 . 2011-04-30 02:56 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-30 02:56 . 2011-04-30 02:56 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-30 02:13 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-06-16 04:17 . 2011-07-02 04:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-08 421160]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
.
c:\users\Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl5226b7f5;MpKsl5226b7f5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5DEBC353-3374-4E8C-B9F3-CE861A267D18}\MpKsl5226b7f5.sys [x]
R1 MpKsl6b4ad54e;MpKsl6b4ad54e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CAA1D684-A3DF-47E9-9C41-107891E0346E}\MpKsl6b4ad54e.sys [x]
R1 MpKsl8fc3ebe6;MpKsl8fc3ebe6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{15BBC93F-3A67-4770-B3AE-4B2615F57285}\MpKsl8fc3ebe6.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2011-05-03 4756216]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-30 1343400]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-06-23 53816]
S1 MpKslb7cde9e8;MpKslb7cde9e8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A066D19F-5CF7-4154-B83D-CCF84B27AF6A}\MpKslb7cde9e8.sys [2011-07-20 28752]
S1 RapportCerberus_26762;RapportCerberus_26762;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys [2011-06-14 57144]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-06-23 66360]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-06-23 158904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-06-23 870200]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-07 22712]
S3 qic157;qic157;c:\windows\system32\DRIVERS\qic157.sys [2009-07-13 8192]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 16646382
*NewlyCreated* - MPKSLB7CDE9E8
*Deregistered* - 16646382
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1 192.168.0.1
FF - ProfilePath - c:\users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\24mz2ulb.default\
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-07-20 11:05:44
ComboFix-quarantined-files.txt 2011-07-20 18:05
.
Pre-Run: 206,172,999,680 bytes free
Post-Run: 205,830,492,160 bytes free
.
- - End Of File - - ECF49599BE95700157F4D6E568BD031C

Thread: Active hacking attempts on my computer.

Thread Tools

Display

Hybrid View

Active hacking attempts on my computer.

Posting Permissions