Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: Active hacking attempts on my computer.

  1. #1
    Junior Member
    Join Date
    Jul 2011
    Posts
    25

    Default Active hacking attempts on my computer.

    .
    DDS (Ver_11-05-19.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by Computer at 18:15:34 on 2011-07-20
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2046.1162 [GMT -7:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\iPod\bin\iPodService.exe
    c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Computer\Desktop\dds.com
    C:\Windows\system32\WSCRIPT.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    StartupFolder: c:\users\computer\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\computer\appdata\roaming\mozilla\firefox\profiles\24mz2ulb.default\
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
    FF - plugin: c:\windows\system32\wat\npWatWeb.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-6-22 53816]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
    R1 MpKsle9659b4b;MpKsle9659b4b;c:\programdata\microsoft\microsoft antimalware\definition updates\{90b60bd4-cc40-48b6-b5bb-3570d355deb5}\MpKsle9659b4b.sys [2011-7-20 28752]
    R1 RapportCerberus_26762;RapportCerberus_26762;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\26762\RapportCerberus_26762.sys [2011-6-13 57144]
    R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-6-22 66360]
    R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-6-22 158904]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-19 366640]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-6-22 870200]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-4-29 1153368]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-29 22712]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
    R3 qic157;qic157;c:\windows\system32\drivers\qic157.sys [2009-7-13 8192]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-4-29 15872]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-29 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-29 1343400]
    .
    =============== Created Last 30 ================
    .
    2011-07-21 00:55:39 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{90b60bd4-cc40-48b6-b5bb-3570d355deb5}\MpKsle9659b4b.sys
    2011-07-21 00:55:10 7074640 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{90b60bd4-cc40-48b6-b5bb-3570d355deb5}\mpengine.dll
    2011-07-21 00:42:28 -------- d-----w- c:\users\computer\appdata\local\Adobe
    2011-07-20 18:36:34 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-07-20 17:51:21 98816 ----a-w- c:\windows\sed.exe
    2011-07-20 17:51:21 518144 ----a-w- c:\windows\SWREG.exe
    2011-07-20 17:51:21 256000 ----a-w- c:\windows\PEV.exe
    2011-07-20 17:51:21 208896 ----a-w- c:\windows\MBR.exe
    2011-07-20 17:51:11 -------- d-----w- C:\Combo-Fix
    2011-07-20 17:15:15 -------- d-----w- c:\users\computer\appdata\local\Apple
    2011-07-20 17:14:44 -------- d-----w- c:\users\computer\appdata\local\Apple Computer
    2011-07-20 02:22:45 -------- d-----w- c:\program files\ESET
    2011-07-19 17:31:27 -------- d-----w- c:\program files\iPod
    2011-07-19 17:31:26 -------- d-----w- c:\program files\iTunes
    2011-07-16 00:26:06 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2011-07-16 00:26:05 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
    2011-07-16 00:26:05 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2011-07-16 00:26:04 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
    2011-07-16 00:26:04 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2011-07-16 00:26:03 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2011-07-16 00:21:41 2334208 ----a-w- c:\windows\system32\win32k.sys
    2011-07-02 04:26:47 -------- d-----w- c:\windows\system32\appmgmt
    2011-06-29 15:53:41 229224 ----a-w- c:\windows\system32\drivers\VMM.sys
    2011-06-29 15:53:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-06-29 15:53:06 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll
    2011-06-29 15:53:03 1797632 ----a-w- c:\windows\system32\jscript9.dll
    2011-06-29 15:49:46 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
    2011-06-29 15:49:42 571904 ----a-w- c:\windows\system32\oleaut32.dll
    2011-06-29 15:49:37 741376 ----a-w- c:\windows\system32\inetcomm.dll
    2011-06-29 15:49:34 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2011-06-29 15:49:02 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-06-29 15:49:01 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-06-27 23:50:13 -------- d-----w- c:\users\computer\appdata\local\Diagnostics
    2011-06-23 01:01:26 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    .
    ==================== Find3M ====================
    .
    2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-19 02:00:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-03 05:59:23 290816 ----a-w- c:\windows\system32\KernelBase.dll
    2011-06-03 03:48:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2011-06-03 03:48:31 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2011-06-03 03:48:31 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2011-06-03 03:48:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2011-05-14 06:30:30 169984 ----a-w- c:\windows\system32\winsrv.dll
    2011-05-14 06:23:24 271872 ----a-w- c:\windows\system32\conhost.exe
    2011-05-04 11:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-05-04 04:34:43 1549312 ----a-w- c:\windows\system32\tquery.dll
    2011-05-04 04:32:02 666624 ----a-w- c:\windows\system32\mssvp.dll
    2011-05-04 04:32:01 337408 ----a-w- c:\windows\system32\mssph.dll
    2011-05-04 04:32:01 197120 ----a-w- c:\windows\system32\mssphtb.dll
    2011-05-04 04:32:01 1401344 ----a-w- c:\windows\system32\mssrch.dll
    2011-05-04 04:32:00 59392 ----a-w- c:\windows\system32\msscntrs.dll
    2011-05-04 04:28:31 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
    2011-05-04 04:28:31 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
    2011-05-04 04:28:31 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
    2011-05-03 16:08:00 4756216 ----a-w- c:\windows\system32\GameMon.des
    2011-04-30 03:15:43 152576 ----a-w- c:\windows\system32\msclmd.dll
    2011-04-29 02:46:33 311808 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-04-29 02:46:15 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-04-29 02:46:10 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-04-27 02:17:36 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-04-27 02:17:28 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-04-27 02:17:22 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-25 04:31:30 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-04-25 02:18:03 338944 ----a-w- c:\windows\system32\drivers\afd.sys
    .
    ============= FINISH: 18:17:05.39 ===============

    More Details: Another program Called raport has reported many incidents of key-logging, Blocked cookie access belonging to the Trusteer Rapport program. Along with blocked IP adresses as shown :


    "The following IP addresses were tagged as suspicious. When you access a protected website, Rapport checks the IP address against a list of known good addresses for this website. If the address is not found in the list, Rapport replaces it with a known good address for the website. There is no action you need to take."
    Jul 20 2011 17:54 IP address 96.6.62.196 doesn't match Santander UK
    Jul 20 2011 17:41 IP address 96.6.62.196 doesn't match Santander UK
    Jul 20 2011 17:41 IP address 96.6.62.196 doesn't match Santander UK
    Jul 19 2011 21:09 IP address 96.6.62.196 doesn't match Santander UK
    Jul 15 2011 17:20 IP address 96.6.62.196 doesn't match Santander UK


    It has also demonstrated this attempts to screen capture.

    Jul 20 2011 17:42 AcroRd32.exe is permanently blocked from capturing sensitive data
    Jul 19 2011 16:06 dwm.exe is permanently blocked from capturing sensitive data
    Jul 19 2011 10:15 dwm.exe is permanently blocked from capturing sensitive data
    Jul 15 2011 09:47 dwm.exe is permanently blocked from capturing sensitive data
    Jul 14 2011 21:35 AcroRd32.exe is permanently blocked from capturing sensitive data

    I have Malware Anit-Malware Bytes, Spybot S&D, And an updated Microsoft security essentials, all showing no threats. I have downloaded an EsetOnline scanner but haven't scanned it recently.

    I do have a disk image of the system from when it was almost-new.
    Last edited by tashi; 2011-07-21 at 06:53. Reason: Merged two posts, please don't add. :-)

  2. #2
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi

    I think you missed Please do NOT run 'FIXES' (ComboFix etc) without being asked (ran ComboFix though it shouldn't be used without supervision) sticky.

    Look for old c:\ComboFix.txt file and post back its contents. Post fresh dds logs too.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #3
    Junior Member
    Join Date
    Jul 2011
    Posts
    25

    Default

    Combofix
    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by Computer at 10:18:00 on 2011-07-27
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2046.1169 [GMT -7:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
    FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\conhost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [COMODO] c:\program files\comodo\comodo geekbuddy\CLPSLA.exe
    mRun: [CPA] c:\program files\comodo\comodo geekbuddy\VALA.exe
    mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
    StartupFolder: c:\users\computer\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    TCP: DhcpNameServer = 192.168.0.1 192.168.0.1
    TCP: Interfaces\{AB1A79BD-E2E3-4F7C-A4CC-57FDC7834751} : NameServer = 156.154.70.22,156.154.71.22
    TCP: Interfaces\{AB1A79BD-E2E3-4F7C-A4CC-57FDC7834751} : DhcpNameServer = 192.168.0.1 192.168.0.1
    AppInit_DLLs: c:\windows\system32\guard32.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\computer\appdata\roaming\mozilla\firefox\profiles\24mz2ulb.default\
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
    FF - plugin: c:\windows\system32\wat\npWatWeb.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-6-22 53816]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-6-30 238960]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-6-30 37592]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
    R1 MpKsl7100aae5;MpKsl7100aae5;c:\programdata\microsoft\microsoft antimalware\definition updates\{ceba329a-a064-4604-93e8-0d41ee04a40a}\MpKsl7100aae5.sys [2011-7-27 28752]
    R1 RapportCerberus_26762;RapportCerberus_26762;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\26762\RapportCerberus_26762.sys [2011-6-13 57144]
    R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-6-22 66360]
    R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-6-22 158904]
    R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo geekbuddy\CLPSLS.exe [2011-5-25 154424]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-6-22 870200]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-4-29 1153368]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
    R3 qic157;qic157;c:\windows\system32\drivers\qic157.sys [2009-7-13 8192]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-29 22712]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-4-29 15872]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-29 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-29 1343400]
    S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-19 366640]
    .
    =============== Created Last 30 ================
    .
    2011-07-27 17:06:47 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ceba329a-a064-4604-93e8-0d41ee04a40a}\MpKsl7100aae5.sys
    2011-07-26 23:47:09 6881616 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ceba329a-a064-4604-93e8-0d41ee04a40a}\mpengine.dll
    2011-07-21 22:39:42 -------- d--h--w- C:\VritualRoot
    2011-07-21 22:32:12 -------- d-----w- c:\programdata\Comodo
    2011-07-21 22:32:06 -------- d-----w- c:\program files\COMODO
    2011-07-21 22:32:05 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-07-21 22:32:05 1700352 ----a-w- c:\windows\system32\gdiplus.dll
    2011-07-21 22:32:05 1060864 ----a-w- c:\windows\system32\mfc71.dll
    2011-07-21 22:31:10 -------- d-----w- c:\programdata\Comodo Downloader
    2011-07-21 04:05:25 271872 ----a-w- c:\windows\system32\conhost.exe
    2011-07-21 04:05:24 169984 ----a-w- c:\windows\system32\winsrv.dll
    2011-07-21 00:42:28 -------- d-----w- c:\users\computer\appdata\local\Adobe
    2011-07-20 18:36:34 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-07-20 17:51:21 98816 ----a-w- c:\windows\sed.exe
    2011-07-20 17:51:21 518144 ----a-w- c:\windows\SWREG.exe
    2011-07-20 17:51:21 256000 ----a-w- c:\windows\PEV.exe
    2011-07-20 17:51:21 208896 ----a-w- c:\windows\MBR.exe
    2011-07-20 17:51:11 -------- d-----w- C:\Combo-Fix
    2011-07-20 17:15:15 -------- d-----w- c:\users\computer\appdata\local\Apple
    2011-07-20 17:14:44 -------- d-----w- c:\users\computer\appdata\local\Apple Computer
    2011-07-20 02:22:45 -------- d-----w- c:\program files\ESET
    2011-07-19 17:31:27 -------- d-----w- c:\program files\iPod
    2011-07-19 17:31:26 -------- d-----w- c:\program files\iTunes
    2011-07-16 00:26:06 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2011-07-16 00:26:05 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
    2011-07-16 00:26:05 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2011-07-16 00:26:04 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
    2011-07-16 00:26:04 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2011-07-16 00:26:03 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2011-07-16 00:21:41 2334208 ----a-w- c:\windows\system32\win32k.sys
    2011-07-02 04:26:47 -------- d-----w- c:\windows\system32\appmgmt
    2011-06-30 16:38:06 37592 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2011-06-30 16:38:04 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2011-06-30 16:38:04 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2011-06-30 16:37:26 285256 ----a-w- c:\windows\system32\guard32.dll
    2011-06-29 15:53:41 229224 ----a-w- c:\windows\system32\drivers\VMM.sys
    2011-06-29 15:53:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-06-29 15:53:06 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll
    2011-06-29 15:53:03 1797632 ----a-w- c:\windows\system32\jscript9.dll
    2011-06-29 15:49:46 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
    2011-06-29 15:49:42 571904 ----a-w- c:\windows\system32\oleaut32.dll
    2011-06-29 15:49:37 741376 ----a-w- c:\windows\system32\inetcomm.dll
    2011-06-29 15:49:34 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2011-06-29 15:49:02 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-06-29 15:49:01 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-06-27 23:50:13 -------- d-----w- c:\users\computer\appdata\local\Diagnostics
    .
    ==================== Find3M ====================
    .
    2011-07-21 18:03:40 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-23 01:01:26 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2011-06-03 05:59:23 290816 ----a-w- c:\windows\system32\KernelBase.dll
    2011-06-03 03:48:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2011-06-03 03:48:31 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2011-06-03 03:48:31 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2011-06-03 03:48:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2011-05-10 15:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
    2011-05-10 15:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2011-05-04 11:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-05-04 04:34:43 1549312 ----a-w- c:\windows\system32\tquery.dll
    2011-05-04 04:32:02 666624 ----a-w- c:\windows\system32\mssvp.dll
    2011-05-04 04:32:01 337408 ----a-w- c:\windows\system32\mssph.dll
    2011-05-04 04:32:01 197120 ----a-w- c:\windows\system32\mssphtb.dll
    2011-05-04 04:32:01 1401344 ----a-w- c:\windows\system32\mssrch.dll
    2011-05-04 04:32:00 59392 ----a-w- c:\windows\system32\msscntrs.dll
    2011-05-04 04:28:31 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
    2011-05-04 04:28:31 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
    2011-05-04 04:28:31 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
    2011-05-03 16:08:00 4756216 ----a-w- c:\windows\system32\GameMon.des
    2011-04-30 03:15:43 152576 ----a-w- c:\windows\system32\msclmd.dll
    2011-04-29 02:46:33 311808 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-04-29 02:46:15 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-04-29 02:46:10 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
    .
    ============= FINISH: 10:20:18.74 ===============

  4. #4
    Junior Member
    Join Date
    Jul 2011
    Posts
    25

    Default

    ComboFix 11-07-20.02 - Computer 07/20/2011 11:27:13.2.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2046.1401 [GMT -7:00]
    Running from: c:\users\Computer\Desktop\Combo-Fix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-06-20 to 2011-07-20 )))))))))))))))))))))))))))))))
    .
    .
    2011-07-20 18:34 . 2011-07-20 18:34 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-07-20 18:18 . 2011-07-20 18:18 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{232561FC-3220-4F2C-81CB-0339428A47CA}\MpKslc8994783.sys
    2011-07-20 18:08 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{232561FC-3220-4F2C-81CB-0339428A47CA}\mpengine.dll
    2011-07-20 17:51 . 2011-07-20 18:05 -------- d-----w- C:\Combo-Fix
    2011-07-20 17:15 . 2011-07-20 17:15 -------- d-----w- c:\users\Computer\AppData\Local\Apple
    2011-07-20 17:14 . 2011-07-20 17:14 -------- d-----w- c:\users\Computer\AppData\Local\Apple Computer
    2011-07-20 02:22 . 2011-07-20 02:22 -------- d-----w- c:\program files\ESET
    2011-07-19 17:31 . 2011-07-19 17:31 -------- d-----w- c:\program files\iPod
    2011-07-19 17:31 . 2011-07-19 17:32 -------- d-----w- c:\program files\iTunes
    2011-07-19 17:24 . 2011-07-19 17:24 -------- d-----w- c:\program files\Apple Software Update
    2011-07-16 00:26 . 2011-03-25 02:57 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2011-07-16 00:26 . 2011-03-25 02:58 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2011-07-16 00:26 . 2011-03-25 02:58 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
    2011-07-16 00:26 . 2011-03-25 02:57 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2011-07-16 00:26 . 2011-03-25 02:57 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
    2011-07-16 00:26 . 2011-03-25 02:58 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2011-07-16 00:21 . 2011-06-11 02:29 2334208 ----a-w- c:\windows\system32\win32k.sys
    2011-07-02 21:34 . 2011-07-02 21:34 -------- d-----w- c:\users\Default\AppData\Roaming\Trusteer
    2011-06-29 15:53 . 2011-06-29 15:53 229224 ----a-w- c:\windows\system32\drivers\VMM.sys
    2011-06-29 15:53 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-06-29 15:53 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
    2011-06-29 15:53 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll
    2011-06-29 15:49 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
    2011-06-29 15:49 . 2011-02-25 05:34 571904 ----a-w- c:\windows\system32\oleaut32.dll
    2011-06-29 15:49 . 2011-05-03 04:30 741376 ----a-w- c:\windows\system32\inetcomm.dll
    2011-06-29 15:49 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2011-06-29 15:49 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-06-29 15:49 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-06-27 23:50 . 2011-06-27 23:50 -------- d-----w- c:\users\Computer\AppData\Local\Diagnostics
    2011-06-23 01:01 . 2011-06-23 01:01 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2011-06-20 23:08 . 2011-06-20 23:08 -------- d-----w- c:\program files\Common Files\Adobe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-07-07 02:52 . 2011-04-30 02:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-07 02:52 . 2011-04-30 02:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-19 02:00 . 2011-05-25 01:10 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-18 19:30 . 2011-06-18 19:26 164880 ---ha-w- c:\users\Computer\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
    2011-06-07 15:55 . 2011-05-29 20:01 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-05-04 11:52 . 2011-05-26 00:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-05-03 16:08 . 2011-05-25 01:21 4756216 ----a-w- c:\windows\system32\GameMon.des
    2011-04-30 03:15 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
    2011-04-30 02:56 . 2011-04-30 02:56 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-04-30 02:56 . 2011-04-30 02:56 161792 ----a-w- c:\windows\system32\msls31.dll
    2011-04-30 02:56 . 2011-04-30 02:56 1126912 ----a-w- c:\windows\system32\wininet.dll
    2011-04-30 02:56 . 2011-04-30 02:56 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-04-30 02:56 . 2011-04-30 02:56 86528 ----a-w- c:\windows\system32\iesysprep.dll
    2011-04-30 02:56 . 2011-04-30 02:56 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-04-30 02:56 . 2011-04-30 02:56 74752 ----a-w- c:\windows\system32\iesetup.dll
    2011-04-30 02:56 . 2011-04-30 02:56 63488 ----a-w- c:\windows\system32\tdc.ocx
    2011-04-30 02:56 . 2011-04-30 02:56 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-04-30 02:56 . 2011-04-30 02:56 367104 ----a-w- c:\windows\system32\html.iec
    2011-04-30 02:56 . 2011-04-30 02:56 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-04-30 02:56 . 2011-04-30 02:56 23552 ----a-w- c:\windows\system32\licmgr10.dll
    2011-04-30 02:56 . 2011-04-30 02:56 152064 ----a-w- c:\windows\system32\wextract.exe
    2011-04-30 02:56 . 2011-04-30 02:56 150528 ----a-w- c:\windows\system32\iexpress.exe
    2011-04-30 02:56 . 2011-04-30 02:56 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-04-30 02:56 . 2011-04-30 02:56 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-04-30 02:56 . 2011-04-30 02:56 11776 ----a-w- c:\windows\system32\mshta.exe
    2011-04-30 02:56 . 2011-04-30 02:56 101888 ----a-w- c:\windows\system32\admparse.dll
    2011-04-30 02:56 . 2011-04-30 02:56 35840 ----a-w- c:\windows\system32\imgutil.dll
    2011-04-30 02:13 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-06-16 04:17 . 2011-07-02 04:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-08 421160]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
    .
    c:\users\Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R1 MpKsl5226b7f5;MpKsl5226b7f5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5DEBC353-3374-4E8C-B9F3-CE861A267D18}\MpKsl5226b7f5.sys [x]
    R1 MpKsl6b4ad54e;MpKsl6b4ad54e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CAA1D684-A3DF-47E9-9C41-107891E0346E}\MpKsl6b4ad54e.sys [x]
    R1 MpKsl8fc3ebe6;MpKsl8fc3ebe6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{15BBC93F-3A67-4770-B3AE-4B2615F57285}\MpKsl8fc3ebe6.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [x]
    R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2011-05-03 4756216]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-30 1343400]
    S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-06-23 53816]
    S1 MpKslc8994783;MpKslc8994783;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{232561FC-3220-4F2C-81CB-0339428A47CA}\MpKslc8994783.sys [2011-07-20 28752]
    S1 RapportCerberus_26762;RapportCerberus_26762;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys [2011-06-14 57144]
    S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-06-23 66360]
    S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-06-23 158904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]
    S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-06-23 870200]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-07 22712]
    S3 qic157;qic157;c:\windows\system32\DRIVERS\qic157.sys [2009-07-13 8192]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MPKSLC8994783
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.0.1 192.168.0.1
    FF - ProfilePath - c:\users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\24mz2ulb.default\
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-07-20 11:38:17
    ComboFix-quarantined-files.txt 2011-07-20 18:38
    ComboFix2.txt 2011-07-20 18:05
    .
    Pre-Run: 205,865,074,688 bytes free
    Post-Run: 205,805,924,352 bytes free
    .
    - - End Of File - - A1E550E659309B8CEC077E2FC87E8FAD

  5. #5
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Look for ComboFix2.txt file in c:\combofix or c:\qoobox folder and post back its contents.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  6. #6
    Junior Member
    Join Date
    Jul 2011
    Posts
    25

    Default

    ComboFix 11-07-20.02 - Computer 07/20/2011 10:53:46.1.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2046.1105 [GMT -7:00]
    Running from: c:\users\Computer\Desktop\Combo-Fix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Computer\Desktop\Setup.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-06-20 to 2011-07-20 )))))))))))))))))))))))))))))))
    .
    .
    2011-07-20 18:01 . 2011-07-20 18:01 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-07-20 17:15 . 2011-07-20 17:15 -------- d-----w- c:\users\Computer\AppData\Local\Apple
    2011-07-20 17:14 . 2011-07-20 17:14 -------- d-----w- c:\users\Computer\AppData\Local\Apple Computer
    2011-07-20 17:12 . 2011-07-20 17:12 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A066D19F-5CF7-4154-B83D-CCF84B27AF6A}\MpKslb7cde9e8.sys
    2011-07-20 03:50 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A066D19F-5CF7-4154-B83D-CCF84B27AF6A}\mpengine.dll
    2011-07-20 02:22 . 2011-07-20 02:22 -------- d-----w- c:\program files\ESET
    2011-07-19 17:31 . 2011-07-19 17:31 -------- d-----w- c:\program files\iPod
    2011-07-19 17:31 . 2011-07-19 17:32 -------- d-----w- c:\program files\iTunes
    2011-07-19 17:24 . 2011-07-19 17:24 -------- d-----w- c:\program files\Apple Software Update
    2011-07-16 00:26 . 2011-03-25 02:57 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2011-07-16 00:26 . 2011-03-25 02:58 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2011-07-16 00:26 . 2011-03-25 02:58 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
    2011-07-16 00:26 . 2011-03-25 02:57 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2011-07-16 00:26 . 2011-03-25 02:57 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
    2011-07-16 00:26 . 2011-03-25 02:58 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2011-07-16 00:21 . 2011-06-11 02:29 2334208 ----a-w- c:\windows\system32\win32k.sys
    2011-07-02 21:34 . 2011-07-02 21:34 -------- d-----w- c:\users\Default\AppData\Roaming\Trusteer
    2011-06-29 15:53 . 2011-06-29 15:53 229224 ----a-w- c:\windows\system32\drivers\VMM.sys
    2011-06-29 15:53 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-06-29 15:53 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
    2011-06-29 15:53 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll
    2011-06-29 15:49 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
    2011-06-29 15:49 . 2011-02-25 05:34 571904 ----a-w- c:\windows\system32\oleaut32.dll
    2011-06-29 15:49 . 2011-05-03 04:30 741376 ----a-w- c:\windows\system32\inetcomm.dll
    2011-06-29 15:49 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2011-06-29 15:49 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-06-29 15:49 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-06-27 23:50 . 2011-06-27 23:50 -------- d-----w- c:\users\Computer\AppData\Local\Diagnostics
    2011-06-23 01:01 . 2011-06-23 01:01 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2011-06-20 23:08 . 2011-06-20 23:08 -------- d-----w- c:\program files\Common Files\Adobe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-07-07 02:52 . 2011-04-30 02:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-07 02:52 . 2011-04-30 02:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-19 02:00 . 2011-05-25 01:10 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-18 19:30 . 2011-06-18 19:26 164880 ---ha-w- c:\users\Computer\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
    2011-06-07 15:55 . 2011-05-29 20:01 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-05-04 11:52 . 2011-05-26 00:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-05-03 16:08 . 2011-05-25 01:21 4756216 ----a-w- c:\windows\system32\GameMon.des
    2011-04-30 03:15 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
    2011-04-30 02:56 . 2011-04-30 02:56 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-04-30 02:56 . 2011-04-30 02:56 161792 ----a-w- c:\windows\system32\msls31.dll
    2011-04-30 02:56 . 2011-04-30 02:56 1126912 ----a-w- c:\windows\system32\wininet.dll
    2011-04-30 02:56 . 2011-04-30 02:56 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-04-30 02:56 . 2011-04-30 02:56 86528 ----a-w- c:\windows\system32\iesysprep.dll
    2011-04-30 02:56 . 2011-04-30 02:56 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-04-30 02:56 . 2011-04-30 02:56 74752 ----a-w- c:\windows\system32\iesetup.dll
    2011-04-30 02:56 . 2011-04-30 02:56 63488 ----a-w- c:\windows\system32\tdc.ocx
    2011-04-30 02:56 . 2011-04-30 02:56 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-04-30 02:56 . 2011-04-30 02:56 367104 ----a-w- c:\windows\system32\html.iec
    2011-04-30 02:56 . 2011-04-30 02:56 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-04-30 02:56 . 2011-04-30 02:56 23552 ----a-w- c:\windows\system32\licmgr10.dll
    2011-04-30 02:56 . 2011-04-30 02:56 152064 ----a-w- c:\windows\system32\wextract.exe
    2011-04-30 02:56 . 2011-04-30 02:56 150528 ----a-w- c:\windows\system32\iexpress.exe
    2011-04-30 02:56 . 2011-04-30 02:56 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-04-30 02:56 . 2011-04-30 02:56 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-04-30 02:56 . 2011-04-30 02:56 11776 ----a-w- c:\windows\system32\mshta.exe
    2011-04-30 02:56 . 2011-04-30 02:56 101888 ----a-w- c:\windows\system32\admparse.dll
    2011-04-30 02:56 . 2011-04-30 02:56 35840 ----a-w- c:\windows\system32\imgutil.dll
    2011-04-30 02:13 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-06-16 04:17 . 2011-07-02 04:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-08 421160]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
    .
    c:\users\Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R1 MpKsl5226b7f5;MpKsl5226b7f5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5DEBC353-3374-4E8C-B9F3-CE861A267D18}\MpKsl5226b7f5.sys [x]
    R1 MpKsl6b4ad54e;MpKsl6b4ad54e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CAA1D684-A3DF-47E9-9C41-107891E0346E}\MpKsl6b4ad54e.sys [x]
    R1 MpKsl8fc3ebe6;MpKsl8fc3ebe6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{15BBC93F-3A67-4770-B3AE-4B2615F57285}\MpKsl8fc3ebe6.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [x]
    R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2011-05-03 4756216]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-30 1343400]
    S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-06-23 53816]
    S1 MpKslb7cde9e8;MpKslb7cde9e8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A066D19F-5CF7-4154-B83D-CCF84B27AF6A}\MpKslb7cde9e8.sys [2011-07-20 28752]
    S1 RapportCerberus_26762;RapportCerberus_26762;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys [2011-06-14 57144]
    S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-06-23 66360]
    S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-06-23 158904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]
    S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-06-23 870200]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-07 22712]
    S3 qic157;qic157;c:\windows\system32\DRIVERS\qic157.sys [2009-07-13 8192]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 16646382
    *NewlyCreated* - MPKSLB7CDE9E8
    *Deregistered* - 16646382
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.0.1 192.168.0.1
    FF - ProfilePath - c:\users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\24mz2ulb.default\
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-07-20 11:05:44
    ComboFix-quarantined-files.txt 2011-07-20 18:05
    .
    Pre-Run: 206,172,999,680 bytes free
    Post-Run: 205,830,492,160 bytes free
    .
    - - End Of File - - ECF49599BE95700157F4D6E568BD031C

  7. #7
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Let's do a scan with GMER.

    Download GMER here by clicking download exe -button and then saving it your desktop:
    • Double-click .exe that you downloaded
    • Click rootkit-tab, uncheck files option and then click scan.
    • Don't check
      Show All
      box while scanning in progress!
    • When scanning is ready, click Copy.
    • This copies log to clipboard
    • Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  8. #8
    Junior Member
    Join Date
    Jul 2011
    Posts
    25

    Default

    do i need to disable any fire walls Av teatimer etc?

  9. #9
    Junior Member
    Join Date
    Jul 2011
    Posts
    25

    Question IM not sure if the scan was completley complete TBH

    IT stopped there with no indication towards anything, but it i believe it was the end of the scan.

    It's been attached as GMER.zip

  10. #10
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Of some reason it shows attached zip file with no contents. Could you repost the log, please?
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •