Jump to content

Blocking 208.73.210.29


JW7

Recommended Posts

Hi--

My computer keeps trying to contact 208.73.210.29 every few minutes. MBAM professional blocks it, but my system is really running slowly. Any help would be greatly appreciated!

Thanks!

John

Followed "I'm infected. What do I do now?" instructions.

Ran Defogger.

Ran GMER.

Ran DDS.

Ran Malwarebytes scan.

Ran Avira scan.

Rans ESET online scan.

Ran Dr. Web scan from bootdisk.

DDS and MBAM results below:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by user at 21:39:32 on 2011-10-05

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.409 [GMT -5:00]

.

AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

FW: COMODO Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\acs.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\WINDOWS\system32\IProsetMonitor.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\Toshiba\Tvs\TvsTray.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\WINDOWS\RTHDCPL.EXE

C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\WinRamTurbo Pro 4.92\WinRamTurboPro.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://att.yahoo.com/

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.yude.info/

uInternet Settings,ProxyOverride = 127.0.0.1;*.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

EB: AT&&T Yahoo! Sidebar: {51085e3d-a958-42a2-a6be-a6a9b0baf276} - c:\program files\yahoo!\browser\ysidebarIE.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe

uRun: [WinRamTurbo] c:\program files\winramturbo pro 4.92\WinRamTurboPro.exe

uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"

mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe

mRun: [NDSTray.exe] NDSTray.exe

mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [TFncKy] TFncKy.exe

mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe

mRun: [smoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe

mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe

mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [CFSServ.exe] CFSServ.exe -NoClient

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

StartupFolder: c:\docume~1\user\startm~1\programs\startup\avgnte~1.lnk - c:\program files\avira\antivir desktop\avgnt.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

Trusted Zone: adobe.com\get

Trusted Zone: texasteachers.org\www

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181272325218

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{36C8ED33-2948-4A25-AC42-EDB0748DF9FB} : NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{39C70962-8B54-433C-B47E-0FAE14CF08BC} : DhcpNameServer = 74.134.1.164 74.134.1.166

TCP: Interfaces\{68724D8A-BFCF-4E9E-90B4-99E811A4D455} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{AD76AB9B-4C80-4440-AA54-99B9B6244CAA} : DhcpNameServer = 192.168.11.1

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: igfxcui - igfxdev.dll

Notify: psfus - psqlpwd.dll

AppInit_DLLs: c:\windows\system32\guard32.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

LSA: Notification Packages = scecli psqlpwd

.

============= SERVICES / DRIVERS ===============

.

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-9-25 56336]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-6-20 11608]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-9-11 242600]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-9-11 29400]

R1 RapportCerberus_29574;RapportCerberus_29574;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\29574\RapportCerberus32_29574.sys [2011-8-8 216912]

R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-9-25 70416]

R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-9-25 161936]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-8-3 98392]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-6-20 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-6-20 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-6-20 66616]

R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-9-11 1793712]

R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-5-5 13568]

R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-5-5 33024]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2011-6-11 112800]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-5-6 366152]

R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-9-25 919352]

R2 smihlp;SMI helper driver;c:\program files\protector suite ql\smihlp.sys [2006-5-5 3456]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-5-6 22216]

R3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [2011-6-11 6609920]

S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\e:\test\kerneld.wnt --> e:\test\kerneld.wnt [?]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2007-6-19 18560]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]

S3 SVRPEDRV;SVRPEDRV;\??\c:\docume~1\user\locals~1\temp\rarsfx0\s10vwf\pedrv.sys --> c:\docume~1\user\locals~1\temp\rarsfx0\s10vwf\PEDrv.sys [?]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2005-11-4 14336]

S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]

.

=============== Created Last 30 ================

.

2011-09-26 00:00:08 56336 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

2011-09-23 15:58:07 -------- d-----w- c:\program files\Gnaural

.

==================== Find3M ====================

.

2011-10-01 22:57:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-19 18:34:45 52224 ----a-w- c:\windows\ipuninst.exe

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

.

============= FINISH: 21:40:24.85 ===============

MBAM Results:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7859

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

10/4/2011 12:27:31 AM

mbam-log-2011-10-04 (00-27-31).txt

Scan type: Full scan (C:\|)

Objects scanned: 324467

Time elapsed: 1 hour(s), 26 minute(s), 40 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

*******************************

Even though MBAM doesn't find the malware, it is blocking it:

08:33:58 (null) MESSAGE Protection started successfully

08:35:20 user MESSAGE IP Protection started successfully

08:42:58 user IP-BLOCK 208.73.210.29 (Type: outgoing)

08:43:01 user IP-BLOCK 208.73.210.29 (Type: outgoing)

08:43:07 user IP-BLOCK 208.73.210.29 (Type: outgoing)

08:43:19 user IP-BLOCK 208.73.210.29 (Type: outgoing)

08:43:22 user IP-BLOCK 208.73.210.29 (Type: outgoing)

08:43:28 user IP-BLOCK 208.73.210.29 (Type: outgoing)

08:43:40 user IP-BLOCK 208.73.210.29 (Type: outgoing)

08:43:43 user IP-BLOCK 208.73.210.29 (Type: outgoing)

08:43:49 user IP-BLOCK 208.73.210.29 (Type: outgoing)

08:48:23 user IP-BLOCK 208.73.210.29 (Type: outgoing)

08:48:26 user IP-BLOCK 208.73.210.29 (Type: outgoing)

08:48:32 user IP-BLOCK 208.73.210.29 (Type: outgoing)

08:48:44 user IP-BLOCK 208.73.210.29 (Type: outgoing)

08:48:47 user IP-BLOCK 208.73.210.29 (Type: outgoing)

08:48:53 user IP-BLOCK 208.73.210.29 (Type: outgoing)

08:49:05 user IP-BLOCK 208.73.210.29 (Type: outgoing)

08:49:08 user IP-BLOCK 208.73.210.29 (Type: outgoing)

08:49:14 user IP-BLOCK 208.73.210.29 (Type: outgoing)

08:53:29 user IP-BLOCK 208.73.210.29 (Type: outgoing)

08:53:32 user IP-BLOCK 208.73.210.29 (Type: outgoing)

08:53:38 user IP-BLOCK 208.73.210.29 (Type: outgoing)

08:53:50 user IP-BLOCK 208.73.210.29 (Type: outgoing)

08:53:53 user IP-BLOCK 208.73.210.29 (Type: outgoing)

08:53:59 user IP-BLOCK 208.73.210.29 (Type: outgoing)

08:54:11 user IP-BLOCK 208.73.210.29 (Type: outgoing)

08:54:14 user IP-BLOCK 208.73.210.29 (Type: outgoing)

08:54:20 user IP-BLOCK 208.73.210.29 (Type: outgoing)

08:58:29 user IP-BLOCK 208.73.210.29 (Type: outgoing)

08:58:32 user IP-BLOCK 208.73.210.29 (Type: outgoing)

08:58:38 user IP-BLOCK 208.73.210.29 (Type: outgoing)

08:58:50 user IP-BLOCK 208.73.210.29 (Type: outgoing)

08:58:53 user IP-BLOCK 208.73.210.29 (Type: outgoing)

08:58:59 user IP-BLOCK 208.73.210.29 (Type: outgoing)

08:59:11 user IP-BLOCK 208.73.210.29 (Type: outgoing)

08:59:14 user IP-BLOCK 208.73.210.29 (Type: outgoing)

08:59:20 user IP-BLOCK 208.73.210.29 (Type: outgoing)

09:03:29 user IP-BLOCK 208.73.210.29 (Type: outgoing)

09:03:32 user IP-BLOCK 208.73.210.29 (Type: outgoing)

09:03:38 user IP-BLOCK 208.73.210.29 (Type: outgoing)

09:03:50 user IP-BLOCK 208.73.210.29 (Type: outgoing)

09:03:53 user IP-BLOCK 208.73.210.29 (Type: outgoing)

09:03:59 user IP-BLOCK 208.73.210.29 (Type: outgoing)

09:04:11 user IP-BLOCK 208.73.210.29 (Type: outgoing)

09:04:14 user IP-BLOCK 208.73.210.29 (Type: outgoing)

09:04:20 user IP-BLOCK 208.73.210.29 (Type: outgoing)

09:08:29 user IP-BLOCK 208.73.210.29 (Type: outgoing)

09:08:32 user IP-BLOCK 208.73.210.29 (Type: outgoing)

09:08:38 user IP-BLOCK 208.73.210.29 (Type: outgoing)

09:08:50 user IP-BLOCK 208.73.210.29 (Type: outgoing)

09:08:53 user IP-BLOCK 208.73.210.29 (Type: outgoing)

09:08:59 user IP-BLOCK 208.73.210.29 (Type: outgoing)

09:09:11 user IP-BLOCK 208.73.210.29 (Type: outgoing)

09:09:14 user IP-BLOCK 208.73.210.29 (Type: outgoing)

09:09:20 user IP-BLOCK 208.73.210.29 (Type: outgoing)

09:13:29 user IP-BLOCK 208.73.210.29 (Type: outgoing)

09:13:32 user IP-BLOCK 208.73.210.29 (Type: outgoing)

09:13:38 user IP-BLOCK 208.73.210.29 (Type: outgoing)

09:13:50 user IP-BLOCK 208.73.210.29 (Type: outgoing)

09:13:53 user IP-BLOCK 208.73.210.29 (Type: outgoing)

09:13:59 user IP-BLOCK 208.73.210.29 (Type: outgoing)

09:14:11 user IP-BLOCK 208.73.210.29 (Type: outgoing)

09:14:14 user IP-BLOCK 208.73.210.29 (Type: outgoing)

09:14:20 user IP-BLOCK 208.73.210.29 (Type: outgoing)

09:18:29 user IP-BLOCK 208.73.210.29 (Type: outgoing)

09:18:32 user IP-BLOCK 208.73.210.29 (Type: outgoing)

09:18:38 user IP-BLOCK 208.73.210.29 (Type: outgoing)

09:18:50 user IP-BLOCK 208.73.210.29 (Type: outgoing)

09:18:53 user IP-BLOCK 208.73.210.29 (Type: outgoing)

09:18:59 user IP-BLOCK 208.73.210.29 (Type: outgoing)

09:19:11 user IP-BLOCK 208.73.210.29 (Type: outgoing)

09:19:14 user IP-BLOCK 208.73.210.29 (Type: outgoing)

09:19:20 user IP-BLOCK 208.73.210.29 (Type: outgoing)

ark.zip

DDSattach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

Thanks for your help!

Updated MBAM quick scan and ComboFix logs follow. DDS will follow soon.

********************************************************************************************************************

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7949

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

10/14/2011 6:08:14 PM

mbam-log-2011-10-14 (18-08-14).txt

Scan type: Quick scan

Objects scanned: 190961

Time elapsed: 40 minute(s), 45 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

********************************************************************************************************

ComboFix 11-10-14.04 - user 10/14/2011 21:30:54.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.267 [GMT -5:00]

Running from: c:\documents and settings\user\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\Default User\WINDOWS

c:\documents and settings\user\WINDOWS

c:\windows\system32\config\systemprofile\WINDOWS

c:\windows\system32\d3d9caps.dat

.

.

((((((((((((((((((((((((( Files Created from 2011-09-15 to 2011-10-15 )))))))))))))))))))))))))))))))

.

.

2011-10-11 13:47 . 2011-10-11 13:47 -------- d-----w- c:\program files\7-Zip

2011-10-09 21:39 . 2011-10-09 21:39 -------- d-----w- c:\program files\ESET

2011-09-26 00:00 . 2011-09-26 00:00 56336 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

2011-09-23 15:59 . 2011-10-05 01:12 -------- d-----w- c:\documents and settings\user\Application Data\gtk-2.0

2011-09-23 15:58 . 2011-10-05 01:12 -------- d-----w- c:\program files\Gnaural

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-01 22:57 . 2011-05-28 19:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-09 09:12 . 2005-11-05 00:52 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20 . 2005-11-05 00:53 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-31 22:00 . 2010-05-07 02:32 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-22 23:48 . 2005-11-05 00:53 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48 . 2005-11-05 00:52 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48 . 2005-11-05 00:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56 . 2005-11-05 00:52 385024 ----a-w- c:\windows\system32\html.iec

2011-08-19 18:34 . 2011-08-19 18:34 52224 ----a-w- c:\windows\ipuninst.exe

2011-08-17 13:49 . 2005-11-05 00:52 138496 ----a-w- c:\windows\system32\drivers\afd.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]

"WinRamTurbo"="c:\program files\WinRamTurbo Pro 4.92\WinRamTurboPro.exe" [2002-04-12 485888]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CFSServ.exe"="CFSServ.exe -NoClient" [X]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 98394]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1343488]

"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2005-11-25 352256]

"NDSTray.exe"="NDSTray.exe" [bU]

"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-10 73728]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940]

"TFncKy"="TFncKy.exe" [bU]

"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-07-15 1077322]

"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]

"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]

"RTHDCPL"="RTHDCPL.EXE" [2005-11-10 15473664]

"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-10-29 102400]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 2554696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

.

c:\documents and settings\user\Start Menu\Programs\Startup\

avgnt.exe.lnk - c:\program files\Avira\AntiVir Desktop\avgnt.exe [2011-6-20 281768]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-11-4 155648]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2006-05-06 00:48 40448 ----a-w- c:\windows\system32\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\guard32.dll

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 02:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-05-04 02:43 69632 ----a-w- c:\windows\Alcmtr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-09-07 02:36 136176 ----atw- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-09-24 07:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-04-08 17:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2010-08-24 09:38 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]

2005-06-01 05:00 282624 ----a-w- c:\windows\system32\TPSMain.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]

2006-07-21 22:19 129536 ----a-w- c:\progra~1\Yahoo!\browser\ybrwicon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"WmdmPmSN"=3 (0x3)

"TuneUp.Defrag"=3 (0x3)

"TomTomHOMEService"=2 (0x2)

"seclogon"=3 (0x3)

"LeapFrog Connect Device Service"=2 (0x2)

"Lavasoft Ad-Aware Service"=3 (0x3)

"lanmanserver"=2 (0x2)

"iPod Service"=3 (0x3)

"gusvc"=3 (0x3)

"ERSvc"=2 (0x2)

"CryptSvc"=3 (0x3)

"Bonjour Service"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"idsvc"=3 (0x3)

"Ati HotKey Poller"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

"RasMan"=3 (0x3)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup

"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" /startup

"Persistence"=c:\windows\system32\igfxpers.exe

"AGRSMMSG"=AGRSMMSG.exe

"CFSServ.exe"=CFSServ.exe -NoClient

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=

"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [9/25/2011 7:00 PM 56336]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [9/11/2010 12:40 AM 242600]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [9/11/2010 12:40 AM 29400]

R1 RapportCerberus_29574;RapportCerberus_29574;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys [8/8/2011 8:29 PM 216912]

R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [9/25/2011 7:00 PM 70416]

R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [9/25/2011 7:00 PM 161936]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [8/3/2010 11:13 PM 98392]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/20/2011 11:03 PM 136360]

R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [5/5/2006 8:00 PM 13568]

R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [5/5/2006 7:59 PM 33024]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [6/11/2011 4:03 PM 112800]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/6/2010 9:32 PM 366152]

R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [9/25/2011 6:59 PM 919352]

R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [5/5/2006 7:33 PM 3456]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/6/2010 9:32 PM 22216]

R3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [6/11/2011 3:59 PM 6609920]

S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\e:\test\kerneld.wnt --> e:\test\kerneld.wnt [?]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [6/19/2007 2:21 AM 18560]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]

S3 SVRPEDRV;SVRPEDRV;\??\c:\docume~1\user\LOCALS~1\Temp\RarSFX0\S10VWF\PEDrv.sys --> c:\docume~1\user\LOCALS~1\Temp\RarSFX0\S10VWF\PEDrv.sys [?]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [11/4/2005 7:53 PM 14336]

S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/24/2010 4:38 AM 92008]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-15 c:\windows\Tasks\1-Click Maintenance.job

- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-04-16 14:09]

.

2011-09-10 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

.

2011-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1199713533-4294477791-1050444248-1006Core.job

- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-07 02:36]

.

2011-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1199713533-4294477791-1050444248-1006UA.job

- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-07 02:36]

.

2007-02-06 c:\windows\Tasks\Registration reminder 1.job

- c:\windows\system32\OOBE\oobebaln.exe [2005-11-05 00:12]

.

2007-02-06 c:\windows\Tasks\Registration reminder 2.job

- c:\windows\system32\OOBE\oobebaln.exe [2005-11-05 00:12]

.

2007-02-06 c:\windows\Tasks\Registration reminder 3.job

- c:\windows\system32\OOBE\oobebaln.exe [2005-11-05 00:12]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://att.yahoo.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.yude.info/

uInternet Settings,ProxyOverride = 127.0.0.1;*.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: adobe.com\get

Trusted Zone: texasteachers.org\www

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{36C8ED33-2948-4A25-AC42-EDB0748DF9FB}: NameServer = 156.154.70.22,156.154.71.22

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

SafeBoot-MCODS

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-14 21:59

Windows 5.1.2600 Service Pack 3 NTFS

.

detected NTDLL code modification:

ZwClose

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EverestDriver]

"ImagePath"="\??\e:\test\kerneld.wnt"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1199713533-4294477791-1050444248-1006\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\software\Classes\.sol]

@DACL=(02 0000)

@SACL=

.

[HKEY_LOCAL_MACHINE\software\Classes\.sor]

@DACL=(02 0000)

@SACL=

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1124)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\psqlpwd.dll

c:\program files\Protector Suite QL\infra.dll

c:\program files\Protector Suite QL\homefus2.dll

c:\windows\system32\biologon.dll

c:\program files\Protector Suite QL\homepass.dll

c:\program files\Protector Suite QL\bio.dll

c:\program files\Protector Suite QL\remote.dll

.

- - - - - - - > 'lsass.exe'(1208)

c:\windows\system32\guard32.dll

.

- - - - - - - > 'explorer.exe'(184)

c:\windows\system32\WININET.dll

c:\windows\system32\guard32.dll

c:\progra~1\SBCSEL~1\SMARTB~1\SBHook.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Protector Suite QL\mysafe.dll

c:\program files\Protector Suite QL\infra.dll

c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\acs.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\windows\system32\DVDRAMSV.exe

c:\toshiba\IVP\swupdate\swupdtmr.exe

c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

c:\program files\TOSHIBA\ConfigFree\NDSTray.exe

c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\igfxsrvc.exe

c:\program files\TOSHIBA\ConfigFree\CFSServ.exe

c:\program files\TOSHIBA\ConfigFree\CFXFER.exe

.

**************************************************************************

.

Completion time: 2011-10-14 22:15:12 - machine was rebooted

ComboFix-quarantined-files.txt 2011-10-15 03:15

.

Pre-Run: 88,032,047,104 bytes free

Post-Run: 87,889,268,736 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 849D77AAD31ED86BB8084C8985D415E3

Link to post
Share on other sites

Thanks for your help!

Updated MBAM quick scan and ComboFix logs follow. DDS will follow soon.

********************************************************************************************************************

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7949

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

10/14/2011 6:08:14 PM

mbam-log-2011-10-14 (18-08-14).txt

Scan type: Quick scan

Objects scanned: 190961

Time elapsed: 40 minute(s), 45 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

********************************************************************************************************

ComboFix 11-10-14.04 - user 10/14/2011 21:30:54.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.267 [GMT -5:00]

Running from: c:\documents and settings\user\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\Default User\WINDOWS

c:\documents and settings\user\WINDOWS

c:\windows\system32\config\systemprofile\WINDOWS

c:\windows\system32\d3d9caps.dat

.

.

((((((((((((((((((((((((( Files Created from 2011-09-15 to 2011-10-15 )))))))))))))))))))))))))))))))

.

.

2011-10-11 13:47 . 2011-10-11 13:47 -------- d-----w- c:\program files\7-Zip

2011-10-09 21:39 . 2011-10-09 21:39 -------- d-----w- c:\program files\ESET

2011-09-26 00:00 . 2011-09-26 00:00 56336 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

2011-09-23 15:59 . 2011-10-05 01:12 -------- d-----w- c:\documents and settings\user\Application Data\gtk-2.0

2011-09-23 15:58 . 2011-10-05 01:12 -------- d-----w- c:\program files\Gnaural

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-01 22:57 . 2011-05-28 19:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-09 09:12 . 2005-11-05 00:52 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20 . 2005-11-05 00:53 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-31 22:00 . 2010-05-07 02:32 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-22 23:48 . 2005-11-05 00:53 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48 . 2005-11-05 00:52 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48 . 2005-11-05 00:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56 . 2005-11-05 00:52 385024 ----a-w- c:\windows\system32\html.iec

2011-08-19 18:34 . 2011-08-19 18:34 52224 ----a-w- c:\windows\ipuninst.exe

2011-08-17 13:49 . 2005-11-05 00:52 138496 ----a-w- c:\windows\system32\drivers\afd.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]

"WinRamTurbo"="c:\program files\WinRamTurbo Pro 4.92\WinRamTurboPro.exe" [2002-04-12 485888]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CFSServ.exe"="CFSServ.exe -NoClient" [X]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 98394]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1343488]

"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2005-11-25 352256]

"NDSTray.exe"="NDSTray.exe" [bU]

"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-10 73728]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940]

"TFncKy"="TFncKy.exe" [bU]

"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-07-15 1077322]

"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]

"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]

"RTHDCPL"="RTHDCPL.EXE" [2005-11-10 15473664]

"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-10-29 102400]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 2554696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

.

c:\documents and settings\user\Start Menu\Programs\Startup\

avgnt.exe.lnk - c:\program files\Avira\AntiVir Desktop\avgnt.exe [2011-6-20 281768]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-11-4 155648]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2006-05-06 00:48 40448 ----a-w- c:\windows\system32\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\guard32.dll

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 02:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-05-04 02:43 69632 ----a-w- c:\windows\Alcmtr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-09-07 02:36 136176 ----atw- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-09-24 07:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-04-08 17:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2010-08-24 09:38 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]

2005-06-01 05:00 282624 ----a-w- c:\windows\system32\TPSMain.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]

2006-07-21 22:19 129536 ----a-w- c:\progra~1\Yahoo!\browser\ybrwicon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"WmdmPmSN"=3 (0x3)

"TuneUp.Defrag"=3 (0x3)

"TomTomHOMEService"=2 (0x2)

"seclogon"=3 (0x3)

"LeapFrog Connect Device Service"=2 (0x2)

"Lavasoft Ad-Aware Service"=3 (0x3)

"lanmanserver"=2 (0x2)

"iPod Service"=3 (0x3)

"gusvc"=3 (0x3)

"ERSvc"=2 (0x2)

"CryptSvc"=3 (0x3)

"Bonjour Service"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"idsvc"=3 (0x3)

"Ati HotKey Poller"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

"RasMan"=3 (0x3)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup

"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" /startup

"Persistence"=c:\windows\system32\igfxpers.exe

"AGRSMMSG"=AGRSMMSG.exe

"CFSServ.exe"=CFSServ.exe -NoClient

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=

"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [9/25/2011 7:00 PM 56336]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [9/11/2010 12:40 AM 242600]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [9/11/2010 12:40 AM 29400]

R1 RapportCerberus_29574;RapportCerberus_29574;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys [8/8/2011 8:29 PM 216912]

R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [9/25/2011 7:00 PM 70416]

R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [9/25/2011 7:00 PM 161936]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [8/3/2010 11:13 PM 98392]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/20/2011 11:03 PM 136360]

R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [5/5/2006 8:00 PM 13568]

R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [5/5/2006 7:59 PM 33024]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [6/11/2011 4:03 PM 112800]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/6/2010 9:32 PM 366152]

R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [9/25/2011 6:59 PM 919352]

R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [5/5/2006 7:33 PM 3456]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/6/2010 9:32 PM 22216]

R3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [6/11/2011 3:59 PM 6609920]

S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\e:\test\kerneld.wnt --> e:\test\kerneld.wnt [?]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [6/19/2007 2:21 AM 18560]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]

S3 SVRPEDRV;SVRPEDRV;\??\c:\docume~1\user\LOCALS~1\Temp\RarSFX0\S10VWF\PEDrv.sys --> c:\docume~1\user\LOCALS~1\Temp\RarSFX0\S10VWF\PEDrv.sys [?]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [11/4/2005 7:53 PM 14336]

S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/24/2010 4:38 AM 92008]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-15 c:\windows\Tasks\1-Click Maintenance.job

- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-04-16 14:09]

.

2011-09-10 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

.

2011-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1199713533-4294477791-1050444248-1006Core.job

- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-07 02:36]

.

2011-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1199713533-4294477791-1050444248-1006UA.job

- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-07 02:36]

.

2007-02-06 c:\windows\Tasks\Registration reminder 1.job

- c:\windows\system32\OOBE\oobebaln.exe [2005-11-05 00:12]

.

2007-02-06 c:\windows\Tasks\Registration reminder 2.job

- c:\windows\system32\OOBE\oobebaln.exe [2005-11-05 00:12]

.

2007-02-06 c:\windows\Tasks\Registration reminder 3.job

- c:\windows\system32\OOBE\oobebaln.exe [2005-11-05 00:12]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://att.yahoo.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.yude.info/

uInternet Settings,ProxyOverride = 127.0.0.1;*.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: adobe.com\get

Trusted Zone: texasteachers.org\www

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{36C8ED33-2948-4A25-AC42-EDB0748DF9FB}: NameServer = 156.154.70.22,156.154.71.22

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

SafeBoot-MCODS

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-14 21:59

Windows 5.1.2600 Service Pack 3 NTFS

.

detected NTDLL code modification:

ZwClose

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EverestDriver]

"ImagePath"="\??\e:\test\kerneld.wnt"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1199713533-4294477791-1050444248-1006\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\software\Classes\.sol]

@DACL=(02 0000)

@SACL=

.

[HKEY_LOCAL_MACHINE\software\Classes\.sor]

@DACL=(02 0000)

@SACL=

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1124)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\psqlpwd.dll

c:\program files\Protector Suite QL\infra.dll

c:\program files\Protector Suite QL\homefus2.dll

c:\windows\system32\biologon.dll

c:\program files\Protector Suite QL\homepass.dll

c:\program files\Protector Suite QL\bio.dll

c:\program files\Protector Suite QL\remote.dll

.

- - - - - - - > 'lsass.exe'(1208)

c:\windows\system32\guard32.dll

.

- - - - - - - > 'explorer.exe'(184)

c:\windows\system32\WININET.dll

c:\windows\system32\guard32.dll

c:\progra~1\SBCSEL~1\SMARTB~1\SBHook.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Protector Suite QL\mysafe.dll

c:\program files\Protector Suite QL\infra.dll

c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\acs.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\windows\system32\DVDRAMSV.exe

c:\toshiba\IVP\swupdate\swupdtmr.exe

c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

c:\program files\TOSHIBA\ConfigFree\NDSTray.exe

c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\igfxsrvc.exe

c:\program files\TOSHIBA\ConfigFree\CFSServ.exe

c:\program files\TOSHIBA\ConfigFree\CFXFER.exe

.

**************************************************************************

.

Completion time: 2011-10-14 22:15:12 - machine was rebooted

ComboFix-quarantined-files.txt 2011-10-15 03:15

.

Pre-Run: 88,032,047,104 bytes free

Post-Run: 87,889,268,736 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 849D77AAD31ED86BB8084C8985D415E3

Link to post
Share on other sites

Hi--

Here is the latest DDS log.

Thanks!

John

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by user at 22:29:22 on 2011-10-14

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.270 [GMT -5:00]

.

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

FW: COMODO Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\WINDOWS\system32\IProsetMonitor.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\Toshiba\Tvs\TvsTray.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\WINDOWS\RTHDCPL.EXE

C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\WinRamTurbo Pro 4.92\WinRamTurboPro.exe

C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://att.yahoo.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.yude.info/

uInternet Settings,ProxyOverride = 127.0.0.1;*.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

EB: AT&&T Yahoo! Sidebar: {51085e3d-a958-42a2-a6be-a6a9b0baf276} - c:\program files\yahoo!\browser\ysidebarIE.dll

uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe

uRun: [WinRamTurbo] c:\program files\winramturbo pro 4.92\WinRamTurboPro.exe

mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"

mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe

mRun: [NDSTray.exe] NDSTray.exe

mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [TFncKy] TFncKy.exe

mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe

mRun: [smoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe

mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe

mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [CFSServ.exe] CFSServ.exe -NoClient

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

StartupFolder: c:\docume~1\user\startm~1\programs\startup\avgnte~1.lnk - c:\program files\avira\antivir desktop\avgnt.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

Trusted Zone: adobe.com\get

Trusted Zone: texasteachers.org\www

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181272325218

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{36C8ED33-2948-4A25-AC42-EDB0748DF9FB} : NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{39C70962-8B54-433C-B47E-0FAE14CF08BC} : DhcpNameServer = 74.134.1.164 74.134.1.166

TCP: Interfaces\{68724D8A-BFCF-4E9E-90B4-99E811A4D455} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{AD76AB9B-4C80-4440-AA54-99B9B6244CAA} : DhcpNameServer = 192.168.11.1

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: igfxcui - igfxdev.dll

Notify: psfus - psqlpwd.dll

AppInit_DLLs: c:\windows\system32\guard32.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

============= SERVICES / DRIVERS ===============

.

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-9-25 56336]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-6-20 11608]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-9-11 242600]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-9-11 29400]

R1 RapportCerberus_29574;RapportCerberus_29574;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\29574\RapportCerberus32_29574.sys [2011-8-8 216912]

R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-9-25 70416]

R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-9-25 161936]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-8-3 98392]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-6-20 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-6-20 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-6-20 66616]

R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-9-11 1793712]

R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-5-5 13568]

R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-5-5 33024]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2011-6-11 112800]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-5-6 366152]

R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-9-25 919352]

R2 smihlp;SMI helper driver;c:\program files\protector suite ql\smihlp.sys [2006-5-5 3456]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-5-6 22216]

R3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [2011-6-11 6609920]

S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\e:\test\kerneld.wnt --> e:\test\kerneld.wnt [?]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2007-6-19 18560]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]

S3 SVRPEDRV;SVRPEDRV;\??\c:\docume~1\user\locals~1\temp\rarsfx0\s10vwf\pedrv.sys --> c:\docume~1\user\locals~1\temp\rarsfx0\s10vwf\PEDrv.sys [?]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2005-11-4 14336]

S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]

.

=============== Created Last 30 ================

.

2011-10-15 02:28:39 -------- d-sha-r- C:\cmdcons

2011-10-15 02:24:33 98816 ----a-w- c:\windows\sed.exe

2011-10-15 02:24:33 518144 ----a-w- c:\windows\SWREG.exe

2011-10-15 02:24:33 256000 ----a-w- c:\windows\PEV.exe

2011-10-15 02:24:33 208896 ----a-w- c:\windows\MBR.exe

2011-10-09 21:39:54 -------- d-----w- c:\program files\ESET

2011-09-26 00:00:08 56336 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

2011-09-23 15:58:07 -------- d-----w- c:\program files\Gnaural

.

==================== Find3M ====================

.

2011-10-01 22:57:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec

2011-08-19 18:34:45 52224 ----a-w- c:\windows\ipuninst.exe

2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys

.

============= FINISH: 22:30:56.03 ===============

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

Hi Chris--

I'm still having the problems with 208.73.210.29, primarily when using Opera browser.

With the online scan, ESET crashed the first time around . . . Blue screen / BSOD . Eset scanned at least 35,000 files, then hung up at Win32k.sys . Stop code was 0x0000007A and several others.

Successfully ran ESET in Safe Mode, with no malware detections.

Ran Checkup.EXE in-between ESET runs.

Thank you!

John Cain

Checkup.TXT file follows:

Results of screen317's Security Check version 0.99.24

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

Avira AntiVir Personal - Free Antivirus

ESET Online Scanner v3

COMODO Internet Security

Avira successfully updated!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

TuneUp Utilities 2008

Java 6 Update 16

Java 6 Update 18

Java 6 Update 26

Java SE Runtime Environment 6

Java SE Runtime Environment 6 Update 1

Java 6 Update 2

Java 6 Update 3

Java 6 Update 4

Java 6 Update 5

Java 6 Update 7

Out of date Java installed!

Adobe Flash Player ( 10.3.183.10) Flash Player Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

Comodo Firewall cmdagent.exe

Comodo Firewall cfp.exe

``````````End of Log````````````

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

  • Staff

Hi,

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):

ESET Online Scanner v3

Java™ 6 Update 16

Java™ 6 Update 18

Java™ 6 Update 26

Java™ SE Runtime Environment 6

Java™ SE Runtime Environment 6 Update 1

Java™ 6 Update 2

Java™ 6 Update 3

Java™ 6 Update 4

Java™ 6 Update 5

Java™ 6 Update 7

Adobe Flash Player ( 10.3.183.10)

Restart your computer.

Get the latest version of Java and Adobe Flash Player.

Reboot.

Grab fresh copies of ComboFix and TDSSKiller, run them, and post their logs.

Link to post
Share on other sites

Thanks for the directions!

I deleted the old Java and Flash files. Adobe Flash failed to re-install. Flash installer stopped at 57% with a "failed to register."

Ran Tdsskiller and ComboFix. Today's logs below.

Thank you!

09:46:41.0734 3400 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01

09:46:42.0718 3400 ============================================================

09:46:42.0718 3400 Current date / time: 2011/10/31 09:46:42.0718

09:46:42.0718 3400 SystemInfo:

09:46:42.0718 3400

09:46:42.0718 3400 OS Version: 5.1.2600 ServicePack: 3.0

09:46:42.0718 3400 Product type: Workstation

09:46:42.0734 3400 ComputerName: TOSHIBA-USER

09:46:42.0734 3400 UserName: user

09:46:42.0734 3400 Windows directory: C:\WINDOWS

09:46:42.0734 3400 System windows directory: C:\WINDOWS

09:46:42.0734 3400 Processor architecture: Intel x86

09:46:42.0734 3400 Number of processors: 2

09:46:42.0734 3400 Page size: 0x1000

09:46:42.0734 3400 Boot type: Normal boot

09:46:42.0734 3400 ============================================================

09:46:44.0953 3400 Initialize success

09:46:53.0312 3536 ============================================================

09:46:53.0312 3536 Scan started

09:46:53.0312 3536 Mode: Manual;

09:46:53.0312 3536 ============================================================

09:46:55.0328 3536 Abiosdsk - ok

09:46:55.0703 3536 abp480n5 - ok

09:46:56.0218 3536 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

09:46:56.0359 3536 ACPI - ok

09:46:56.0765 3536 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

09:46:56.0796 3536 ACPIEC - ok

09:46:57.0187 3536 adpu160m - ok

09:46:57.0671 3536 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

09:46:57.0750 3536 aec - ok

09:46:58.0281 3536 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys

09:46:58.0296 3536 AegisP - ok

09:46:58.0781 3536 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

09:46:58.0843 3536 AFD - ok

09:46:59.0843 3536 AgereSoftModem (b3192376c7a3814b5341efc2202022f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

09:47:00.0453 3536 AgereSoftModem - ok

09:47:00.0906 3536 Aha154x - ok

09:47:01.0296 3536 aic78u2 - ok

09:47:01.0671 3536 aic78xx - ok

09:47:02.0046 3536 AliIde - ok

09:47:02.0421 3536 amsint - ok

09:47:03.0031 3536 AR5211 (f0a8370d570428e83d78593e9dfb2e5a) C:\WINDOWS\system32\DRIVERS\ar5211.sys

09:47:03.0484 3536 AR5211 - ok

09:47:03.0953 3536 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

09:47:04.0015 3536 Arp1394 - ok

09:47:04.0390 3536 asc - ok

09:47:04.0765 3536 asc3350p - ok

09:47:05.0140 3536 asc3550 - ok

09:47:05.0531 3536 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys

09:47:05.0546 3536 ASCTRM - ok

09:47:06.0031 3536 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

09:47:06.0078 3536 AsyncMac - ok

09:47:06.0531 3536 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

09:47:06.0531 3536 atapi - ok

09:47:06.0921 3536 Atdisk - ok

09:47:07.0828 3536 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

09:47:08.0875 3536 ati2mtag - ok

09:47:09.0390 3536 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

09:47:09.0421 3536 Atmarpc - ok

09:47:09.0812 3536 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

09:47:09.0843 3536 audstub - ok

09:47:10.0312 3536 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

09:47:10.0359 3536 avgntflt - ok

09:47:10.0843 3536 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\WINDOWS\system32\DRIVERS\avipbb.sys

09:47:10.0937 3536 avipbb - ok

09:47:11.0437 3536 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys

09:47:11.0500 3536 avkmgr - ok

09:47:11.0921 3536 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys

09:47:11.0953 3536 BANTExt - ok

09:47:12.0359 3536 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

09:47:12.0375 3536 Beep - ok

09:47:12.0390 3536 catchme - ok

09:47:12.0812 3536 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

09:47:12.0843 3536 cbidf2k - ok

09:47:13.0281 3536 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

09:47:13.0296 3536 CCDECODE - ok

09:47:13.0734 3536 cd20xrnt - ok

09:47:14.0125 3536 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

09:47:14.0156 3536 Cdaudio - ok

09:47:14.0593 3536 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

09:47:14.0656 3536 Cdfs - ok

09:47:15.0109 3536 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

09:47:15.0171 3536 Cdrom - ok

09:47:15.0531 3536 Changer - ok

09:47:15.0953 3536 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

09:47:15.0968 3536 CmBatt - ok

09:47:16.0750 3536 cmdGuard (be1e51b694cadc4043e428a914ee544e) C:\WINDOWS\system32\DRIVERS\cmdguard.sys

09:47:17.0031 3536 cmdGuard - ok

09:47:17.0484 3536 cmdHlp (f0a78783a95b788856eec1c36d0a1e59) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys

09:47:17.0515 3536 cmdHlp - ok

09:47:17.0890 3536 CmdIde - ok

09:47:18.0328 3536 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

09:47:18.0343 3536 Compbatt - ok

09:47:18.0796 3536 Cpqarray - ok

09:47:18.0921 3536 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys

09:47:18.0921 3536 cpudrv - ok

09:47:19.0328 3536 dac2w2k - ok

09:47:19.0687 3536 dac960nt - ok

09:47:20.0093 3536 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

09:47:20.0156 3536 Disk - ok

09:47:20.0531 3536 DLABOIOM (efae981c8ba3dad4103a76bcb5955b07) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

09:47:20.0593 3536 DLABOIOM - ok

09:47:21.0109 3536 DLACDBHM (8d45ac148fd8c1a25204aeca1397fa7e) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

09:47:21.0140 3536 DLACDBHM - ok

09:47:21.0515 3536 DLADResN (3e34a0991efdaf8cfa97441c3a51fc81) C:\WINDOWS\system32\DLA\DLADResN.SYS

09:47:21.0546 3536 DLADResN - ok

09:47:22.0015 3536 DLAIFS_M (2aef49904bde7398d0f09b6a603738ef) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

09:47:22.0093 3536 DLAIFS_M - ok

09:47:22.0453 3536 DLAOPIOM (46fa268a829384256179f4ccb6eb308f) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

09:47:22.0500 3536 DLAOPIOM - ok

09:47:22.0843 3536 DLAPoolM (26e89839af248625a4e7c4cf5873375d) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

09:47:22.0859 3536 DLAPoolM - ok

09:47:23.0265 3536 DLARTL_N (94accf8f7b87fbeaa27266927319e6ba) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

09:47:23.0296 3536 DLARTL_N - ok

09:47:23.0859 3536 DLAUDFAM (5e914bd7f68dde3fb4bffe005162c1e6) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

09:47:23.0937 3536 DLAUDFAM - ok

09:47:24.0343 3536 DLAUDF_M (8c3cfb22a7fb3be67e0c321fa10b8b50) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

09:47:24.0421 3536 DLAUDF_M - ok

09:47:25.0265 3536 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

09:47:25.0703 3536 dmboot - ok

09:47:26.0250 3536 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

09:47:26.0359 3536 dmio - ok

09:47:26.0765 3536 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

09:47:26.0812 3536 dmload - ok

09:47:27.0250 3536 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

09:47:27.0296 3536 DMusic - ok

09:47:27.0687 3536 dpti2o - ok

09:47:28.0093 3536 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

09:47:28.0125 3536 drmkaud - ok

09:47:28.0640 3536 DRVMCDB (ab6c5c26fff9b3c456aeaf7e0093c2fe) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

09:47:28.0750 3536 DRVMCDB - ok

09:47:29.0171 3536 DRVNDDM (4a307ade1638d9358b6eb90076481cc6) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

09:47:29.0234 3536 DRVNDDM - ok

09:47:29.0765 3536 e1express (6de32a9123ef60f9d423e9163af0e305) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

09:47:29.0921 3536 e1express - ok

09:47:30.0453 3536 elagopro (7ec42ec12a4bac14bcca99fb06f2d125) C:\WINDOWS\system32\DRIVERS\elagopro.sys

09:47:30.0500 3536 elagopro - ok

09:47:30.0937 3536 elaunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\elaunidr.sys

09:47:30.0968 3536 elaunidr - ok

09:47:30.0984 3536 EverestDriver - ok

09:47:31.0468 3536 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

09:47:31.0578 3536 Fastfat - ok

09:47:32.0093 3536 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

09:47:32.0140 3536 Fdc - ok

09:47:32.0312 3536 FdRedir (3314f3134ac59771a133a0cd3d343fff) C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys

09:47:32.0359 3536 FdRedir - ok

09:47:32.0406 3536 FileDisk2 (7b33f094a7a42a0225c344f5b25b1b05) C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys

09:47:32.0453 3536 FileDisk2 - ok

09:47:33.0000 3536 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

09:47:33.0046 3536 Fips - ok

09:47:33.0453 3536 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

09:47:33.0500 3536 Flpydisk - ok

09:47:33.0984 3536 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

09:47:34.0078 3536 FltMgr - ok

09:47:34.0531 3536 FlyUsb (8efa9bfc940d9eb9348d9dafb839fe25) C:\WINDOWS\system32\DRIVERS\FlyUsb.sys

09:47:34.0546 3536 FlyUsb - ok

09:47:35.0031 3536 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

09:47:35.0062 3536 Fs_Rec - ok

09:47:35.0546 3536 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

09:47:35.0734 3536 Ftdisk - ok

09:47:36.0250 3536 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

09:47:36.0312 3536 GEARAspiWDM - ok

09:47:36.0750 3536 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

09:47:36.0796 3536 Gpc - ok

09:47:37.0406 3536 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

09:47:37.0484 3536 HDAudBus - ok

09:47:37.0906 3536 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

09:47:37.0937 3536 HidUsb - ok

09:47:38.0312 3536 hpn - ok

09:47:38.0859 3536 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

09:47:38.0984 3536 HTTP - ok

09:47:39.0453 3536 i2omgmt - ok

09:47:39.0828 3536 i2omp - ok

09:47:40.0265 3536 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

09:47:40.0328 3536 i8042prt - ok

09:47:43.0859 3536 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

09:47:47.0234 3536 ialm - ok

09:47:47.0796 3536 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

09:47:47.0843 3536 Imapi - ok

09:47:48.0218 3536 ini910u - ok

09:47:48.0687 3536 Inspect (d22ac37cbe6cf295416ef84245b804a8) C:\WINDOWS\system32\DRIVERS\inspect.sys

09:47:48.0781 3536 Inspect - ok

09:47:51.0359 3536 IntcAzAudAddService (1a5b97b5bffde5742f4209f734c4faf0) C:\WINDOWS\system32\drivers\RtkHDAud.sys

09:47:53.0640 3536 IntcAzAudAddService - ok

09:47:54.0109 3536 IntelIde - ok

09:47:54.0531 3536 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

09:47:54.0546 3536 intelppm - ok

09:47:54.0968 3536 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

09:47:55.0015 3536 Ip6Fw - ok

09:47:55.0421 3536 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

09:47:55.0453 3536 IpFilterDriver - ok

09:47:55.0875 3536 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

09:47:55.0921 3536 IpInIp - ok

09:47:56.0406 3536 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

09:47:56.0500 3536 IpNat - ok

09:47:57.0015 3536 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

09:47:57.0078 3536 IPSec - ok

09:47:57.0484 3536 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

09:47:57.0500 3536 IRENUM - ok

09:47:57.0937 3536 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

09:47:57.0984 3536 isapnp - ok

09:47:58.0406 3536 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

09:47:58.0421 3536 Kbdclass - ok

09:47:58.0812 3536 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

09:47:58.0859 3536 kbdhid - ok

09:47:59.0437 3536 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

09:47:59.0453 3536 kmixer - ok

09:47:59.0921 3536 KR10N (00c1ea8decf810b8eccb5c5a8186a96e) C:\WINDOWS\system32\drivers\KR10N.sys

09:48:00.0109 3536 KR10N - ok

09:48:00.0562 3536 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

09:48:00.0609 3536 KSecDD - ok

09:48:00.0671 3536 Lavasoft Kernexplorer - ok

09:48:01.0156 3536 lbrtfdc - ok

09:48:01.0593 3536 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys

09:48:01.0625 3536 MBAMProtector - ok

09:48:02.0062 3536 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys

09:48:02.0140 3536 meiudf - ok

09:48:02.0546 3536 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

09:48:02.0546 3536 mnmdd - ok

09:48:03.0000 3536 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

09:48:03.0015 3536 Modem - ok

09:48:03.0453 3536 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

09:48:03.0500 3536 Mouclass - ok

09:48:04.0000 3536 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

09:48:04.0031 3536 mouhid - ok

09:48:04.0468 3536 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

09:48:04.0546 3536 MountMgr - ok

09:48:04.0906 3536 mraid35x - ok

09:48:05.0406 3536 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

09:48:05.0515 3536 MRxDAV - ok

09:48:06.0156 3536 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

09:48:06.0390 3536 MRxSmb - ok

09:48:06.0890 3536 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

09:48:06.0921 3536 Msfs - ok

09:48:07.0343 3536 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

09:48:07.0343 3536 MSKSSRV - ok

09:48:07.0750 3536 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

09:48:07.0781 3536 MSPCLOCK - ok

09:48:08.0187 3536 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

09:48:08.0234 3536 MSPQM - ok

09:48:08.0765 3536 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

09:48:08.0781 3536 mssmbios - ok

09:48:09.0171 3536 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

09:48:09.0187 3536 MSTEE - ok

09:48:09.0687 3536 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

09:48:09.0750 3536 Mup - ok

09:48:10.0203 3536 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

09:48:10.0265 3536 NABTSFEC - ok

09:48:10.0843 3536 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

09:48:10.0968 3536 NDIS - ok

09:48:11.0390 3536 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

09:48:11.0406 3536 NdisIP - ok

09:48:11.0812 3536 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

09:48:11.0828 3536 NdisTapi - ok

09:48:12.0218 3536 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

09:48:12.0250 3536 Ndisuio - ok

09:48:12.0734 3536 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

09:48:12.0828 3536 NdisWan - ok

09:48:13.0281 3536 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

09:48:13.0312 3536 NDProxy - ok

09:48:13.0750 3536 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

09:48:13.0812 3536 NetBIOS - ok

09:48:14.0312 3536 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

09:48:14.0437 3536 NetBT - ok

09:48:14.0953 3536 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys

09:48:14.0953 3536 Netdevio - ok

09:48:15.0593 3536 netrcacm (b128ccc0e4586628d5d6f6a8f1d0778d) C:\WINDOWS\system32\DRIVERS\netrcacm.sys

09:48:15.0609 3536 netrcacm - ok

09:48:17.0234 3536 NETw3x32 (e2f396f71a793a04839dbb6af304a026) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys

09:48:18.0437 3536 NETw3x32 - ok

09:48:21.0078 3536 NETw5x32 (05743fffc2bc88cc8e426321bc6a762e) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys

09:48:22.0984 3536 NETw5x32 - ok

09:48:26.0921 3536 NETwLx32 (72062b53186e4a3f5fcbc41ebb62b905) C:\WINDOWS\system32\DRIVERS\NETwLx32.sys

09:48:30.0671 3536 NETwLx32 - ok

09:48:31.0453 3536 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

09:48:31.0484 3536 NIC1394 - ok

09:48:31.0921 3536 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

09:48:31.0953 3536 Npfs - ok

09:48:32.0546 3536 NSNDIS5 (53f7546e8daefb3a0813f5e19c4613c9) C:\WINDOWS\system32\NSNDIS5.SYS

09:48:32.0703 3536 NSNDIS5 - ok

09:48:33.0718 3536 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

09:48:34.0046 3536 Ntfs - ok

09:48:34.0671 3536 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

09:48:34.0703 3536 Null - ok

09:48:35.0109 3536 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

09:48:35.0140 3536 NwlnkFlt - ok

09:48:35.0640 3536 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

09:48:35.0671 3536 NwlnkFwd - ok

09:48:36.0109 3536 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

09:48:36.0156 3536 ohci1394 - ok

09:48:36.0593 3536 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

09:48:36.0671 3536 Parport - ok

09:48:37.0093 3536 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

09:48:37.0125 3536 PartMgr - ok

09:48:37.0609 3536 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

09:48:37.0656 3536 ParVdm - ok

09:48:38.0000 3536 PCAMPR5 - ok

09:48:38.0453 3536 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

09:48:38.0515 3536 PCI - ok

09:48:38.0906 3536 PCIDump - ok

09:48:39.0312 3536 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

09:48:39.0312 3536 PCIIde - ok

09:48:39.0765 3536 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

09:48:39.0859 3536 Pcmcia - ok

09:48:40.0328 3536 PDCOMP - ok

09:48:40.0687 3536 PDFRAME - ok

09:48:41.0078 3536 PDRELI - ok

09:48:41.0453 3536 PDRFRAME - ok

09:48:41.0828 3536 perc2 - ok

09:48:42.0203 3536 perc2hib - ok

09:48:42.0625 3536 pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys

09:48:42.0640 3536 pfc - ok

09:48:43.0093 3536 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

09:48:43.0156 3536 PptpMiniport - ok

09:48:43.0578 3536 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

09:48:43.0609 3536 PSched - ok

09:48:44.0015 3536 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

09:48:44.0046 3536 Ptilink - ok

09:48:44.0453 3536 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

09:48:44.0484 3536 PxHelp20 - ok

09:48:44.0890 3536 ql1080 - ok

09:48:45.0312 3536 Ql10wnt - ok

09:48:45.0703 3536 ql12160 - ok

09:48:46.0125 3536 ql1240 - ok

09:48:46.0500 3536 ql1280 - ok

09:48:46.0812 3536 RapportCerberus_32029 (9919c63e9150af648c42d28b5d72a32f) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus32_32029.sys

09:48:46.0953 3536 RapportCerberus_32029 - ok

09:48:47.0125 3536 RapportEI (90bc0b9ef6106b8f5f762bdf4f0ad723) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys

09:48:47.0187 3536 RapportEI - ok

09:48:47.0703 3536 RapportKELL (8cc04334a2fda2b6d79631dbe62f5cd0) C:\WINDOWS\system32\Drivers\RapportKELL.sys

09:48:47.0765 3536 RapportKELL - ok

09:48:47.0937 3536 RapportPG (a16ba67cf3f448bd163246dd725b7ffc) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

09:48:48.0015 3536 RapportPG - ok

09:48:48.0437 3536 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

09:48:48.0437 3536 RasAcd - ok

09:48:48.0875 3536 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

09:48:48.0937 3536 Rasl2tp - ok

09:48:49.0484 3536 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

09:48:49.0531 3536 RasPppoe - ok

09:48:49.0937 3536 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

09:48:49.0937 3536 Raspti - ok

09:48:50.0421 3536 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

09:48:50.0515 3536 Rdbss - ok

09:48:50.0906 3536 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

09:48:50.0937 3536 RDPCDD - ok

09:48:51.0421 3536 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

09:48:51.0484 3536 RDPWD - ok

09:48:51.0984 3536 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

09:48:52.0046 3536 redbook - ok

09:48:52.0531 3536 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys

09:48:52.0593 3536 RTL8023xp - ok

09:48:52.0984 3536 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

09:48:53.0000 3536 rtl8139 - ok

09:48:53.0468 3536 SBRE (c1ae5d1f53285d79a0b73a62af20734f) C:\WINDOWS\system32\drivers\SBREdrv.sys

09:48:53.0515 3536 SBRE - ok

09:48:54.0015 3536 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

09:48:54.0093 3536 sdbus - ok

09:48:54.0562 3536 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

09:48:54.0609 3536 Secdrv - ok

09:48:55.0046 3536 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

09:48:55.0093 3536 Serial - ok

09:48:55.0500 3536 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

09:48:55.0531 3536 Sfloppy - ok

09:48:55.0984 3536 Simbad - ok

09:48:56.0390 3536 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

09:48:56.0390 3536 SLIP - ok

09:48:56.0500 3536 smihlp (94eede27fd7d46707be49127922695a7) C:\Program Files\Protector Suite QL\smihlp.sys

09:48:56.0531 3536 smihlp - ok

09:48:56.0937 3536 Sparrow - ok

09:48:57.0343 3536 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

09:48:57.0375 3536 splitter - ok

09:48:57.0937 3536 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

09:48:58.0031 3536 sr - ok

09:48:58.0640 3536 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

09:48:58.0828 3536 Srv - ok

09:48:59.0296 3536 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

09:48:59.0343 3536 ssmdrv - ok

09:48:59.0812 3536 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

09:48:59.0828 3536 streamip - ok

09:48:59.0968 3536 SVRPEDRV - ok

09:49:00.0406 3536 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

09:49:00.0406 3536 swenum - ok

09:49:00.0859 3536 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

09:49:00.0921 3536 swmidi - ok

09:49:01.0296 3536 symc810 - ok

09:49:01.0671 3536 symc8xx - ok

09:49:02.0046 3536 sym_hi - ok

09:49:02.0421 3536 sym_u3 - ok

09:49:02.0953 3536 SynTP (cfb41bf11ae95c26133bae3ec2e334bd) C:\WINDOWS\system32\DRIVERS\SynTP.sys

09:49:03.0109 3536 SynTP - ok

09:49:03.0578 3536 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

09:49:03.0609 3536 sysaudio - ok

09:49:04.0046 3536 tbiosdrv (7147b0575bcc93a6ab7d5c90f47c0b9f) C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys

09:49:04.0062 3536 tbiosdrv - ok

09:49:04.0687 3536 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

09:49:04.0875 3536 Tcpip - ok

09:49:05.0312 3536 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys

09:49:05.0328 3536 TcUsb - ok

09:49:05.0812 3536 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

09:49:05.0828 3536 TDPIPE - ok

09:49:06.0218 3536 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

09:49:06.0265 3536 TDTCP - ok

09:49:06.0718 3536 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

09:49:06.0812 3536 TermDD - ok

09:49:07.0296 3536 tifm21 (244cfbffdefb77f3df571a8cd108fc06) C:\WINDOWS\system32\drivers\tifm21.sys

09:49:07.0421 3536 tifm21 - ok

09:49:07.0843 3536 TosIde - ok

09:49:08.0281 3536 TVALD (676db15ddf2e0ff6ec03068dea428b8b) C:\WINDOWS\system32\DRIVERS\NBSMI.sys

09:49:08.0312 3536 TVALD - ok

09:49:08.0765 3536 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS

09:49:08.0812 3536 TVICHW32 - ok

09:49:09.0265 3536 Tvs (12c836c7fe526d7b3239af82e4083be2) C:\WINDOWS\system32\DRIVERS\Tvs.sys

09:49:09.0296 3536 Tvs - ok

09:49:09.0781 3536 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

09:49:09.0812 3536 Udfs - ok

09:49:10.0187 3536 ultra - ok

09:49:10.0781 3536 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

09:49:11.0015 3536 Update - ok

09:49:11.0484 3536 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

09:49:11.0546 3536 usbaudio - ok

09:49:11.0968 3536 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

09:49:12.0015 3536 usbccgp - ok

09:49:12.0500 3536 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

09:49:12.0546 3536 usbehci - ok

09:49:13.0000 3536 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

09:49:13.0046 3536 usbhub - ok

09:49:13.0453 3536 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

09:49:13.0468 3536 usbohci - ok

09:49:13.0890 3536 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

09:49:13.0921 3536 USBSTOR - ok

09:49:14.0375 3536 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

09:49:14.0406 3536 usbuhci - ok

09:49:14.0890 3536 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

09:49:14.0953 3536 usbvideo - ok

09:49:15.0406 3536 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

09:49:15.0421 3536 VgaSave - ok

09:49:15.0796 3536 ViaIde - ok

09:49:16.0296 3536 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

09:49:16.0343 3536 VolSnap - ok

09:49:16.0781 3536 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

09:49:16.0828 3536 Wanarp - ok

09:49:17.0296 3536 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

09:49:17.0343 3536 wanatw - ok

09:49:17.0781 3536 WDICA - ok

09:49:18.0234 3536 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

09:49:18.0312 3536 wdmaud - ok

09:49:18.0796 3536 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

09:49:18.0812 3536 WSTCODEC - ok

09:49:19.0281 3536 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

09:49:19.0328 3536 WudfPf - ok

09:49:19.0390 3536 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk0\DR0

09:49:19.0671 3536 \Device\Harddisk0\DR0 - ok

09:49:19.0671 3536 Boot (0x1200) (c98e519b164be9765dd2689f7162e1a3) \Device\Harddisk0\DR0\Partition0

09:49:19.0671 3536 \Device\Harddisk0\DR0\Partition0 - ok

09:49:19.0671 3536 ============================================================

09:49:19.0671 3536 Scan finished

09:49:19.0671 3536 ============================================================

09:49:19.0687 1696 Detected object count: 0

09:49:19.0687 1696 Actual detected object count: 0

COMBOFIX __________________________________________________________________________________________________________

ComboFix 11-10-30.03 - user 10/31/2011 9:57.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.397 [GMT -5:00]

Running from: c:\documents and settings\user\My Documents\Downloads\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\user\Start Menu\Programs\Startup\avgnt.exe.lnk

c:\windows\help\tours\htmltour\unlock_playing.htm

.

.

((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-31 )))))))))))))))))))))))))))))))

.

.

2011-10-31 14:43 . 2011-10-31 14:46 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-27 14:22 . 2011-10-27 14:22 -------- d-----w- c:\documents and settings\user\Application Data\Avira

2011-10-27 14:19 . 2011-09-18 13:39 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-10-27 14:19 . 2011-09-16 04:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2011-10-27 14:19 . 2011-09-16 04:55 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-10-27 14:18 . 2011-10-27 14:18 -------- d-----w- c:\program files\Avira

2011-10-27 14:18 . 2011-10-27 14:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2011-10-26 03:06 . 2011-10-07 17:47 33984 ----a-w- c:\windows\system32\cmdcsr.dll

2011-10-11 13:47 . 2011-10-11 13:47 -------- d-----w- c:\program files\7-Zip

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-07 17:48 . 2010-09-11 05:40 97760 ----a-w- c:\windows\system32\drivers\inspect.sys

2011-10-07 17:48 . 2010-09-11 05:40 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2011-10-07 17:48 . 2010-09-11 05:40 492768 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2011-10-07 17:47 . 2010-09-11 05:40 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys

2011-10-07 17:47 . 2010-09-11 05:41 300200 ----a-w- c:\windows\system32\guard32.dll

2011-09-26 16:41 . 2007-10-09 19:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 16:41 . 2005-11-05 00:53 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 16:41 . 2005-11-05 00:53 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-26 00:00 . 2011-09-26 00:00 56336 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

2011-09-09 09:12 . 2005-11-05 00:52 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20 . 2005-11-05 00:53 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-31 22:00 . 2010-05-07 02:32 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-22 23:48 . 2005-11-05 00:53 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48 . 2005-11-05 00:52 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48 . 2005-11-05 00:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56 . 2005-11-05 00:52 385024 ----a-w- c:\windows\system32\html.iec

2011-08-19 18:34 . 2011-08-19 18:34 52224 ----a-w- c:\windows\ipuninst.exe

2011-08-17 13:49 . 2005-11-05 00:52 138496 ----a-w- c:\windows\system32\drivers\afd.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2011-10-15_02.59.46 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-06-11 06:58 . 2011-06-11 06:58 51024 c:\windows\system32\vcomp100.dll

+ 2011-06-11 06:58 . 2011-06-11 06:58 81744 c:\windows\system32\mfcm100u.dll

+ 2011-06-11 06:58 . 2011-06-11 06:58 81744 c:\windows\system32\mfcm100.dll

+ 2011-06-11 06:58 . 2011-06-11 06:58 60752 c:\windows\system32\mfc100rus.dll

+ 2011-06-11 06:58 . 2011-06-11 06:58 43344 c:\windows\system32\mfc100kor.dll

+ 2011-06-11 06:58 . 2011-06-11 06:58 43856 c:\windows\system32\mfc100jpn.dll

+ 2011-06-11 06:58 . 2011-06-11 06:58 62288 c:\windows\system32\mfc100ita.dll

+ 2011-06-11 06:58 . 2011-06-11 06:58 64336 c:\windows\system32\mfc100fra.dll

+ 2011-06-11 06:58 . 2011-06-11 06:58 63824 c:\windows\system32\mfc100esn.dll

+ 2011-06-11 06:58 . 2011-06-11 06:58 55120 c:\windows\system32\mfc100enu.dll

+ 2011-06-11 06:58 . 2011-06-11 06:58 64336 c:\windows\system32\mfc100deu.dll

+ 2011-06-11 06:58 . 2011-06-11 06:58 36176 c:\windows\system32\mfc100cht.dll

+ 2011-06-11 06:58 . 2011-06-11 06:58 36176 c:\windows\system32\mfc100chs.dll

+ 2011-10-27 14:19 . 2010-06-17 20:14 28520 c:\windows\system32\drivers\ssmdrv.sys

- 2011-06-21 04:03 . 2010-06-17 20:27 28520 c:\windows\system32\drivers\ssmdrv.sys

- 2005-11-05 00:53 . 2009-10-08 20:56 20480 c:\windows\system32\dllcache\oleaccrc.dll

+ 2005-11-05 00:53 . 2011-09-26 16:41 20480 c:\windows\system32\dllcache\oleaccrc.dll

+ 2010-06-04 02:31 . 2011-10-15 03:49 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

- 2010-06-04 02:31 . 2011-06-17 01:39 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

+ 2011-06-11 06:58 . 2011-06-11 06:58 773968 c:\windows\system32\msvcr100.dll

+ 2011-06-11 06:58 . 2011-06-11 06:58 421200 c:\windows\system32\msvcp100.dll

+ 2011-10-31 14:43 . 2011-10-31 14:46 247968 c:\windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe

+ 2011-10-31 14:43 . 2011-10-31 14:46 335520 c:\windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.dll

+ 2009-10-08 20:57 . 2011-09-26 16:41 220160 c:\windows\system32\dllcache\oleacc.dll

- 2009-10-08 20:57 . 2009-10-08 20:57 220160 c:\windows\system32\dllcache\oleacc.dll

+ 2011-06-11 06:58 . 2011-06-11 06:58 138056 c:\windows\system32\atl100.dll

+ 2011-10-27 14:00 . 2011-10-27 14:00 160768 c:\windows\Installer\39b312.msi

+ 2011-06-11 06:58 . 2011-06-11 06:58 4422992 c:\windows\system32\mfc100u.dll

+ 2011-06-11 06:58 . 2011-06-11 06:58 4397384 c:\windows\system32\mfc100.dll

+ 2011-06-29 02:27 . 2011-06-29 02:27 4028928 c:\windows\Installer\9304ed.msp

+ 2011-10-15 03:47 . 2011-10-15 03:47 20333568 c:\windows\Installer\31d1f1.msp

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]

"WinRamTurbo"="c:\program files\WinRamTurbo Pro 4.92\WinRamTurboPro.exe" [2002-04-12 485888]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CFSServ.exe"="CFSServ.exe -NoClient" [X]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 98394]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1343488]

"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2005-11-25 352256]

"NDSTray.exe"="NDSTray.exe" [bU]

"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-10 73728]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940]

"TFncKy"="TFncKy.exe" [bU]

"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-07-15 1077322]

"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]

"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]

"RTHDCPL"="RTHDCPL.EXE" [2005-11-10 15473664]

"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-10-29 102400]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-11-4 155648]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2006-05-06 00:48 40448 ----a-w- c:\windows\system32\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\guard32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 02:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-05-04 02:43 69632 ----a-w- c:\windows\Alcmtr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-09-07 02:36 136176 ----atw- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-09-24 07:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2010-08-24 09:38 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]

2005-06-01 05:00 282624 ----a-w- c:\windows\system32\TPSMain.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]

2006-07-21 22:19 129536 ----a-w- c:\progra~1\Yahoo!\browser\ybrwicon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"WmdmPmSN"=3 (0x3)

"TuneUp.Defrag"=3 (0x3)

"TomTomHOMEService"=2 (0x2)

"seclogon"=3 (0x3)

"LeapFrog Connect Device Service"=2 (0x2)

"Lavasoft Ad-Aware Service"=3 (0x3)

"lanmanserver"=2 (0x2)

"iPod Service"=3 (0x3)

"gusvc"=3 (0x3)

"ERSvc"=2 (0x2)

"CryptSvc"=3 (0x3)

"Bonjour Service"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"idsvc"=3 (0x3)

"Ati HotKey Poller"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

"RasMan"=3 (0x3)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup

"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

"Google Update"="c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" /startup

"Persistence"=c:\windows\system32\igfxpers.exe

"AGRSMMSG"=AGRSMMSG.exe

"CFSServ.exe"=CFSServ.exe -NoClient

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" -h

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=

"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]

R3 EverestDriver;Lavalys EVEREST Kernel Driver;e:\test\kerneld.wnt [x]

R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2007-06-19 18560]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]

R3 SVRPEDRV;SVRPEDRV;c:\docume~1\user\LOCALS~1\Temp\RarSFX0\S10VWF\PEDrv.sys [x]

R3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe [2008-04-14 14336]

R4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]

S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-09-26 56336]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 36000]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-10-07 492768]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-10-07 31704]

S1 RapportCerberus_32029;RapportCerberus_32029;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus32_32029.sys [2011-10-23 227312]

S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-09-26 70416]

S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-09-26 161936]

S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-11-09 98392]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]

S2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2006-05-06 13568]

S2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2006-05-06 33024]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-04-11 112800]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-09-25 919352]

S2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [2006-05-06 3456]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]

S3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\DRIVERS\NETwLx32.sys [2010-10-07 6609920]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 95313360

*Deregistered* - 95313360

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-31 c:\windows\Tasks\1-Click Maintenance.job

- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-04-16 14:09]

.

2011-10-15 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

.

2011-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1199713533-4294477791-1050444248-1006Core.job

- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-07 02:36]

.

2011-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1199713533-4294477791-1050444248-1006UA.job

- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-07 02:36]

.

2007-02-06 c:\windows\Tasks\Registration reminder 1.job

- c:\windows\system32\OOBE\oobebaln.exe [2005-11-05 00:12]

.

2007-02-06 c:\windows\Tasks\Registration reminder 2.job

- c:\windows\system32\OOBE\oobebaln.exe [2005-11-05 00:12]

.

2007-02-06 c:\windows\Tasks\Registration reminder 3.job

- c:\windows\system32\OOBE\oobebaln.exe [2005-11-05 00:12]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://att.yahoo.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.yude.info/

uInternet Settings,ProxyOverride = 127.0.0.1;*.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: adobe.com\get

Trusted Zone: texasteachers.org\www

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{36C8ED33-2948-4A25-AC42-EDB0748DF9FB}: NameServer = 156.154.70.22,156.154.71.22

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-31 10:15

Windows 5.1.2600 Service Pack 3 NTFS

.

detected NTDLL code modification:

ZwClose

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EverestDriver]

"ImagePath"="\??\e:\test\kerneld.wnt"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1199713533-4294477791-1050444248-1006\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\software\Classes\.sol]

@DACL=(02 0000)

@SACL=

.

[HKEY_LOCAL_MACHINE\software\Classes\.sor]

@DACL=(02 0000)

@SACL=

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(696)

c:\windows\system32\guard32.dll

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\psqlpwd.dll

c:\program files\Protector Suite QL\infra.dll

c:\program files\Protector Suite QL\homefus2.dll

c:\windows\system32\biologon.dll

c:\program files\Protector Suite QL\homepass.dll

c:\program files\Protector Suite QL\bio.dll

c:\program files\Protector Suite QL\remote.dll

.

- - - - - - - > 'lsass.exe'(1156)

c:\windows\system32\guard32.dll

.

- - - - - - - > 'csrss.exe'(160)

c:\windows\system32\cmdcsr.dll

.

Completion time: 2011-10-31 10:21:38

ComboFix-quarantined-files.txt 2011-10-31 15:21

ComboFix2.txt 2011-10-15 03:15

.

Pre-Run: 87,243,108,352 bytes free

Post-Run: 87,223,046,144 bytes free

.

- - End Of File - - D83B24074D6128B92BE4A3F97FF1E705

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.