1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Tried Spybot, anti-malware, superantispyware, & more! Help! HJT log is posted

Discussion in 'Virus & Other Malware Removal' started by noseguy, Nov 23, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. noseguy

    noseguy Thread Starter

    Joined:
    Nov 23, 2011
    Messages:
    10
    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:22:13 PM, on 11/23/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Trusteer\Rapport\bin\RapportService.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe C:\WINDOWS\stsystra.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Documents and Settings\Claire\Application Data\Dropbox\bin\Dropbox.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Teleca Shared\logger.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\dllhost.exe C:\Documents and Settings\Claire\Desktop\HiJackThis.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ShowLOMControl]  O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [McafWelcome] c:\PROGRA~1\mcafee.com\agent\mcwelcom.exe O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [iPhone PC Suite] C:\Program Files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe /start O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Claire\Application Data\Dropbox\bin\Dropbox.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: SAMSUNG AllShare Service (AllShare) - Unknown owner - C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: Palm Novacom (NovacomD) - Palm - C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 7979 bytes
     
  2. noseguy

    noseguy Thread Starter

    Joined:
    Nov 23, 2011
    Messages:
    10
    Hmm. How do I post that file so it's readable?
     
  3. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,451
    First Name:
    Derek
    follow advice here and post the logs those programs make
    and tell us exactly what is wrong
    Just posting a log with no other information makes it impossible to help you. We won't guess and aren't mindreaders
     
  4. noseguy

    noseguy Thread Starter

    Joined:
    Nov 23, 2011
    Messages:
    10
    So, I'm getting redirects in firefox, and Antivir has alerted me to the presence of TR/dldr.LEF and bds/backdoor.gen5. Below, in addition to the HJT log above are the dds, attach and gmer logs. I also can't seem to connect to my wireless router, it is hanging at "acquiring network address." DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_17 Run by Claire at 14:22:21 on 2011-11-24 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.568 [GMT -8:00] . AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {804FD408-FFA4-00FC-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {804FD408-FFA4-00DA-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {00000000-0000-0000-0000-000000000000} AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {804FD408-FFA4-00EB-0D24-347CA8A3377C} AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {804FD0EC-FFA4-00DA-0D24-347CA8A3377C} AV: *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: *Disabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\Explorer.EXE C:\Program Files\Trusteer\Rapport\bin\RapportService.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe C:\WINDOWS\stsystra.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Documents and Settings\Claire\Application Data\Dropbox\bin\Dropbox.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Teleca Shared\logger.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File uRun: [iPhone PC Suite] c:\program files\netdragon\91 mobile\iphone\iPhone PC Suite.exe /start uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [ShowLOMControl] 1 (0x1) mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask mRun: [VirusScan Online] c:\progra~1\mcafee.com\vso\mcvsshld.exe mRun: [OASClnt] c:\program files\mcafee.com\vso\oasclnt.exe mRun: [MSKDetectorExe] c:\progra~1\mcafee\spamki~1\MSKDetct.exe /startup mRun: [MSKAGENTEXE] c:\progra~1\mcafee\spamki~1\MSKAgent.exe mRun: [MPFExe] c:\progra~1\mcafee.com\person~1\MpfTray.exe mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe mRun: [McafWelcome] c:\progra~1\mcafee.com\agent\mcwelcom.exe mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions mRun: [SigmatelSysTrayApp] stsystra.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: c:\docume~1\claire\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\claire\application data\dropbox\bin\Dropbox.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000 IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll LSP: mswsock.dll Trusted Zone: intuit.com\ttlc DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab TCP: DhcpNameServer = 76.14.0.8 76.14.0.9 TCP: Interfaces\{4D74B84A-DFC1-4985-BB87-DE0A945FF1EB} : DhcpNameServer = 76.14.0.8 76.14.0.9 Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxdev.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\claire\application data\mozilla\firefox\profiles\7pcb1ojc.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - plugin: c:\documents and settings\claire\application data\facebook\npfbplugin_1_0_3.dll FF - plugin: c:\documents and settings\claire\application data\mozilla\firefox\profiles\7pcb1ojc.default\extensions\[email protected]\plugins\npRACtrl.dll FF - plugin: c:\documents and settings\claire\application data\mozilla\plugins\npPxPlay.dll FF - plugin: c:\documents and settings\claire\local settings\application data\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll . ============= SERVICES / DRIVERS =============== . R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2011-1-18 155136] R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2011-1-18 5248] R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-11-23 36000] R1 RapportCerberus_32301;RapportCerberus_32301;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_32301.sys [2011-11-7 227312] R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-11-7 71440] R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-11-7 164112] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608] R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-11-23 86224] R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-11-23 110032] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-11-21 74640] R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-11-7 931640] R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2009-7-6 28672] R3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\RapportIaso.sys [2011-8-8 21520] S2 NetFxUpdate_v1.1.4322;Microsoft .NET Framework v1.1.4322 Update;c:\windows\microsoft.net\framework\v1.1.4322\netfxupdate.exe [2004-8-10 106496] S2 NovacomD;Palm Novacom;c:\program files\palm, inc\novacom\x86\novacomd.exe [2010-1-12 33792] S3 AllShare;SAMSUNG AllShare Service;c:\program files\samsung\samsung pc share manager\WiselinkPro.exe [2010-7-16 6638080] S3 Alpham;Ideazon Fang Composite Keyboard Driver;c:\windows\system32\drivers\Alpham.sys [2005-12-4 34944] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2010-10-5 24576] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-11-7 56208] . =============== File Associations =============== . regfile=regedit.exe "%1" %* scrfile="%1" %* . =============== Created Last 30 ================ . 2011-11-23 10:49:04 -------- d-----w- c:\windows\system32\NtmsData 2011-11-23 10:48:31 -------- d-----w- c:\documents and settings\claire\application data\Avira 2011-11-23 10:42:05 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2011-11-23 10:41:55 -------- d-----w- c:\program files\Avira 2011-11-23 10:41:55 -------- d-----w- c:\documents and settings\all users\application data\Avira 2011-11-22 18:58:24 -------- d-----w- c:\documents and settings\claire\DoctorWeb 2011-11-22 03:51:26 -------- d-----w- C:\_OTM 2011-11-08 05:28:38 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys . ==================== Find3M ==================== . 2011-10-20 00:56:50 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys . ============= FINISH: 14:23:58.93 ===============
     
  5. noseguy

    noseguy Thread Starter

    Joined:
    Nov 23, 2011
    Messages:
    10
    DDS (Ver_2011-08-26.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 4/7/2006 9:05:41 PM System Uptime: 11/24/2011 1:56:02 PM (1 hours ago) . Motherboard: Dell Inc. | | 0GD366 Processor: Intel(R) Celeron(R) M processor 1.50GHz | Microprocessor | 1496/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 53 GiB total, 20.274 GiB free. D: is CDROM () E: is CDROM () F: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP608: 11/3/2011 7:28:19 AM - System Checkpoint RP609: 11/4/2011 5:57:52 AM - Installed Rapport RP610: 11/5/2011 6:04:57 AM - System Checkpoint RP611: 11/6/2011 10:18:41 AM - System Checkpoint RP612: 11/8/2011 6:46:51 PM - System Checkpoint RP613: 11/9/2011 7:04:26 PM - System Checkpoint RP614: 11/11/2011 11:22:03 AM - System Checkpoint RP615: 11/12/2011 11:52:20 AM - System Checkpoint RP616: 11/12/2011 10:24:19 PM - Installed Rapport RP617: 11/14/2011 6:41:25 PM - System Checkpoint RP618: 11/15/2011 7:15:43 PM - System Checkpoint RP619: 11/16/2011 7:20:45 PM - System Checkpoint RP620: 11/17/2011 7:46:20 PM - System Checkpoint RP621: 11/18/2011 8:27:11 PM - System Checkpoint RP622: 11/19/2011 10:35:12 PM - System Checkpoint RP623: 11/20/2011 11:13:45 PM - System Checkpoint RP624: 11/21/2011 8:01:01 PM - OTM Restore Point RP625: 11/21/2011 8:36:00 PM - Removed SUPERAntiSpyware Free Edition RP626: 11/22/2011 9:10:43 PM - System Checkpoint RP627: 11/23/2011 2:06:35 AM - Avira AntiVir Personal - 11/23/2011 2:06 . ==== Installed Programs ====================== . (Main Game) Lightside - Legend Ragnarok Online Acoustica Mixcraft 4.2 Ad-Aware SE Personal Adobe AIR Adobe Digital Editions Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader X (10.1.1) Adobe Shockwave Player AOLIcon Apple Software Update Avira Free Antivirus BitTorrent Bonjour Broadcom Management Programs Brother HL-2070N CCleaner Compatibility Pack for the 2007 Office system Conexant HDA D110 MDC V.92 Modem Corel Photo Album 6 DAEMON Tools Dell Digital Jukebox Driver Dell Driver Download Manager Dell Driver Reset Tool Dell System Restore Dell Wireless WLAN Card DellSupport Digital Content Portal Digital Line Detect DNA Dofus 1.25.0 Dropbox EducateU ELIcon ERUNT 1.1j Facebook Plug-In getPlus(R)_ocx Gunbound Revolution High Definition Audio Driver Package - KB835221 HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) HTC Driver Installer HTC Sync IBM ViaVoice Command and Control Runtime 5.3 ijji ijji Auto Installer Intel(R) Graphics Media Accelerator Driver for Mobile Internal Network Card Power Management iTunes Java(TM) 6 Update 17 Java(TM) 6 Update 7 Learn2 Player (Uninstall Only) LibUSB-Win32-0.1.12.1 Malwarebytes' Anti-Malware version 1.51.2.1300 MCU Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 Microsoft Office XP Professional with FrontPage Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Microsoft User-Mode Driver Framework Feature Pack 1.7 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft WinUsb 1.0 Modem Helper Mozilla Firefox 8.0 (x86 en-US) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML4 Parser MTG GamePack for Magic Workstation NetWaiting Novacomd OpenAL OverDrive Media Console Palm webOS(R) Doctor(tm) Build Sprint.230.225, webOS 1.4.1.1 Pando Media Booster Photodex Presenter PowerDVD 5.5 ProShow Gold QuickSet QuickTime Rapport Real Alternative 1.60 SAMSUNG PC Share Manager Search Assist Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2491683) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2544521) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2559049) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB963027) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969897) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972260) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974455) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982665) Sonic DLA Sonic MyDVD LE Sonic RecordNow Audio Sonic RecordNow Copy Sonic RecordNow Data Sonic Update Manager Spybot - Search & Destroy Spybot - Search & Destroy 1.5.2.20 SUPERAntiSpyware Synaptics Pointing Device Driver Unity Web Player Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows XP (KB2345886) Update for Windows XP (KB2541763) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update for Windows XP (KB976749) Update for Windows XP (KB978207) Update for Windows XP (KB980182) URL Assistant Visual C++ 8.0 Runtime Setup Package VLC media player 1.1.11 WebCyberCoach 3.2 Dell WebFldrs XP Windows Driver Package - Palm (WinUSB) Palm Devices (11/30/2008 1.0.0) Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Installer 3.1 (KB893803) Windows Media Format Runtime Windows Media Player 10 Windows XP Service Pack 3 WinRAR archiver WinSCP 4.0.4 Wolfenstein - Enemy Territory WordPerfect Office 12 . ==== Event Viewer Messages From Past Week ======== . 11/24/2011 1:57:39 PM, error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error 2147952450 (0x80072742). 11/23/2011 8:22:08 AM, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the AFD service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 11/23/2011 8:22:03 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the AntiVirSchedulerService service. 11/23/2011 12:50:26 PM, error: Service Control Manager [7003] - The Network Location Awareness (NLA) service depends on the following nonexistent service: Afd 11/23/2011 12:47:26 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: A socket operation encountered a dead network. 11/23/2011 12:47:26 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: %%2147952450 11/23/2011 12:47:25 PM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: A socket operation encountered a dead network. 11/23/2011 12:47:22 PM, error: Service Control Manager [7024] - The Bonjour Service service terminated with service-specific error 4294967295 (0xFFFFFFFF). 11/23/2011 12:47:21 PM, error: Service Control Manager [7003] - The TCP/IP NetBIOS Helper service depends on the following nonexistent service: Afd 11/23/2011 12:47:20 PM, error: Service Control Manager [7003] - The DHCP Client service depends on the following nonexistent service: Afd 11/22/2011 10:51:15 AM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/22/2011 10:51:14 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect. 11/21/2011 8:36:07 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found. 11/21/2011 7:51:29 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s). 11/21/2011 7:51:27 PM, error: Service Control Manager [7034] - The ScsiAccess service terminated unexpectedly. It has done this 1 time(s). 11/21/2011 7:51:27 PM, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s). 11/21/2011 7:51:27 PM, error: Service Control Manager [7034] - The Palm Novacom service terminated unexpectedly. It has done this 1 time(s). 11/21/2011 7:51:27 PM, error: Service Control Manager [7034] - The NICCONFIGSVC service terminated unexpectedly. It has done this 1 time(s). 11/21/2011 7:51:27 PM, error: Service Control Manager [7034] - The NetworkLog service terminated unexpectedly. It has done this 1 time(s). 11/21/2011 7:51:27 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). 11/21/2011 7:51:27 PM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s). 11/21/2011 7:51:27 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s). 11/21/2011 5:07:43 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 11/21/2011 5:07:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 11/21/2011 5:07:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} 11/21/2011 5:05:53 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL ssmdrv Tcpip 11/21/2011 5:05:53 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning. 11/21/2011 5:05:53 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. 11/21/2011 5:05:53 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 11/21/2011 5:05:53 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. 11/21/2011 5:05:53 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 11/21/2011 4:14:07 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found. 11/21/2011 4:14:06 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde 11/21/2011 4:14:06 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Microsoft .NET Framework v1.1.4322 Update service to connect. 11/21/2011 4:14:06 PM, error: Service Control Manager [7000] - The Microsoft .NET Framework v1.1.4322 Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/21/2011 4:14:04 PM, error: Service Control Manager [7023] - The MicroSoft Messenger Helper service terminated with the following error: The specified module could not be found. 11/21/2011 4:13:53 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume. 11/21/2011 3:40:51 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/21/2011 3:40:48 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect. 11/21/2011 3:40:46 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE} 11/20/2011 9:57:25 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). 11/20/2011 9:56:47 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). . ==== End Of File ===========================
     
  6. noseguy

    noseguy Thread Starter

    Joined:
    Nov 23, 2011
    Messages:
    10
    GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-11-24 20:04:48 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 FUJITSU_MHV2060AH rev.000000A0 Running: jri68j66.exe; Driver: C:\DOCUME~1\Claire\LOCALS~1\Temp\pxtdypow.sys ---- System - GMER 1.0.15 ---- SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwAssignProcessToJobObject [0xA9614080] SSDT F7CA234C ZwClose SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwCreateFile [0xA9614BDE] SSDT F7CA2306 ZwCreateKey SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xF7461A20] SSDT F7CA2356 ZwCreateSection SSDT F7CA22FC ZwCreateThread SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteFile [0xA9614DD6] SSDT F7CA230B ZwDeleteKey SSDT F7CA2315 ZwDeleteValueKey SSDT F7CA2347 ZwDuplicateObject SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xF74622A8] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xF746D910] SSDT F7CA231A ZwLoadKey SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenFile [0xA9614CF6] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwOpenKey [0xF746D794] SSDT F7CA22E8 ZwOpenProcess SSDT F7CA22ED ZwOpenThread SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwProtectVirtualMemory [0xA961451C] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xF74622C8] SSDT F7CA236F ZwQueryValueKey SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRenameKey [0xA9618620] SSDT F7CA2324 ZwReplaceKey SSDT F7CA2360 ZwRequestWaitReplyPort SSDT F7CA231F ZwRestoreKey SSDT F7CA235B ZwSetContextThread SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetInformationFile [0xA9614E7C] SSDT F7CA2365 ZwSetSecurityObject SSDT d347bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xF746D0B0] SSDT F7CA2310 ZwSetValueKey SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSuspendThread [0xA9613FC0] SSDT F7CA236A ZwSystemDebugControl SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA9696640] SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwTerminateThread [0xA9613F30] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 256C 80501DA4 4 Bytes CALL E747E7CB .text ntkrnlpa.exe!ZwCallbackReturn + 2684 80501EBC 2 Bytes [20, 86] .text ntkrnlpa.exe!ZwCallbackReturn + 2687 80501EBF 5 Bytes [A9, 24, 23, CA, F7] {TEST EAX, 0xf7ca2324} ? C:\DOCUME~1\Claire\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[636] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 00445210 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.) .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[636] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001 .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[636] USER32.dll!GetGUIThreadInfo + FB 7E428023 6 Bytes JMP 71AE001E .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[636] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 719E0022 .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[636] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 71A20022 .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1144] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 00414D50 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.) .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1144] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A60001 .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1144] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71A00022 .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1144] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 71A90022 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 86FE1278 Device \FileSystem\Fastfat \FatCdrom 86DD59E8 AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) Device \Driver\Cdrom \Device\CdRom0 86C0BB40 Device \FileSystem\Rdbss \Device\FsWrap 869A83C0 Device \Driver\Cdrom \Device\CdRom1 86C0BB40 Device \Driver\atapi \Device\Ide\IdePort0 86BE7AD8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 86BE7AD8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 86BE7AD8 Device \FileSystem\Srv \Device\LanmanServer 86F74A68 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86A0C8F0 Device \FileSystem\MRxSmb \Device\LanmanRedirector 86A0C8F0 Device \FileSystem\Npfs \Device\NamedPipe 86CD02C0 Device \FileSystem\Msfs \Device\Mailslot 86CCADF8 Device \Driver\d347prt \Device\Scsi\d347prt1 86E32640 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target0Lun0 86E32640 Device \FileSystem\Fastfat \Fat 86DD59E8 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 86CB2840 Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 86CB2840 Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 86CB2840 Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 86CB2840 Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 86CB2840 Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Cdfs \Cdfs 86DC3CB8 Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) ---- Modules - GMER 1.0.15 ---- Module _________ F73EA000-F7402000 (98304 bytes) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\[email protected] 0x20 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\[email protected] 0x3F 0x77 0x2B 0x63 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 15 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] yes Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 90 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000 ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\$NtUninstallKB8274$\1755492017 0 bytes File C:\WINDOWS\$NtUninstallKB8274$\4259634614 0 bytes File C:\WINDOWS\$NtUninstallKB8274$\4259634614\@ 2048 bytes File C:\WINDOWS\$NtUninstallKB8274$\4259634614\bckfg.tmp 840 bytes File C:\WINDOWS\$NtUninstallKB8274$\4259634614\cfg.ini 207 bytes File C:\WINDOWS\$NtUninstallKB8274$\4259634614\Desktop.ini 4608 bytes File C:\WINDOWS\$NtUninstallKB8274$\4259634614\keywords 7 bytes File C:\WINDOWS\$NtUninstallKB8274$\4259634614\kwrd.dll 223744 bytes File C:\WINDOWS\$NtUninstallKB8274$\4259634614\L 0 bytes File C:\WINDOWS\$NtUninstallKB8274$\4259634614\L\odetmngk 138496 bytes File C:\WINDOWS\$NtUninstallKB8274$\4259634614\lsflt7.ver 5176 bytes File C:\WINDOWS\$NtUninstallKB8274$\4259634614\U 0 bytes File C:\WINDOWS\$NtUninstallKB8274$\4259634614\U\[email protected] 2048 bytes File C:\WINDOWS\$NtUninstallKB8274$\4259634614\U\[email protected] 224768 bytes File C:\WINDOWS\$NtUninstallKB8274$\4259634614\U\[email protected] 1024 bytes File C:\WINDOWS\$NtUninstallKB8274$\4259634614\U\[email protected] 1024 bytes File C:\WINDOWS\$NtUninstallKB8274$\4259634614\U\[email protected] 12800 bytes File C:\WINDOWS\$NtUninstallKB8274$\4259634614\U\[email protected] 97792 bytes ---- EOF - GMER 1.0.15 ----
     
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,451
    First Name:
    Derek
    sorry can't read thiose at all

    please make sure wordwrap is enabled when saving the file that dds etc makes then attach those files not try to paste them in
     
  8. noseguy

    noseguy Thread Starter

    Joined:
    Nov 23, 2011
    Messages:
    10
    Thanks for the fast responses.
     

    Attached Files:

  9. noseguy

    noseguy Thread Starter

    Joined:
    Nov 23, 2011
    Messages:
    10
    I meant that.

    It might look snippy, but it wasn't meant that way.
     
  10. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,451
    First Name:
    Derek
    OK, I can see at least one problem in those logs

    next step

    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Here or Hereto your Desktop.
    As you download it rename it to username123.exe


    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on renamed combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues
     
  11. noseguy

    noseguy Thread Starter

    Joined:
    Nov 23, 2011
    Messages:
    10
    I no longer have an internet connection on my infected computer, so I couldn't download the recovery console (I dl'd the combofix from another computer and transferred it to the infected desktop). Neither wired or wireless is connecting, I tried to renew my IP, and I get a "media disconnected" error. I have had no luck in fixing this, and wondered if it was related to malware.
     
  12. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,451
    First Name:
    Derek
    it is almost certainly malware related
    did you run combofix, if you didn't then run it please & posrt the log it makes. When it asks to install recovery console , then select no & carry on with the scan
     
  13. noseguy

    noseguy Thread Starter

    Joined:
    Nov 23, 2011
    Messages:
    10
    Here is the combofix log. Not sure if all is good, as I still can not connect to the internet. The ComboFix did say there was an infection related to the IP/TCP stack, but, I didn't want to try to tinker yet.
     

    Attached Files:

  14. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,451
    First Name:
    Derek
    Download LSPfix here: http://www.cexx.org/lspfix.htm
    run the application. Just run it, you will see a list of files in the left hand pane and possibly some in the right hand pane. Do not change any of them, just tick the"I know what i'm doing" box & press finish and the program will do anything necessary
     
  15. noseguy

    noseguy Thread Starter

    Joined:
    Nov 23, 2011
    Messages:
    10
    Did it, nothing seemed to happen.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1028212

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice