Hi semp
Thanks for the 2 latest applications to run. RootkitUnhooker detected nothing for Drivers and Stealth. The report was very brief.
Here is the report for ComboFix :
trampas
ComboFix 12-02-17.02 - Owner 19/02/2012 7:04.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.276 [GMT 10:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\WindowsUpdate.log . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2012-01-18 to 2012-02-18 )))))))))))))))))))))))))))))))
.
.
2012-02-18 00:44 . 2012-02-18 00:32 136504 ----a-w- c:\windows\system32\drivers\strings.exe
2012-02-03 22:21 . 2012-02-03 22:21 -------- d-----w- c:\program files\eSupport.com
2012-02-03 09:34 . 2012-02-03 09:34 -------- d--h--w- c:\windows\PIF
2012-02-03 09:01 . 2012-02-03 10:42 -------- d-----w- c:\program files\RkUnhooker
2012-02-01 20:23 . 2012-02-01 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-02-01 19:48 . 2012-02-01 19:48 -------- d-----w- c:\documents and settings\Administrator
2012-01-30 04:37 . 2012-01-30 23:42 -------- d-----w- c:\documents and settings\Unpriv\Local Settings\Application Data\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-16 22:56 . 2011-11-02 07:20 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-03-06 . 1B4E3AF654F96D1689F9186F2BD26407 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\\NVMCTRAY.DLL" [2003-04-02 49152]
"Mobile Partner"="c:\program files\3 MobileBroadband\3 MobileBroadband.exe" [2011-11-02 110592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TCASUTIEXE"="TCAUDIAG.exe -on" [X]
"NvCplDaemon"="c:\windows\system32\\NVCpl.dll" [2003-04-02 4616192]
"nwiz"="nwiz.exe" [2003-04-02 323584]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-04-04 774144]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-17 1043968]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-05 258512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
.
R0 viaraid;viaraid;c:\windows\system32\drivers\viaraid.sys [3/6/2011 1:51 PM 73856]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [11/2/2011 5:20 PM 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/2/2011 5:20 PM 86224]
R2 tcaicchg;tcaicchg;c:\windows\system32\TCAICCHG.SYS [6/7/2000 4:08 AM 21233]
R2 TCAITDI;TCAITDI Protocol;c:\windows\system32\drivers\TCAITDI.SYS [9/4/2001 9:22 PM 19534]
S0 NVDual;NVDual;c:\windows\system32\DRIVERS\nvDual.sys --> c:\windows\system32\DRIVERS\nvDual.sys [?]
S3 65300698;65300698; [x]
S3 AXHSXR;AXHSXR;c:\docume~1\Owner\LOCALS~1\Temp\AXHSXR.exe --> c:\docume~1\Owner\LOCALS~1\Temp\AXHSXR.exe [?]
S3 rkhdrv40;Rootkit Unhooker Driver; [x]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2012-02-19 07:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\TCAUDIAG.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
.
**************************************************************************
.
Completion time: 2012-02-19 07:14:15 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-18 21:14
.
Pre-Run: 56,793,047,040 bytes free
Post-Run: 57,259,573,248 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 6F73608C206BF58016FCF6C6392C0B88