Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows Vista...Downlader.Tibs.etc,


  • Please log in to reply

#1
sam1332

sam1332

    New Member

  • Member
  • Pip
  • 2 posts
:) Hello to everyone and hope you all have not had to deal with my problem.Started as a
Downloader.Tibs infection and gained even more trojans.Every computer and laptop inside my home has this dreadful problem.Cannot do an online scanner for some reason and it attaches itself to everything,moving and hiding.I am posting a HijackThis and ComboFix log in hope someone here can help me in my fight:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:11:34 PM, on 3/20/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spare Backup\SpareBackup.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Haute Secure\CtPopup.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\NetZero\exec.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\Windows\Explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R3 - Default URLSearchHook is missing
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: CtBho Class - {6462546F-70AE-4abc-B2B6-BE68E9410002} - C:\Program Files\Haute Secure\CtBho.dll
O3 - Toolbar: Haute Secure Toolbar - {7792546F-70AE-4abc-B2B6-BE68E9410002} - C:\Program Files\Haute Secure\CtToolBand.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Spare Backup] "C:\Program Files\Spare Backup\SpareBackup.exe" /silent
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CtPopup.exe] "C:\Program Files\Haute Secure\CtPopup.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O15 - Trusted Zone: *.netzero.com
O15 - Trusted Zone: *.netzero.net
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 5350 bytes

ComboFix 08-03-18.1 - SAMMY SMITH 2008-03-20 12:38:14.6 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.141 [GMT -4:00]
Running from: C:\Users\SAMMY SMITH\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-02-20 to 2008-03-20 )))))))))))))))))))))))))))))))
.

2008-03-18 21:53 . 2008-03-18 21:53 <DIR> d-------- C:\Program Files\Haute Secure
2008-03-18 20:32 . 2008-03-18 20:33 <DIR> d-------- C:\Users\SAMMY SMITH\{cfadabc1-432e-4036-9c90-d62bca6e6259}
2008-03-18 19:19 . 2008-03-19 20:20 <DIR> d-------- C:\Windows\System32\drivers\Avg
2008-03-18 19:19 . 2008-03-18 19:19 96,520 --a------ C:\Windows\System32\drivers\avgldx86.sys
2008-03-18 19:19 . 2008-03-18 19:45 67,080 --a------ C:\Windows\System32\drivers\avgwfpx.sys
2008-03-18 19:19 . 2008-03-18 19:19 12,424 --a------ C:\Windows\System32\drivers\avgrkx86.sys
2008-03-18 19:19 . 2008-03-18 19:19 10,520 --a------ C:\Windows\System32\avgrsstx.dll
2008-03-18 19:18 . 2008-03-18 19:18 <DIR> d-------- C:\Users\All Users\avg8
2008-03-18 19:18 . 2008-03-18 19:18 <DIR> d-------- C:\ProgramData\avg8
2008-03-18 19:18 . 2008-03-18 19:18 <DIR> d-------- C:\Program Files\AVG
2008-03-18 16:22 . 2008-03-19 19:24 <DIR> d-------- C:\Users\SAMMY SMITH\AppData\Roaming\Comodo
2008-03-18 16:22 . 2008-03-19 19:24 <DIR> d-------- C:\Users\All Users\comodo
2008-03-18 16:22 . 2008-03-19 19:24 <DIR> d-------- C:\ProgramData\comodo
2008-03-18 16:22 . 2008-03-19 19:24 <DIR> d-------- C:\Program Files\COMODO
2008-03-17 20:00 . 2008-03-17 20:00 <DIR> d-------- C:\Program Files\Alwil Software
2008-03-17 18:12 . 2008-03-17 18:12 <DIR> d-------- C:\inetpub
2008-03-13 21:39 . 2008-03-13 21:40 <DIR> d-------- C:\Program Files\CCleaner
2008-03-12 12:43 . 2007-12-16 18:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-03-12 12:43 . 2007-12-16 05:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-03-09 18:34 . 2008-03-17 19:15 3,362 --a------ C:\Windows\System32\tmp.reg
2008-03-08 19:54 . 2008-03-08 19:54 2,335,270 --a------ C:\Windows\System32\7e843E6.mht
2008-03-07 20:04 . 2008-03-07 20:04 <DIR> d-------- C:\Users\All Users\Yahoo! Companion
2008-03-07 20:04 . 2008-03-07 20:04 <DIR> d-------- C:\ProgramData\Yahoo! Companion
2008-03-07 19:51 . 2008-03-07 19:51 <DIR> d-------- C:\Program Files\Password Container
2008-03-05 01:24 . 2008-03-05 01:24 414,536 --a------ C:\Windows\System32\drivers\ct.sys
2008-03-02 20:32 . 2008-03-02 20:32 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-03-01 21:09 . 2008-03-19 22:02 <DIR> d-a------ C:\Users\All Users\TEMP
2008-03-01 21:09 . 2008-03-19 22:02 <DIR> d-a------ C:\ProgramData\TEMP
2008-03-01 21:09 . 2008-03-19 22:01 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-02-25 20:53 . 2008-01-02 17:33 172,032 --a------ C:\Windows\System32\igfxres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-19 23:27 --------- d-----w C:\Users\SAMMY SMITH\AppData\Roaming\Spare Backup
2008-03-14 19:56 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-03-14 01:20 --------- d-----w C:\ProgramData\SiteAdvisor
2008-03-13 23:42 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-13 23:37 --------- d-----w C:\Program Files\Windows Mail
2008-03-13 22:31 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-03-10 01:11 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-03-10 01:11 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-10 01:11 --------- d-----w C:\Program Files\Google
2008-03-07 23:53 --------- d-----w C:\Program Files\Yahoo!
2008-02-24 01:10 --------- d-----w C:\Program Files\NetZero
2008-02-18 17:42 --------- d-----w C:\Program Files\Gateway Games
2008-02-15 19:22 59,392 ----a-w C:\Windows\system32\drivers\RTSTOR.sys
2008-02-14 23:03 --------- d-----w C:\Program Files\Trend Micro
2008-02-14 18:17 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-02-14 11:56 118,784 ----a-w C:\Windows\system32\drivers\Rtlh86.sys
2008-02-14 03:16 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 03:16 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 03:09 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 03:09 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 03:09 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 03:09 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 03:09 17,976 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-14 03:09 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 03:09 110,136 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 03:08 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 03:08 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 03:08 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 03:08 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 03:08 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 03:08 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 03:08 217,144 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 03:08 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 03:08 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 03:08 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 03:08 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-14 03:04 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 03:04 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 03:03 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 03:03 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-06 02:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-06 02:21 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-06 01:38 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-02-06 01:35 --------- d-----w C:\Users\SAMMY SMITH\AppData\Roaming\Ahead
2008-02-06 00:52 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-31 23:52 --------- d-----w C:\ProgramData\NetZero
2008-01-20 17:42 --------- d-----w C:\Program Files\REALTEK USB Wireless LAN Driver
2008-01-20 17:42 --------- d-----w C:\Program Files\Microsoft Works
2008-01-09 22:25 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-02 22:07 920,088 ----a-w C:\Windows\System32\igxpun.exe
2008-01-02 22:07 256,536 ----a-w C:\Windows\System32\igfxsrvc.exe
2008-01-02 22:07 170,520 ----a-w C:\Windows\System32\igfxzoom.exe
2008-01-02 22:07 141,848 ----a-w C:\Windows\System32\igfxtray.exe
2008-01-02 22:07 133,656 ----a-w C:\Windows\System32\igfxpers.exe
2008-01-02 22:06 530,968 ----a-w C:\Windows\System32\igfxcfg.exe
2008-01-02 22:06 170,520 ----a-w C:\Windows\System32\igfxext.exe
2008-01-02 22:06 166,424 ----a-w C:\Windows\System32\hkcmd.exe
2008-01-02 21:57 147,456 ----a-w C:\Windows\System32\igfxCoIn_v1409.dll
2008-01-02 21:48 2,580,480 ----a-w C:\Windows\System32\igdumd32.dll
2008-01-02 21:47 1,953,696 ----a-w C:\Windows\System32\igklg400.dll
2008-01-02 21:47 1,533,360 ----a-w C:\Windows\System32\igklg450.dll
2008-01-02 21:42 1,658,880 ----a-w C:\Windows\System32\ig4dev32.dll
2008-01-02 21:41 2,416,640 ----a-w C:\Windows\System32\ig4icd32.dll
2008-01-02 21:34 69,632 ----a-w C:\Windows\System32\oemdspif.dll
2008-01-02 21:34 48,128 ----a-w C:\Windows\System32\igfxsrvc.dll
2008-01-02 21:34 241,664 ----a-w C:\Windows\System32\igfxTMM.dll
2008-01-02 21:34 24,576 ----a-w C:\Windows\System32\igfxexps.dll
2008-01-02 21:34 204,800 ----a-w C:\Windows\System32\igfxpph.dll
2008-01-02 21:33 3,293,184 ----a-w C:\Windows\System32\igfxress.dll
2008-01-02 21:33 200,704 ----a-w C:\Windows\System32\igfxdev.dll
2008-01-02 21:33 135,168 ----a-w C:\Windows\System32\igfxdo.dll
2008-01-02 21:33 102,400 ----a-w C:\Windows\System32\hccutils.dll
2007-10-09 21:59 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6462546F-70AE-4abc-B2B6-BE68E9410002}]
2008-03-05 01:24 71880 --a------ C:\Program Files\Haute Secure\CtBho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7792546F-70AE-4ABC-B2B6-BE68E9410002}"= "C:\Program Files\Haute Secure\CtToolBand.dll" [2008-03-05 01:24 1392840]

[HKEY_CLASSES_ROOT\clsid\{7792546f-70ae-4abc-b2b6-be68e9410002}]
[HKEY_CLASSES_ROOT\CtToolBand.CtToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{7792546F-70AE-4abc-B2B6-BE68E9410001}]
[HKEY_CLASSES_ROOT\CtToolBand.CtToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7792546F-70AE-4ABC-B2B6-BE68E9410002}"= C:\Program Files\Haute Secure\CtToolBand.dll [2008-03-05 01:24 1392840]

[HKEY_CLASSES_ROOT\clsid\{7792546f-70ae-4abc-b2b6-be68e9410002}]
[HKEY_CLASSES_ROOT\CtToolBand.CtToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{7792546F-70AE-4abc-B2B6-BE68E9410001}]
[HKEY_CLASSES_ROOT\CtToolBand.CtToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440]
"Power2GoExpress"="" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 17:46 1460560]
"NetZero_uoltray"="C:\Program Files\NetZero\exec.exe" [2007-09-26 14:14 1629184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-23 22:34 1006264]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 16:37 174872]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-26 05:38 865840]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-19 22:13 1840128]
"Spare Backup"="C:\Program Files\Spare Backup\SpareBackup.exe" [2007-07-13 00:27 5252936]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 19:04 2348584]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 14:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 22:51 39792]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-02 18:07 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-02 18:06 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-02 18:07 133656]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-03-18 19:18 1172760]
"CtPopup.exe"="C:\Program Files\Haute Secure\CtPopup.exe" [2008-03-05 01:24 99016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 15:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 20:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{FC1A30B9-F6D6-4C6E-86F6-5B147A89A917}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{86296DA4-CFCA-48B2-AC32-1AAD317227EA}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{81C8B1AF-6894-47CD-919D-6FD4939AE9D4}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{326D3FD9-42DF-43C5-87F3-A9D5A0EF2523}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{1E76C7F8-FC50-4BF5-A849-0B6D3C8ADFDF}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{14A6F506-4DDF-43CF-9863-10BE37606999}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{AF71C16F-D583-4C25-9268-36D8A92855E7}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{8E39BF2B-C035-4281-83D3-4452D20E0F31}"= Profile=Private|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{80DEC18A-B6F3-465B-8F47-82F3E236B8BD}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{05543E8C-D493-4751-8062-2AAED2150162}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{71BFB4AF-1082-4946-A7C4-B4254F439317}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"{77CB593B-8188-4841-A28C-92E653074542}"= UDP:C:\Program Files\Grisoft\AVG7\avginet.exe:avginet.exe
"{B7D5D2CF-A14E-4401-A885-89CACB8BCCFE}"= TCP:C:\Program Files\Grisoft\AVG7\avginet.exe:avginet.exe
"{509E0B1A-1441-43FF-8B96-809DDFBB680C}"= UDP:C:\Program Files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
"{D81985D0-0158-4D85-A34F-45642BF1F83C}"= TCP:C:\Program Files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
"{8C925D7A-8BF4-488A-B90C-9B5D740D016F}"= UDP:C:\Program Files\Grisoft\AVG7\avgcc.exe:avgcc.exe
"{1E9ABF87-3115-484A-B89C-E83CC264B983}"= TCP:C:\Program Files\Grisoft\AVG7\avgcc.exe:avgcc.exe
"{36C198AA-D1AB-47BF-990F-5F9879FA5EB8}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{891336BF-9202-4654-B520-D0626F0AFB34}"= C:\Program Files\AVG\AVG8\avgnsx.exe:avgnsx.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 AvgRkx86;avgrkx86.sys;C:\Windows\system32\Drivers\avgrkx86.sys [2008-03-18 19:19]
R0 Ct;Ct;C:\Windows\system32\DRIVERS\ct.sys [2008-03-05 01:24]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-03-18 19:19]
R3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-03-18 19:45]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 17:48]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
CtServ REG_MULTI_SZ CtServ

*Newly Created Service* - CT
.
Contents of the 'Scheduled Tasks' folder
"2008-03-20 03:24:02 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-20 12:42:53
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-20 12:44:02
ComboFix2.txt 2008-03-15 14:27:20
.
2008-03-18 21:04:44 --- E O F ---

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
[email protected] ISO Burner v 1.1
Adobe Flash Player ActiveX
Adobe Reader 8.1.1
Adobe® Photoshop® Album Starter Edition 3.2
Agere Systems HDA Modem
ArcSoft PhotoImpression 4
AVG 8.0
BigFix
Browser Address Error Redirector
Business Contact Manager for Outlook 2007 SP1
Business Contact Manager for Outlook 2007 SP1
Camera Driver
CCleaner (remove only)
Gateway Connect
Gateway Games
Gateway Recovery Center Installer
Google Desktop
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Haute Secure
HijackThis 2.0.2
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java™ SE Runtime Environment 6 Update 1
LabelPrint
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Accounting 2007
Microsoft Office Accounting 2007
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Accounting Equifax Addin
Microsoft Office Accounting Fixed Asset Manager
Microsoft Office Accounting PayPal Addin
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 2.0 SP3 Runtime
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MyDSC2
NetZero Internet
Password Container 1.3.0.0
Power2Go 5.0
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek USB 2.0 Card Reader
REALTEK USB Wireless LAN Driver
Security Update for Excel 2007 (KB946974)
Security Update for Office 2007 (KB947801)
Security Update for Outlook 2007 (KB946983)
SigmaTel Audio
Spare Backup
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
SpywareBlaster 4.0
Synaptics Pointing Device Driver
Update for Outlook 2007 Junk Email Filter (kb947945)
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Toolbar

I have tried to use all different types of online scanner and cannot get any of them to scan my laptop or PC's in home using Netzero Dailup.Help me pleae!
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP