Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware Check.....

Started by sam1332 , Jun 30 2008 01:21 PM

  • Please log in to reply

#1
sam1332
Posted 30 June 2008 - 01:21 PM

sam1332

    New Member

  • Member
  • Pip
  • 2 posts
I ran a HJT and ComboFix on my Gateway Ml6720 with windows vista home premium laptop as the tutorial described.I am still having problems with
wireless connection and hang ups of applications.Can someone please direct me further on solving the issues I have.My connection is Verizon Fios and
I bassically use my laptop for IM's and tech downloading programs.Here is my Logs.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:24:46 PM, on 6/29/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...TB&M=ML6720
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: CtBho Class - {6462546F-70AE-4abc-B2B6-BE68E9410002} - C:\Program Files\Haute Secure\CtBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Haute Secure Toolbar - {7792546F-70AE-4abc-B2B6-BE68E9410002} - C:\Program Files\Haute Secure\CtToolBand.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Spare Backup] "C:\Program Files\Spare Backup\SpareBackup.exe" /silent
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [CtPopup.exe] "C:\Program Files\Haute Secure\CtPopup.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\Windows\system32\guard32.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: CyberLink Live Monitor Service - CyberLink - C:\Program Files\CyberLink\CyberLink Live\CLSomaMonitorService.exe
O23 - Service: CyberLink Live Push Update Service - CyberLink - C:\Program Files\CyberLink\CyberLink Live\CLPushUpdateService.exe
O23 - Service: CyberLink Live Service - CyberLink Corp. - C:\Program Files\CyberLink\CyberLink Live\CLSomaService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

--
End of file - 5569 bytes

ComboFix 08-06-20.4 - SAMMY SMITH 2008-06-29 21:08:56.1 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1060 [GMT -4:00]
Running from: C:\Users\SAMMY SMITH\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-30 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-30 01:03 --------- d---a-w C:\PROGRA~2\TEMP
2008-06-30 00:58 --------- d-----w C:\Program Files\Microsoft Windows OneCare Live
2008-06-30 00:47 --------- d-----w C:\Users\SAMMYS~1\AppData\Roaming\Spare Backup
2008-06-30 00:47 --------- d-----w C:\Users\SAMMY SMITH\AppData\Roaming\Spare Backup
2008-06-29 19:16 --------- d-----w C:\Users\SAMMYS~1\AppData\Roaming\LimeWire
2008-06-29 19:16 --------- d-----w C:\Users\SAMMY SMITH\AppData\Roaming\LimeWire
2008-06-29 17:07 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-06-29 03:36 --------- d-----w C:\Program Files\CyberLink
2008-06-29 03:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-29 03:17 --------- d-----w C:\PROGRA~2\CyberLink
2008-06-29 01:41 1,066,544 ----a-w C:\Windows\System32\mfc71.dll
2008-06-29 00:00 --------- d-----w C:\PROGRA~2\SiteAdvisor
2008-06-26 15:52 --------- d-----w C:\Program Files\Spyware Doctor
2008-06-25 22:50 --------- d-----w C:\Users\SAMMYS~1\AppData\Roaming\Pointstone
2008-06-25 22:50 --------- d-----w C:\Users\SAMMY SMITH\AppData\Roaming\Pointstone
2008-06-25 22:44 --------- d-----w C:\Program Files\Pointstone
2008-06-24 18:14 --------- d-----w C:\Program Files\CCleaner
2008-06-24 02:54 --------- d-----w C:\Users\SAMMYS~1\AppData\Roaming\GetRightToGo
2008-06-24 02:54 --------- d-----w C:\Users\SAMMY SMITH\AppData\Roaming\GetRightToGo
2008-06-22 01:18 --------- d-----w C:\PROGRA~2\comodo
2008-06-22 01:14 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-22 00:32 85,008 ----a-w C:\Windows\system32\drivers\cmdguard.sys
2008-06-22 00:32 25,104 ----a-w C:\Windows\system32\drivers\cmdhlp.sys
2008-06-22 00:32 143,104 ----a-w C:\Windows\System32\guard32.dll
2008-06-22 00:32 --------- d-----w C:\Users\SAMMYS~1\AppData\Roaming\Comodo
2008-06-22 00:32 --------- d-----w C:\Users\SAMMY SMITH\AppData\Roaming\Comodo
2008-06-22 00:32 --------- d-----w C:\Program Files\COMODO
2008-06-22 00:23 --------- d-----w C:\Program Files\LimeWire
2008-06-21 14:10 --------- d-----w C:\Program Files\ThreatFire
2008-06-19 00:51 --------- d-----w C:\PROGRA~2\PC Tools
2008-06-16 15:57 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-06-13 01:33 --------- d-----w C:\Program Files\MetaGeek
2008-06-11 23:14 --------- d-----w C:\Program Files\Password Container
2008-06-11 21:47 --------- d-----w C:\Program Files\Windows Mail
2008-06-09 04:26 --------- d-----w C:\PROGRA~2\Apple
2008-06-07 00:22 --------- d-----w C:\Users\SAMMYS~1\AppData\Roaming\vlc
2008-06-07 00:22 --------- d-----w C:\Users\SAMMY SMITH\AppData\Roaming\vlc
2008-06-07 00:16 --------- d-----w C:\Program Files\VideoLAN
2008-06-06 23:34 --------- d-----w C:\Users\SAMMYS~1\AppData\Roaming\Leadertech
2008-06-06 23:34 --------- d-----w C:\Users\SAMMY SMITH\AppData\Roaming\Leadertech
2008-06-06 21:02 --------- d-----w C:\Users\SAMMYS~1\AppData\Roaming\DivX
2008-06-06 21:02 --------- d-----w C:\Users\SAMMY SMITH\AppData\Roaming\DivX
2008-06-06 01:33 --------- d-----w C:\Users\SAMMYS~1\AppData\Roaming\Any Video Converter
2008-06-06 01:33 --------- d-----w C:\Users\SAMMY SMITH\AppData\Roaming\Any Video Converter
2008-05-30 17:15 --------- d-----w C:\Users\SAMMYS~1\AppData\Roaming\SiteAdvisor
2008-05-30 17:15 --------- d-----w C:\Users\SAMMY SMITH\AppData\Roaming\SiteAdvisor
2008-05-30 01:51 --------- d-----w C:\Users\SAMMYS~1\AppData\Roaming\Talkback
2008-05-30 01:51 --------- d-----w C:\Users\SAMMY SMITH\AppData\Roaming\Talkback
2008-05-23 12:28 --------- d-----w C:\Program Files\SiteAdvisor
2008-05-16 18:19 --------- d-----w C:\Program Files\Java
2008-05-16 00:36 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-15 21:45 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-05-15 13:30 --------- d-----w C:\Program Files\Google
2008-05-15 13:26 --------- d-----w C:\PROGRA~2\WildTangent
2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-05-10 01:21 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-05-02 09:59 122,368 ----a-w C:\Windows\system32\drivers\Rtlh86.sys
2008-05-02 01:29 1,464 ----a-w C:\Windows\system32\drivers\stwrte.log
2008-04-29 23:32 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-29 23:32 --------- d-----w C:\Program Files\Common Files\Real
2008-04-29 23:19 --------- d-----w C:\Program Files\Real
2008-04-29 23:16 --------- d-----w C:\Users\SAMMYS~1\AppData\Roaming\PC Tools
2008-04-29 23:16 --------- d-----w C:\Users\SAMMY SMITH\AppData\Roaming\PC Tools
2008-04-29 23:15 --------- d-----w C:\PROGRA~2\Symantec
2008-04-26 08:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 04:23 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-25 04:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-04-23 04:27 428,032 ----a-w C:\Windows\System32\EncDec.dll
2008-04-23 04:27 292,352 ----a-w C:\Windows\System32\psisdecd.dll
2008-04-23 04:27 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-03-29 15:42 335,872 ----a-w C:\Windows\System32\gdsmux.exe
2008-03-29 15:42 245,248 ----a-w C:\Windows\System32\dxr.dll
2008-03-29 15:42 163,840 ----a-w C:\Windows\System32\ts.dll
2008-03-29 15:42 159,744 ----a-w C:\Windows\System32\mmfinfo.dll
2008-03-29 15:42 148,992 ----a-w C:\Windows\System32\mkx.dll
2008-03-29 15:42 141,312 ----a-w C:\Windows\System32\mp4.dll
2008-03-29 15:42 120,832 ----a-w C:\Windows\System32\ogm.dll
2008-03-29 15:42 108,032 ----a-w C:\Windows\System32\avi.dll
2008-03-29 15:42 103,424 ----a-w C:\Windows\System32\dsmux.exe
2008-03-29 15:42 102,400 ----a-w C:\Windows\System32\avss.dll
2008-03-29 15:41 97,280 ----a-w C:\Windows\System32\avs.dll
2008-03-29 15:41 79,360 ----a-w C:\Windows\System32\mkzlib.dll
2008-03-29 15:41 23,552 ----a-w C:\Windows\System32\mkunicode.dll
2008-03-29 15:41 135,168 ----a-w C:\Windows\System32\mkv2vfr.exe
2008-03-17 23:15 3,362 ----a-w C:\Windows\System32\tmp.reg
2008-03-08 04:30 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-08 04:30 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-08 04:30 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-08 04:30 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-08 04:30 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-03-08 00:37 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-03-08 00:22 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2007-10-09 21:59 174 --sha-w C:\Program Files\desktop.ini
2008-03-22 19:54 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-22 19:54 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-22 19:54 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6462546F-70AE-4abc-B2B6-BE68E9410002}]
2008-04-03 14:32 71224 --a------ C:\Program Files\Haute Secure\CtBho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7792546F-70AE-4ABC-B2B6-BE68E9410002}"= "C:\Program Files\Haute Secure\CtToolBand.dll" [2008-04-03 14:32 1403960]

[HKEY_CLASSES_ROOT\clsid\{7792546f-70ae-4abc-b2b6-be68e9410002}]
[HKEY_CLASSES_ROOT\CtToolBand.CtToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{7792546F-70AE-4abc-B2B6-BE68E9410001}]
[HKEY_CLASSES_ROOT\CtToolBand.CtToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7792546F-70AE-4ABC-B2B6-BE68E9410002}"= C:\Program Files\Haute Secure\CtToolBand.dll [2008-04-03 14:32 1403960]

[HKEY_CLASSES_ROOT\clsid\{7792546f-70ae-4abc-b2b6-be68e9410002}]
[HKEY_CLASSES_ROOT\CtToolBand.CtToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{7792546F-70AE-4abc-B2B6-BE68E9410001}]
[HKEY_CLASSES_ROOT\CtToolBand.CtToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 16:37 174872]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-26 05:38 865840]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-29 19:10 29744]
"Spare Backup"="C:\Program Files\Spare Backup\SpareBackup.exe" [2007-07-13 00:27 5252936]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 19:04 2348584]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-02 18:07 141848]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-02 18:07 133656]
"CtPopup.exe"="C:\Program Files\Haute Secure\CtPopup.exe" [2008-04-03 14:32 98360]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-12-04 17:03 36640]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2008-05-28 12:35 67112]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-06-21 20:32 1655552]
"ThreatFire"="C:\Program Files\ThreatFire\TFTray.exe" [2008-04-24 16:52 259392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"<NO NAME>"="" []
"GrpConv"="grpconv -o" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\Windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll
"msacm.ac3filter"= ac3filter.acm
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 14:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 15:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Password Container]
--a------ 2006-10-16 12:51 1220608 C:\Program Files\Password Container\PswContainer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-29 19:31 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 20:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{FC1A30B9-F6D6-4C6E-86F6-5B147A89A917}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{86296DA4-CFCA-48B2-AC32-1AAD317227EA}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{81C8B1AF-6894-47CD-919D-6FD4939AE9D4}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{326D3FD9-42DF-43C5-87F3-A9D5A0EF2523}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{1E76C7F8-FC50-4BF5-A849-0B6D3C8ADFDF}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{14A6F506-4DDF-43CF-9863-10BE37606999}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{AF71C16F-D583-4C25-9268-36D8A92855E7}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{8E39BF2B-C035-4281-83D3-4452D20E0F31}"= Profile=Private|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{80DEC18A-B6F3-465B-8F47-82F3E236B8BD}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{05543E8C-D493-4751-8062-2AAED2150162}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{71BFB4AF-1082-4946-A7C4-B4254F439317}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"{508AC0AE-99D4-4075-9837-4C7E866DE975}"= UDP:6331:Windows Live OneCare
"{84DADDBA-24BE-4175-B941-EB941E36EC70}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{76610DF8-7194-497F-A98B-BE5719F6713B}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{23C991AA-1D3C-43B1-A437-E64F9E5FFFFB}"= UDP:C:\Program Files\FrostWire\FrostWire.exe:LimeWire
"{F3C58104-A3F8-4F45-9A26-469695E393D1}"= TCP:C:\Program Files\FrostWire\FrostWire.exe:LimeWire
"{C42AA955-B0DD-4401-8FA3-557F8D6398F7}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{6E3EDC3C-CB96-4917-975A-EA6AD6A8D1F2}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{9B39AAB1-1970-4A07-A834-E25B1D55D168}"= C:\Program Files\CyberLink\CyberLink Live\CLSomaService.exe:CyberLink Live Service
"{F3F8A5AD-CDA5-4708-8486-72159C07A664}"= C:\Program Files\CyberLink\CyberLink Live\CLHomeMediaServer.exe:CyberLink Live
"{7D275EAB-46DA-4E25-93FE-9E4BFD9464E7}"= C:\Program Files\CyberLink\CyberLink Live\CLSomaMonitorService.exe:CyberLink Live Monitor Service
"{A3524674-CDCF-4D69-A255-DD240FAD6E32}"= C:\Program Files\CyberLink\CyberLink Live\CLPushUpdateService.exe:CyberLink Live Push Update Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 TfFsMon;TfFsMon;C:\Windows\system32\drivers\TfFsMon.sys [2008-04-24 16:52]
R0 TfSysMon;TfSysMon;C:\Windows\system32\drivers\TfSysMon.sys [2008-04-24 16:52]
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2008-02-15 15:22]
S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys [2008-06-21 20:32]
S1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys [2008-06-21 20:32]
S2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;"C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-11 18:50]
S2 CtServ;CtServ;C:\Windows\system32\svchost.exe [2006-11-02 05:45]
S2 CyberLink Live Monitor Service;CyberLink Live Monitor Service;"C:\Program Files\CyberLink\CyberLink Live\CLSomaMonitorService.exe" [2008-05-30 20:51]
S2 CyberLink Live Push Update Service;CyberLink Live Push Update Service;"C:\Program Files\CyberLink\CyberLink Live\CLPushUpdateService.exe" [2008-05-30 20:51]
S2 CyberLink Live Service;CyberLink Live Service;"C:\Program Files\CyberLink\CyberLink Live\CLSomaService.exe" [2008-05-30 20:51]
S2 ThreatFire;ThreatFire;C:\Program Files\ThreatFire\TFService.exe service []
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-29 19:10]
S3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 17:48]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 03:30]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187B.sys [2008-02-20 12:14]
S3 TfNetMon;TfNetMon;C:\Windows\system32\drivers\TfNetMon.sys [2008-04-24 16:52]
S4 usbprint;Microsoft USB PRINTER Class;C:\Windows\system32\drivers\usbprint.sys [2006-11-02 05:14]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
CtServ REG_MULTI_SZ CtServ

*Newly Created Service* - CATCHME
*Newly Created Service* - ECACHE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 21:14:58
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-29 21:15:33
ComboFix-quarantined-files.txt 2008-06-30 01:15:28

The system cannot find message text for message number 0x2379 in the message file for Application.
The system cannot find message text for message number 0x2379 in the message file for Application.

245 --- E O F --- 2008-06-29 23:30:24
Any Help I can get will be appreciated.Thanks! :)
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP