Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix of NTOSKRNL-HOOK problem


  • Please log in to reply
1 reply to this topic

#1 PBA

PBA

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 14 August 2009 - 08:05 AM

Please find attched result log from Combofix of NTOSKRNL-HOOK.

I think it all worked fine.
Many Thanks
Regards

PBA

ComboFix 09-08-10.06 - Peter Adams 14/08/2009 12:50.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1502 [GMT 1:00]
Running from: c:\documents and settings\Peter Adams\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\145027.msp
c:\windows\Installer\145028.msp
c:\windows\Installer\145029.msp
c:\windows\Installer\14502a.msp
c:\windows\Installer\14502b.msp
c:\windows\Installer\14502c.msp
c:\windows\Installer\14502d.msp
c:\windows\Installer\14502e.msp
c:\windows\Installer\14502f.msp
c:\windows\Installer\16deebb.msi
c:\windows\Installer\1ae2a80.msp
c:\windows\Installer\3c390.msp
c:\windows\Installer\4c36c.msp
c:\windows\Installer\4d9f2.msp
c:\windows\Installer\4da04.msp
c:\windows\Installer\4da16.msp
c:\windows\Installer\4da29.msp
c:\windows\Installer\4da3f.msp
c:\windows\Installer\b5e39.msp
c:\windows\Installer\b5e4d.msp
c:\windows\Installer\b5e60.msp
c:\windows\Installer\b5e73.msp
c:\windows\Installer\e5cb3.msp
c:\windows\Installer\e5cc5.msp
c:\windows\Installer\e5cd7.msp
c:\windows\Installer\e5cea.msp
c:\windows\Installer\e5d00.msp
c:\windows\kb913800.exe
c:\windows\system32\drivers\ESQULowoyevrgomeifiyojdxbprrntoqlcfbv.sys
c:\windows\system32\ESQULdtydbrjpyxdbgnnchtkaeqdpnaumynkr.dll
c:\windows\system32\ESQULpdvitcxvvlqewgbybpjgonldgidmdyio.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ESQULserv.sys
-------\Legacy_ESQULserv.sys
-------\Service_ESQULserv.sys


((((((((((((((((((((((((( Files Created from 2009-07-14 to 2009-08-14 )))))))))))))))))))))))))))))))
.

2009-08-14 12:01 . 2009-08-14 12:01 -------- d-sh--w- C:\found.000
2009-08-13 22:56 . 2009-08-13 23:05 15 ----a-w- c:\documents and settings\Peter Adams\settings.dat
2009-08-13 11:21 . 2009-08-13 11:21 -------- d-----w- c:\documents and settings\Zandra\Local Settings\Application Data\Identities
2009-08-13 11:20 . 2009-08-13 11:20 -------- d-----w- c:\documents and settings\Zandra\Application Data\Windows Desktop Search
2009-08-13 11:20 . 2009-08-13 11:20 -------- d-----w- c:\documents and settings\Zandra\Application Data\Logitech
2009-08-13 11:20 . 2009-08-13 11:20 -------- d-----w- c:\documents and settings\Zandra\Local Settings\Application Data\Apple Computer
2009-08-13 11:20 . 2009-08-13 11:20 -------- d-----w- c:\documents and settings\Zandra\Local Settings\Application Data\SupportSoft
2009-08-13 10:20 . 2009-08-13 10:20 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-08-13 09:59 . 2009-08-13 09:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2009-08-13 09:56 . 2009-08-13 09:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Share-to-Web Upload Folder
2009-08-13 09:25 . 2009-08-13 09:25 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-08-12 19:45 . 2009-08-12 19:45 -------- d-sh--w- c:\documents and settings\Zandra\IETldCache
2009-08-12 19:36 . 2009-08-12 19:36 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-08-12 09:20 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-05 08:16 . 2009-08-05 08:16 152576 ----a-w- c:\documents and settings\Peter Adams\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-07-25 09:34 . 2009-07-25 09:34 -------- d-----w- c:\program files\iPod
2009-07-25 09:34 . 2009-07-25 09:35 -------- d-----w- c:\program files\iTunes
2009-07-18 09:42 . 2009-08-01 10:42 -------- d-----w- c:\documents and settings\Peter Adams\Local Settings\Application Data\Temp
2009-07-17 19:01 . 2009-07-17 19:01 58880 ------w- c:\windows\system32\dllcache\atl.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-14 12:05 . 2006-12-13 19:37 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-08-13 17:22 . 2009-07-06 16:54 -------- d-----w- c:\documents and settings\Peter Adams\Application Data\GoodSync
2009-08-13 11:21 . 2006-07-22 09:02 76000 ----a-w- c:\documents and settings\Zandra\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-12 19:04 . 2009-04-30 15:00 -------- d-----w- c:\documents and settings\Peter Adams\Application Data\Skype
2009-08-12 17:00 . 2006-03-24 10:30 -------- d-----w- c:\program files\Quicken
2009-08-12 10:58 . 2008-09-26 09:56 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-08-12 10:24 . 2006-01-28 09:02 -------- d-----w- c:\program files\Roxio
2009-08-12 10:24 . 2006-01-28 09:03 -------- d-----w- c:\program files\Sonic
2009-08-11 09:22 . 2009-04-29 11:19 -------- d-----w- c:\documents and settings\Peter Adams\Application Data\skypePM
2009-08-05 09:01 . 2005-08-16 04:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 08:20 . 2006-01-28 08:48 -------- d-----w- c:\program files\Java
2009-07-31 18:58 . 2008-04-12 12:02 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-25 09:37 . 2009-04-30 15:52 -------- d-----w- c:\program files\Safari
2009-07-25 09:34 . 2008-10-16 14:08 -------- d-----w- c:\program files\Common Files\Apple
2009-07-25 04:23 . 2008-11-24 14:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-18 14:07 . 2006-03-23 17:04 76000 ----a-w- c:\documents and settings\Peter Adams\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-17 19:01 . 2005-08-16 04:18 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 22:43 . 2005-08-16 04:19 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-10 08:26 . 2006-01-28 09:02 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\McAfee
2009-07-10 08:19 . 2009-04-17 13:55 -------- d-----w- c:\program files\McAfee
2009-07-09 10:08 . 2009-07-09 10:08 -------- d-----w- c:\program files\CardRecovery
2009-07-07 09:57 . 2006-01-28 08:54 -------- d-----w- c:\program files\Classic PhoneTools
2009-07-07 09:53 . 2008-10-10 08:41 278609 ----a-w- c:\documents and settings\Peter Adams\Application Data\mdbu.bin
2009-07-06 16:54 . 2009-07-06 16:33 -------- d-----w- c:\program files\Siber Systems
2009-07-06 16:34 . 2009-07-06 16:34 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\RoboForm
2009-07-05 10:13 . 2006-12-01 17:51 -------- d-----w- c:\program files\Common Files\PCSuite
2009-07-05 10:13 . 2007-11-02 18:10 -------- d-----w- c:\program files\Common Files\Nokia
2009-07-05 10:13 . 2006-07-19 11:09 -------- d-----w- c:\program files\Nokia
2009-07-05 10:11 . 2007-04-12 11:15 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Installations
2009-07-03 17:09 . 2005-08-16 04:18 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2005-08-16 04:18 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2005-08-16 04:18 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2005-08-16 04:18 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2005-08-16 04:18 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2005-08-16 04:18 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2005-08-16 04:18 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2005-08-16 04:18 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-24 08:17 . 2009-06-24 08:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-06-24 08:17 . 2009-06-24 08:17 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-06-24 08:14 . 2006-06-26 16:04 -------- d-----w- c:\documents and settings\Peter Adams\Application Data\Nokia
2009-06-23 22:43 . 2006-06-26 16:00 -------- d-----w- c:\program files\DIFX
2009-06-23 22:43 . 2009-06-23 22:43 -------- d-----w- c:\program files\PC Connectivity Solution
2009-06-23 15:52 . 2008-10-16 14:08 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Apple
2009-06-16 14:36 . 2005-08-16 04:18 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2005-08-16 04:18 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-13 22:37 . 2009-06-13 22:37 59412 ---ha-w- c:\windows\system32\mlfcache.dat
2009-06-12 12:31 . 2005-08-16 04:18 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2005-08-16 04:18 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2005-08-16 04:18 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 08:19 . 2005-08-16 04:37 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 08:13 . 2009-06-10 08:13 152576 ----a-w- c:\documents and settings\Peter Adams\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-10 06:14 . 2005-08-16 04:18 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-07 11:40 . 2009-06-07 11:40 38208 ----a-w- c:\documents and settings\Peter Adams\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-06-06 17:32 . 2009-06-06 17:32 8 ----a-w- c:\windows\system32\nvModes.dat
2009-06-03 19:09 . 2005-08-16 04:18 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-29 12:36 . 2009-04-30 16:00 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-29 12:36 . 2008-10-16 14:09 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-24 23:24 . 2008-05-26 22:18 350208 ----a-w- c:\windows\system32\mssph.dll
2008-09-03 09:36 . 2006-11-24 16:36 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2004-08-10 05:00 . 2005-08-16 04:18 94784 --sh--w- c:\windows\twain.dll
2008-04-14 00:12 . 2005-08-16 04:18 50688 --sh--w- c:\windows\twain_32.dll
2006-07-28 08:52 . 2006-03-26 22:34 104 --sh--r- c:\windows\system32\CED38C20EE.sys
2009-04-18 13:36 . 2006-03-26 22:34 6216 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-04-14 00:12 . 2005-08-16 04:18 57344 --sha-w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12 . 2005-08-16 04:18 413696 --sha-w- c:\windows\system32\msvcp60.dll
2007-12-04 18:38 . 2005-08-16 04:18 550912 --sha-w- c:\windows\system32\oleaut32(2)(3).dll
2008-04-14 00:12 . 2005-08-16 04:18 11776 --sh--w- c:\windows\system32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"DellSupport-"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-21 24264488]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-14 196608]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-09-21 127036]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2004-03-30 53248]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-03 29744]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-03-25 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2009-01-09 5134864]
"McPvTray"="c:\program files\McAfee\Anti-Theft\McPvTray.exe" [2008-05-28 655360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-15 198160]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2005-11-11 19968]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2006-12-12 19456]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-04-30 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-29 39408]

c:\documents and settings\Peter Adams\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2009-6-5 225280]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2006-12-9 7168]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-8-6 805392]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2006-3-24 57344]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Memory-Map\\Navigator\\MMNav.exe"=
"c:\\Program Files\\Memory-Map\\Navigator\\mm3d.exe"=
"c:\\Program Files\\Memory-Map\\Navigator\\showmmcrypt.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 McPvDrv;McPvDrv;c:\windows\system32\drivers\McPvDrv.sys [28/05/2008 09:32 61688]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [17/04/2009 14:58 210216]
S2 gupdate1c9c9a479553d7e;Google Update Service (gupdate1c9c9a479553d7e);c:\program files\Google\Update\GoogleUpdate.exe [30/04/2009 16:00 133104]
S2 MHKONPQH;MHKONPQH; [x]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [24/11/2006 17:36 29744]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)
Toolbar-Locked - (no file)
HKCU-Run-ErrorFix - c:\program files\ErrorFix\ErrorFix.exe


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-14 13:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
CTHelper = CTHELPER.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(4892)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\progra~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
c:\progra~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\system32\CTxfispi.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\windows\system32\rundll32.exe
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\searchindexer.exe
c:\program files\Dell Network Assistant\ezi_hnm2.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
.
**************************************************************************
.
Completion time: 2009-08-14 13:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-14 12:14

Pre-Run: 230,595,809,280 bytes free
Post-Run: 230,627,131,392 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

343 --- E O F --- 2009-08-12 19:07


Full Edit Quick Edit


Next Oldest Introductions Next Newest



1 User(s) are reading this topic (0 Guests and 0 Anonymous Users)
1 Members: PBA

Fast Reply


Enable email notification of replies | Enable Smilies | Enable Signature


Forum Home Search Help Operating Systems |-- Windows 95/98/ME |-- Windows XP Home and Professional |-- Windows NT/2000/2003 |-- Windows Vista |-- Windows 7 |-- Linux & Unix |---- Live Linux |-- Apple/DOS/PDA/Other Hardware |-- Internal Hardware |-- External Hardware |-- System Building and Upgrading |-- Questions and advice for Buying a New Computer Software |-- Business Applications |-- Games |-- All Other Applications |-- Tips and Tricks |-- Graphics Design and Photo Editing |-- Audio and Video |-- Programming Internet & Networking |-- Web Browsing/Email and Other Internet Applications |-- Networking |-- Web Site Development Security |-- AntiVirus, Firewall and Privacy Products and Protection Methods |-- Windows Defender |-- Am I infected? What do I do? |-- Breaking Virus & Security News |-- Security Updates |-- HijackThis Logs and Virus/Trojan/Spyware/Malware Removal |---- Misplaced HJT Logs |-- Spyware and Malware Removal Guides and Reading Room Bleeping Computer Applications and Guides |-- Tutorials |-- Windows Startup Programs Database |-- Mini guides and how-tos - Simple answers to common questions |---- Audio and Video Mini-Guides |---- Email Mini-Guides |---- Images, Image Editing, Image Viewing Mini-Guides |---- Internet Applications Mini-Guides |---- Linux Mini-Guides |---- Networking Mini-Guides |---- Security Mini-Guides |---- Web Browsers Mini-Guides |---- Microsoft Windows Mini-Guides |---- Programming and Web Design Mini-Guides General Topics |-- General Chat |-- Introductions |-- New User Orientation |-- The Speak Easy |-- Forum Games |-- News |-- Photo Albums, Images, and Videos |-- Bleeping Computer Announcements, Comments, & Suggestions |-- Tests and Scribbles

Display Mode: Standard Switch to: Linear+ Switch to: Outline
Track this topic Email this topic Print this topic Subscribe to this forum

English Lo-Fi Version 0.0791 sec -- 11 queries GZIP Enabled
Time is now: 14th August 2009 - 08:03 AM


Advertise | About Us | Terms of Use | Privacy Policy | Contact Us | Site Map | Chat | Tutorials | Uninstall List | Virus Removal Guides
Discussion Forums | The Computer Glossary | Resources | RSS Feeds | Startups | The File Database | Malware Removal Guides Archive


2003-2009 All Rights Reserved Bleeping Computer LLC.

Powered By IP.Board 2009 IPS, Inc.

BC AdBot (Login to Remove)

 


#2 PBA

PBA
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 14 August 2009 - 08:07 AM

Apologies did not understand the correct process/procedure.

PBA




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users