hijack This log

Status
Not open for further replies.
D

D-Rocks

In Runtime
Messages
347
Location
MN, USA
I ran a malware bytes and came up with some malware. Here are the logs from hijack this and malware bytes.


hijack This log​


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25:03 AM, on 9/26/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Gamevance\gamevance32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe a
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B64435F-6597-417E-A2A9-DAC6C50AE0E7}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{8B64435F-6597-417E-A2A9-DAC6C50AE0E7}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{8B64435F-6597-417E-A2A9-DAC6C50AE0E7}: NameServer = 156.154.70.22,156.154.71.22
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
--
End of file - 6206 bytes
 
Malware Bytes Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25:03 AM, on 9/26/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Gamevance\gamevance32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe a
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B64435F-6597-417E-A2A9-DAC6C50AE0E7}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{8B64435F-6597-417E-A2A9-DAC6C50AE0E7}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{8B64435F-6597-417E-A2A9-DAC6C50AE0E7}: NameServer = 156.154.70.22,156.154.71.22
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
--
End of file - 6206 bytes
 
D-Rocks said:
Malware Bytes Log

Malwarebytes' Anti-Malware 1.41
Database version: 2861
Windows 6.0.6002 Service Pack 2
9/26/2009 12:22:24 AM
mbam-log-2009-09-26 (00-22-15).txt
Scan type: Full Scan (C:\|)
Objects scanned: 163243
Time elapsed: 34 minute(s), 29 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 6
Memory Processes Infected:
C:\Program Files\Gamevance\gamevance32.exe (Adware.Gamevance) -> No action taken.
Memory Modules Infected:
C:\Program Files\Gamevance\gamevancelib32.dll (Adware.Gamevance) -> No action taken.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gamevance (Adware.Gamevance) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\gvtl (Malware.Trace) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Gamevance (Adware.Gamevance) -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\Gamevance (Adware.Gamevance) -> No action taken.
Files Infected:
C:\Program Files\Gamevance\ars.cfg (Adware.Gamevance) -> No action taken.
C:\Program Files\Gamevance\gamevance32.exe (Adware.Gamevance) -> No action taken.
C:\Program Files\Gamevance\gamevancelib32.dll (Adware.Gamevance) -> No action taken.
C:\Program Files\Gamevance\gvtl.dll (Adware.Gamevance) -> No action taken.
C:\Program Files\Gamevance\gvun.exe (Adware.Gamevance) -> No action taken.
C:\Program Files\Gamevance\icon.ico (Adware.Gamevance) -> No action taken.
Click to expand...
 
Something happened with combo fix and now I cant get into control panel, or use any software of the sort. I get the error message "illegal operation attempted on a registry key that has been marked for deletion"
 
I restarted the computer and I am able to run programs again but when windows was loading a window poped up saying gamevance32.exe has stopped working. I am currently scanning with malware bytes and will have a logg shortly.
 
ComboFix
ComboFix 09-09-25.01 - admin 09/27/2009 14:51.1.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1023.400 [GMT -5:00]
Running from: c:\users\admin\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\gamevance\gamevancelib32.dll
c:\program files\Gamevance\gvtl.dll
.
((((((((((((((((((((((((( Files Created from 2009-08-27 to 2009-09-27 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-27 20:04 . 2009-07-01 01:26 680 ----a-w- c:\users\admin\AppData\Local\d3d9caps.dat
2009-09-27 20:01 . 2009-09-22 01:32 -------- d-----w- c:\program files\Gamevance
2009-09-26 05:46 . 2009-09-26 05:46 -------- d-----w- c:\users\admin\AppData\Roaming\IObit
2009-09-26 05:46 . 2009-09-26 05:46 -------- d-----w- c:\program files\IObit
2009-09-26 01:09 . 2009-09-26 01:09 -------- d-----w- c:\users\admin\AppData\Roaming\AVG8
2009-09-20 04:18 . 2009-07-02 17:27 1 ----a-w- c:\users\admin\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-09-19 04:09 . 2009-09-19 04:09 -------- d-----w- c:\program files\Google
2009-09-14 19:41 . 2009-09-14 19:33 -------- d-----w- c:\programdata\Comodo
2009-09-14 19:36 . 2009-09-14 19:36 -------- d-----w- c:\program files\Trend Micro
2009-09-14 19:33 . 2009-09-14 19:33 -------- d-----w- c:\program files\COMODO
2009-09-14 19:33 . 2009-09-14 19:33 74328 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-09-14 19:33 . 2009-09-14 19:33 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-09-14 19:33 . 2009-09-14 19:33 179792 ----a-w- c:\windows\system32\guard32.dll
2009-09-14 19:33 . 2009-09-14 19:33 128888 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-09-14 19:19 . 2009-09-14 19:19 -------- d-----w- c:\program files\CCleaner
2009-09-14 19:15 . 2009-07-01 05:46 -------- d-----w- c:\program files\Burn4Free Toolbar
2009-09-14 19:14 . 2009-07-25 23:27 -------- d-----w- c:\program files\Yahoo!
2009-09-14 19:12 . 2009-09-14 19:12 -------- d-----w- c:\users\admin\AppData\Roaming\Malwarebytes
2009-09-14 19:12 . 2009-09-14 19:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-14 19:12 . 2009-09-14 19:12 -------- d-----w- c:\programdata\Malwarebytes
2009-09-10 19:54 . 2009-09-14 19:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2009-09-14 19:12 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 17:31 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-31 22:37 . 2009-07-01 05:34 -------- d-----w- c:\program files\Java
2009-08-29 00:27 . 2009-09-14 19:03 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-14 19:03 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-19 04:00 . 2009-08-19 04:00 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-08-14 18:50 . 2009-08-14 18:50 -------- d-----w- c:\program files\Microsoft IntelliPoint
2009-08-14 18:48 . 2009-08-14 18:48 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2009-08-14 16:27 . 2009-09-09 18:49 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 18:49 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 18:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 18:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 18:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 18:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 18:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 18:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 18:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 18:49 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 18:49 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-06 16:56 . 2009-07-25 23:45 -------- d-----w- c:\users\admin\AppData\Roaming\HP
2009-08-06 16:55 . 2009-08-06 16:40 176399 ----a-w- c:\windows\hpwins19.dat
2009-08-06 16:47 . 2009-08-06 16:47 -------- d-----w- c:\programdata\HP Product Assistant
2009-08-06 16:47 . 2009-07-02 17:06 -------- d-----w- c:\programdata\HP
2009-08-06 16:43 . 2009-08-06 16:43 -------- d-----w- c:\program files\Common Files\HP
2009-08-06 16:43 . 2009-08-06 16:43 -------- d-----w- c:\program files\Hewlett-Packard
2009-08-06 16:41 . 2009-07-02 17:08 -------- d-----w- c:\program files\HP
2009-07-25 23:36 . 2009-07-25 23:35 116840 ----a-w- c:\windows\hpqins00.dat
2009-07-25 10:23 . 2009-07-01 05:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 21:52 . 2009-07-30 15:31 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-30 15:31 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-30 15:31 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-30 15:31 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-12 18:40 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-12 18:40 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-12 18:40 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-12 18:40 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-12 18:40 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-11 19:01 . 2009-09-09 18:48 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:01 . 2009-09-09 18:48 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 19:01 . 2009-09-09 18:48 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-07-11 19:01 . 2009-09-09 18:48 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-07-11 17:03 . 2009-09-09 18:48 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-07-01 13:38 . 2009-07-01 01:27 52776 ----a-w- c:\users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-09-14 1796368]
"Gamevance"="c:\program files\Gamevance\gamevance32.exe" [2009-09-22 210544]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):87,59,2e,17,6e,fa,c9,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1693036436-3825122214-428003496-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{88D7BA7B-E56F-468E-AB35-310B4704BAB3}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{98C3B769-45E2-4381-9969-79878E37993F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{84D60434-5D8C-4E00-BAC5-6E8F88771497}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{6059ECF2-1C0F-4BE1-BEA0-81A3A53986C2}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [9/14/2009 2:33 PM 128888]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\System32\drivers\cmdhlp.sys [9/14/2009 2:33 PM 29520]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [9/14/2009 2:12 PM 38224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-09-27 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-09-26 14:55]
2009-09-27 c:\windows\Tasks\User_Feed_Synchronization-{58DDF27C-B3A0-4505-AAEB-5DC6931F2009}.job
- c:\windows\system32\msfeedssync.exe [2009-07-30 20:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
TCP: {8B64435F-6597-417E-A2A9-DAC6C50AE0E7} = 156.154.70.22,156.154.71.22
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-09-27 15:04
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-09-27 15:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-27 20:10
Pre-Run: 202,393,690,112 bytes free
Post-Run: 202,236,055,552 bytes free
184 --- E O F --- 2009-09-26 00:39
 
Status
Not open for further replies.

Similar threads

XWrench3
hijack this scan
Replies
6
Views
2K
XWrench3
XWrench3
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
G
Computer slow and work in background
Replies
0
Views
2K
grecycle99
G
H
HP laptop review, HP 17-by3063st
Replies
1
Views
3K
tehnokraat
T
M
computer suddenly slowed down.
Replies
0
Views
3K
mike3dp
M
Back
Top Bottom