Thread: NTOSKRNL Hook Trojan...I Need Help!
View Single Post
Old 06-22-2009, 09:18 PM   #3 (permalink)
simps18
Registered User
 
Join Date: Jun 2009
Posts: 6
OS: xp


Re: NTOSKRNL Hook Trojan...I Need Help!
Hi Thanks for helping me out!


ComboFix 09-06-22.04 - Chris 22/06/2009 21:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.767 [GMT -6:00]
Running from: c:\documents and settings\Chris\Desktop\cfix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\MSIVXiqlrxhompqrmybxxnboiyxxmbkuxoyqm.sys
c:\windows\system32\drivers\MSIVXpyqoenioevrjxdbjxwpbkgbwwksrtofk.sys
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXftkaaawuhessftjeccnrmylvdosalanm.dll
c:\windows\system32\MSIVXibehqgbekrlwkewvuqbdqeiswqobpbiv.dll
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSIVXserv.sys


((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-06-23 )))))))))))))))))))))))))))))))
.

2009-06-14 06:07 . 2008-04-14 11:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-06-14 06:07 . 2001-08-18 04:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-06-14 06:07 . 2008-04-14 06:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-06-14 06:07 . 2008-04-14 06:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-06-11 20:41 . 2009-06-11 20:41 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-11 20:40 . 2009-06-11 20:40 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-06-11 20:40 . 2009-06-11 20:40 -------- d-----w- c:\program files\VideoTools
2009-06-11 20:39 . 2009-06-11 20:39 -------- d-----w- c:\program files\Xvid
2009-06-11 20:39 . 2008-12-05 03:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2009-06-11 20:39 . 2008-12-05 03:42 815104 ----a-w- c:\windows\system32\xvidcore.dll
2009-06-11 07:06 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 07:06 . 2009-04-30 21:22 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-06-11 07:06 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 07:06 . 2009-04-30 21:22 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-06-10 06:12 . 2009-06-10 06:12 -------- d-----w- c:\program files\iPod
2009-06-10 06:12 . 2009-06-10 06:13 -------- d-----w- c:\program files\iTunes
2009-06-10 06:10 . 2009-06-10 06:10 -------- d-----w- c:\program files\QuickTime
2009-06-10 06:04 . 2009-06-10 06:04 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-10 00:05 . 2009-06-10 00:05 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\WinAVI
2009-06-10 00:00 . 2009-06-10 00:01 -------- d-----w- c:\documents and settings\Chris\Application Data\avidemux
2009-06-09 23:45 . 2009-06-09 23:45 -------- d-----w- c:\documents and settings\Chris\Application Data\AVS4YOU
2009-06-09 23:45 . 2009-06-09 23:45 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-06-09 23:18 . 2009-06-10 02:02 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-06-09 23:17 . 2009-06-09 23:17 -------- d-----w- c:\windows\system32\drivers\umdf
2009-06-09 23:16 . 2009-01-29 02:49 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-06-09 23:16 . 2009-01-29 02:49 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-06-09 23:16 . 2009-01-29 02:49 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-06-09 23:16 . 2009-01-29 02:49 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2009-06-09 23:16 . 2009-01-29 02:49 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-06-09 23:16 . 2009-06-10 02:03 -------- d-----w- c:\program files\AVS4YOU
2009-06-09 06:32 . 2009-06-20 21:33 -------- d-----w- c:\program files\BitLord
2009-06-09 04:39 . 2009-06-09 04:39 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-06-07 02:48 . 2009-06-07 16:44 664 ----a-w- c:\windows\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-21 18:48 . 2009-05-19 14:17 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-06-11 16:04 . 2009-05-19 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-10 06:12 . 2009-05-19 23:11 -------- d-----w- c:\program files\Common Files\Apple
2009-06-10 06:08 . 2009-05-19 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-09 04:37 . 2009-05-19 13:51 -------- d-----w- c:\program files\McAfee
2009-06-05 17:42 . 2009-05-19 23:11 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 17:42 . 2009-05-19 23:11 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-04 23:27 . 2009-05-19 23:14 -------- d-----w- c:\documents and settings\Chris\Application Data\Apple Computer
2009-05-24 07:45 . 2009-05-19 03:22 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-19 23:13 . 2009-05-19 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-19 23:13 . 2009-05-19 23:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-19 23:13 . 2009-05-19 23:13 -------- d-----w- c:\program files\Bonjour
2009-05-19 23:11 . 2009-05-19 23:11 -------- d-----w- c:\program files\Apple Software Update
2009-05-19 22:56 . 2009-05-19 03:39 29216 ----a-w- c:\documents and settings\Chris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-19 22:48 . 2009-05-19 22:48 128 ----a-w- c:\documents and settings\Chris\Local Settings\Application Data\fusioncache.dat
2009-05-19 22:48 . 2009-05-19 13:44 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-05-19 16:46 . 2009-05-19 04:13 -------- d-----w- c:\program files\Broadcom
2009-05-19 16:42 . 2009-05-19 16:42 -------- d-----w- c:\program files\DIFX
2009-05-19 16:27 . 2009-05-19 16:26 -------- d-----w- c:\program files\Modem Helper
2009-05-19 16:26 . 2009-05-19 05:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-19 15:57 . 2009-05-19 15:57 -------- d-----w- c:\program files\Synaptics
2009-05-19 15:48 . 2009-05-19 15:10 -------- d-----w- c:\program files\Microsoft Works
2009-05-19 14:26 . 2009-05-19 14:26 -------- d-----w- c:\program files\CONEXANT
2009-05-19 14:14 . 2009-05-19 14:14 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-05-19 13:56 . 2009-05-19 13:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-05-19 13:52 . 2009-05-19 13:52 -------- d-----w- c:\program files\Common Files\McAfee
2009-05-19 13:52 . 2009-05-19 13:52 -------- d-----w- c:\program files\McAfee.com
2009-05-19 05:18 . 2009-05-19 05:18 -------- d-----w- c:\program files\SigmaTel
2009-05-19 05:16 . 2009-05-19 05:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2009-05-19 05:15 . 2009-05-19 04:08 -------- d-----w- c:\program files\Dell
2009-05-19 05:15 . 2009-05-19 05:15 -------- d-----w- c:\documents and settings\Chris\Application Data\InstallShield
2009-05-19 04:32 . 2009-05-19 04:08 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-19 04:10 . 2009-05-19 04:10 -------- d-----w- c:\program files\Intel
2009-05-19 04:08 . 2009-05-19 04:06 -------- d-----w- c:\documents and settings\Chris\Application Data\U3
2009-05-19 04:08 . 2009-05-19 04:08 5 ----a-w- c:\windows\system32\drivers\DELL_XPS_MXC061 .MRK
2009-05-19 04:08 . 2009-05-19 04:08 5 ----a-w- c:\windows\system32\drivers\1028_DELL_XPS_MXC061 .MRK
2009-05-19 03:23 . 2009-05-19 03:23 -------- d-----w- c:\program files\microsoft frontpage
2009-05-19 03:19 . 2009-05-19 03:19 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-13 05:15 . 2008-04-14 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2008-04-14 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 12:26 . 2008-04-14 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2008-04-14 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-03-25 17:06 . 2009-05-19 13:52 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 17:06 . 2009-05-19 13:52 79880 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 17:06 . 2009-05-19 13:52 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-03-25 17:06 . 2009-03-25 17:06 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-03-25 17:05 . 2009-05-19 13:48 34216 ----a-w- c:\windows\system32\drivers\mferkdk.sys
.

------- Sigcheck -------

[7] 2008-04-14 12:00 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\svchost.exe
[7] 2008-04-14 12:00 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\dllcache\svchost.exe

[7] 2008-04-14 12:00 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\user32.dll
[7] 2008-04-14 12:00 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\dllcache\user32.dll

[7] 2008-04-14 12:00 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\ws2_32.dll
[7] 2008-04-14 12:00 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\dllcache\ws2_32.dll

[7] 2009-02-20 07:50 667648 711FEABED387B29FF7ED61BC6806A06C c:\windows\$hf_mig$\KB963027\SP3QFE\wininet.dll
[7] 2009-05-13 05:10 915456 C0EB6850C8A02A154281749DC61FAF22 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[7] 2008-04-14 12:00 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\$NtUninstallKB963027$\wininet.dll
[7] 2009-02-20 08:10 666112 5B6A3EB7BB2F338BC2CB9F2FA4AAEA9E c:\windows\ie8\wininet.dll
[7] 2009-03-08 10:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\ie8updates\KB969897-IE8\wininet.dll
[7] 2009-05-13 05:15 915456 366C72AF6970DB7BB39AB0142BF09DB5 c:\windows\system32\wininet.dll
[7] 2009-05-13 05:15 915456 366C72AF6970DB7BB39AB0142BF09DB5 c:\windows\system32\dllcache\wininet.dll

[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-04-14 12:00 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys

[7] 2008-04-14 12:00 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\winlogon.exe
[7] 2008-04-14 12:00 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\dllcache\winlogon.exe

[7] 2008-04-14 12:00 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\dllcache\ndis.sys
[7] 2008-04-14 12:00 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys

[7] 2008-04-14 12:00 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\dllcache\ip6fw.sys
[7] 2008-04-14 12:00 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys

[7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-04-14 12:00 2023936 7F653A89F6E89E3AE0D49830EECE35D4 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2009-02-08 01:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2009-02-06 10:32 2023936 65D4220799E6FC2CB079070A6393CC0E c:\windows\system32\ntkrnlpa.exe
[7] 2009-02-08 01:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\dllcache\ntkrnlpa.exe

[7] 2009-02-08 01:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-04-14 12:00 2145280 40F8880122A030A7E9E1FEDEA833B33D c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2009-02-06 11:06 2145280 0CBA44D0938D57F334C0862424148B70 c:\windows\system32\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\dllcache\ntoskrnl.exe

[7] 2008-04-14 12:00 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\explorer.exe
[7] 2008-04-14 12:00 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\system32\dllcache\explorer.exe

[7] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2008-04-14 12:00 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\$NtUninstallKB956572$\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\dllcache\services.exe

[7] 2008-04-14 12:00 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\lsass.exe
[7] 2008-04-14 12:00 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\dllcache\lsass.exe

[7] 2008-04-14 12:00 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\ctfmon.exe
[7] 2008-04-14 12:00 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\dllcache\ctfmon.exe

[7] 2008-04-14 12:00 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\spoolsv.exe
[7] 2008-04-14 12:00 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\dllcache\spoolsv.exe

[7] 2008-10-16 20:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\wuauclt.exe
[7] 2008-10-16 20:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\wuauclt.exe

[7] 2008-04-14 12:00 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\userinit.exe
[7] 2008-04-14 12:00 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\dllcache\userinit.exe

[7] 2008-04-14 12:00 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\termsrv.dll
[7] 2008-04-14 12:00 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\dllcache\termsrv.dll

[7] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2008-04-14 12:00 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\$NtUninstallKB959426$\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\dllcache\kernel32.dll

[7] 2008-04-14 12:00 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\powrprof.dll
[7] 2008-04-14 12:00 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\dllcache\powrprof.dll

[7] 2008-04-14 12:00 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\imm32.dll
[7] 2008-04-14 12:00 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\dllcache\imm32.dll

[7] 2008-04-14 12:00 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\sfcfiles.dll
[7] 2008-04-14 12:00 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\dllcache\sfcfiles.dll

[7] 2008-04-14 12:00 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\system32\appmgmts.dll
[7] 2008-04-14 12:00 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\system32\dllcache\appmgmts.dll

[7] 2008-04-14 12:00 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\system32\drivers\kbdclass.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-17 1392640]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-03-25 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [19/05/2009 7:55 AM 210216]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2009-05-19 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-19 16:53]

2009-06-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-19 16:53]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-mfehidk
SafeBoot-mferkdk
SafeBoot-mfetdik
SafeBoot-mfetdik.sys


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-22 21:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(884)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2009-06-23 21:12
ComboFix-quarantined-files.txt 2009-06-23 03:12

Pre-Run: 100,861,284,352 bytes free
Post-Run: 101,279,715,328 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
[operating systems]
d:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

263 --- E O F --- 2009-06-11 16:04
Attached Files
File Type: txt cfix.txt (19.9 KB, 1 views)
Last edited by Angelfire777; 06-22-2009 at 10:02 PM.
simps18 is offline   Reply With Quote