Is this computer infected? Logs attached.

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Victor Green, Aug 17, 2011.

  1. Victor Green

    Victor Green Private E-2

    I just ran Trend Micro Rootkitbuster on this computer and cannot get rid of the following registry entries and hooked items. Is the computer infected? If so what needs to be done? Thank you.

    +----------------------------------------------------
    | Trend Micro RootkitBuster
    | Module version: 3.60.0.1016
    | Computer Name: LES-PC
    | User Name: Les
    +----------------------------------------------------


    --== Dump Hidden MBR, Hidden Files and Alternate Data Streams on C:\ ==--
    No hidden files found.

    --== Dump Hidden Registry Value on HKLM ==--
    [HIDDEN_REGISTRY][Hidden Reg Value]:
    KeyPath : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Recording\Restricted
    Root : 0
    SubKey : Restricted
    ValueName : ccc
    Data : 48 E7 E 92 58 B3 13 E6 ...
    ValueType : 3
    AccessType: 0
    FullLength: 0x66
    DataSize : 0xc8
    1 hidden registry entries found.


    --== Dump Hidden Process ==--
    No hidden processes found.

    --== Dump Hidden Driver ==--
    No hidden drivers found.

    --== Service Win32 API Hook List ==--
    [HOOKED_SERVICE_API]:
    Service API : ZwAdjustPrivilegesToken
    Image Path : C:\Windows\System32\DRIVERS\cmdguard.sys
    OriginalHandler : 0x84e265e2
    CurrentHandler : 0x9360fda4
    ServiceNumber : 0xc
    ModuleName : cmdguard.sys
    SDTType : 0x0
    [HOOKED_SERVICE_API]:
    Service API : ZwAlpcConnectPort
    Image Path : C:\Windows\System32\DRIVERS\cmdguard.sys
    OriginalHandler : 0x84e2081f
    CurrentHandler : 0x9361134c
    ServiceNumber : 0x15
    ModuleName : cmdguard.sys
    SDTType : 0x0
    [HOOKED_SERVICE_API]:
    Service API : ZwAlpcCreatePort
    Image Path : C:\Windows\System32\DRIVERS\cmdguard.sys
    OriginalHandler : 0x84df0943
    CurrentHandler : 0x9360ff90
    ServiceNumber : 0x16
    ModuleName : cmdguard.sys
    SDTType : 0x0
    [HOOKED_SERVICE_API]:
    Service API : ZwConnectPort
    Image Path : C:\Windows\System32\DRIVERS\cmdguard.sys
    OriginalHandler : 0x84e03acb
    CurrentHandler : 0x9360f0ce
    ServiceNumber : 0x36
    ModuleName : cmdguard.sys
    SDTType : 0x0
    [HOOKED_SERVICE_API]:
    Service API : ZwCreateFile
    Image Path : C:\Windows\System32\DRIVERS\cmdguard.sys
    OriginalHandler : 0x84e782eb
    CurrentHandler : 0x9360fa0a
    ServiceNumber : 0x3c
    ModuleName : cmdguard.sys
    SDTType : 0x0
    [HOOKED_SERVICE_API]:
    Service API : ZwCreatePort
    Image Path : C:\Windows\System32\DRIVERS\cmdguard.sys
    OriginalHandler : 0x84dbba42
    CurrentHandler : 0x9360efae
    ServiceNumber : 0x47
    ModuleName : cmdguard.sys
    SDTType : 0x0
    [HOOKED_SERVICE_API]:
    Service API : ZwCreateSection
    Image Path : C:\Windows\System32\DRIVERS\cmdguard.sys
    OriginalHandler : 0x84e67d95
    CurrentHandler : 0x9360f79e
    ServiceNumber : 0x4b
    ModuleName : cmdguard.sys
    SDTType : 0x0
    [HOOKED_SERVICE_API]:
    Service API : ZwCreateSymbolicLinkObject
    Image Path : C:\Windows\System32\DRIVERS\cmdguard.sys
    OriginalHandler : 0x84df632a
    CurrentHandler : 0x93610fde
    ServiceNumber : 0x4d
    ModuleName : cmdguard.sys
    SDTType : 0x0
    [HOOKED_SERVICE_API]:
    Service API : ZwCreateThread
    Image Path : C:\Windows\System32\DRIVERS\cmdguard.sys
    OriginalHandler : 0x84ec7b98
    CurrentHandler : 0x9360e99a
    ServiceNumber : 0x4e
    ModuleName : cmdguard.sys
    SDTType : 0x0
    [HOOKED_SERVICE_API]:
    Service API : ZwLoadDriver
    Image Path : C:\Windows\System32\DRIVERS\cmdguard.sys
    OriginalHandler : 0x84da1dee
    CurrentHandler : 0x936109ee
    ServiceNumber : 0xa5
    ModuleName : cmdguard.sys
    SDTType : 0x0
    [HOOKED_SERVICE_API]:
    Service API : ZwMakeTemporaryObject
    Image Path : C:\Windows\System32\DRIVERS\cmdguard.sys
    OriginalHandler : 0x84e0d69e
    CurrentHandler : 0x9360f396
    ServiceNumber : 0xae
    ModuleName : cmdguard.sys
    SDTType : 0x0
    [HOOKED_SERVICE_API]:
    Service API : ZwOpenFile
    Image Path : C:\Windows\System32\DRIVERS\cmdguard.sys
    OriginalHandler : 0x84e3c37d
    CurrentHandler : 0x9360fbe6
    ServiceNumber : 0xba
    ModuleName : cmdguard.sys
    SDTType : 0x0
    [HOOKED_SERVICE_API]:
    Service API : ZwOpenSection
    Image Path : C:\Windows\System32\DRIVERS\cmdguard.sys
    OriginalHandler : 0x84e475fd
    CurrentHandler : 0x9360f63a
    ServiceNumber : 0xc5
    ModuleName : cmdguard.sys
    SDTType : 0x0
    [HOOKED_SERVICE_API]:
    Service API : ZwRequestWaitReplyPort
    Image Path : C:\Windows\System32\DRIVERS\cmdguard.sys
    OriginalHandler : 0x84e79f40
    CurrentHandler : 0x9361048a
    ServiceNumber : 0x114
    ModuleName : cmdguard.sys
    SDTType : 0x0
    [HOOKED_SERVICE_API]:
    Service API : ZwSecureConnectPort
    Image Path : C:\Windows\System32\DRIVERS\cmdguard.sys
    OriginalHandler : 0x84e036a4
    CurrentHandler : 0x9361073e
    ServiceNumber : 0x11e
    ModuleName : cmdguard.sys
    SDTType : 0x0
    [HOOKED_SERVICE_API]:
    Service API : ZwSetSystemInformation
    Image Path : C:\Windows\System32\DRIVERS\cmdguard.sys
    OriginalHandler : 0x84e1ce83
    CurrentHandler : 0x93610ce6
    ServiceNumber : 0x13d
    ModuleName : cmdguard.sys
    SDTType : 0x0
    [HOOKED_SERVICE_API]:
    Service API : ZwShutdownSystem
    Image Path : C:\Windows\System32\DRIVERS\cmdguard.sys
    OriginalHandler : 0x84ee93a1
    CurrentHandler : 0x9360f300
    ServiceNumber : 0x146
    ModuleName : cmdguard.sys
    SDTType : 0x0
    [HOOKED_SERVICE_API]:
    Service API : ZwSystemDebugControl
    Image Path : C:\Windows\System32\DRIVERS\cmdguard.sys
    OriginalHandler : 0x84e2ee51
    CurrentHandler : 0x9360f526
    ServiceNumber : 0x14c
    ModuleName : cmdguard.sys
    SDTType : 0x0
    [HOOKED_SERVICE_API]:
    Service API : ZwTerminateProcess
    Image Path : C:\Windows\System32\DRIVERS\cmdguard.sys
    OriginalHandler : 0x84e270d3
    CurrentHandler : 0x9360edb0
    ServiceNumber : 0x14e
    ModuleName : cmdguard.sys
    SDTType : 0x0
    [HOOKED_SERVICE_API]:
    Service API : ZwTerminateThread
    Image Path : C:\Windows\System32\DRIVERS\cmdguard.sys
    OriginalHandler : 0x84e524df
    CurrentHandler : 0x9360eb9e
    ServiceNumber : 0x14f
    ModuleName : cmdguard.sys
    SDTType : 0x0
    [HOOKED_SERVICE_API]:
    Service API : ZwCreateThreadEx
    Image Path : C:\Windows\System32\DRIVERS\cmdguard.sys
    OriginalHandler : 0x84e51f94
    CurrentHandler : 0x9361009e
    ServiceNumber : 0x17e
    ModuleName : cmdguard.sys
    SDTType : 0x0


    --== Dump Hidden Port ==--
    No hidden ports found.

    --== Dump Kernel Code Patching ==--
    No kernel code patching detected.

    --== Dump Hidden Services ==--
    No hidden services found.
     
    Victor Green, Aug 17, 2011
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    You are trying to remove entries for your Comodo software which obviously you don't need to or want to remove. ;)
     
    chaslang, Aug 18, 2011
    #2
  3. Victor Green

    Victor Green Private E-2

    Yes I do not want to remove my firewall. Thank you so much! :)
     
    Victor Green, Aug 18, 2011
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely!
     
    chaslang, Aug 18, 2011
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds