Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Seedworm Spy Gang Stores Malware on GitHub, Keeps Up with Infosec Advances

Featured Deal: Get 99% off The The 2019 Ethical Hacker Master Class Bundle

Combofix Log

Started by Nixonplumber , Mar 28 2009 03:47 PM

This topic is locked

1 reply to this topic

#1 Nixonplumber

Members
3 posts
OFFLINE

Local time:08:12 AM

Posted 28 March 2009 - 03:47 PM

ComboFix 09-03-27.02 - Nathan 2009-03-28 15:32:45.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1572 [GMT -4:00]
Running from: c:\documents and settings\Nathan\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\dll32.dll
.
---- Previous Run -------
.
c:\documents and settings\Nathan\My Documents\My Music\My Music.url
c:\windows\9g234sdff3d23dfgjf23
c:\windows\pp05.exe
c:\windows\system32\887164
c:\windows\system32\887164\887164.dll
c:\windows\system32\dll32.dll
c:\windows\system32\drivers\gaopdxdxfrumtq.sys
c:\windows\system32\drivers\gaopdxetnrkvov.sys
c:\windows\system32\drivers\gaopdxkbcacvmi.sys
c:\windows\system32\drivers\gaopdxotkwnlon.sys
c:\windows\system32\drivers\gaopdxpejnqocf.sys
c:\windows\system32\drivers\gaopdxxtfmudiu.sys
c:\windows\system32\gaopdxiklxlsvi.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys
-------\Service_PCIDump

((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-28 )))))))))))))))))))))))))))))))
.

2009-03-28 14:37 . 2009-03-28 14:37 2 ---h----- c:\windows\t55ft3223f44.dat
2009-03-23 20:26 . 2009-03-23 20:26 2 ---h----- c:\windows\t55ft2792f44.dat
2009-03-22 21:26 . 2009-03-22 21:26 <DIR> d-------- c:\program files\AVG
2009-03-18 22:19 . 2009-03-18 22:19 <DIR> d-------- c:\program files\websrvx
2009-03-18 22:19 . 2009-03-23 20:26 29,696 ---h----- c:\windows\freddy39.exe
2009-03-18 22:19 . 2009-03-18 22:19 11,776 ---h----- c:\windows\pp04.exe
2009-03-18 22:19 . 2009-03-18 22:19 2 ---h----- c:\windows\t55ft3366f44.dat
2009-03-18 22:19 . 2009-03-18 22:19 2 ---h----- c:\windows\t55ft2935f44.dat
2009-03-18 22:19 . 2009-03-18 22:19 1 ---h----- c:\windows\f23567.dat
2009-03-18 22:19 . 2009-03-18 22:19 1 --a------ c:\windows\9g234sdfdfgjf23
2009-03-18 22:19 . 2009-03-18 22:19 0 --a------ c:\windows\system32\nfr.gpref
2009-03-18 22:19 . 2009-03-18 22:19 0 --a------ c:\windows\system32\nfr.assembly
2009-03-18 22:18 . 2009-03-18 22:18 15,360 ---h----- c:\windows\ld02.exe
2009-03-16 21:16 . 2009-03-16 21:16 <DIR> d-------- c:\program files\iTunes
2009-03-16 21:16 . 2009-03-16 21:16 <DIR> d-------- c:\program files\iPod
2009-03-16 21:16 . 2009-03-16 21:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-16 21:15 . 2009-03-16 21:15 <DIR> d-------- c:\program files\QuickTime
2009-03-16 21:15 . 2009-03-16 21:16 <DIR> d-------- c:\program files\Common Files\Apple
2009-03-16 21:15 . 2009-03-16 21:15 <DIR> d-------- c:\program files\Bonjour
2009-03-16 21:15 . 2009-03-19 18:34 <DIR> d-------- c:\program files\Apple Software Update
2009-03-16 21:10 . 2009-03-16 21:10 <DIR> d-------- c:\documents and settings\Nathan\Application Data\Blackberry Desktop
2009-03-12 21:29 . 2009-03-12 21:29 <DIR> d-------- c:\program files\FileZilla Server
2009-03-04 18:01 . 2009-03-28 14:33 <DIR> d-------- c:\program files\LogMeIn
2009-03-03 21:40 . 2009-03-03 22:25 <DIR> d-------- c:\documents and settings\Nathan\Application Data\InstallShield Installation Information
2009-03-03 21:40 . 2009-03-03 21:40 <DIR> d-------- c:\documents and settings\Nathan\Application Data\Firaxis Games
2009-03-02 22:27 . 2009-03-02 22:27 248 --a------ c:\windows\RomeTW.ini
2009-03-02 22:19 . 2009-03-02 22:19 <DIR> d-------- c:\program files\Activision
2009-03-02 21:32 . 2009-03-02 21:32 <DIR> d-------- c:\program files\MagicDisc
2009-03-02 21:32 . 2009-02-24 19:42 116,736 --a------ c:\windows\system32\drivers\mcdbus.sys
2009-03-02 21:08 . 2009-03-02 21:08 <DIR> d-------- c:\documents and settings\Nathan\Application Data\GlarySoft
2009-03-02 21:06 . 2009-03-02 21:06 <DIR> d-------- c:\program files\Glary Utilities
2009-03-02 20:59 . 2009-03-02 21:01 <DIR> d-------- c:\program files\Auslogics
2009-03-02 20:59 . 2009-03-02 21:02 <DIR> d-------- c:\documents and settings\Nathan\Application Data\Auslogics
2009-03-02 18:31 . 2009-03-02 18:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\LogMeIn
2009-03-02 18:31 . 2008-10-16 21:35 83,288 --a------ c:\windows\system32\LMIRfsClientNP.dll.000.bak
2009-03-02 18:31 . 2008-10-16 21:35 83,288 --a------ c:\windows\system32\LMIRfsClientNP.dll
2009-03-02 18:31 . 2008-07-24 19:46 47,640 --a------ c:\windows\system32\drivers\LMIRfsDriver.sys
2009-03-02 18:31 . 2008-10-16 21:35 28,984 --a------ c:\windows\system32\LMIport.dll
2009-03-02 18:30 . 2008-10-16 21:35 87,352 --a------ c:\windows\system32\LMIinit.dll.000.bak
2009-03-02 18:30 . 2008-10-16 21:35 87,352 --a------ c:\windows\system32\LMIinit.dll
2009-03-02 18:30 . 2009-03-04 18:01 1,024 --a------ C:\.rnd
2009-03-01 23:46 . 2009-03-28 15:23 3,888 --a------ c:\windows\system32\BMXCtrlState-{00000002-00000000-00000008-00001102-00000004-00511102}.rfx
2009-03-01 23:46 . 2009-03-28 15:23 3,888 --a------ c:\windows\system32\BMXBkpCtrlState-{00000002-00000000-00000008-00001102-00000004-00511102}.rfx
2009-03-01 23:21 . 2009-03-10 17:31 <DIR> d-------- c:\documents and settings\Nathan\Application Data\The Creative Assembly
2009-03-01 18:26 . 2009-03-28 15:27 <DIR> d-------- c:\program files\Steam
2009-03-01 14:59 . 1999-09-22 19:18 2,259,067 -ra------ c:\windows\system32\default.ecw
2009-03-01 14:59 . 2002-03-22 08:10 991,656 -ra------ c:\windows\system32\drivers\ha10kx2k.sys
2009-03-01 14:59 . 2002-03-22 08:09 835,636 -ra------ c:\windows\system32\drivers\ctaud2k.sys
2009-03-01 14:59 . 2002-03-22 08:09 195,432 -ra------ c:\windows\system32\drivers\ctoss2k.sys
2009-03-01 14:59 . 2002-03-22 08:22 179,669 -ra------ c:\windows\system32\ctstatic.dat
2009-03-01 14:59 . 2002-03-22 08:30 163,933 -ra------ c:\windows\system32\ctdlang.dat
2009-03-01 14:59 . 2002-03-22 08:30 112,287 -ra------ c:\windows\system32\ctbas2w.dat
2009-03-01 14:59 . 2002-03-22 08:19 44,055 -ra------ c:\windows\system32\ctdaught.dat
2009-03-01 14:59 . 2001-08-17 10:35 36,864 -ra------ c:\windows\system32\sfman32.dll
2009-03-01 14:59 . 2001-08-17 08:42 7,406 -ra------ c:\windows\system32\SBAudigy.ico
2009-03-01 14:59 . 2001-11-13 05:48 1,912 -ra------ c:\windows\system32\Audigy.bmp
2009-03-01 14:50 . 2009-03-01 14:50 <DIR> d-------- c:\program files\Creative
2009-03-01 14:33 . 2009-03-01 14:33 <DIR> d-------- c:\program files\iXi Tools
2009-03-01 14:17 . 1999-10-10 21:01 41,984 --------- c:\windows\CTRegRun.exe
2009-02-28 17:13 . 2009-03-27 14:12 256 --a------ c:\windows\system32\pool.bin
2009-02-28 17:01 . 2009-03-16 20:39 <DIR> d-------- c:\documents and settings\Nathan\Application Data\Roxio
2009-02-28 17:01 . 2009-02-28 17:01 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Roxio
2009-02-28 16:59 . 2009-03-16 20:44 <DIR> d-------- c:\documents and settings\Nathan\Application Data\Research In Motion
2009-02-28 16:54 . 2009-02-28 16:54 256 --a------ c:\documents and settings\Nathan\pool.bin
2009-02-28 16:50 . 2009-02-28 16:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sonic
2009-02-28 16:50 . 2009-02-28 16:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield
2009-02-28 16:49 . 2009-02-28 16:49 <DIR> d-------- c:\program files\Roxio
2009-02-28 16:49 . 2009-02-28 16:49 <DIR> d-------- c:\program files\Common Files\Sonic Shared
2009-02-28 16:49 . 2009-02-28 16:49 <DIR> d-------- c:\program files\Common Files\Roxio Shared
2009-02-28 16:49 . 2009-02-28 16:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Roxio
2009-02-28 16:48 . 2009-02-28 17:00 <DIR> d-------- c:\program files\Research In Motion
2009-02-28 16:48 . 2009-02-28 16:48 <DIR> d-------- c:\program files\Common Files\Research In Motion
2009-02-28 16:48 . 2007-01-18 11:24 26,496 -ra------ c:\windows\system32\drivers\RimSerial.sys
2009-02-28 11:06 . 2009-02-28 11:06 <DIR> d--hs---- c:\windows\ftpcache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-28 19:30 --------- d-----w c:\documents and settings\All Users\Application Data\STOPzilla!
2009-03-28 19:27 --------- d-----w c:\documents and settings\Nathan\Application Data\OpenOffice.org2
2009-03-28 19:27 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-28 19:25 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-28 19:06 9,568 ----a-w c:\windows\system32\drivers\kgpfr2.cfg
2009-03-28 18:51 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-28 18:32 --------- d-----w c:\documents and settings\Nathan\Application Data\uTorrent
2009-03-28 18:30 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-03-22 15:22 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-22 15:08 --------- d-----w c:\documents and settings\Nathan\Application Data\Vso
2009-03-03 02:27 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-03 00:49 --------- d-----w c:\program files\Electronic Arts
2009-03-01 22:44 --------- d-----w c:\documents and settings\Nathan\Application Data\Smart-Shopper
2009-02-28 20:50 --------- d-----w c:\documents and settings\Nathan\Application Data\InstallShield
2009-02-28 20:49 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-16 21:55 --------- d-----w c:\program files\JFK Reloaded
2009-02-16 20:59 --------- d-----w c:\program files\GRETECH
2009-02-15 17:14 --------- d-----w c:\program files\Lexmark X1100 Series
2009-01-29 20:48 --------- d-----w c:\documents and settings\Julie\Application Data\uTorrent
2009-01-29 02:55 --------- d-----w c:\documents and settings\Julie\Application Data\Smart-Shopper
2009-01-29 02:48 --------- d-----w c:\documents and settings\Julie\Application Data\Vso
2009-01-21 03:37 2,124 ----a-w c:\windows\system32\ealregsnapshot1.reg
2008-05-12 02:35 87,608 ----a-w c:\documents and settings\Nathan\Application Data\ezpinst.exe
2008-05-12 02:35 47,360 ----a-w c:\documents and settings\Nathan\Application Data\pcouffin.sys
2008-04-20 23:22 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-05-25 03:06 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008052420080525\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dll"="dll32" [X]
"MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" [2008-04-13 1695232]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-02-11 801904]
"Registry Cleaner Scheduler"="c:\program files\CleanMyPC\Registry Cleaner\RCHelper.exe" [2009-01-21 471650]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"Steam"="c:\program files\Steam\Steam.exe" [2009-03-01 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-11-04 615696]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-09-19 236016]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"FileZilla Server Interface"="c:\program files\FileZilla Server\FileZilla Server Interface.exe" [2009-03-03 1224704]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"sysldtray"="c:\windows\ld02.exe" [2009-03-18 15360]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-22 148888]
"sysfbtray"="c:\windows\freddy39.exe" [2009-03-23 29696]
"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2008-05-05 c:\windows\system32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 c:\windows\system32\Ctxfihlp.exe]
"WD Button Manager"="WDBtnMgr.exe" [2008-09-24 c:\windows\system32\WDBtnMgr.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 c:\windows\SOUNDMAN.EXE]

c:\documents and settings\Nathan\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-03-02 576000]
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 21:35 87352 c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-06 18:37 21898024 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\STOPzilla!\\STOPzilla.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\empire total war\\Empire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"80:TCP"= 80:TCP:dll32
"7171:TCP"= 7171:TCP:dll32

R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [2008-10-08 49664]
R2 Bandoo Coordinator;Bandoo Coordinator;c:\progra~1\Fun4IM\Bandoo.exe [2008-12-11 1281984]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-07-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-03-02 47640]
R2 websrvx;websrvx;c:\program files\websrvx\websrvx.exe [2009-03-18 9728]
S1 aswSP;avast! Self Protection; [x]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\ntldr.com h:
\Shell\Open\command - resycled\ntldr.com h:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0db459f-8a68-11dd-a2b8-00110932473c}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\ntldr.com h:
\Shell\Open\command - resycled\ntldr.com h:
.
Contents of the 'Scheduled Tasks' folder

2009-03-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-28 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-02-12 18:10]

2009-03-28 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe []

2009-03-23 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe []

2009-03-23 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\ [2009-03-02 21:10]

2009-03-27 c:\windows\Tasks\User_Feed_Synchronization-{453C356F-F6A6-4EE3-BF6B-AF6A1C5DF01E}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
.
- - - - ORPHANS REMOVED - - - -

BHO-{2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - (no file)
Toolbar-SITEguard - (no file)
WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
HKCU-Run-DriverUpdaterPro - c:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe
HKLM-Run-pp - c:\windows\pp05.exe
HKLM-Run-AsioReg - CTASIO.DLL
HKU-Default-RunOnce-SetDefaultMIDI - MIDIDEF.EXE

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
IE: &Clean Traces
IE: &Download with &DAP
IE: Download &all with DAP
LSP: c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
Trusted Zone: aol.com\free
FF - ProfilePath - c:\documents and settings\Nathan\Application Data\Mozilla\Firefox\Profiles\m6c6widg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1434207&SearchSource=3&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\documents and settings\Nathan\Application Data\Mozilla\Firefox\Profiles\m6c6widg.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-28 15:33:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-823518204-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:63,07,12,b7,5c,ad,1d,93,ff,26,bb,c7,43,de,af,88,c2,fa,fc,c5,58,3c,7c,
63,96,66,42,b1,7a,b5,00,40,5e,c7,6f,34,09,d7,93,fb,05,f6,4a,34,93,0d,b2,f2,\
"??"=hex:70,9b,fe,19,30,28,37,15,8a,6e,a9,37,ff,bc,f7,e3

[HKEY_USERS\S-1-5-21-1644491937-823518204-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:ae,a1,ff,59,33,5c,c3,f3,cc,ad,f0,f6,ae,fa,1a,41,dd,df,ca,dc,2d,
a7,5d,1a,c9,9d,8b,e8,44,4e,b2,53,c1,5a,f5,83,a5,bf,2e,5d,4b,ee,58,28,07,bb,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\LMIinit.dll

- - - - - - - > 'lsass.exe'(760)
c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
.
Completion time: 2009-03-28 15:34:51
ComboFix-quarantined-files.txt 2009-03-28 19:34:33

Pre-Run: 25,314,308,096 bytes free
Post-Run: 25,303,719,936 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

294 --- E O F --- 2009-01-14 04:01:32

Back to top

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 garmanma

Computer Masochist

Members
27,809 posts
OFFLINE

Gender:Male
Location:Cleveland, Ohio
Local time:08:12 AM

Posted 28 March 2009 - 05:31 PM

ComboFix logs should not to be posted or discussed outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic in the Am I Infected forum.
http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/
Explain the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

This topic is now closed.
The BC Staff

Mark

why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter