Thread: Trojan found- please help!
View Single Post
Old 07-03-2009, 07:03 PM   #3 (permalink)
Lenovox61
Registered User
 
Join Date: Nov 2008
Posts: 32
OS: 1. Windows vista ultimate 2. Win XP


Re: Trojan found- please help!
To (hopefully) help you guys help me I ran combofix following instructions from other threads. Attached is the log file.

Putting up this log that popped up after the scan too just in case:

ComboFix 09-07-03.03 - Benjamin 04/07/2009 2:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2496 [GMT 2:00]
Running from: c:\documents and settings\Benjamin\Desktop\Combo-Fix.exe
AV: F-Secure Anti-Virus for Workstations 8.00 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Benjamin\Application Data\inst.exe
c:\windows\Installer\18a8ed.msp
c:\windows\Installer\1be674.msp
c:\windows\Installer\4ab5da.msp

.
((((((((((((((((((((((((( Files Created from 2009-06-04 to 2009-07-04 )))))))))))))))))))))))))))))))
.

2009-07-04 00:35 . 2009-07-04 00:35 -------- d-----w- c:\windows\LastGood
2009-07-04 00:28 . 2009-07-04 00:28 -------- d-----w- C:\5a6d4bcc2acfd0d445c7e8
2009-07-04 00:27 . 2009-07-04 00:28 -------- d-----w- C:\c7a13c51cb86994d9e99a5b04ec252dd
2009-07-03 14:12 . 2009-06-21 06:46 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-07-03 14:11 . 2009-06-10 04:03 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-07-03 14:05 . 2009-07-03 14:05 290816 ----a-w- c:\documents and settings\Benjamin\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-07-03 14:05 . 2009-07-03 14:05 290816 ----a-w- c:\documents and settings\Benjamin\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-07-03 14:05 . 2009-07-03 14:05 290816 ----a-w- c:\documents and settings\Benjamin\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-07-03 14:05 . 2009-07-03 14:05 290816 ----a-w- c:\documents and settings\Benjamin\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-07-03 13:48 . 2009-07-03 13:48 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-03 13:25 . 2009-07-03 20:48 -------- d-----w- c:\program files\PC Wizard 2008
2009-06-30 17:10 . 2009-06-30 17:10 -------- d-----w- c:\documents and settings\Benjamin\PrivacIE
2009-06-28 17:05 . 2009-06-28 17:05 -------- d-----w- c:\documents and settings\NetworkService\IETldCache
2009-06-28 15:01 . 2009-06-28 15:01 -------- d-----w- c:\documents and settings\Benjamin\IETldCache
2009-06-28 12:43 . 2009-06-28 12:43 -------- d-----w- c:\windows\ie8updates
2009-06-28 12:42 . 2009-07-03 13:47 -------- dc----w- c:\windows\ie8
2009-06-24 00:55 . 2009-07-03 13:47 -------- d-----w- c:\program files\DISCIPLINE
2009-06-23 15:03 . 2009-06-23 15:03 152576 ----a-w- c:\documents and settings\Benjamin\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-13 17:14 . 2009-06-13 17:14 -------- d-----w- c:\program files\iPod
2009-06-13 17:14 . 2009-06-13 17:14 -------- d-----w- c:\program files\iTunes
2009-06-13 17:08 . 2009-06-13 17:08 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-10 06:28 . 2009-06-10 06:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 06:28 . 2009-06-10 06:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 06:28 . 2009-06-10 06:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 06:28 . 2009-06-10 06:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 06:28 . 2009-06-10 06:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 06:28 . 2009-06-10 06:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 06:28 . 2009-06-10 06:28 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-06-10 04:03 . 2009-06-10 04:03 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 04:03 . 2009-06-10 04:03 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 04:03 . 2009-06-10 04:03 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 04:03 . 2009-06-10 04:03 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-04 00:31 . 2008-11-09 15:11 -------- d-----w- c:\documents and settings\Benjamin\Application Data\uTorrent
2009-07-03 18:36 . 2006-11-02 16:22 -------- d-----w- c:\program files\BitLord
2009-07-03 15:34 . 2008-12-10 23:29 -------- d-----w- c:\program files\F-Secure
2009-07-03 14:30 . 2007-03-11 18:03 -------- d-----w- c:\program files\Yahoo!
2009-07-03 14:28 . 2006-10-11 20:35 -------- d-----w- c:\program files\Creative
2009-07-03 14:26 . 2008-10-19 18:00 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-07-03 14:25 . 2007-04-29 01:01 -------- d-----w- c:\program files\AviSynth 2.5
2009-07-03 14:12 . 2006-10-29 19:36 -------- d-----w- c:\documents and settings\Benjamin\Application Data\Skype
2009-07-03 14:05 . 2008-09-07 19:20 -------- d-----w- c:\program files\SystemRequirementsLab
2009-07-03 14:05 . 2007-10-18 14:43 -------- d-----w- c:\documents and settings\Benjamin\Application Data\SystemRequirementsLab
2009-07-03 14:00 . 2009-02-11 19:00 -------- d-----w- c:\program files\Azgard Defence
2009-07-03 13:50 . 2008-08-16 09:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-23 15:04 . 2006-10-11 20:30 -------- d-----w- c:\program files\Java
2009-06-13 17:14 . 2008-03-12 17:33 -------- d-----w- c:\program files\Common Files\Apple
2009-06-13 17:12 . 2008-07-05 22:53 -------- d-----w- c:\program files\QuickTime
2009-06-10 22:37 . 2006-10-11 20:41 -------- d-----w- c:\program files\Microsoft Works
2009-06-10 04:03 . 2006-10-11 20:15 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 04:03 . 2006-10-11 20:15 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 04:03 . 2006-10-11 20:15 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 04:03 . 2006-10-11 20:15 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 04:03 . 2004-08-11 16:08 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 04:03 . 2004-08-11 16:08 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-05-30 12:50 . 2009-05-30 12:50 -------- d-----w- c:\program files\Microsoft Silverlight
2009-05-27 00:50 . 2009-05-27 00:49 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-21 09:33 . 2008-11-24 13:27 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-20 20:25 . 2007-03-07 19:32 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-20 20:25 . 2007-08-03 21:41 -------- d-----w- c:\program files\Lavasoft
2009-05-19 17:50 . 2008-03-12 17:37 -------- d-----w- c:\documents and settings\Benjamin\Application Data\Apple Computer
2009-05-07 15:32 . 2004-08-11 16:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 19:48 . 2009-05-05 19:40 -------- d-----w- c:\documents and settings\Benjamin\Application Data\TrueCrypt
2009-05-05 19:40 . 2009-05-05 19:40 215872 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2009-05-05 19:40 . 2009-05-05 19:40 -------- d-----w- c:\program files\TrueCrypt
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-29 04:56 . 2004-08-11 16:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:56 . 2004-08-11 16:00 827392 ----a-w- c:\windows\system32\wininet(3).dll
2009-04-29 04:56 . 2004-08-11 16:00 1159680 ----a-w- c:\windows\system32\urlmon(3).dll
2009-04-29 04:55 . 2004-08-11 16:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2004-08-11 16:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-11 16:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-10 10:37 . 2009-04-10 10:37 152576 ----a-w- c:\documents and settings\Benjamin\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2006-10-24 21:37 . 2006-10-24 21:37 1378 ----a-w- c:\program files\uninstal.log
2001-08-13 13:51 . 2001-08-13 13:51 1396337 ----a-w- c:\program files\Captura.exe
2007-02-03 21:23 . 2006-10-26 22:49 88 --sh--r- c:\windows\system32\B027AC290B.sys
2007-02-03 21:23 . 2006-10-26 22:49 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2007-07-24 1298432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2006-06-15 49152]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"sclauncher"="c:\program files\SimpleCenter\bin\win\sclauncher.exe" [2007-01-30 94208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-09 185896]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2008-10-09 182936]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2008-10-09 1182304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"CTHelper"="CTHELPER.EXE" - c:\windows\CTHELPER.EXE [2005-11-08 16384]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\CTXFIHLP.EXE [2006-03-01 18944]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-07-17 55824]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"WD Button Manager"="WDBtnMgr.exe" - c:\windows\system32\WDBtnMgr.exe [2008-01-23 339968]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RealUpgradeHelper"="c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe" [2008-10-09 136768]

c:\documents and settings\Benjamin\Start Menu\Programs\Startup\AutorunsDisabled
Product Registration.lnk - c:\program files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2007-8-2 2979080]

c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetpointII.exe [2007-8-30 319488]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\benplay\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\benplay\\half-life deathmatch source\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\benplay\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe"=
"c:\\Program Files\\Valve\\Steam\\steam.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\benplay\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\SimpleCenter\\Home Media Server.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [11/12/2008 01:33 33408]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [11/12/2008 01:29 86648]
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [30/10/2006 00:28 91830]
R3 uac4pdt;PDT USB Composite Class Filter Driver;c:\windows\system32\drivers\uac4pdt.sys [29/10/2006 21:29 15232]
S2 RPCER;Remote Procedure Call (HNM);c:\program files\NetMeeting\comp.exe [28/03/2007 22:07 12798152]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [17/02/2009 23:46 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [17/02/2009 23:46 8320]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\fsfilter.sys [11/12/2008 01:29 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\fsrec.sys [11/12/2008 01:29 25184]
.
Contents of the 'Scheduled Tasks' folder

2009-06-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 10:34]

2009-07-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2006-12-27 20:17]

2009-07-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.no/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to QQ Customized Emoticons - c:\program files\Tencent\QQ\AddEmotion.htm
IE: Add to QQ Customized Panel - c:\program files\Tencent\QQ\AddPanel.htm
IE: Add to QQ Emotions - c:\program files\Tencent\QQ\AddEmotion.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send picture by MMS - c:\program files\Tencent\QQ\SendMMS.htm
IE: Send Picture with QQ MMS - c:\program files\Tencent\QQ\SendMMS.htm
IE: Upload to QQ Network Hard Disk - c:\program files\Tencent\QQ\AddToNetDisk.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157b} - c:\program files\Tencent\QQ\QQ.EXE
DPF: {A92E0798-BFA4-4FEE-BB48-8E2C69B2B0C5} - hxxp://www.navigram.com/engine/v812/PageDive5.cab
FF - ProfilePath - c:\documents and settings\Benjamin\Application Data\Mozilla\Firefox\Profiles\3c3k4z7x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\Benjamin\Local Settings\Application Data\myVRnpapi\npmyvr.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-04 02:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2353852118-607164052-2184361089-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:84,66,42,8f,60,88,22,dd,be,ce,25,e8,8d,31,33,1f,30,25,f3,14,3c,34,84,
51,b3,08,61,b4,d0,96,b1,82,42,cf,ac,89,89,bc,2e,f2,77,27,57,bb,dd,c7,a2,71,\
"??"=hex:15,d0,a9,2c,eb,86,1c,55,2b,d4,48,d0,00,c8,54,38
.
Completion time: 2009-07-04 2:57
ComboFix-quarantined-files.txt 2009-07-04 00:57

Pre-Run: 82,786,582,528 bytes free
Post-Run: 83,225,931,776 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=6 Default=6 Failed=5 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
253 --- E O F --- 2009-07-03 13:52
Attached Files
File Type: txt ComboFix.txt (19.0 KB, 0 views)
Lenovox61 is offline   Reply With Quote