Thread: infected with catchme.sys
View Single Post
  #15 (permalink)   Top
Old 30th November 2009, 08:52 PM
jackie2929's Avatar
jackie2929 jackie2929 is offline
Newcomer
  
Join Date: Nov 2009, 14 posts.
Reputation: jackie2929 is on a distinguished road
ok..here are the logs

ComboFix 09-11-30.01 - Administrator 11/30/2009 14:20.10.2 - x86
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Freedom *On-access scanning disabled* (Outdated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
AV: Norton Security Online *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Freedom *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
FW: Norton Security Online *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Created a new restore point

FILE ::
"C:\1.reg"
"C:\2.reg"
"C:\3.reg"
"C:\4.reg"
"C:\5.reg"
"C:\6.reg"
"C:\7.reg"
"C:\avexport.bat"
"c:\windows\E80F62FF5D3C4A1984099721F2928206.T MP"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\1.reg
C:\2.reg
C:\3.reg
C:\4.reg
C:\5.reg
C:\6.reg
C:\7.reg
C:\avexport.bat
c:\documents and settings\Administrator\Local Settings\Application Data\jffrpq

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\eventlog.dll --> c:\windows\System32\eventlog.dll
.
((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-30 )))))))))))))))))))))))))))))))
.

2009-11-30 19:00 . 2008-04-14 00:11 56320 -c--a-w- c:\windows\system32\dllcache\eventlog.dll
2009-11-30 19:00 . 2008-04-14 00:11 56320 ----a-w- c:\windows\system32\eventlog.dll
2009-11-28 16:01 . 2009-11-28 16:01 79488 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-27 02:42 . 2009-11-27 02:42 34816 ----a-w- c:\windows\system32\drivers\tatertot.sys
2009-11-27 02:41 . 2009-11-27 03:04 34816 ----a-w- c:\windows\system32\drivers\tatertot.scr.sys
2009-11-27 02:25 . 2009-11-27 02:26 -------- d-----w- c:\program files\zztoy
2009-11-25 23:50 . 2009-11-25 23:50 -------- d-----w- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2009-11-24 18:58 . 2009-11-24 18:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\URSoft
2009-11-24 18:58 . 2009-11-24 19:05 -------- d-----w- c:\program files\Your Uninstaller
2009-11-18 22:43 . 2009-11-18 22:43 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-18 22:41 . 2009-11-18 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco
2009-11-18 22:41 . 2009-11-18 22:41 -------- d-----w- c:\program files\Raxco
2009-11-12 18:50 . 2009-11-12 18:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\TheWeatherNetwork
2009-11-06 14:06 . 2009-11-06 14:06 -------- d-----w- c:\program files\Lexmark_3300 Series
2009-11-06 14:03 . 2009-11-06 14:06 -------- d-----w- c:\program files\Lexmark 3300 Series
2009-11-06 02:18 . 2009-11-20 21:26 -------- d-----w- c:\documents and settings\Administrator\Tracing
2009-11-06 00:18 . 2009-11-06 00:18 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-11-06 00:17 . 2009-08-06 03:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-11-06 00:16 . 2009-11-06 00:16 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-11-06 00:11 . 2009-11-06 00:18 -------- d-----w- c:\program files\Microsoft
2009-11-06 00:10 . 2009-11-06 00:10 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-06 00:02 . 2009-11-06 00:02 -------- d-----w- c:\program files\Common Files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-11-30 19:33 . 2008-04-10 00:02 97136 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-11-30 19:33 . 2008-04-10 00:02 1018400 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-11-30 19:33 . 2008-04-10 00:02 9365024 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-30 19:33 . 2008-04-10 00:02 125960 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-29 19:06 . 2007-10-16 23:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-28 20:19 . 2009-04-02 02:52 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2009-11-27 19:06 . 2005-12-10 05:39 -------- d-----w- c:\program files\Lx_cats
2009-11-25 23:58 . 2005-08-04 14:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-25 23:51 . 2003-12-17 13:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-11-25 23:00 . 2007-08-28 22:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\mIRC
2009-11-25 22:30 . 2007-11-26 20:53 -------- d-----w- c:\program files\GetData
2009-11-24 19:13 . 2008-10-24 03:34 -------- d-----w- c:\program files\Incomplete
2009-11-24 19:08 . 2009-10-27 16:26 -------- d-----w- c:\program files\Rogers Online Protection
2009-11-18 22:41 . 2003-12-17 08:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-16 22:05 . 2009-10-27 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Rogers Online Protection
2009-11-16 22:05 . 2009-10-27 16:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\Rogers Online Protection
2009-11-06 02:18 . 2006-06-19 23:35 58160 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-11-06 00:17 . 2008-03-01 18:04 -------- d-----w- c:\program files\Windows Live
2009-10-27 16:33 . 2005-06-28 00:02 -------- d-----w- c:\program files\Yahoo!
2009-10-27 16:33 . 2005-09-19 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-10-27 15:54 . 2009-10-27 15:54 -------- d-----w- c:\program files\ACW
2009-10-27 05:26 . 2009-10-21 00:33 -------- d-----w- c:\program files\Winamp
2009-10-27 05:22 . 2009-02-23 21:53 -------- d-----w- c:\program files\Electronic Arts
2009-10-26 22:32 . 2005-08-04 14:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-26 22:32 . 2009-10-26 21:51 -------- d-----w- c:\program files\kissbutt
2009-10-26 19:43 . 2009-10-26 19:43 -------- d-----w- c:\program files\asskiss
2009-10-26 02:03 . 2009-10-26 02:03 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-25 20:02 . 2009-10-25 20:02 27459 ------w- C:\MGlogs.zip
2009-10-24 02:34 . 2009-10-21 00:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\dvdcss
2009-10-20 18:47 . 2009-10-20 18:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVS4YOU
2009-10-20 18:46 . 2009-10-20 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-10-19 00:04 . 2009-10-19 00:03 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-10-07 18:44 . 2007-01-21 16:33 -------- d-----w- c:\program files\VideoLAN
2009-09-11 14:18 . 2004-01-20 18:08 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 19:54 . 2009-10-26 19:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2009-10-26 19:43 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2004-01-20 18:08 58880 ----a-w- c:\windows\system32\msasn1.dll
2005-05-26 18:35 . 2008-09-04 00:48 1422 ----a-w- c:\program files\ReadMe.txt
2002-07-03 22:32 . 2007-09-12 23:25 51518 ----a-w- c:\program files\Cyborg.ipt
2004-07-23 18:11 . 2005-06-14 18:49 0 -csha-w- c:\windows\SMINST\HPCD.SYS
2008-11-15 18:48 . 2008-11-15 18:48 88 --sha-r- c:\windows\system32\581B3DD1C8.sys
2008-11-15 18:49 . 2007-11-30 00:16 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot_2009-11-24_01.29.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-30 19:34 . 2009-11-30 19:34 32768 c:\windows\temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-30 19:34 . 2009-11-23 22:50 32768 c:\windows\temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-30 19:34 . 2009-11-23 22:50 16384 c:\windows\temp\History\History.IE5\index.dat
+ 2009-11-30 19:34 . 2009-11-30 19:34 16384 c:\windows\temp\History\History.IE5\index.dat
- 2009-10-30 19:34 . 2009-11-23 22:50 16384 c:\windows\temp\Cookies\index.dat
+ 2009-11-30 19:34 . 2009-11-30 19:34 16384 c:\windows\temp\Cookies\index.dat
+ 2003-12-17 04:29 . 2009-11-29 19:16 85140 c:\windows\system32\perfc009.dat
- 2008-12-28 20:01 . 2009-10-27 16:33 22016 c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP\Wi seCustomCall.dll
+ 2009-11-25 23:50 . 2009-11-25 23:50 22016 c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP\Wi seCustomCall.dll
+ 2003-12-17 04:29 . 2009-11-29 19:16 476262 c:\windows\system32\perfh009.dat
+ 2009-10-07 17:03 . 2009-11-25 18:17 156936 c:\windows\McAfee.com\FreeScan\mcfscan.dll
- 2009-10-07 17:03 . 2009-10-07 17:03 156936 c:\windows\McAfee.com\FreeScan\mcfscan.dll
+ 2009-11-25 10:40 . 2009-11-25 10:40 1423016 c:\windows\McAfee.com\FreeScan\names.DAT
+ 2009-11-25 10:40 . 2009-11-25 10:40 76612476 c:\windows\McAfee.com\FreeScan\scan.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"WeatherEye"="c:\documents and settings\Administrator\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe" [2009-10-27 718232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"D-Link RangeBooster G WUA-2340"="c:\program files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe" [2008-09-24 1667072]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-13 335872]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X 86\3\LXCCtime.dll" [2005-01-10 69632]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ASWLNDLL]
2007-05-14 01:45 6656 ----a-w- c:\windows\system32\ASWLNDLL.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=xgusb.cpl
"midi2"=xgusb.cpl

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TotalMedia Backup Monitor.lnk]
backup=c:\windows\pss\TotalMedia Backup Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TypeAgent.lnk]
backup=c:\windows\pss\TypeAgent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SeaPort"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\Yserver.exe"= c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Plus! Digital Media Edition\\PhotoStory\\PhotoStory.exe"=
"c:\\kav\\kav7\\setup.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Ntreev\\Grand Chase\\main.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\DRIVERS\A5AGU.sys [2008-06-13 386784]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mo n.sys [2008-07-30 23888]
R3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-08-06 704864]
R3 HNBCP;Intel(R) AnyPoint(TM) PCI 10 Mbps Network Adapter Driver;c:\windows\system32\DRIVERS\HNBCP_5.sys [2001-04-02 58034]
R3 HNBCU;Intel(R) AnyPoint(TM) USB 10 Mbps Network Adapter Driver;c:\windows\system32\DRIVERS\HNBCU_5.SYS [2001-08-01 71227]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-06-29 42512]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-02-18 2806522]
R3 RadialpointSafeConnectDriver;RadialpointSafeConnec tDriver;c:\program files\Rogers Online Protection\Rogers Online Protection\SafeConnect\Driver\platform_XP\SafeConn ectDriver.sys [x]
R3 RadialpointSafeConnectFilter;RadialpointSafeConnec tFilter;c:\program files\Rogers Online Protection\Rogers Online Protection\SafeConnect\Driver\platform_XP\SafeConn ectFilter.sys [x]
R3 RadialpointSafeConnectShim;RadialpointSafeConnectS him;c:\program files\Rogers Online Protection\Rogers Online Protection\SafeConnect\Driver\platform_XP\SafeConn ectShim.sys [x]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
R3 tatertot.scr;tatertot.scr;c:\windows\system32\driv ers\tatertot.scr.sys [2009-11-27 34816]
R3 tatertot;tatertot;c:\windows\system32\drivers\tate rtot.sys [2009-11-27 34816]
R3 XDva008;XDva008;c:\windows\System32\XDva008.sys [x]
R4 AppMgrService;AWE 5.1.0 Application Manager;c:\program files\AppStream\WindowsClient\bin\AppMgrService.ex e [2006-09-27 1990656]
R4 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\D-Link\RangeBooster G WUA-2340\JSWUtil\jswpsapi.exe [2008-05-19 356434]
R4 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [x]
R4 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-09-22 693512]
R4 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-09-22 910600]
R4 Radialpoint Security Services;Rogers Online Protection;c:\program files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe [x]
R4 RadialpointSafeConnectAgent;Rogers Online Protection SafeConnectAgent;c:\program files\Rogers Online Protection\Rogers Online Protection\SafeConnect\Bin\SanaAgent.exe RadialpointSafeConnectAgent [x]
S1 APPSTREAM;APPSTREAM;c:\windows\System32\Drivers\AP PSTREAM.SYS [2007-05-14 115284]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssflt r_tdi.sys [2009-08-06 54752]
S2 REGHOOK;REGHOOK;c:\windows\System32\Drivers\REGHOO K.SYS [2006-09-27 54879]
S2 VSPD;VSPD;c:\windows\System32\Drivers\VSPD.SYS [2006-09-27 31321]
S3 EvcapMaui;Emuzed EvcapMaui Device;c:\windows\system32\DRIVERS\EvcapMau.sys [2003-10-02 177664]
S3 JSWSCIMD;jswscimd Service;c:\windows\system32\DRIVERS\jswscimd.sys [2008-02-12 57440]

.
Contents of the 'Scheduled Tasks' folder

2009-11-30 c:\windows\Tasks\backup.job
- c:\windows\system32\ntbackup.exe [2004-01-20 00:12]

2009-11-30 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-08-20 14:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://rogers.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
Trusted Zone: aol.com\free
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED}
DPF: {AAF421E6-7914-430A-9981-72B31AFF3BF4} - file://c:\program files\There\ThereClient\ThereLauncher.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lk0lrbnl.default\
FF - prefs.js: browser.startup.homepage - hxxp://rogers.my.yahoo.com/
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-11-30 16:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtim e.dll,_RunDLLEntry@16????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ??????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\n pggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-48242932-1675595624-4262954155-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ca,fb,5c ,ee,7b,6b,19,48,ad,9a,30,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ca,fb,5c ,ee,7b,6b,19,48,ad,9a,30,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1888)
c:\windows\system32\xgusb.cpl
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\ASWLNDLL.dll

- - - - - - - > 'lsass.exe'(1956)
c:\windows\system32\xgusb.cpl

- - - - - - - > 'explorer.exe'(2588)
c:\windows\system32\WININET.dll
c:\windows\system32\xgusb.cpl
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\ehome\ehSched.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
************************************************** ************************
.
Completion time: 2009-11-30 16:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-30 21:40
ComboFix2.txt 2009-11-29 22:35
ComboFix3.txt 2009-11-26 00:18
ComboFix4.txt 2009-11-24 01:33
ComboFix5.txt 2009-11-30 18:59

Pre-Run: 43,231,334,400 bytes free
Post-Run: 43,174,641,664 bytes free

- - End Of File - - DF593654A34E15E9CD5406C4FC9239BB
Running from: C:\Documents and Settings\Administrator\desktop\win32kdiag.exe

Log file at : C:\Documents and Settings\Administrator\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...





Finished!


Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Online Scanner v3
ESET Online Scanner
RPS Firewall
Antivirus out of date! (On Access scanning disabled!)
``````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 13
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````
DNS Vulnerability Check:
Unknown. This method cannot test your vulnerability to DNS cache poisoning.

`````````End of Log```````````
Reply With Quote