Kweezinarts
Solid State Member
- Messages
- 17
the rest:
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-01 04:36 . 2008-04-15 08:26 4096 d-----w- c:\programdata\NVIDIA
2009-12-01 04:36 . 2009-11-22 20:32 34610 ----a-w- c:\programdata\nvModes.dat
2009-12-01 04:36 . 2009-01-16 03:44 4096 d-----w- c:\program files\Google
2009-12-01 01:30 . 2009-06-06 14:28 16608 ----a-w- c:\windows\gdrv.sys
2009-12-01 01:27 . 2008-05-08 05:32 -------- d-----w- c:\programdata\Viewpoint
2009-11-30 01:35 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-11-30 01:35 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-30 01:35 . 2006-11-02 12:35 4096 d-----w- c:\program files\Windows Defender
2009-11-30 01:35 . 2006-11-02 12:35 4096 d-----w- c:\program files\Windows Sidebar
2009-11-30 01:35 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-30 00:39 . 2009-11-30 00:39 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-11-30 00:39 . 2009-11-30 00:39 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-11-30 00:39 . 2009-11-30 00:39 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-11-30 00:39 . 2009-11-30 00:39 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-11-30 00:39 . 2009-11-30 00:39 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-11-30 00:39 . 2009-11-30 00:39 15360 ----a-w- c:\windows\system32\netevent.dll
2009-11-30 00:39 . 2009-11-30 00:39 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-11-30 00:39 . 2009-11-30 00:39 103936 ----a-w- c:\windows\system32\netiohlp.dll
2009-11-30 00:39 . 2009-11-30 00:39 10240 ----a-w- c:\windows\system32\finger.exe
2009-11-30 00:39 . 2009-11-30 00:39 813568 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-11-30 00:39 . 2009-11-30 00:39 22016 ----a-w- c:\windows\system32\netiougc.exe
2009-11-30 00:39 . 2009-11-30 00:39 213592 ----a-w- c:\windows\system32\drivers\netio.sys
2009-11-30 00:39 . 2009-11-30 00:39 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2009-11-30 00:17 . 2009-11-30 00:17 72704 ----a-w- c:\windows\system32\admparse.dll
2009-11-30 00:17 . 2009-11-30 00:17 832512 ----a-w- c:\windows\system32\wininet.dll
2009-11-30 00:17 . 2009-11-30 00:17 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-11-30 00:17 . 2009-11-30 00:17 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-11-30 00:17 . 2009-11-30 00:17 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-30 00:17 . 2009-11-30 00:17 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-11-28 20:48 . 2008-07-23 03:24 45056 d-----w- c:\users\KA\AppData\Roaming\uTorrent
2009-11-28 20:43 . 2008-09-29 02:51 4096 d-----w- c:\users\KA\AppData\Roaming\DAEMON Tools
2009-11-28 20:39 . 2008-10-17 22:14 1356 ----a-w- c:\users\KA\AppData\Local\d3d9caps.dat
2009-11-25 22:14 . 2008-09-04 21:04 8192 d-----w- c:\program files\DivX
2009-11-25 22:14 . 2009-04-21 02:09 4096 d-----w- c:\program files\Common Files\DivX Shared
2009-11-22 20:27 . 2008-04-15 18:44 -------- d-----w- c:\program files\NVIDIA Corporation
2009-11-22 20:26 . 2008-10-14 22:05 4096 d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-22 20:26 . 2008-10-14 22:06 20480 d-----w- c:\program files\AGEIA Technologies
2009-11-16 21:40 . 2008-08-21 04:22 4096 d-----w- c:\program files\Microsoft Silverlight
2009-10-23 02:15 . 2008-05-04 01:39 8192 d-----w- c:\program files\Common Files\Adobe
2009-09-29 20:35 . 2009-02-07 03:58 138696 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-09-29 20:35 . 2009-02-07 03:58 201816 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-09-27 22:47 . 2009-09-27 22:47 2173544 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-27 22:47 . 2009-09-27 22:47 92776 ----a-w- c:\windows\system32\nvmctray.dll
2009-09-27 22:47 . 2009-09-27 22:47 805480 ----a-w- c:\windows\system32\nvsvc.dll
2009-09-27 22:47 . 2009-09-27 22:47 4033128 ----a-w- c:\windows\system32\nvvitvs.dll
2009-09-27 22:47 . 2009-09-27 22:47 3553896 ----a-w- c:\windows\system32\nvgames.dll
2009-09-27 22:47 . 2009-09-27 22:47 3172968 ----a-w- c:\windows\system32\nvwss.dll
2009-09-27 22:47 . 2009-09-27 22:47 215656 ----a-w- c:\windows\system32\nvvsvc.exe
2009-09-27 22:47 . 2009-09-27 22:47 195176 ----a-w- c:\windows\system32\nvmccss.dll
2009-09-27 22:47 . 2009-09-27 22:47 150120 ----a-w- c:\windows\system32\nvshext.dll
2009-09-27 22:47 . 2009-09-27 22:47 1309288 ----a-w- c:\windows\system32\nvsvs.dll
2009-09-27 22:47 . 2009-09-27 22:47 1292904 ----a-w- c:\windows\system32\nvmobls.dll
2009-09-27 22:46 . 2009-09-27 22:46 4942440 ----a-w- c:\windows\system32\nvdisps.dll
2009-09-27 22:46 . 2009-09-27 22:46 13949544 ----a-w- c:\windows\system32\nvcpl.dll
2009-09-27 21:12 . 2009-09-27 21:12 9509832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-09-27 21:12 . 2009-09-27 21:12 7614056 ----a-w- c:\windows\system32\nvd3dum.dll
2009-09-27 21:12 . 2009-09-27 21:12 490088 ----a-w- c:\windows\system32\nvudisp.exe
2009-09-27 21:12 . 2009-09-27 21:12 3310184 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-09-27 21:12 . 2009-09-27 21:12 2169448 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 21:12 . 2009-09-27 21:12 1997416 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 21:12 . 2009-09-27 21:12 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 21:12 . 2009-09-27 21:12 170600 ----a-w- c:\windows\system32\nvcod167.dll
2009-09-27 21:12 . 2009-09-27 21:12 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 21:12 . 2009-09-27 21:12 11197032 ----a-w- c:\windows\system32\nvoglv32.dll
2009-09-27 21:12 . 2009-09-27 21:12 1074280 ----a-w- c:\windows\system32\nvapi.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"fkmon.exe"="c:\program files\FKMonitor\fkmon.exe" [2009-05-31 506880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2009-11-30 1006264]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"RtHDVCpl"="c:\windows\RtHDVCpl.exe" [2008-08-27 6281760]
"Skytel"="c:\windows\Skytel.exe" [2008-08-27 1833504]
"CTHelper"="c:\windows\system32\CTHELPER.EXE" [2009-03-04 19456]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"cctray"="l:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-11-28 177392]
"CAVRID"="l:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-11-28 230664]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
c:\users\KA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
RtHDVCpl.exe [2009-3-30 7289376]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [9/27/2009 4:48 PM 240232]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.sys [3/4/2009 1:42 PM 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.sys [3/4/2009 1:42 PM 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.sys [3/4/2009 1:42 PM 566296]
S0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\System32\drivers\royal.sys [4/15/2008 3:02 AM 240128]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [9/28/2008 9:51 PM 717296]
S3 COMMONFX;COMMONFX;c:\windows\System32\drivers\COMMONFX.sys [3/4/2009 1:42 PM 99352]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [6/7/2009 1:06 PM 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\System32\drivers\CTAUDFX.sys [3/4/2009 1:42 PM 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.sys [3/4/2009 1:42 PM 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\System32\drivers\CTERFXFX.sys [3/4/2009 1:42 PM 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\System32\drivers\CTSBLFX.sys [3/4/2009 1:42 PM 566296]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [11/20/2009 10:08 PM 25832]
S3 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe [1/28/2009 11:46 PM 255472]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [1/28/2009 11:46 PM 218608]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PPCtlPriv;PPCtlPriv;l:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [8/16/2007 9:10 PM 189704]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-11-28 c:\windows\Tasks\CAAntiSpywareScan_Daily as KA at 4 00 AM.job
- l:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 02:10]
.
.
------- Supplementary Scan -------
.
LSP: c:\windows\system32\VetRedir.dll
TCP: {EC000D95-8922-4248-AEAE-9955802C7847} = 209.18.47.61,209.18.47.62
FF - ProfilePath - c:\users\KA\AppData\Roaming\Mozilla\Firefox\Profiles\y26aullb.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-11-30 23:49
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(876)
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
.
Completion time: 2009-11-30 23:51
ComboFix-quarantined-files.txt 2009-12-01 04:51
ComboFix2.txt 2009-11-29 04:40
Pre-Run: 100,815,388,672 bytes free
Post-Run: 100,748,767,232 bytes free
- - End Of File - - C5B8C0651241C62ABC05B57AB71AA541
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-01 04:36 . 2008-04-15 08:26 4096 d-----w- c:\programdata\NVIDIA
2009-12-01 04:36 . 2009-11-22 20:32 34610 ----a-w- c:\programdata\nvModes.dat
2009-12-01 04:36 . 2009-01-16 03:44 4096 d-----w- c:\program files\Google
2009-12-01 01:30 . 2009-06-06 14:28 16608 ----a-w- c:\windows\gdrv.sys
2009-12-01 01:27 . 2008-05-08 05:32 -------- d-----w- c:\programdata\Viewpoint
2009-11-30 01:35 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-11-30 01:35 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-30 01:35 . 2006-11-02 12:35 4096 d-----w- c:\program files\Windows Defender
2009-11-30 01:35 . 2006-11-02 12:35 4096 d-----w- c:\program files\Windows Sidebar
2009-11-30 01:35 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-30 00:39 . 2009-11-30 00:39 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-11-30 00:39 . 2009-11-30 00:39 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-11-30 00:39 . 2009-11-30 00:39 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-11-30 00:39 . 2009-11-30 00:39 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-11-30 00:39 . 2009-11-30 00:39 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-11-30 00:39 . 2009-11-30 00:39 15360 ----a-w- c:\windows\system32\netevent.dll
2009-11-30 00:39 . 2009-11-30 00:39 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-11-30 00:39 . 2009-11-30 00:39 103936 ----a-w- c:\windows\system32\netiohlp.dll
2009-11-30 00:39 . 2009-11-30 00:39 10240 ----a-w- c:\windows\system32\finger.exe
2009-11-30 00:39 . 2009-11-30 00:39 813568 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-11-30 00:39 . 2009-11-30 00:39 22016 ----a-w- c:\windows\system32\netiougc.exe
2009-11-30 00:39 . 2009-11-30 00:39 213592 ----a-w- c:\windows\system32\drivers\netio.sys
2009-11-30 00:39 . 2009-11-30 00:39 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2009-11-30 00:17 . 2009-11-30 00:17 72704 ----a-w- c:\windows\system32\admparse.dll
2009-11-30 00:17 . 2009-11-30 00:17 832512 ----a-w- c:\windows\system32\wininet.dll
2009-11-30 00:17 . 2009-11-30 00:17 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-11-30 00:17 . 2009-11-30 00:17 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-11-30 00:17 . 2009-11-30 00:17 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-30 00:17 . 2009-11-30 00:17 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-11-28 20:48 . 2008-07-23 03:24 45056 d-----w- c:\users\KA\AppData\Roaming\uTorrent
2009-11-28 20:43 . 2008-09-29 02:51 4096 d-----w- c:\users\KA\AppData\Roaming\DAEMON Tools
2009-11-28 20:39 . 2008-10-17 22:14 1356 ----a-w- c:\users\KA\AppData\Local\d3d9caps.dat
2009-11-25 22:14 . 2008-09-04 21:04 8192 d-----w- c:\program files\DivX
2009-11-25 22:14 . 2009-04-21 02:09 4096 d-----w- c:\program files\Common Files\DivX Shared
2009-11-22 20:27 . 2008-04-15 18:44 -------- d-----w- c:\program files\NVIDIA Corporation
2009-11-22 20:26 . 2008-10-14 22:05 4096 d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-22 20:26 . 2008-10-14 22:06 20480 d-----w- c:\program files\AGEIA Technologies
2009-11-16 21:40 . 2008-08-21 04:22 4096 d-----w- c:\program files\Microsoft Silverlight
2009-10-23 02:15 . 2008-05-04 01:39 8192 d-----w- c:\program files\Common Files\Adobe
2009-09-29 20:35 . 2009-02-07 03:58 138696 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-09-29 20:35 . 2009-02-07 03:58 201816 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-09-27 22:47 . 2009-09-27 22:47 2173544 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-27 22:47 . 2009-09-27 22:47 92776 ----a-w- c:\windows\system32\nvmctray.dll
2009-09-27 22:47 . 2009-09-27 22:47 805480 ----a-w- c:\windows\system32\nvsvc.dll
2009-09-27 22:47 . 2009-09-27 22:47 4033128 ----a-w- c:\windows\system32\nvvitvs.dll
2009-09-27 22:47 . 2009-09-27 22:47 3553896 ----a-w- c:\windows\system32\nvgames.dll
2009-09-27 22:47 . 2009-09-27 22:47 3172968 ----a-w- c:\windows\system32\nvwss.dll
2009-09-27 22:47 . 2009-09-27 22:47 215656 ----a-w- c:\windows\system32\nvvsvc.exe
2009-09-27 22:47 . 2009-09-27 22:47 195176 ----a-w- c:\windows\system32\nvmccss.dll
2009-09-27 22:47 . 2009-09-27 22:47 150120 ----a-w- c:\windows\system32\nvshext.dll
2009-09-27 22:47 . 2009-09-27 22:47 1309288 ----a-w- c:\windows\system32\nvsvs.dll
2009-09-27 22:47 . 2009-09-27 22:47 1292904 ----a-w- c:\windows\system32\nvmobls.dll
2009-09-27 22:46 . 2009-09-27 22:46 4942440 ----a-w- c:\windows\system32\nvdisps.dll
2009-09-27 22:46 . 2009-09-27 22:46 13949544 ----a-w- c:\windows\system32\nvcpl.dll
2009-09-27 21:12 . 2009-09-27 21:12 9509832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-09-27 21:12 . 2009-09-27 21:12 7614056 ----a-w- c:\windows\system32\nvd3dum.dll
2009-09-27 21:12 . 2009-09-27 21:12 490088 ----a-w- c:\windows\system32\nvudisp.exe
2009-09-27 21:12 . 2009-09-27 21:12 3310184 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-09-27 21:12 . 2009-09-27 21:12 2169448 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 21:12 . 2009-09-27 21:12 1997416 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 21:12 . 2009-09-27 21:12 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 21:12 . 2009-09-27 21:12 170600 ----a-w- c:\windows\system32\nvcod167.dll
2009-09-27 21:12 . 2009-09-27 21:12 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 21:12 . 2009-09-27 21:12 11197032 ----a-w- c:\windows\system32\nvoglv32.dll
2009-09-27 21:12 . 2009-09-27 21:12 1074280 ----a-w- c:\windows\system32\nvapi.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"fkmon.exe"="c:\program files\FKMonitor\fkmon.exe" [2009-05-31 506880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2009-11-30 1006264]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"RtHDVCpl"="c:\windows\RtHDVCpl.exe" [2008-08-27 6281760]
"Skytel"="c:\windows\Skytel.exe" [2008-08-27 1833504]
"CTHelper"="c:\windows\system32\CTHELPER.EXE" [2009-03-04 19456]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"cctray"="l:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-11-28 177392]
"CAVRID"="l:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-11-28 230664]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
c:\users\KA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
RtHDVCpl.exe [2009-3-30 7289376]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [9/27/2009 4:48 PM 240232]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.sys [3/4/2009 1:42 PM 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.sys [3/4/2009 1:42 PM 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.sys [3/4/2009 1:42 PM 566296]
S0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\System32\drivers\royal.sys [4/15/2008 3:02 AM 240128]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [9/28/2008 9:51 PM 717296]
S3 COMMONFX;COMMONFX;c:\windows\System32\drivers\COMMONFX.sys [3/4/2009 1:42 PM 99352]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [6/7/2009 1:06 PM 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\System32\drivers\CTAUDFX.sys [3/4/2009 1:42 PM 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.sys [3/4/2009 1:42 PM 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\System32\drivers\CTERFXFX.sys [3/4/2009 1:42 PM 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\System32\drivers\CTSBLFX.sys [3/4/2009 1:42 PM 566296]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [11/20/2009 10:08 PM 25832]
S3 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe [1/28/2009 11:46 PM 255472]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [1/28/2009 11:46 PM 218608]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PPCtlPriv;PPCtlPriv;l:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [8/16/2007 9:10 PM 189704]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-11-28 c:\windows\Tasks\CAAntiSpywareScan_Daily as KA at 4 00 AM.job
- l:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 02:10]
.
.
------- Supplementary Scan -------
.
LSP: c:\windows\system32\VetRedir.dll
TCP: {EC000D95-8922-4248-AEAE-9955802C7847} = 209.18.47.61,209.18.47.62
FF - ProfilePath - c:\users\KA\AppData\Roaming\Mozilla\Firefox\Profiles\y26aullb.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-11-30 23:49
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(876)
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
.
Completion time: 2009-11-30 23:51
ComboFix-quarantined-files.txt 2009-12-01 04:51
ComboFix2.txt 2009-11-29 04:40
Pre-Run: 100,815,388,672 bytes free
Post-Run: 100,748,767,232 bytes free
- - End Of File - - C5B8C0651241C62ABC05B57AB71AA541
)
