[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Run Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2008-09-09 1175552]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2008-09-10 815104]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]
backup=C:\WINDOWS\pss\Ralink Wireless Utility.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProxyCap
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\FerretSoft\\WebFerret\\WebFerret.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Documents and Settings\\Chris\\My Documents\\games\\CS\\czero.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Documents and Settings\\Chris\\My Documents\\games\\BF1942\\BF1942.exe"=
"C:\\Documents and Settings\\Chris\\My Documents\\games\\BF2\\BF2.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\Documents and Settings\Chris\My Documents\games\CA\Combat Arms\CombatArms.exe"= C:\Documents and Settings\Chris\My Documents\games\CA\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Documents and Settings\Chris\My Documents\games\CA\Combat Arms\Engine.exe"= C:\Documents and Settings\Chris\My Documents\games\CA\Combat Arms\Engine.exe:*Enabled:Engine.exe
"C:\\Documents and Settings\\Chris\\My Documents\\games\\CA\\Combat Arms\\NMService.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-07 97928]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-07 231704]
R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
S3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 4992]
S3 XDva201;XDva201;C:\WINDOWS\system32\XDva201.sys [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5233cf8-1758-11dd-82a1-0016016043b8}]
\Shell\AutoRun\command - G:\USBNB.exe
.
Contents of the 'Scheduled Tasks' folder
2008-09-29 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-09 01:14:58
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\logishrd\LComMgr\LVComSX.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Completion time: 2008-10-09 1:23:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-08 12:23:40
ComboFix2.txt 2008-10-08 11:52:24
Pre-Run: 20,540,026,880 bytes free
Post-Run: 20,521,992,192 bytes free
237 --- E O F --- 2008-09-10 06:12:44
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Run Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2008-09-09 1175552]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2008-09-10 815104]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]
backup=C:\WINDOWS\pss\Ralink Wireless Utility.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProxyCap
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\FerretSoft\\WebFerret\\WebFerret.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Documents and Settings\\Chris\\My Documents\\games\\CS\\czero.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Documents and Settings\\Chris\\My Documents\\games\\BF1942\\BF1942.exe"=
"C:\\Documents and Settings\\Chris\\My Documents\\games\\BF2\\BF2.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\Documents and Settings\Chris\My Documents\games\CA\Combat Arms\CombatArms.exe"= C:\Documents and Settings\Chris\My Documents\games\CA\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Documents and Settings\Chris\My Documents\games\CA\Combat Arms\Engine.exe"= C:\Documents and Settings\Chris\My Documents\games\CA\Combat Arms\Engine.exe:*Enabled:Engine.exe
"C:\\Documents and Settings\\Chris\\My Documents\\games\\CA\\Combat Arms\\NMService.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-07 97928]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-07 231704]
R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
S3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 4992]
S3 XDva201;XDva201;C:\WINDOWS\system32\XDva201.sys [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5233cf8-1758-11dd-82a1-0016016043b8}]
\Shell\AutoRun\command - G:\USBNB.exe
.
Contents of the 'Scheduled Tasks' folder
2008-09-29 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-09 01:14:58
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\logishrd\LComMgr\LVComSX.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Completion time: 2008-10-09 1:23:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-08 12:23:40
ComboFix2.txt 2008-10-08 11:52:24
Pre-Run: 20,540,026,880 bytes free
Post-Run: 20,521,992,192 bytes free
237 --- E O F --- 2008-09-10 06:12:44