((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"iTunesHelper"="c:\itunes\iTunesHelper.exe" [2008-11-20 290088]
"lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-05-07 435120]
"lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-03-05 20480]
"FaxCenterServer"="c:\program files\\Lexmark Fax Solutions\fm3032.exe" [2007-05-07 312240]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-12-05 368640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]
"Corel File Shell Monitor"="c:\corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-30 16200]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-28 136600]
"c:\windows\system32\baloon.exe"="c:\windows\system32\baloon.exe" [2008-12-28 110592]
"c:\windows\system32\cfrog.exe"="c:\windows\system32\cfrog.exe" [2008-12-28 25600]
"nwiz"="nwiz.exe" [2008-11-12 c:\windows\system32\nwiz.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 c:\program files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\lxdicoms.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\lxdiamon.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\App4R.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"c:\\Program Files\\Lexmark Fax Solutions\\FaxCtr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\lxdimon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxditime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdijswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdiwbgw.exe"=
"c:\\iTunes\\iTunes.exe"=
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service []
R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2008-11-29 99248]
R2 SonyIEx;SonyIEx;c:\windows\system32\SonyIEx.exe [2008-08-10 126976]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2008-11-24 598856]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2008-06-02 86792]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;"c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe" [2008-08-10 79360]
S3 PciCon;PciCon;\??\E:\PciCon.sys []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder
2008-12-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.yahoo.com/uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Joseph\Application Data\Mozilla\Firefox\Profiles\gh1mhv4g.default\
FF - prefs.js: browser.startup.homepage -
hxxp://home.verizon.yahoo.com/FF - component: c:\documents and settings\Joseph\Application Data\Mozilla\Firefox\Profiles\gh1mhv4g.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\itunes\Mozilla Plugins\npitunes.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-12-29 17:03:26
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msqpdxserv.sys]
"imagepath"="\systemroot\system32\drivers\msqpdxkymtaswe.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1368)
c:\program files\AlienGUIse\fastload.dll
.
Completion time: 2008-12-29 17:03:57
ComboFix-quarantined-files.txt 2008-12-29 22:03:55
ComboFix2.txt 2008-12-29 21:58:16
Pre-Run: 127,757,840,384 bytes free
Post-Run: 127,735,361,536 bytes free
213 --- E O F --- 2008-12-17 21:26:41