Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

unknown file detected as rootkit [RESOLVED]

Started by fortune82 , Apr 07 2008 03:58 PM

  • This topic is locked This topic is locked

#1
fortune82
Posted 07 April 2008 - 03:58 PM

fortune82

    Member

  • Member
  • PipPipPip
  • 228 posts
avast! detected

mcnttkdn.exe

as a rootkit.

it is in C:\WINDOWS\system32\mcnttkdn.exe

but an internet search showed no results, so i do not know if it is a real rootkit. i just installed windows a few days ago, so i dont know.
  • 0

Advertisements

#2
fortune82
Posted 10 April 2008 - 08:55 PM

fortune82

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts
Now just detected as adware, but I have identified the file as an important Windows file, as it is replaced by "chkdsk /f"

Is there any way I can make avast! Home Free Edition just ignore the file?
  • 0

#3
greyknight17
Posted 20 April 2008 - 04:06 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Please read this topic and follow the instructions there. Don't run HijackThis yet. Do the below first.

Download Malwarebytes ' Anti-Malware at http://www.besttechi.../mbam-setup.exe or http://www.majorgeek...ware_d5756.html Double-click on mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* The scan may take some time to finish, so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to restart (see Extra Note below).
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & paste the entire report into your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Go to http://www.bleepingc...to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.

Run a HijackThis scan and post the log here.
  • 0

#4
fortune82
Posted 21 April 2008 - 01:19 PM

fortune82

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts
Not a lot of time on the PC, will do this ASAP tho
  • 0

#5
greyknight17
Posted 21 April 2008 - 04:52 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
No problem. I will leave my topics opened for a few days. If I don't hear back from my users, I will close the topic and mark it as inactive. So if you can't do this in a few days, at least come back and let me know you are still going to do it. Otherwise, it will be closed...
  • 0

#6
fortune82
Posted 22 April 2008 - 01:34 PM

fortune82

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts
i will do it, but im doing a lot of school stuff (and so is my brother) so the pc will have to be fully available at all times for a while
  • 0

#7
fortune82
Posted 26 April 2008 - 06:49 PM

fortune82

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts
problem

when i drag the windows recovery console installer onto Combo Fix.exe, it says "Installation Failed"

the only cause of this that i can think of is that i haven't validated windows.
  • 0

#8
greyknight17
Posted 26 April 2008 - 07:02 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Why isn't it validated?
  • 0

#9
fortune82
Posted 26 April 2008 - 07:04 PM

fortune82

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts
i have a compaq, preinstalled with XP Pro, PC craps up, i reinstall windows using the Compaq CD-Key, but whenever i used that key and validated, it would tell me that i had an ingenuine copy of windows. so i worked around it and didnt validate.
  • 0

#10
greyknight17
Posted 26 April 2008 - 07:18 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Is this Compaq computer bought from another person or a retailer?

Check your PM, I need you to verify something...
  • 0

Advertisements

#11
fortune82
Posted 26 April 2008 - 07:19 PM

fortune82

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts
retailer
  • 0

#12
greyknight17
Posted 26 April 2008 - 07:23 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Run combofix without the recovery console....read my PM reply back.

Post the two logs here when ready (MBAM and combofix).
  • 0

#13
fortune82
Posted 26 April 2008 - 08:46 PM

fortune82

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts 
ComboFix 08-04-20.2 - Dan 2008-04-26 21:26:44.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.356 [GMT -4:00]
Running from: C:\Documents and Settings\Dan\Desktop\ComboFix.exe
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat

.
(((((((((((((((((((((((((   Files Created from 2008-03-27 to 2008-04-27  )))))))))))))))))))))))))))))))
.

2008-04-22 19:27 . 2004-08-03 19:56	221,184	--a------	C:\WINDOWS\system32\wmpns.dll
2008-04-20 19:03 . 2008-04-21 18:52	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\TrackMania
2008-04-20 18:53 . 2008-04-20 18:56	<DIR>	d--------	C:\Program Files\TmNationsForever
2008-04-20 18:06 . 2008-04-20 18:06	89,070	--a------	C:\WINDOWS\system32\myss_sb_uninstall.exe
2008-04-20 16:23 . 2008-04-20 16:23	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-04-20 16:09 . 2008-04-20 16:09	21	--a------	C:\WINDOWS\atid.ini
2008-04-20 16:07 . 2008-04-20 16:07	<DIR>	d--------	C:\Program Files\Viewpoint
2008-04-20 16:07 . 2008-04-20 16:07	<DIR>	d--------	C:\Program Files\Common Files\AOL
2008-04-20 16:07 . 2008-04-20 16:07	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-20 16:07 . 2008-04-20 16:07	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-04-20 16:07 . 2008-04-20 16:07	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\AOL
2008-04-20 16:06 . 2008-04-20 16:08	<DIR>	d--------	C:\Program Files\AIM6
2008-04-20 16:06 . 2008-04-20 16:24	886	--ah-----	C:\IPH.PH
2008-04-15 17:53 . 2008-04-15 17:57	<DIR>	d--------	C:\Documents and Settings\Mom\Application Data\Winamp
2008-04-15 17:44 . 2008-04-15 17:44	0	--ah-----	C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-15 17:44 . 2008-04-15 17:44	0	--ah-----	C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2008-04-15 17:41 . 2008-04-15 17:41	1,419,232	--a------	C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-04-15 17:41 . 2008-04-15 17:41	20,520	--a------	C:\WINDOWS\system32\drivers\ggsemc.sys
2008-04-15 17:41 . 2008-04-15 17:41	13,352	--a------	C:\WINDOWS\system32\drivers\ggflt.sys
2008-04-15 17:32 . 2008-04-15 17:59	<DIR>	d--------	C:\Documents and Settings\Mom\Application Data\Azureus
2008-04-15 17:30 . 2008-04-15 17:30	<DIR>	d--------	C:\Documents and Settings\Mom\Application Data\Convivea
2008-04-15 17:26 . 2008-04-15 17:26	<DIR>	d--------	C:\Program Files\Avanquest update
2008-04-15 17:26 . 2008-04-15 17:26	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-04-15 17:25 . 2008-04-15 17:38	<DIR>	d--------	C:\Program Files\Sony Ericsson
2008-04-15 17:25 . 2008-04-15 17:25	<DIR>	d--------	C:\Documents and Settings\Mom\Application Data\InstallShield
2008-04-15 17:25 . 2008-04-15 17:40	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-04-14 18:23 . 2007-11-21 17:31	402,728	--a------	C:\WINDOWS\system32\ImageDrive.cpl
2008-04-13 16:56 . 2008-04-13 16:56	671	--a------	C:\WINDOWS\system32\newaddies.xtc
2008-04-13 14:55 . 2008-04-13 14:56	<DIR>	d--------	C:\Program Files\ShortKeys2
2008-04-13 14:55 . 2008-04-13 14:55	<DIR>	d--------	C:\Program Files\Common Files\Insight Software Solutions
2008-04-13 14:55 . 2008-04-13 14:55	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Insight Software Solutions
2008-04-13 14:55 . 2008-04-13 14:55	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Insight Software
2008-04-12 15:25 . 2008-04-12 15:25	<DIR>	d--------	C:\Documents and Settings\Gordo\Application Data\Webroot
2008-04-12 12:14 . 2008-04-12 12:14	<DIR>	d--------	C:\Documents and Settings\Dan\Application Data\Malwarebytes
2008-04-12 12:13 . 2008-04-12 12:13	<DIR>	d--------	C:\Program Files\Malwarebytes' Anti-Malware
2008-04-12 12:13 . 2008-04-12 12:13	<DIR>	d--------	C:\Program Files\Common Files\Download Manager
2008-04-12 12:13 . 2008-04-12 12:13	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-12 08:56 . 2008-04-12 08:56	<DIR>	d--------	C:\Documents and Settings\Mom\Application Data\Webroot
2008-04-11 21:02 . 2008-04-11 21:02	298,311	--a------	C:\WINDOWS\system32\gside.exe
2008-04-11 21:02 . 2008-04-11 21:02	88,961	--a------	C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-04-11 20:55 . 2008-01-04 20:56	1,526,640	--a------	C:\WINDOWS\WRSetup.dll
2008-04-11 20:55 . 2008-01-04 20:34	20,336	--a------	C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-04-11 20:46 . 2008-04-11 20:46	<DIR>	d--------	C:\Program Files\Webroot
2008-04-11 20:46 . 2008-04-11 20:46	<DIR>	d--------	C:\Documents and Settings\LocalService\Application Data\Webroot
2008-04-11 20:46 . 2008-04-11 20:46	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Webroot
2008-04-11 20:46 . 2008-01-04 20:34	163,696	--a------	C:\WINDOWS\system32\drivers\ssidrv.sys
2008-04-11 20:46 . 2008-01-04 20:34	23,920	--a------	C:\WINDOWS\system32\drivers\sskbfd.sys
2008-04-11 20:46 . 2008-01-04 20:34	21,872	--a------	C:\WINDOWS\system32\drivers\sshrmd.sys
2008-04-11 20:45 . 2008-04-11 20:45	<DIR>	d--------	C:\Documents and Settings\Dan\Application Data\Webroot
2008-04-11 15:52 . 2008-04-11 15:52	<DIR>	d--------	C:\Program Files\Spybot - Search & Destroy
2008-04-11 15:52 . 2008-04-11 16:08	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-11 15:11 . 2008-04-11 15:11	401,526	--a------	C:\WINDOWS\system32\g14.exe
2008-04-11 15:11 . 2008-04-12 10:06	63,893	--a------	C:\WINDOWS\system32\{e5e71dae-2076-aa8a-2ed5-c0ab8973941f}.dll-uninst.exe
2008-04-10 20:06 . 2008-04-10 20:06	<DIR>	d--------	C:\Program Files\Common Files\INCA Shared
2008-04-10 20:06 . 2008-04-10 20:06	<DIR>	d--------	C:\Documents and Settings\Dan\Application Data\Nexon
2008-04-10 19:50 . 2008-04-10 19:50	<DIR>	d--------	C:\Nexon
2008-04-10 18:28 . 2008-03-21 16:30	120,056	---------	C:\WINDOWS\system32\pxcpyi64.exe
2008-04-10 18:28 . 2008-03-21 16:30	118,520	---------	C:\WINDOWS\system32\pxinsi64.exe
2008-04-10 18:27 . 2008-04-10 18:28	<DIR>	d--------	C:\Program Files\DivX
2008-04-10 18:14 . 2008-04-10 18:14	<DIR>	d--------	C:\Program Files\America's Army Server Manager
2008-04-10 18:11 . 2008-04-10 18:14	<DIR>	d--------	C:\Program Files\America's Army
2008-04-09 15:22 . 2008-04-09 15:22	<DIR>	d--------	C:\Documents and Settings\Gordo\Application Data\Nero
2008-04-08 18:51 . 2008-04-08 18:51	<DIR>	d--------	C:\WINDOWS\system32\LogFiles
2008-04-08 18:51 . 2008-04-12 12:55	107,832	--a------	C:\WINDOWS\system32\PnkBstrB.exe
2008-04-08 18:51 . 2008-04-08 18:51	66,872	--a------	C:\WINDOWS\system32\PnkBstrA.exe
2008-04-08 18:51 . 2008-04-12 12:57	22,328	--a------	C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-08 17:06 . 2008-04-08 17:06	<DIR>	d--------	C:\Program Files\Common Files\EasyInfo
2008-04-08 16:51 . 2008-04-24 17:22	69	--a------	C:\WINDOWS\NeroDigital.ini
2008-04-08 16:19 . 2008-04-08 16:38	<DIR>	d--------	C:\Program Files\SUPERAntiSpyware
2008-04-08 16:19 . 2008-04-08 16:38	<DIR>	d--------	C:\Documents and Settings\Dan\Application Data\SUPERAntiSpyware.com
2008-04-08 16:19 . 2008-04-08 16:19	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-08 15:50 . 2008-04-08 15:50	<DIR>	d--------	C:\XIM
2008-04-08 06:07 . 2008-04-08 06:07	<DIR>	d--------	C:\Documents and Settings\Mom\Application Data\Nero
2008-04-08 06:07 . 2008-04-08 06:07	49,187	--a------	C:\WINDOWS\system32\jswnw64p.exe
2008-04-07 18:05 . 2008-04-07 18:05	1,024	--ah-----	C:\Documents and Settings\Default User\NtUser.dat.LOG
2008-04-07 18:02 . 2008-04-07 18:02	<DIR>	d--------	C:\Documents and Settings\Dan\Application Data\Nero
2008-04-07 18:00 . 2008-04-07 18:00	<DIR>	d--------	C:\Program Files\Nero
2008-04-07 18:00 . 2008-04-07 18:01	<DIR>	d--------	C:\Program Files\Common Files\Nero
2008-04-07 18:00 . 2008-04-07 18:00	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Nero
2008-04-07 17:14 . 2008-04-07 17:14	<DIR>	d--------	C:\Documents and Settings\Dan\Application Data\Convivea
2008-04-07 17:13 . 2008-04-07 17:13	<DIR>	d--------	C:\Fraps
2008-04-07 17:13 . 2008-04-20 18:27	<DIR>	d-a------	C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-07 17:11 . 2008-04-26 18:48	<DIR>	d--------	C:\Documents and Settings\Dan\Application Data\Azureus
2008-04-07 06:12 . 2008-04-07 06:12	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-04-06 18:26 . 2008-04-06 18:26	<DIR>	d--------	C:\WINDOWS\Sun
2008-04-06 14:55 . 2008-04-06 14:55	<DIR>	d--------	C:\Documents and Settings\Dan\Incomplete
2008-04-06 14:55 . 2008-04-06 14:55	<DIR>	d--------	C:\Documents and Settings\Dan\Application Data\LimeWire
2008-04-06 10:21 . 2008-04-06 10:21	<DIR>	d--------	C:\Program Files\Yahoo!
2008-04-05 23:11 . 2008-04-05 23:11	<DIR>	d--------	C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-05 23:00 . 2006-10-26 20:58	30,512	--a------	C:\WINDOWS\system32\mdimon.dll
2008-04-05 22:59 . 2006-10-26 20:56	32,592	--a------	C:\WINDOWS\system32\msonpmon.dll
2008-04-05 22:58 . 2008-04-05 22:58	<DIR>	d--------	C:\Documents and Settings\Dan\Application Data\NPLUTO Corporation
2008-04-05 22:58 . 2003-07-19 11:17	5,174	--a------	C:\WINDOWS\system32\nppt9x.vxd
2008-04-05 22:58 . 2005-01-03 02:43	4,682	--a------	C:\WINDOWS\system32\npptNT2.sys
2008-04-05 22:57 . 2008-04-05 22:57	<DIR>	d--------	C:\Program Files\Microsoft Works
2008-04-05 22:56 . 2008-04-05 22:56	<DIR>	d--------	C:\Program Files\Microsoft.NET
2008-04-05 22:54 . 2008-04-05 22:54	<DIR>	d--------	C:\Program Files\Microsoft Visual Studio 8
2008-04-05 22:54 . 2008-04-05 22:54	<DIR>	d--------	C:\ijji
2008-04-05 22:54 . 2008-04-05 23:20	<DIR>	d--h-----	C:\Documents and Settings\Dan\Application Data\ijjigame
2008-04-05 22:53 . 2008-04-05 22:57	<DIR>	d--------	C:\WINDOWS\SHELLNEW
2008-04-05 22:52 . 2008-04-05 22:52	<DIR>	dr-h-----	C:\MSOCache
2008-04-05 22:52 . 2008-04-08 16:27	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-05 22:48 . 2008-04-24 17:55	<DIR>	d--------	C:\Program Files\DriftCity
2008-04-05 21:37 . 2008-04-26 20:18	<DIR>	d--------	C:\Program Files\Steam
2008-04-05 21:26 . 2008-04-05 23:04	<DIR>	d--------	C:\Program Files\Google
2008-04-05 21:21 . 2008-04-05 21:21	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\IJJIGame
2008-04-05 21:11 . 2008-04-20 22:32	<DIR>	d--------	C:\Documents and Settings\Dan\Application Data\Winamp
2008-04-05 13:43 . 2008-04-05 13:43	<DIR>	d--------	C:\Program Files\Azureus
2008-04-05 13:43 . 2008-04-09 19:58	<DIR>	d--------	C:\Documents and Settings\Gordo\Application Data\Azureus
2008-04-05 13:43 . 2008-04-05 13:43	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Azureus
2008-04-05 13:41 . 2008-04-15 17:30	<DIR>	d--------	C:\Program Files\Bit Che
2008-04-05 13:41 . 2008-04-05 13:41	<DIR>	d--------	C:\Documents and Settings\Gordo\Application Data\Convivea
2008-04-05 13:41 . 2004-03-09 01:00	1,081,616	--a------	C:\WINDOWS\system32\mscomctl.OCX
2008-04-05 13:41 . 2004-03-09 01:00	152,848	--a------	C:\WINDOWS\system32\comdlg32.OCX
2008-04-05 13:41 . 2004-03-09 01:00	124,688	--a------	C:\WINDOWS\system32\mswinsck.ocx
2008-04-05 13:38 . 2008-04-05 13:38	<DIR>	d--------	C:\Documents and Settings\Gordo\LimeWire Store Purchased
2008-04-05 13:38 . 2008-04-05 13:38	<DIR>	d--------	C:\Documents and Settings\Gordo\LimeWire Shared
2008-04-05 13:38 . 2008-04-09 15:39	<DIR>	d--------	C:\Documents and Settings\Gordo\LimeWire Saved
2008-04-05 13:37 . 2008-04-05 13:37	<DIR>	d--------	C:\Program Files\Java
2008-04-05 13:37 . 2008-04-09 16:16	<DIR>	d--------	C:\Documents and Settings\Gordo\Incomplete
2008-04-05 13:37 . 2008-04-09 16:16	<DIR>	d--------	C:\Documents and Settings\Gordo\Application Data\LimeWire
2008-04-05 13:37 . 2008-02-22 03:33	69,632	--a------	C:\WINDOWS\system32\javacpl.cpl
2008-04-05 13:36 . 2008-04-05 13:36	<DIR>	d--------	C:\Program Files\Common Files\Java
2008-04-05 11:46 . 2008-04-05 11:46	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-05 11:15 . 2008-04-05 11:15	<DIR>	d--------	C:\Program Files\CCleaner

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 22:50	---------	d-----w	C:\Documents and Settings\Dan\Application Data\TeraCopy
2008-04-09 00:31	---------	d-----w	C:\Program Files\Microsoft Silverlight
2008-04-08 20:58	---------	d-----w	C:\Program Files\Common Files\Adobe
2008-04-06 02:57	---------	d-----w	C:\Program Files\MSBuild
2008-04-04 19:47	---------	d-----w	C:\Documents and Settings\Dan\Application Data\Talkback
2008-04-04 19:47	---------	d-----w	C:\Documents and Settings\Dan\Application Data\ATI
2008-04-04 19:46	---------	d-----w	C:\Documents and Settings\Mom\Application Data\ATI
2008-04-04 19:44	---------	d-----w	C:\Program Files\Alwil Software
2008-04-04 19:41	---------	d-----w	C:\Documents and Settings\Administrator\Application Data\Winamp
2008-04-04 19:32	---------	d-----w	C:\Documents and Settings\All Users\Application Data\ATI
2008-04-04 19:32	---------	d-----w	C:\Documents and Settings\Administrator\Application Data\ATI
2008-04-04 19:24	---------	d-----w	C:\Program Files\Reference Assemblies
2008-04-04 19:23	---------	d-----w	C:\Program Files\MSXML 6.0
2008-04-04 19:23	---------	d-----w	C:\Program Files\MSXML 4.0
2008-04-04 19:22	---------	d-----w	C:\Program Files\Winamp
2008-04-04 19:21	---------	d-----w	C:\Program Files\TeraCopy
2008-04-04 19:21	---------	d-----w	C:\Documents and Settings\Administrator\Application Data\TeraCopy
2008-04-04 19:18	---------	d-----w	C:\Documents and Settings\Administrator\Application Data\Talkback
2008-04-04 19:04	---------	d-----w	C:\Program Files\microsoft frontpage
2008-04-04 19:00	---------	d-----w	C:\Program Files\Windows Media Connect 2
2008-03-21 20:30	524,288	----a-w	C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30	3,596,288	----a-w	C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30	200,704	----a-w	C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30	129,784	------w	C:\WINDOWS\system32\pxafs.dll
2008-03-21 20:30	1,044,480	----a-w	C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28	81,920	----a-w	C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28	593,920	----a-w	C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28	57,344	----a-w	C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28	53,248	----a-w	C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28	344,064	----a-w	C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28	294,912	----a-w	C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28	294,912	----a-w	C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28	196,608	----a-w	C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28	12,288	----a-w	C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-19 23:29	348,160	----a-w	C:\WINDOWS\system32\msvcr71.dll
2008-03-19 23:26	499,712	----a-w	C:\WINDOWS\system32\msvcp71.dll
2008-03-19 09:40	1,845,888	----a-w	C:\WINDOWS\system32\win32k.sys
2008-03-12 18:10	633,344	------w	C:\WINDOWS\system32\gpprefcl.dll
2008-02-26 03:12	372,736	----a-w	C:\WINDOWS\system32\ATIDEMGX.dll
2008-02-26 03:10	307,200	----a-w	C:\WINDOWS\system32\atiiiexx.dll
2008-02-26 03:10	299,520	----a-w	C:\WINDOWS\system32\ati2dvag.dll
2008-02-26 03:02	172,032	----a-w	C:\WINDOWS\system32\atipdlxx.dll
2008-02-26 03:02	126,976	----a-w	C:\WINDOWS\system32\Oemdspif.dll
2008-02-26 03:01	43,520	----a-w	C:\WINDOWS\system32\ati2edxx.dll
2008-02-26 03:01	26,112	----a-w	C:\WINDOWS\system32\Ati2mdxx.exe
2008-02-26 03:01	126,976	----a-w	C:\WINDOWS\system32\ati2evxx.dll
2008-02-26 03:00	520,192	----a-w	C:\WINDOWS\system32\ati2evxx.exe
2008-02-26 02:59	9,797,632	----a-w	C:\WINDOWS\system32\atioglx2.dll
2008-02-26 02:58	53,248	----a-w	C:\WINDOWS\system32\ATIDDC.DLL
2008-02-26 02:49	3,176,480	----a-w	C:\WINDOWS\system32\ati3duag.dll
2008-02-26 02:41	1,755,264	----a-w	C:\WINDOWS\system32\ativvaxx.dll
2008-02-26 02:29	46,080	----a-w	C:\WINDOWS\system32\amdpcom32.dll
2008-02-26 02:25	393,216	----a-w	C:\WINDOWS\system32\atikvmag.dll
2008-02-26 02:23	17,408	----a-w	C:\WINDOWS\system32\atitvo32.dll
2008-02-26 02:21	5,439,488	----a-w	C:\WINDOWS\system32\atioglxx.dll
2008-02-26 02:19	167,936	----a-w	C:\WINDOWS\system32\atiok3x2.dll
2008-02-26 02:16	520,192	----a-w	C:\WINDOWS\system32\ati2cqag.dll
2008-02-20 18:49	45,568	----a-w	C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 06:52	282,624	----a-w	C:\WINDOWS\system32\gdi32.dll
2008-01-29 17:02	107,368	----a-w	C:\WINDOWS\system32\GEARAspi.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1436739e-f758-ae8a-f7eb-bed7cbf18c9c}]
			C:\WINDOWS\system32\{e5e71dae-2076-aa8a-2ed5-c0ab8973941f}.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2008-04-05 21:38 1271032]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 19:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 14:37 79224]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 14:49 36352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 13:17 61440]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 11:36 267048]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 17:22 3739648]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="regsvr32 /s /n /i:u shell32" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-07-09 23:24:38 1134592]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders	msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 08:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-12-03 14:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-29 00:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)
"Nero BackItUp Scheduler 3"=2 (0x2)
"Bonjour Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\ijji\\ENGLISH\\u_skid.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\DriftCity\\DriftCity.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"D:\\Programs\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\TmNationsForever\\TmForever.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 14:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 18:31]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-04-15 17:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60e6e45d-0a6f-11dd-bc25-00045a4036f2}]
\Shell\AutoRun\command - K:\Autorun\autorun.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-11 20:28:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-26 21:29:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-26 21:30:15
ComboFix-quarantined-files.txt  2008-04-27 01:30:00

Pre-Run: 152,124,948,480 bytes free
Post-Run: 152,302,575,616 bytes free

289	--- E O F ---	2008-04-12 20:06:05


MBAM

Malwarebytes' Anti-Malware 1.11
Database version: 663

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 176113
Time elapsed: 1 hour(s), 17 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchassistant (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MySidesearch (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{87260CC3-0F85-4432-9444-06CF0E66D3BB}\RP44\A0011197.exe (Trojan.FakeAlert) -> Not selected for removal.
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\myss_sb_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.

Edited by fortune82, 26 April 2008 - 08:52 PM.

  • 0

#14
greyknight17
Posted 27 April 2008 - 07:59 AM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
No need to use the CODE tags for posting the logs here. Just post them directly (copy/paste) :)

Uninstall Viewpoint via the Add/Remove Programs panel.

I want you to upload this file (C:\WINDOWS\system32\DRIVERS\ggflt.sys) to http://virusscan.jotti.org and report back what it found.

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy and paste the text into the quotebox below:

File::
C:\WINDOWS\system32\wmpns.dll
C:\WINDOWS\system32\myss_sb_uninstall.exe
C:\WINDOWS\atid.ini
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
C:\WINDOWS\system32\g14.exe
C:\WINDOWS\system32\{e5e71dae-2076-aa8a-2ed5-c0ab8973941f}.dll-uninst.exe
C:\WINDOWS\system32\jswnw64p.exe
C:\WINDOWS\system32\{e5e71dae-2076-aa8a-2ed5-c0ab8973941f}.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1436739e-f758-ae8a-f7eb-bed7cbf18c9c}]

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

Do you still have that file you indicated in your first post? How is the computer running so far?
  • 0

#15
fortune82
Posted 27 April 2008 - 04:46 PM

fortune82

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts
Viewpoint Gone

File scanned
File: ggflt.sys
Status:
OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 4b5fddbcb9407741f47818b8d1ee4a8e
Packers detected:
-
Bit9 reports: Not analyzed yet (more info)
Scan taken on 27 Apr 2008 22:38:20 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing





CF Log

ComboFix 08-04-20.2 - Dan 2008-04-27 18:41:06.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.484 [GMT -4:00]
Running from: C:\Documents and Settings\Dan\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dan\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\atid.ini
C:\WINDOWS\system32\{e5e71dae-2076-aa8a-2ed5-c0ab8973941f}.dll
C:\WINDOWS\system32\{e5e71dae-2076-aa8a-2ed5-c0ab8973941f}.dll-uninst.exe
C:\WINDOWS\system32\g14.exe
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\jswnw64p.exe
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
C:\WINDOWS\system32\myss_sb_uninstall.exe
C:\WINDOWS\system32\wmpns.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
C:\WINDOWS\atid.ini
C:\WINDOWS\system32\{e5e71dae-2076-aa8a-2ed5-c0ab8973941f}.dll-uninst.exe
C:\WINDOWS\system32\g14.exe
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\jswnw64p.exe
C:\WINDOWS\system32\wmpns.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-27 to 2008-04-27 )))))))))))))))))))))))))))))))
.

2008-04-27 12:56 . 2008-04-27 12:56 <DIR> d-------- C:\Documents and Settings\Gordo\Application Data\Webcammax
2008-04-27 08:59 . 2008-04-27 08:59 <DIR> d-------- C:\Documents and Settings\Mom\Application Data\Webcammax
2008-04-27 00:10 . 2008-04-27 00:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webcammax
2008-04-27 00:08 . 2008-04-27 00:12 <DIR> d-------- C:\Program Files\WebcamMax
2008-04-26 23:26 . 2008-04-27 00:10 197 --ahs---- C:\Program Files\Common Files\maxtreme.dat
2008-04-26 22:44 . 2008-04-26 22:46 <DIR> d-------- C:\Documents and Settings\Dan\Application Data\Webcammax
2008-04-20 19:03 . 2008-04-21 18:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-04-20 18:53 . 2008-04-20 18:56 <DIR> d-------- C:\Program Files\TmNationsForever
2008-04-20 16:23 . 2008-04-20 16:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-04-20 16:07 . 2008-04-20 16:07 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-04-20 16:07 . 2008-04-27 18:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-20 16:07 . 2008-04-20 16:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-04-20 16:07 . 2008-04-20 16:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-04-20 16:06 . 2008-04-20 16:08 <DIR> d-------- C:\Program Files\AIM6
2008-04-20 16:06 . 2008-04-20 16:24 886 --ah----- C:\IPH.PH
2008-04-15 17:53 . 2008-04-15 17:57 <DIR> d-------- C:\Documents and Settings\Mom\Application Data\Winamp
2008-04-15 17:44 . 2008-04-15 17:44 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-15 17:44 . 2008-04-15 17:44 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2008-04-15 17:41 . 2008-04-15 17:41 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-04-15 17:41 . 2008-04-15 17:41 20,520 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys
2008-04-15 17:41 . 2008-04-15 17:41 13,352 --a------ C:\WINDOWS\system32\drivers\ggflt.sys
2008-04-15 17:32 . 2008-04-15 17:59 <DIR> d-------- C:\Documents and Settings\Mom\Application Data\Azureus
2008-04-15 17:30 . 2008-04-15 17:30 <DIR> d-------- C:\Documents and Settings\Mom\Application Data\Convivea
2008-04-15 17:26 . 2008-04-15 17:26 <DIR> d-------- C:\Program Files\Avanquest update
2008-04-15 17:26 . 2008-04-15 17:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-04-15 17:25 . 2008-04-15 17:38 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-04-15 17:25 . 2008-04-15 17:25 <DIR> d-------- C:\Documents and Settings\Mom\Application Data\InstallShield
2008-04-15 17:25 . 2008-04-15 17:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-04-14 18:23 . 2007-11-21 17:31 402,728 --a------ C:\WINDOWS\system32\ImageDrive.cpl
2008-04-13 16:56 . 2008-04-13 16:56 671 --a------ C:\WINDOWS\system32\newaddies.xtc
2008-04-13 14:55 . 2008-04-13 14:56 <DIR> d-------- C:\Program Files\ShortKeys2
2008-04-13 14:55 . 2008-04-13 14:55 <DIR> d-------- C:\Program Files\Common Files\Insight Software Solutions
2008-04-13 14:55 . 2008-04-13 14:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions
2008-04-13 14:55 . 2008-04-13 14:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Insight Software
2008-04-12 15:25 . 2008-04-12 15:25 <DIR> d-------- C:\Documents and Settings\Gordo\Application Data\Webroot
2008-04-12 12:14 . 2008-04-12 12:14 <DIR> d-------- C:\Documents and Settings\Dan\Application Data\Malwarebytes
2008-04-12 12:13 . 2008-04-12 12:13 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-12 12:13 . 2008-04-12 12:13 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-04-12 12:13 . 2008-04-12 12:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-12 08:56 . 2008-04-12 08:56 <DIR> d-------- C:\Documents and Settings\Mom\Application Data\Webroot
2008-04-11 20:55 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-04-11 20:55 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-04-11 20:46 . 2008-04-11 20:46 <DIR> d-------- C:\Program Files\Webroot
2008-04-11 20:46 . 2008-04-11 20:46 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-04-11 20:46 . 2008-04-11 20:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-04-11 20:46 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-04-11 20:46 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-04-11 20:46 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-04-11 20:45 . 2008-04-11 20:45 <DIR> d-------- C:\Documents and Settings\Dan\Application Data\Webroot
2008-04-11 15:52 . 2008-04-11 15:52 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-11 15:52 . 2008-04-11 16:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-10 20:06 . 2008-04-10 20:06 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-04-10 20:06 . 2008-04-10 20:06 <DIR> d-------- C:\Documents and Settings\Dan\Application Data\Nexon
2008-04-10 19:50 . 2008-04-10 19:50 <DIR> d-------- C:\Nexon
2008-04-10 18:28 . 2008-03-21 16:30 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-04-10 18:28 . 2008-03-21 16:30 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-04-10 18:27 . 2008-04-10 18:28 <DIR> d-------- C:\Program Files\DivX
2008-04-10 18:14 . 2008-04-10 18:14 <DIR> d-------- C:\Program Files\America's Army Server Manager
2008-04-10 18:11 . 2008-04-10 18:14 <DIR> d-------- C:\Program Files\America's Army
2008-04-09 15:22 . 2008-04-09 15:22 <DIR> d-------- C:\Documents and Settings\Gordo\Application Data\Nero
2008-04-08 18:51 . 2008-04-08 18:51 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-08 18:51 . 2008-04-12 12:55 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-04-08 18:51 . 2008-04-08 18:51 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-04-08 18:51 . 2008-04-12 12:57 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-08 17:06 . 2008-04-08 17:06 <DIR> d-------- C:\Program Files\Common Files\EasyInfo
2008-04-08 16:51 . 2008-04-27 18:28 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-08 16:19 . 2008-04-08 16:38 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-08 16:19 . 2008-04-08 16:38 <DIR> d-------- C:\Documents and Settings\Dan\Application Data\SUPERAntiSpyware.com
2008-04-08 16:19 . 2008-04-08 16:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-08 15:50 . 2008-04-08 15:50 <DIR> d-------- C:\XIM
2008-04-08 06:07 . 2008-04-08 06:07 <DIR> d-------- C:\Documents and Settings\Mom\Application Data\Nero
2008-04-07 18:05 . 2008-04-07 18:05 1,024 --ah----- C:\Documents and Settings\Default User\NtUser.dat.LOG
2008-04-07 18:02 . 2008-04-07 18:02 <DIR> d-------- C:\Documents and Settings\Dan\Application Data\Nero
2008-04-07 18:00 . 2008-04-07 18:00 <DIR> d-------- C:\Program Files\Nero
2008-04-07 18:00 . 2008-04-07 18:01 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-04-07 18:00 . 2008-04-07 18:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-04-07 17:14 . 2008-04-07 17:14 <DIR> d-------- C:\Documents and Settings\Dan\Application Data\Convivea
2008-04-07 17:13 . 2008-04-07 17:13 <DIR> d-------- C:\Fraps
2008-04-07 17:13 . 2008-04-20 18:27 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-07 17:11 . 2008-04-26 23:39 <DIR> d-------- C:\Documents and Settings\Dan\Application Data\Azureus
2008-04-07 06:12 . 2008-04-07 06:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-04-06 18:26 . 2008-04-06 18:26 <DIR> d-------- C:\WINDOWS\Sun
2008-04-06 14:55 . 2008-04-06 14:55 <DIR> d-------- C:\Documents and Settings\Dan\Incomplete
2008-04-06 14:55 . 2008-04-06 14:55 <DIR> d-------- C:\Documents and Settings\Dan\Application Data\LimeWire
2008-04-06 10:21 . 2008-04-06 10:21 <DIR> d-------- C:\Program Files\Yahoo!
2008-04-05 23:11 . 2008-04-05 23:11 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-05 23:00 . 2006-10-26 20:58 30,512 --a------ C:\WINDOWS\system32\mdimon.dll
2008-04-05 22:59 . 2006-10-26 20:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-04-05 22:58 . 2008-04-05 22:58 <DIR> d-------- C:\Documents and Settings\Dan\Application Data\NPLUTO Corporation
2008-04-05 22:58 . 2003-07-19 11:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-04-05 22:58 . 2005-01-03 02:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-04-05 22:57 . 2008-04-05 22:57 <DIR> d-------- C:\Program Files\Microsoft Works
2008-04-05 22:56 . 2008-04-05 22:56 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-04-05 22:54 . 2008-04-05 22:54 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-04-05 22:54 . 2008-04-05 22:54 <DIR> d-------- C:\ijji
2008-04-05 22:54 . 2008-04-27 17:43 <DIR> d--h----- C:\Documents and Settings\Dan\Application Data\ijjigame
2008-04-05 22:53 . 2008-04-05 22:57 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-04-05 22:52 . 2008-04-05 22:52 <DIR> dr-h----- C:\MSOCache
2008-04-05 22:52 . 2008-04-08 16:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-05 22:48 . 2008-04-24 17:55 <DIR> d-------- C:\Program Files\DriftCity
2008-04-05 21:37 . 2008-04-27 18:31 <DIR> d-------- C:\Program Files\Steam
2008-04-05 21:26 . 2008-04-05 23:04 <DIR> d-------- C:\Program Files\Google
2008-04-05 21:21 . 2008-04-05 21:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IJJIGame
2008-04-05 21:11 . 2008-04-20 22:32 <DIR> d-------- C:\Documents and Settings\Dan\Application Data\Winamp
2008-04-05 13:43 . 2008-04-05 13:43 <DIR> d-------- C:\Program Files\Azureus
2008-04-05 13:43 . 2008-04-09 19:58 <DIR> d-------- C:\Documents and Settings\Gordo\Application Data\Azureus
2008-04-05 13:43 . 2008-04-05 13:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-04-05 13:41 . 2008-04-15 17:30 <DIR> d-------- C:\Program Files\Bit Che
2008-04-05 13:41 . 2008-04-05 13:41 <DIR> d-------- C:\Documents and Settings\Gordo\Application Data\Convivea
2008-04-05 13:41 . 2004-03-09 01:00 1,081,616 --a------ C:\WINDOWS\system32\mscomctl.OCX
2008-04-05 13:41 . 2004-03-09 01:00 152,848 --a------ C:\WINDOWS\system32\comdlg32.OCX
2008-04-05 13:41 . 2004-03-09 01:00 124,688 --a------ C:\WINDOWS\system32\mswinsck.ocx
2008-04-05 13:38 . 2008-04-05 13:38 <DIR> d-------- C:\Documents and Settings\Gordo\LimeWire Store Purchased
2008-04-05 13:38 . 2008-04-05 13:38 <DIR> d-------- C:\Documents and Settings\Gordo\LimeWire Shared
2008-04-05 13:38 . 2008-04-09 15:39 <DIR> d-------- C:\Documents and Settings\Gordo\LimeWire Saved
2008-04-05 13:37 . 2008-04-05 13:37 <DIR> d-------- C:\Program Files\Java
2008-04-05 13:37 . 2008-04-09 16:16 <DIR> d-------- C:\Documents and Settings\Gordo\Incomplete
2008-04-05 13:37 . 2008-04-09 16:16 <DIR> d-------- C:\Documents and Settings\Gordo\Application Data\LimeWire
2008-04-05 13:37 . 2008-02-22 03:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-05 13:36 . 2008-04-05 13:36 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-05 11:46 . 2008-04-05 11:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-05 11:15 . 2008-04-05 11:15 <DIR> d-------- C:\Program Files\CCleaner
2008-04-05 11:07 . 2008-04-05 11:07 1,167 --a------ C:\WINDOWS\mozver.dat
2008-04-05 10:56 . 2008-04-05 10:57 <DIR> d-------- C:\Documents and Settings\Gordo\Application Data\Winamp
2008-04-05 10:39 . 2008-04-05 10:39 <DIR> d-------- C:\Program Files\iTunes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 22:50 --------- d-----w C:\Documents and Settings\Dan\Application Data\TeraCopy
2008-04-09 00:31 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-08 20:58 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-06 02:57 --------- d-----w C:\Program Files\MSBuild
2008-04-04 19:47 --------- d-----w C:\Documents and Settings\Dan\Application Data\Talkback
2008-04-04 19:47 --------- d-----w C:\Documents and Settings\Dan\Application Data\ATI
2008-04-04 19:46 --------- d-----w C:\Documents and Settings\Mom\Application Data\ATI
2008-04-04 19:44 --------- d-----w C:\Program Files\Alwil Software
2008-04-04 19:41 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Winamp
2008-04-04 19:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2008-04-04 19:32 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ATI
2008-04-04 19:24 --------- d-----w C:\Program Files\Reference Assemblies
2008-04-04 19:23 --------- d-----w C:\Program Files\MSXML 6.0
2008-04-04 19:23 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-04 19:22 --------- d-----w C:\Program Files\Winamp
2008-04-04 19:21 --------- d-----w C:\Program Files\TeraCopy
2008-04-04 19:21 --------- d-----w C:\Documents and Settings\Administrator\Application Data\TeraCopy
2008-04-04 19:18 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Talkback
2008-04-04 19:04 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-04 19:00 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-19 23:29 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-03-19 23:26 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-03-19 09:40 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-12 18:10 633,344 ------w C:\WINDOWS\system32\gpprefcl.dll
2008-02-26 03:12 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-02-26 03:10 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-02-26 03:10 299,520 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-02-26 03:02 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-02-26 03:02 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-02-26 03:01 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-02-26 03:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-02-26 03:01 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-02-26 03:00 520,192 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-02-26 02:59 9,797,632 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-02-26 02:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-02-26 02:49 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-02-26 02:41 1,755,264 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-02-26 02:29 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-02-26 02:25 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-02-26 02:23 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-02-26 02:21 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-02-26 02:19 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-02-26 02:16 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-02-20 18:49 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-01-29 17:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-26_21.29.44.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-26 13:11:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-27 22:30:59 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-27 03:19:26 34,308 ----a-w C:\WINDOWS\system32\BASSMOD.dll
+ 2004-08-04 04:56:44 47,616 -c--a-w C:\WINDOWS\system32\dllcache\iyuv_32.dll
- 2004-08-04 04:15:22 140,928 -c--a-w C:\WINDOWS\system32\dllcache\ks.sys
+ 2004-08-04 03:15:22 140,928 -c--a-w C:\WINDOWS\system32\dllcache\ks.sys
+ 2004-08-04 04:56:46 17,408 -c--a-w C:\WINDOWS\system32\dllcache\msyuv.dll
- 2005-11-05 07:55:10 48,768 -c--a-w C:\WINDOWS\system32\dllcache\stream.sys
+ 2005-11-05 06:55:10 48,768 -c--a-w C:\WINDOWS\system32\dllcache\stream.sys
+ 2001-08-18 02:36:34 8,192 -c--a-w C:\WINDOWS\system32\dllcache\tsbyuv.dll
- 2004-08-04 05:56:48 53,760 -c--a-w C:\WINDOWS\system32\dllcache\vfwwdm32.dll
+ 2004-08-04 04:56:48 53,760 -c--a-w C:\WINDOWS\system32\dllcache\vfwwdm32.dll
+ 2008-02-09 04:58:22 941,784 ----a-w C:\WINDOWS\system32\drivers\CamthWDM.sys
- 2004-08-04 04:15:22 140,928 ----a-w C:\WINDOWS\system32\drivers\ks.sys
+ 2004-08-04 03:15:22 140,928 ----a-w C:\WINDOWS\system32\drivers\ks.sys
- 2005-11-05 07:55:10 48,768 ----a-w C:\WINDOWS\system32\drivers\stream.sys
+ 2005-11-05 06:55:10 48,768 ----a-w C:\WINDOWS\system32\drivers\stream.sys
- 2007-06-24 07:48:03 47,616 ----a-w C:\WINDOWS\system32\iyuv_32.dll
+ 2004-08-04 04:56:44 47,616 ----a-w C:\WINDOWS\system32\iyuv_32.dll
- 2004-08-04 05:56:58 294,912 ----a-w C:\WINDOWS\system32\msh263.drv
+ 2004-08-04 04:56:58 294,912 ----a-w C:\WINDOWS\system32\msh263.drv
- 2007-06-24 07:48:03 17,408 ----a-w C:\WINDOWS\system32\msyuv.dll
+ 2004-08-04 04:56:46 17,408 ----a-w C:\WINDOWS\system32\msyuv.dll
+ 2008-03-11 13:14:54 941,784 ----a-w C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\CamthWDM.sys
+ 2004-08-04 04:56:44 47,616 ----a-w C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\iyuv_32.dll
+ 2004-08-04 03:15:22 140,928 ----a-w C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\ks.sys
+ 2004-08-04 05:56:44 4,096 ----a-w C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\ksuser.dll
+ 2004-08-04 04:56:58 294,912 ----a-w C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\msh263.drv
+ 2004-08-04 04:56:46 17,408 ----a-w C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\msyuv.dll
+ 2005-11-05 06:55:10 48,768 ----a-w C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\stream.sys
+ 2001-08-18 02:36:34 8,192 ----a-w C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\tsbyuv.dll
+ 2004-08-04 04:56:48 53,760 ----a-w C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\vfwwdm32.dll
- 2007-06-24 07:48:03 8,192 ----a-w C:\WINDOWS\system32\tsbyuv.dll
+ 2001-08-18 02:36:34 8,192 ----a-w C:\WINDOWS\system32\tsbyuv.dll
- 2004-08-04 05:56:48 53,760 ----a-w C:\WINDOWS\system32\vfwwdm32.dll
+ 2004-08-04 04:56:48 53,760 ----a-w C:\WINDOWS\system32\vfwwdm32.dll
+ 2008-04-27 22:31:06 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_57c.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1436739e-f758-ae8a-f7eb-bed7cbf18c9c}]
C:\WINDOWS\system32\{e5e71dae-2076-aa8a-2ed5-c0ab8973941f}.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2008-04-05 21:38 1271032]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 19:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 14:37 79224]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 14:49 36352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 13:17 61440]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 11:36 267048]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 17:22 3739648]
"WebcamMaxMoniter"="C:\Program Files\WebcamMax\wcmmon.exe" [2008-02-09 00:58 456024]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="regsvr32 /s /n /i:u shell32" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-07-09 23:24:38 1134592]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 08:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-12-03 14:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-29 00:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)
"Nero BackItUp Scheduler 3"=2 (0x2)
"Bonjour Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\ijji\\ENGLISH\\u_skid.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\DriftCity\\DriftCity.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"D:\\Programs\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\TmNationsForever\\TmForever.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 14:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]
R2 CamthWDM;WebcamMax, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\CamthWDM.sys [2008-02-09 00:58]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 18:31]
S3 dump_wmimmc;dump_wmimmc;C:\Program Files\DriftCity\GameGuard\dump_wmimmc.sys []
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-04-15 17:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60e6e45d-0a6f-11dd-bc25-00045a4036f2}]
\Shell\AutoRun\command - K:\Autorun\autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-11 20:28:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 18:43:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-27 18:44:19
ComboFix-quarantined-files.txt 2008-04-27 22:44:09
ComboFix2.txt 2008-04-27 01:30:16

Pre-Run: 151,041,564,672 bytes free
Post-Run: 151,177,326,592 bytes free

350 --- E O F --- 2008-04-12 20:06:05







And the original file is gone.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP