wasalee
2010-02-12, 20:25
Hello again, I'm one of those stupid people who is forced to start again. I do make life difficult sometimes. I first posted Jan 25th. Of course I had to return and start all over again when virtuemonde showed it's ugly face again. I've learned my lesson. Enclosed as directed are my reports from Combofix, an updated HijackThis log. I ran ATF Cleaner and then Malwarebytes, log enclosed. Finally I ran Kaspersky , log enclosed.
ComboFix 10-02-11.04 - Bonnir Fuller 02/12/2010 0:21.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.150 [GMT -8:00]
Running from: c:\documents and settings\Bonnir Fuller\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((( Files Created from 2010-01-12 to 2010-02-12 )))))))))))))))))))))))))))))))
.
2010-01-25 09:15 . 2010-01-25 09:15 -------- d-----w- c:\program files\Trend Micro
2010-01-25 08:58 . 2010-01-25 08:58 -------- d-----w- C:\desktop
2010-01-24 05:01 . 2010-01-24 05:01 -------- d-----w- c:\program files\CCleaner
2010-01-23 00:58 . 2010-01-23 00:58 -------- d-----w- c:\program files\VIA Technologies, Inc
2010-01-23 00:58 . 2002-12-18 19:57 45056 ----a-w- c:\windows\system32\vusetup.dll
2010-01-23 00:58 . 2002-11-14 01:34 10496 ----a-w- c:\windows\system32\drivers\vulfntr.sys
2010-01-23 00:58 . 2002-10-25 00:07 6912 ----a-w- c:\windows\system32\drivers\vulfnth.sys
2010-01-23 00:08 . 2007-07-05 06:33 42496 ----a-w- c:\windows\system32\drivers\fetnd5bv.sys
2010-01-23 00:08 . 2006-10-27 08:26 69632 ----a-w- c:\windows\system32\vuins32.dll
2010-01-23 00:05 . 2010-01-23 00:05 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2010-01-23 00:05 . 2010-01-23 00:05 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2010-01-23 00:05 . 2008-02-07 23:59 195072 ----a-w- c:\windows\system32\CNCC150.DLL
2010-01-23 00:05 . 2008-02-07 23:59 37888 ----a-w- c:\windows\system32\CNCI150.DLL
2010-01-23 00:05 . 2005-05-31 03:45 139264 ----a-w- c:\windows\system32\CNCL150.DLL
2010-01-23 00:04 . 2010-01-23 00:04 -------- d--h--w- c:\program files\CanonBJ
2010-01-22 23:58 . 2005-11-17 07:46 337320 ------w- c:\windows\system32\difxapi.dll
2010-01-22 23:58 . 2007-03-29 19:36 9216 ----a-w- c:\windows\system32\drivers\videX32.sys
2010-01-22 23:53 . 2005-04-18 08:15 40960 ----a-r- c:\windows\system32\VModes.exe
2010-01-22 23:53 . 2010-01-22 23:58 -------- d-----w- c:\program files\VIA
2010-01-22 22:47 . 2010-01-22 22:47 125952 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe
2010-01-22 22:42 . 2010-01-22 22:42 -------- d-----w- c:\documents and settings\Bonnir Fuller\Application Data\DriverCure
2010-01-22 22:41 . 2010-01-24 08:08 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2010-01-22 22:41 . 2010-01-22 22:41 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-01-22 22:41 . 2010-01-22 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-01-22 22:41 . 2010-01-22 22:41 -------- d-----w- c:\program files\ParetoLogic
2010-01-22 08:23 . 2010-01-22 08:23 -------- d-----w- c:\documents and settings\Bonnir Fuller\Application Data\Logitech
2010-01-22 08:22 . 2010-01-22 08:23 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-01-22 08:21 . 2009-06-17 16:55 10384 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2010-01-22 08:19 . 2009-07-20 20:25 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2010-01-22 08:19 . 2009-07-20 20:26 84496 ----a-w- c:\windows\system32\KemXML.dll
2010-01-22 08:19 . 2009-07-20 20:26 117264 ----a-w- c:\windows\system32\KemWnd.dll
2010-01-22 08:19 . 2009-07-20 20:26 170512 ----a-w- c:\windows\system32\kemutb.dll
2010-01-22 08:19 . 2009-07-20 20:26 145936 ----a-w- c:\windows\system32\KemUtil.dll
2010-01-22 08:18 . 2010-01-22 08:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2010-01-22 08:18 . 2010-01-22 08:22 -------- d-----w- c:\program files\Common Files\Logishrd
2010-01-22 06:09 . 2010-01-22 06:09 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-01-22 06:09 . 2008-10-11 00:01 26624 ----a-r- c:\windows\system32\LGDispDrv.dll
2010-01-22 06:09 . 2008-10-11 00:01 147456 ----a-r- c:\windows\system32\LgExport.dll
2010-01-22 06:09 . 2010-01-22 06:09 -------- d-----w- c:\program files\LG Soft India
2010-01-13 09:45 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-12 05:39 . 2006-04-17 10:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-05 18:51 . 2006-04-18 03:11 -------- d-----w- c:\program files\Google
2010-02-05 01:18 . 2008-08-24 22:50 -------- d-----w- c:\program files\BpDiary
2010-01-26 04:04 . 2010-01-26 04:04 732672 --sha-w- c:\windows\system32\11.tmp
2010-01-25 00:25 . 2005-03-09 01:59 78664 -c--a-w- c:\documents and settings\Bonnir Fuller\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-25 00:13 . 2006-01-11 00:44 -------- d-----w- c:\program files\Shutterfly
2010-01-24 23:55 . 2010-01-05 09:55 -------- d-----w- c:\program files\LimeWire
2010-01-24 21:26 . 2009-12-26 08:59 149504 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-24 20:38 . 2006-04-17 10:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-24 14:16 . 2010-01-24 14:16 732672 --sha-w- c:\windows\system32\7C.tmp
2010-01-24 05:04 . 2006-04-30 02:43 -------- d-----w- c:\program files\ewido anti-malware
2010-01-23 01:12 . 2005-04-22 18:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-23 00:04 . 2005-05-13 06:53 -------- d-----w- c:\documents and settings\Bonnir Fuller\Application Data\Canon
2010-01-22 08:21 . 2010-01-22 08:21 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-01-22 08:21 . 2010-01-22 08:21 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-01-22 08:21 . 2010-01-22 08:21 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-01-22 08:18 . 2005-12-14 06:45 -------- d-----w- c:\program files\Logitech
2010-01-22 06:09 . 2005-03-09 18:55 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-07 02:55 . 2010-01-07 02:55 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-01-05 10:00 . 2004-08-04 07:56 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-04 07:56 17408 ------w- c:\windows\system32\corpol.dll
2010-01-02 22:00 . 2010-01-02 22:00 -------- d-----w- c:\program files\MSECache
2010-01-02 06:30 . 2008-08-24 22:49 266240 ------w- c:\windows\Setup1.exe
2010-01-02 06:30 . 2008-08-24 22:49 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-12-31 16:50 . 2004-08-04 06:14 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 02:23 . 2006-08-09 01:18 -------- d-----w- c:\documents and settings\Bonnir Fuller\Application Data\Apple Computer
2009-12-31 02:20 . 2007-10-03 21:58 -------- d-----w- c:\program files\AirPort
2009-12-30 22:46 . 2009-12-30 22:46 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-28 09:25 . 2005-03-09 01:40 -------- d-----w- c:\program files\Snapshot Viewer
2009-12-26 01:52 . 2007-09-07 09:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-12-25 22:05 . 2009-12-25 22:03 -------- d-----w- c:\program files\iTunes
2009-12-25 22:05 . 2009-12-25 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-25 22:04 . 2006-08-09 01:11 -------- d-----w- c:\program files\iPod
2009-12-25 22:04 . 2007-09-07 09:33 -------- d-----w- c:\program files\Common Files\Apple
2009-12-25 22:00 . 2008-04-21 01:25 -------- d-----w- c:\program files\Bonjour
2009-12-25 21:59 . 2009-12-25 21:57 -------- d-----w- c:\program files\QuickTime
2009-12-25 21:55 . 2009-12-25 21:55 -------- d-----w- c:\program files\Apple Software Update
2009-12-16 18:43 . 2005-03-09 01:10 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-04 07:56 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2004-08-04 06:20 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-03 22:59 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-04 06:15 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2004-08-04 07:56 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-04 00:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2001-08-23 13:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-08-04 07:56 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2004-08-04 07:56 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-04 00:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-21 15:51 . 2004-08-04 07:56 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 21:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pareto_Update"="c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe" [2009-01-13 189808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-08 53248]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-11 2043160]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-05-27 753664]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
forteManager.lnk - c:\program files\LG Soft India\forteManager\bin\Monitor.exe [2010-1-21 1687552]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-22 813584]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\143a744a741]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-28 16:04 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 20:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c0080ACB]
[BU]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AirPort\\APAgent.exe"=
"c:\\Program Files\\ParetoLogic\\DriverCure\\DriverCure.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:*:Disabled:Bonjour
R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [3/9/2005 10:58 AM 9344]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/22/2008 9:01 AM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/22/2008 9:01 AM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/3/2008 3:04 PM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/3/2008 3:04 PM 297752]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [1/22/2010 12:21 AM 10384]
S2 gupdate1c9edfc4664a5f4;Google Update Service (gupdate1c9edfc4664a5f4);c:\program files\Google\Update\GoogleUpdate.exe [6/15/2009 1:00 PM 133104]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [1/21/2010 10:09 PM 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [1/21/2010 10:09 PM 18432]
S4 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [3/9/2005 10:58 AM 448640]
.
Contents of the 'Scheduled Tasks' folder
2010-01-25 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]
2010-01-25 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-06 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = localhost;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List
IE: Easy-WebPrint High Speed Print
IE: Easy-WebPrint Preview
IE: Easy-WebPrint Print
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
- - - - ORPHANS REMOVED - - - -
BHO-{04F4254B-41B9-4A6C-BF62-1E2C972CFEC4} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-12 00:29
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-725345543-1844237615-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(656)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
- - - - - - - > 'explorer.exe'(3840)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\windows\system32\IEFRAME.dll
.
Completion time: 2010-02-12 00:36:24
ComboFix-quarantined-files.txt 2010-02-12 08:36
ComboFix2.txt 2010-01-27 05:48
Pre-Run: 21,840,752,640 bytes free
Post-Run: 21,806,342,144 bytes free
- - End Of File - - D9895874EEDA5EEDE315F1E65E8F1E59
HJT
ComboFix 10-01-26.02 - Bonnir Fuller 01/26/2010 21:24:17.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.242 [GMT -8:00]
Running from: c:\documents and settings\Bonnir Fuller\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Bonnir Fuller\Application Data\0200000044c1b3bb741C.manifest
c:\documents and settings\Bonnir Fuller\Application Data\0200000044c1b3bb741O.manifest
c:\documents and settings\Bonnir Fuller\Application Data\0200000044c1b3bb741P.manifest
c:\documents and settings\Bonnir Fuller\Application Data\0200000044c1b3bb741S.manifest
c:\documents and settings\Bonnir Fuller\Application Data\Mozilla\Firefox\Profiles\8lyak978.Default User\extensions\{98dc9c1e-b856-43d3-8b2c-44d004a3ae07}
c:\documents and settings\Bonnir Fuller\Application Data\Mozilla\Firefox\Profiles\8lyak978.Default User\extensions\{98dc9c1e-b856-43d3-8b2c-44d004a3ae07}\chrome.manifest
c:\documents and settings\Bonnir Fuller\Application Data\Mozilla\Firefox\Profiles\8lyak978.Default User\extensions\{98dc9c1e-b856-43d3-8b2c-44d004a3ae07}\chrome\xulcache.jar
c:\documents and settings\Bonnir Fuller\Application Data\Mozilla\Firefox\Profiles\8lyak978.Default User\extensions\{98dc9c1e-b856-43d3-8b2c-44d004a3ae07}\defaults\preferences\xulcache.js
c:\documents and settings\Bonnir Fuller\Application Data\Mozilla\Firefox\Profiles\8lyak978.Default User\extensions\{98dc9c1e-b856-43d3-8b2c-44d004a3ae07}\install.rdf
c:\documents and settings\Bonnir Fuller\Application Data\Mozilla\Firefox\Profiles\xecypfp9.default\extensions\{98dc9c1e-b856-43d3-8b2c-44d004a3ae07}
c:\documents and settings\Bonnir Fuller\Application Data\Mozilla\Firefox\Profiles\xecypfp9.default\extensions\{98dc9c1e-b856-43d3-8b2c-44d004a3ae07}\chrome.manifest
c:\documents and settings\Bonnir Fuller\Application Data\Mozilla\Firefox\Profiles\xecypfp9.default\extensions\{98dc9c1e-b856-43d3-8b2c-44d004a3ae07}\chrome\xulcache.jar
c:\documents and settings\Bonnir Fuller\Application Data\Mozilla\Firefox\Profiles\xecypfp9.default\extensions\{98dc9c1e-b856-43d3-8b2c-44d004a3ae07}\defaults\preferences\xulcache.js
c:\documents and settings\Bonnir Fuller\Application Data\Mozilla\Firefox\Profiles\xecypfp9.default\extensions\{98dc9c1e-b856-43d3-8b2c-44d004a3ae07}\install.rdf
c:\documents and settings\Bonnir Fuller\Application Data\SystemProc
c:\documents and settings\Bonnir Fuller\Application Data\SystemProc\lsass.exe
c:\documents and settings\Bonnir Fuller\My Documents\ZbThumbnail.info
c:\documents and settings\Bonnir Fuller\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf
c:\windows\GnuHashes.ini
c:\windows\system32\__c0080ACB.dat
c:\windows\system32\__c00BF00A.dat
c:\windows\system32\__c00D5301.dat
c:\windows\system32\__c00E2718.dat
c:\windows\system32\__c00EF10.dat
c:\windows\system32\46.tmp
c:\windows\system32\638063405
c:\windows\system32\64Ffy5znqjD0FPV.vbs
c:\windows\system32\6F9d1YzzL2nvW.vbs
c:\windows\system32\CABVIEW32.DLL
c:\windows\system32\ciodm32.dll
c:\windows\system32\comctl3232.dll
c:\windows\system32\d3dim32.dll
c:\windows\system32\dbgeng32.dll
c:\windows\system32\dnssd32.dll
c:\windows\system32\dOeOCvQ.vbs
c:\windows\system32\dpnhupnp32.dll
c:\windows\system32\dpnmodem32.dll
c:\windows\system32\eappprxy32.dll
c:\windows\system32\fG28R.vbs
c:\windows\system32\iedkcs3232.dll
c:\windows\system32\lbiRF.vbs
c:\windows\system32\MLKjr.vbs
c:\windows\system32\Nmu2N.vbs
c:\windows\system32\SysWoW32
c:\windows\system32\SysWoW32\_u1314926096v5
c:\windows\system32\SysWoW32\mi1314926096v4
c:\windows\system32\SysWoW32\mi1314926096v4.kwd
c:\windows\system32\SysWoW32\mi1314926096v6
c:\windows\system32\SysWoW32\mi1314926096v6.kwd
c:\windows\system32\SysWoW32\mi1314926096v7
c:\windows\system32\SysWoW32\mi1314926096v7.kwd
c:\windows\system32\SysWoW32\mu1314926096v5
c:\windows\system32\SysWoW32\mu1314926096v5.kwd
c:\windows\system32\SysWoW32\wu1314926096v0
c:\windows\system32\SysWoW32\wu1314926096v0.kwd
c:\windows\system32\SysWoW32\wu1314926096v1
c:\windows\system32\SysWoW32\wu1314926096v1.kwd
c:\windows\system32\SysWoW32\wu1314926096v2
c:\windows\system32\SysWoW32\wu1314926096v2.kwd
c:\windows\system32\SysWoW32\wu1314926096v3
c:\windows\system32\SysWoW32\wu1314926096v3.kwd
c:\windows\system32\T0DkAMV2Fv2sc.vbs
c:\windows\system32\twain_32.dll
c:\windows\system32\unrar.exe
c:\windows\system32\Wggg6u4.vbs
C:\xcrashdump.dat
.
((((((((((((((((((((((((( Files Created from 2009-12-27 to 2010-01-27 )))))))))))))))))))))))))))))))
.
2010-01-23 00:05 . 2010-01-23 00:05 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2010-01-22 22:42 . 2010-01-22 22:42 -------- d-----w- c:\documents and settings\Bonnir Fuller\Application Data\DriverCure
2010-01-22 22:41 . 2010-01-24 08:08 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2010-01-22 22:41 . 2010-01-22 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-01-22 08:23 . 2010-01-22 08:23 -------- d-----w- c:\documents and settings\Bonnir Fuller\Application Data\Logitech
2010-01-22 08:22 . 2010-01-22 08:23 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-01-22 08:18 . 2010-01-22 08:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2010-01-22 06:09 . 2010-01-22 06:09 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-26 04:04 . 2010-01-26 04:04 732672 --sha-w- c:\windows\system32\11.tmp
2010-01-25 09:15 . 2010-01-25 09:15 -------- d-----w- c:\program files\Trend Micro
2010-01-25 00:25 . 2005-03-09 01:59 78664 -c--a-w- c:\documents and settings\Bonnir Fuller\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-25 00:13 . 2006-01-11 00:44 -------- d-----w- c:\program files\Shutterfly
2010-01-24 23:55 . 2010-01-05 09:55 -------- d-----w- c:\program files\LimeWire
2010-01-24 21:26 . 2009-12-26 08:59 149504 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-24 21:23 . 2006-04-17 10:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-24 20:38 . 2006-04-17 10:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-24 14:16 . 2010-01-24 14:16 732672 --sha-w- c:\windows\system32\7C.tmp
2010-01-24 05:53 . 2008-08-24 22:50 -------- d-----w- c:\program files\BpDiary
2010-01-24 05:04 . 2006-04-30 02:43 -------- d-----w- c:\program files\ewido anti-malware
2010-01-24 05:01 . 2010-01-24 05:01 -------- d-----w- c:\program files\CCleaner
2010-01-23 04:54 . 2010-01-23 04:54 110592 ----a-w- c:\windows\system32\dot3api32.dll
2010-01-23 01:12 . 2005-04-22 18:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-23 00:58 . 2010-01-23 00:58 -------- d-----w- c:\program files\VIA Technologies, Inc
2010-01-23 00:04 . 2005-05-13 06:53 -------- d-----w- c:\documents and settings\Bonnir Fuller\Application Data\Canon
2010-01-23 00:04 . 2010-01-23 00:04 -------- d--h--w- c:\program files\CanonBJ
2010-01-22 23:58 . 2010-01-22 23:53 -------- d-----w- c:\program files\VIA
2010-01-22 22:47 . 2010-01-22 22:47 125952 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe
2010-01-22 22:41 . 2010-01-22 22:41 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-01-22 22:41 . 2010-01-22 22:41 -------- d-----w- c:\program files\ParetoLogic
2010-01-22 08:22 . 2010-01-22 08:18 -------- d-----w- c:\program files\Common Files\Logishrd
2010-01-22 08:21 . 2010-01-22 08:21 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-01-22 08:21 . 2010-01-22 08:21 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-01-22 08:21 . 2010-01-22 08:21 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-01-22 08:18 . 2005-12-14 06:45 -------- d-----w- c:\program files\Logitech
2010-01-22 06:09 . 2010-01-22 06:09 -------- d-----w- c:\program files\LG Soft India
2010-01-22 06:09 . 2005-03-09 18:55 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-07 02:55 . 2010-01-07 02:55 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-01-05 10:00 . 2004-08-04 07:56 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-04 07:56 17408 ------w- c:\windows\system32\corpol.dll
2010-01-02 22:00 . 2010-01-02 22:00 -------- d-----w- c:\program files\MSECache
2010-01-02 06:30 . 2008-08-24 22:49 266240 ------w- c:\windows\Setup1.exe
2010-01-02 06:30 . 2008-08-24 22:49 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-12-31 02:23 . 2006-08-09 01:18 -------- d-----w- c:\documents and settings\Bonnir Fuller\Application Data\Apple Computer
2009-12-31 02:20 . 2007-10-03 21:58 -------- d-----w- c:\program files\AirPort
2009-12-30 22:46 . 2009-12-30 22:46 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-28 09:25 . 2005-03-09 01:40 -------- d-----w- c:\program files\Snapshot Viewer
2009-12-26 01:52 . 2007-09-07 09:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-12-25 22:05 . 2009-12-25 22:03 -------- d-----w- c:\program files\iTunes
2009-12-25 22:05 . 2009-12-25 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-25 22:04 . 2006-08-09 01:11 -------- d-----w- c:\program files\iPod
2009-12-25 22:04 . 2007-09-07 09:33 -------- d-----w- c:\program files\Common Files\Apple
2009-12-25 22:00 . 2008-04-21 01:25 -------- d-----w- c:\program files\Bonjour
2009-12-25 21:59 . 2009-12-25 21:57 -------- d-----w- c:\program files\QuickTime
2009-12-25 21:55 . 2009-12-25 21:55 -------- d-----w- c:\program files\Apple Software Update
2009-12-19 17:31 . 2006-04-18 03:11 -------- d-----w- c:\program files\Google
2009-11-21 15:51 . 2004-08-04 07:56 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-13 01:07 . 2009-11-13 01:07 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 21:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
"Pareto_Update"="c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe" [2009-01-13 189808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-08 53248]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-11 2043160]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-05-27 753664]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
forteManager.lnk - c:\program files\LG Soft India\forteManager\bin\Monitor.exe [2010-1-21 1687552]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-22 813584]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-28 16:04 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 20:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AirPort\\APAgent.exe"=
"c:\\Program Files\\ParetoLogic\\DriverCure\\DriverCure.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:*:Disabled:Bonjour
R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [3/9/2005 10:58 AM 9344]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/22/2008 9:01 AM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/22/2008 9:01 AM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/3/2008 3:04 PM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/3/2008 3:04 PM 297752]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [1/22/2010 12:21 AM 10384]
S2 gupdate1c9edfc4664a5f4;Google Update Service (gupdate1c9edfc4664a5f4);c:\program files\Google\Update\GoogleUpdate.exe [6/15/2009 1:00 PM 133104]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [1/21/2010 10:09 PM 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [1/21/2010 10:09 PM 18432]
S4 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [3/9/2005 10:58 AM 448640]
.
Contents of the 'Scheduled Tasks' folder
2010-01-25 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]
2010-01-25 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-06 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = localhost;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List
IE: Easy-WebPrint High Speed Print
IE: Easy-WebPrint Preview
IE: Easy-WebPrint Print
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
- - - - ORPHANS REMOVED - - - -
BHO-{04F4254B-41B9-4A6C-BF62-1E2C972CFEC4} - c:\windows\System32\d3dim32.dll
HKLM-Run-Cmaudio - cmicnfg.cpl
HKU-Default-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Notify-143a744a741 - (no file)
Notify-WgaLogon - (no file)
Notify-__c0080ACB - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-26 21:35
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-725345543-1844237615-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(656)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
- - - - - - - > 'explorer.exe'(4056)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\windows\system32\IEFRAME.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wdfmgr.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\VTTimer.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-01-26 21:48:32 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-27 05:48
Pre-Run: 22,159,433,728 bytes free
Post-Run: 22,155,317,248 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 698CC930B9C88C029076D630A46D11EC
mbam log
Malwarebytes' Anti-Malware 1.44
Database version: 3729
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
2/12/2010 1:54:22 AM
mbam-log-2010-02-12 (01-54-22).txt
Scan type: Quick Scan
Objects scanned: 120473
Time elapsed: 7 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0080acb (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\11.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\7C.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
kscan
Date: Today (events: 58)
My Protection (events: 7)
2/12/2010 2:41:41 AM Databases are obsolete Kaspersky Internet Security
2/12/2010 2:42:22 AM Your computer is protected Kaspersky Internet Security
2/12/2010 3:02:01 AM Threats have been detected Kaspersky Internet Security
2/12/2010 3:59:41 AM Threats have been detected Kaspersky Internet Security
2/12/2010 7:43:11 AM Threats have been detected Kaspersky Internet Security
2/12/2010 7:43:34 AM Threats have been detected Kaspersky Internet Security
2/12/2010 7:47:28 AM Threats have been detected Kaspersky Internet Security
File Anti-Virus (events: 1)
2/12/2010 2:41:42 AM Task started Kaspersky Internet Security File Anti-Virus
Mail Anti-Virus (events: 1)
2/12/2010 2:41:42 AM Task started Kaspersky Internet Security Mail Anti-Virus
Web Anti-Virus (events: 1)
2/12/2010 2:41:47 AM Task started Kaspersky Internet Security Web Anti-Virus
Network Attack Blocker (events: 1)
2/12/2010 2:41:42 AM Task started Kaspersky Internet Security Network Attack Blocker
Anti-Spam (events: 1)
2/12/2010 2:41:42 AM Task started Kaspersky Internet Security Anti-Spam
Application Control (events: 35)
2/12/2010 2:41:42 AM Task started Kaspersky Internet Security Application Control
2/12/2010 2:41:54 AM Windows NT Session Manager Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:41:54 AM Client Server Runtime Process Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:41:54 AM Windows NT Logon Application Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:41:54 AM Services and Controller app Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:41:55 AM LSA Shell (Export Version) Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:41:55 AM Generic Host Process for Win32 Services Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:41:55 AM Windows Explorer Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:41:55 AM Spooler SubSystem App Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:41:56 AM Apple Mobile Device Service Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:41:57 AM Bonjour Service Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:41:58 AM PML Driver Placed in group Trusted Known on the database of the known software
2/12/2010 2:41:58 AM Google Installer Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:41:59 AM Windows User Mode Driver Manager Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:41:59 AM Windows Security Center Notification App Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:41:59 AM Application Layer Gateway Service Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:41:59 AM Windows® installer Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:42:00 AM VTTIMER.EXE Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:42:07 AM iTouch Application Placed in group Low Restricted High value of threat rating calculated heuristically
2/12/2010 2:42:08 AM iTunesHelper Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:42:08 AM Kaspersky Internet Security Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:42:09 AM AirPort Base Station Agent Placed in group Trusted Known on the database of the known software
2/12/2010 2:42:09 AM QuickTime Task Placed in group Trusted Known on the database of the known software
2/12/2010 2:42:10 AM OCR Aware (32-bit) Placed in group Low Restricted High value of threat rating calculated heuristically
2/12/2010 2:42:10 AM Microsoft® Works Update Detection Placed in group Trusted Known on the database of the known software
2/12/2010 2:42:11 AM InstallShield Update Service Scheduler Placed in group Trusted Known on the database of the known software
2/12/2010 2:42:11 AM Hewlett-Packard Product Assistant Placed in group Trusted Known on the database of the known software
2/12/2010 2:42:12 AM Adobe Acrobat SpeedLauncher Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:42:13 AM HP Digital Imaging Monitor Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:42:16 AM Logitech SetPoint Event Manager (UNICODE) Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:42:16 AM Logitech KHAL Main Process Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:42:18 AM iPodService Module (32-bit) Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:42:20 AM Kaspersky Anti-Virus GUI Windows part Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 4:32:25 AM Windows Update Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 4:43:05 AM WMI Placed in group Trusted Signed by the digital signature of entrusted manufacturers
Proactive Defense (events: 1)
2/12/2010 2:41:42 AM Task started Kaspersky Internet Security Proactive Defense
Firewall (events: 1)
2/12/2010 2:41:42 AM Task started Kaspersky Internet Security Firewall
IM Anti-Virus (events: 1)
2/12/2010 2:41:42 AM Task started Kaspersky Internet Security IM Anti-Virus
Objects Scan (events: 4)
2/12/2010 2:55:18 AM Task started Kaspersky Internet Security Full Scan
2/12/2010 8:43:28 AM Task completed Kaspersky Internet Security Full Scan
2/12/2010 8:51:46 AM Task started Kaspersky Internet Security Rootkit Scan
2/12/2010 8:58:46 AM Task completed Kaspersky Internet Security Rootkit Scan
My Update Center (events: 4)
2/12/2010 2:42:11 AM Task started Kaspersky Internet Security My Update Center
2/12/2010 2:54:06 AM Task completed Kaspersky Internet Security My Update Center
2/12/2010 4:57:21 AM Task started Kaspersky Internet Security My Update Center
2/12/2010 6:58:27 AM Task completed Kaspersky Internet Security My Update Center
ComboFix 10-02-11.04 - Bonnir Fuller 02/12/2010 0:21.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.150 [GMT -8:00]
Running from: c:\documents and settings\Bonnir Fuller\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((( Files Created from 2010-01-12 to 2010-02-12 )))))))))))))))))))))))))))))))
.
2010-01-25 09:15 . 2010-01-25 09:15 -------- d-----w- c:\program files\Trend Micro
2010-01-25 08:58 . 2010-01-25 08:58 -------- d-----w- C:\desktop
2010-01-24 05:01 . 2010-01-24 05:01 -------- d-----w- c:\program files\CCleaner
2010-01-23 00:58 . 2010-01-23 00:58 -------- d-----w- c:\program files\VIA Technologies, Inc
2010-01-23 00:58 . 2002-12-18 19:57 45056 ----a-w- c:\windows\system32\vusetup.dll
2010-01-23 00:58 . 2002-11-14 01:34 10496 ----a-w- c:\windows\system32\drivers\vulfntr.sys
2010-01-23 00:58 . 2002-10-25 00:07 6912 ----a-w- c:\windows\system32\drivers\vulfnth.sys
2010-01-23 00:08 . 2007-07-05 06:33 42496 ----a-w- c:\windows\system32\drivers\fetnd5bv.sys
2010-01-23 00:08 . 2006-10-27 08:26 69632 ----a-w- c:\windows\system32\vuins32.dll
2010-01-23 00:05 . 2010-01-23 00:05 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2010-01-23 00:05 . 2010-01-23 00:05 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2010-01-23 00:05 . 2008-02-07 23:59 195072 ----a-w- c:\windows\system32\CNCC150.DLL
2010-01-23 00:05 . 2008-02-07 23:59 37888 ----a-w- c:\windows\system32\CNCI150.DLL
2010-01-23 00:05 . 2005-05-31 03:45 139264 ----a-w- c:\windows\system32\CNCL150.DLL
2010-01-23 00:04 . 2010-01-23 00:04 -------- d--h--w- c:\program files\CanonBJ
2010-01-22 23:58 . 2005-11-17 07:46 337320 ------w- c:\windows\system32\difxapi.dll
2010-01-22 23:58 . 2007-03-29 19:36 9216 ----a-w- c:\windows\system32\drivers\videX32.sys
2010-01-22 23:53 . 2005-04-18 08:15 40960 ----a-r- c:\windows\system32\VModes.exe
2010-01-22 23:53 . 2010-01-22 23:58 -------- d-----w- c:\program files\VIA
2010-01-22 22:47 . 2010-01-22 22:47 125952 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe
2010-01-22 22:42 . 2010-01-22 22:42 -------- d-----w- c:\documents and settings\Bonnir Fuller\Application Data\DriverCure
2010-01-22 22:41 . 2010-01-24 08:08 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2010-01-22 22:41 . 2010-01-22 22:41 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-01-22 22:41 . 2010-01-22 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-01-22 22:41 . 2010-01-22 22:41 -------- d-----w- c:\program files\ParetoLogic
2010-01-22 08:23 . 2010-01-22 08:23 -------- d-----w- c:\documents and settings\Bonnir Fuller\Application Data\Logitech
2010-01-22 08:22 . 2010-01-22 08:23 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-01-22 08:21 . 2009-06-17 16:55 10384 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2010-01-22 08:19 . 2009-07-20 20:25 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2010-01-22 08:19 . 2009-07-20 20:26 84496 ----a-w- c:\windows\system32\KemXML.dll
2010-01-22 08:19 . 2009-07-20 20:26 117264 ----a-w- c:\windows\system32\KemWnd.dll
2010-01-22 08:19 . 2009-07-20 20:26 170512 ----a-w- c:\windows\system32\kemutb.dll
2010-01-22 08:19 . 2009-07-20 20:26 145936 ----a-w- c:\windows\system32\KemUtil.dll
2010-01-22 08:18 . 2010-01-22 08:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2010-01-22 08:18 . 2010-01-22 08:22 -------- d-----w- c:\program files\Common Files\Logishrd
2010-01-22 06:09 . 2010-01-22 06:09 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-01-22 06:09 . 2008-10-11 00:01 26624 ----a-r- c:\windows\system32\LGDispDrv.dll
2010-01-22 06:09 . 2008-10-11 00:01 147456 ----a-r- c:\windows\system32\LgExport.dll
2010-01-22 06:09 . 2010-01-22 06:09 -------- d-----w- c:\program files\LG Soft India
2010-01-13 09:45 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-12 05:39 . 2006-04-17 10:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-05 18:51 . 2006-04-18 03:11 -------- d-----w- c:\program files\Google
2010-02-05 01:18 . 2008-08-24 22:50 -------- d-----w- c:\program files\BpDiary
2010-01-26 04:04 . 2010-01-26 04:04 732672 --sha-w- c:\windows\system32\11.tmp
2010-01-25 00:25 . 2005-03-09 01:59 78664 -c--a-w- c:\documents and settings\Bonnir Fuller\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-25 00:13 . 2006-01-11 00:44 -------- d-----w- c:\program files\Shutterfly
2010-01-24 23:55 . 2010-01-05 09:55 -------- d-----w- c:\program files\LimeWire
2010-01-24 21:26 . 2009-12-26 08:59 149504 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-24 20:38 . 2006-04-17 10:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-24 14:16 . 2010-01-24 14:16 732672 --sha-w- c:\windows\system32\7C.tmp
2010-01-24 05:04 . 2006-04-30 02:43 -------- d-----w- c:\program files\ewido anti-malware
2010-01-23 01:12 . 2005-04-22 18:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-23 00:04 . 2005-05-13 06:53 -------- d-----w- c:\documents and settings\Bonnir Fuller\Application Data\Canon
2010-01-22 08:21 . 2010-01-22 08:21 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-01-22 08:21 . 2010-01-22 08:21 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-01-22 08:21 . 2010-01-22 08:21 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-01-22 08:18 . 2005-12-14 06:45 -------- d-----w- c:\program files\Logitech
2010-01-22 06:09 . 2005-03-09 18:55 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-07 02:55 . 2010-01-07 02:55 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-01-05 10:00 . 2004-08-04 07:56 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-04 07:56 17408 ------w- c:\windows\system32\corpol.dll
2010-01-02 22:00 . 2010-01-02 22:00 -------- d-----w- c:\program files\MSECache
2010-01-02 06:30 . 2008-08-24 22:49 266240 ------w- c:\windows\Setup1.exe
2010-01-02 06:30 . 2008-08-24 22:49 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-12-31 16:50 . 2004-08-04 06:14 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 02:23 . 2006-08-09 01:18 -------- d-----w- c:\documents and settings\Bonnir Fuller\Application Data\Apple Computer
2009-12-31 02:20 . 2007-10-03 21:58 -------- d-----w- c:\program files\AirPort
2009-12-30 22:46 . 2009-12-30 22:46 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-28 09:25 . 2005-03-09 01:40 -------- d-----w- c:\program files\Snapshot Viewer
2009-12-26 01:52 . 2007-09-07 09:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-12-25 22:05 . 2009-12-25 22:03 -------- d-----w- c:\program files\iTunes
2009-12-25 22:05 . 2009-12-25 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-25 22:04 . 2006-08-09 01:11 -------- d-----w- c:\program files\iPod
2009-12-25 22:04 . 2007-09-07 09:33 -------- d-----w- c:\program files\Common Files\Apple
2009-12-25 22:00 . 2008-04-21 01:25 -------- d-----w- c:\program files\Bonjour
2009-12-25 21:59 . 2009-12-25 21:57 -------- d-----w- c:\program files\QuickTime
2009-12-25 21:55 . 2009-12-25 21:55 -------- d-----w- c:\program files\Apple Software Update
2009-12-16 18:43 . 2005-03-09 01:10 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-04 07:56 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2004-08-04 06:20 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-03 22:59 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-04 06:15 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2004-08-04 07:56 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-04 00:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2001-08-23 13:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-08-04 07:56 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2004-08-04 07:56 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-04 00:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-21 15:51 . 2004-08-04 07:56 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 21:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pareto_Update"="c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe" [2009-01-13 189808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-08 53248]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-11 2043160]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-05-27 753664]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
forteManager.lnk - c:\program files\LG Soft India\forteManager\bin\Monitor.exe [2010-1-21 1687552]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-22 813584]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\143a744a741]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-28 16:04 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 20:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c0080ACB]
[BU]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AirPort\\APAgent.exe"=
"c:\\Program Files\\ParetoLogic\\DriverCure\\DriverCure.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:*:Disabled:Bonjour
R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [3/9/2005 10:58 AM 9344]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/22/2008 9:01 AM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/22/2008 9:01 AM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/3/2008 3:04 PM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/3/2008 3:04 PM 297752]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [1/22/2010 12:21 AM 10384]
S2 gupdate1c9edfc4664a5f4;Google Update Service (gupdate1c9edfc4664a5f4);c:\program files\Google\Update\GoogleUpdate.exe [6/15/2009 1:00 PM 133104]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [1/21/2010 10:09 PM 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [1/21/2010 10:09 PM 18432]
S4 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [3/9/2005 10:58 AM 448640]
.
Contents of the 'Scheduled Tasks' folder
2010-01-25 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]
2010-01-25 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-06 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = localhost;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List
IE: Easy-WebPrint High Speed Print
IE: Easy-WebPrint Preview
IE: Easy-WebPrint Print
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
- - - - ORPHANS REMOVED - - - -
BHO-{04F4254B-41B9-4A6C-BF62-1E2C972CFEC4} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-12 00:29
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-725345543-1844237615-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(656)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
- - - - - - - > 'explorer.exe'(3840)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\windows\system32\IEFRAME.dll
.
Completion time: 2010-02-12 00:36:24
ComboFix-quarantined-files.txt 2010-02-12 08:36
ComboFix2.txt 2010-01-27 05:48
Pre-Run: 21,840,752,640 bytes free
Post-Run: 21,806,342,144 bytes free
- - End Of File - - D9895874EEDA5EEDE315F1E65E8F1E59
HJT
ComboFix 10-01-26.02 - Bonnir Fuller 01/26/2010 21:24:17.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.242 [GMT -8:00]
Running from: c:\documents and settings\Bonnir Fuller\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Bonnir Fuller\Application Data\0200000044c1b3bb741C.manifest
c:\documents and settings\Bonnir Fuller\Application Data\0200000044c1b3bb741O.manifest
c:\documents and settings\Bonnir Fuller\Application Data\0200000044c1b3bb741P.manifest
c:\documents and settings\Bonnir Fuller\Application Data\0200000044c1b3bb741S.manifest
c:\documents and settings\Bonnir Fuller\Application Data\Mozilla\Firefox\Profiles\8lyak978.Default User\extensions\{98dc9c1e-b856-43d3-8b2c-44d004a3ae07}
c:\documents and settings\Bonnir Fuller\Application Data\Mozilla\Firefox\Profiles\8lyak978.Default User\extensions\{98dc9c1e-b856-43d3-8b2c-44d004a3ae07}\chrome.manifest
c:\documents and settings\Bonnir Fuller\Application Data\Mozilla\Firefox\Profiles\8lyak978.Default User\extensions\{98dc9c1e-b856-43d3-8b2c-44d004a3ae07}\chrome\xulcache.jar
c:\documents and settings\Bonnir Fuller\Application Data\Mozilla\Firefox\Profiles\8lyak978.Default User\extensions\{98dc9c1e-b856-43d3-8b2c-44d004a3ae07}\defaults\preferences\xulcache.js
c:\documents and settings\Bonnir Fuller\Application Data\Mozilla\Firefox\Profiles\8lyak978.Default User\extensions\{98dc9c1e-b856-43d3-8b2c-44d004a3ae07}\install.rdf
c:\documents and settings\Bonnir Fuller\Application Data\Mozilla\Firefox\Profiles\xecypfp9.default\extensions\{98dc9c1e-b856-43d3-8b2c-44d004a3ae07}
c:\documents and settings\Bonnir Fuller\Application Data\Mozilla\Firefox\Profiles\xecypfp9.default\extensions\{98dc9c1e-b856-43d3-8b2c-44d004a3ae07}\chrome.manifest
c:\documents and settings\Bonnir Fuller\Application Data\Mozilla\Firefox\Profiles\xecypfp9.default\extensions\{98dc9c1e-b856-43d3-8b2c-44d004a3ae07}\chrome\xulcache.jar
c:\documents and settings\Bonnir Fuller\Application Data\Mozilla\Firefox\Profiles\xecypfp9.default\extensions\{98dc9c1e-b856-43d3-8b2c-44d004a3ae07}\defaults\preferences\xulcache.js
c:\documents and settings\Bonnir Fuller\Application Data\Mozilla\Firefox\Profiles\xecypfp9.default\extensions\{98dc9c1e-b856-43d3-8b2c-44d004a3ae07}\install.rdf
c:\documents and settings\Bonnir Fuller\Application Data\SystemProc
c:\documents and settings\Bonnir Fuller\Application Data\SystemProc\lsass.exe
c:\documents and settings\Bonnir Fuller\My Documents\ZbThumbnail.info
c:\documents and settings\Bonnir Fuller\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf
c:\windows\GnuHashes.ini
c:\windows\system32\__c0080ACB.dat
c:\windows\system32\__c00BF00A.dat
c:\windows\system32\__c00D5301.dat
c:\windows\system32\__c00E2718.dat
c:\windows\system32\__c00EF10.dat
c:\windows\system32\46.tmp
c:\windows\system32\638063405
c:\windows\system32\64Ffy5znqjD0FPV.vbs
c:\windows\system32\6F9d1YzzL2nvW.vbs
c:\windows\system32\CABVIEW32.DLL
c:\windows\system32\ciodm32.dll
c:\windows\system32\comctl3232.dll
c:\windows\system32\d3dim32.dll
c:\windows\system32\dbgeng32.dll
c:\windows\system32\dnssd32.dll
c:\windows\system32\dOeOCvQ.vbs
c:\windows\system32\dpnhupnp32.dll
c:\windows\system32\dpnmodem32.dll
c:\windows\system32\eappprxy32.dll
c:\windows\system32\fG28R.vbs
c:\windows\system32\iedkcs3232.dll
c:\windows\system32\lbiRF.vbs
c:\windows\system32\MLKjr.vbs
c:\windows\system32\Nmu2N.vbs
c:\windows\system32\SysWoW32
c:\windows\system32\SysWoW32\_u1314926096v5
c:\windows\system32\SysWoW32\mi1314926096v4
c:\windows\system32\SysWoW32\mi1314926096v4.kwd
c:\windows\system32\SysWoW32\mi1314926096v6
c:\windows\system32\SysWoW32\mi1314926096v6.kwd
c:\windows\system32\SysWoW32\mi1314926096v7
c:\windows\system32\SysWoW32\mi1314926096v7.kwd
c:\windows\system32\SysWoW32\mu1314926096v5
c:\windows\system32\SysWoW32\mu1314926096v5.kwd
c:\windows\system32\SysWoW32\wu1314926096v0
c:\windows\system32\SysWoW32\wu1314926096v0.kwd
c:\windows\system32\SysWoW32\wu1314926096v1
c:\windows\system32\SysWoW32\wu1314926096v1.kwd
c:\windows\system32\SysWoW32\wu1314926096v2
c:\windows\system32\SysWoW32\wu1314926096v2.kwd
c:\windows\system32\SysWoW32\wu1314926096v3
c:\windows\system32\SysWoW32\wu1314926096v3.kwd
c:\windows\system32\T0DkAMV2Fv2sc.vbs
c:\windows\system32\twain_32.dll
c:\windows\system32\unrar.exe
c:\windows\system32\Wggg6u4.vbs
C:\xcrashdump.dat
.
((((((((((((((((((((((((( Files Created from 2009-12-27 to 2010-01-27 )))))))))))))))))))))))))))))))
.
2010-01-23 00:05 . 2010-01-23 00:05 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2010-01-22 22:42 . 2010-01-22 22:42 -------- d-----w- c:\documents and settings\Bonnir Fuller\Application Data\DriverCure
2010-01-22 22:41 . 2010-01-24 08:08 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2010-01-22 22:41 . 2010-01-22 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-01-22 08:23 . 2010-01-22 08:23 -------- d-----w- c:\documents and settings\Bonnir Fuller\Application Data\Logitech
2010-01-22 08:22 . 2010-01-22 08:23 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-01-22 08:18 . 2010-01-22 08:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2010-01-22 06:09 . 2010-01-22 06:09 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-26 04:04 . 2010-01-26 04:04 732672 --sha-w- c:\windows\system32\11.tmp
2010-01-25 09:15 . 2010-01-25 09:15 -------- d-----w- c:\program files\Trend Micro
2010-01-25 00:25 . 2005-03-09 01:59 78664 -c--a-w- c:\documents and settings\Bonnir Fuller\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-25 00:13 . 2006-01-11 00:44 -------- d-----w- c:\program files\Shutterfly
2010-01-24 23:55 . 2010-01-05 09:55 -------- d-----w- c:\program files\LimeWire
2010-01-24 21:26 . 2009-12-26 08:59 149504 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-24 21:23 . 2006-04-17 10:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-24 20:38 . 2006-04-17 10:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-24 14:16 . 2010-01-24 14:16 732672 --sha-w- c:\windows\system32\7C.tmp
2010-01-24 05:53 . 2008-08-24 22:50 -------- d-----w- c:\program files\BpDiary
2010-01-24 05:04 . 2006-04-30 02:43 -------- d-----w- c:\program files\ewido anti-malware
2010-01-24 05:01 . 2010-01-24 05:01 -------- d-----w- c:\program files\CCleaner
2010-01-23 04:54 . 2010-01-23 04:54 110592 ----a-w- c:\windows\system32\dot3api32.dll
2010-01-23 01:12 . 2005-04-22 18:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-23 00:58 . 2010-01-23 00:58 -------- d-----w- c:\program files\VIA Technologies, Inc
2010-01-23 00:04 . 2005-05-13 06:53 -------- d-----w- c:\documents and settings\Bonnir Fuller\Application Data\Canon
2010-01-23 00:04 . 2010-01-23 00:04 -------- d--h--w- c:\program files\CanonBJ
2010-01-22 23:58 . 2010-01-22 23:53 -------- d-----w- c:\program files\VIA
2010-01-22 22:47 . 2010-01-22 22:47 125952 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe
2010-01-22 22:41 . 2010-01-22 22:41 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-01-22 22:41 . 2010-01-22 22:41 -------- d-----w- c:\program files\ParetoLogic
2010-01-22 08:22 . 2010-01-22 08:18 -------- d-----w- c:\program files\Common Files\Logishrd
2010-01-22 08:21 . 2010-01-22 08:21 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-01-22 08:21 . 2010-01-22 08:21 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-01-22 08:21 . 2010-01-22 08:21 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-01-22 08:18 . 2005-12-14 06:45 -------- d-----w- c:\program files\Logitech
2010-01-22 06:09 . 2010-01-22 06:09 -------- d-----w- c:\program files\LG Soft India
2010-01-22 06:09 . 2005-03-09 18:55 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-07 02:55 . 2010-01-07 02:55 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-01-05 10:00 . 2004-08-04 07:56 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-04 07:56 17408 ------w- c:\windows\system32\corpol.dll
2010-01-02 22:00 . 2010-01-02 22:00 -------- d-----w- c:\program files\MSECache
2010-01-02 06:30 . 2008-08-24 22:49 266240 ------w- c:\windows\Setup1.exe
2010-01-02 06:30 . 2008-08-24 22:49 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-12-31 02:23 . 2006-08-09 01:18 -------- d-----w- c:\documents and settings\Bonnir Fuller\Application Data\Apple Computer
2009-12-31 02:20 . 2007-10-03 21:58 -------- d-----w- c:\program files\AirPort
2009-12-30 22:46 . 2009-12-30 22:46 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-28 09:25 . 2005-03-09 01:40 -------- d-----w- c:\program files\Snapshot Viewer
2009-12-26 01:52 . 2007-09-07 09:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-12-25 22:05 . 2009-12-25 22:03 -------- d-----w- c:\program files\iTunes
2009-12-25 22:05 . 2009-12-25 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-25 22:04 . 2006-08-09 01:11 -------- d-----w- c:\program files\iPod
2009-12-25 22:04 . 2007-09-07 09:33 -------- d-----w- c:\program files\Common Files\Apple
2009-12-25 22:00 . 2008-04-21 01:25 -------- d-----w- c:\program files\Bonjour
2009-12-25 21:59 . 2009-12-25 21:57 -------- d-----w- c:\program files\QuickTime
2009-12-25 21:55 . 2009-12-25 21:55 -------- d-----w- c:\program files\Apple Software Update
2009-12-19 17:31 . 2006-04-18 03:11 -------- d-----w- c:\program files\Google
2009-11-21 15:51 . 2004-08-04 07:56 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-13 01:07 . 2009-11-13 01:07 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 21:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
"Pareto_Update"="c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe" [2009-01-13 189808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-08 53248]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-11 2043160]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-05-27 753664]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
forteManager.lnk - c:\program files\LG Soft India\forteManager\bin\Monitor.exe [2010-1-21 1687552]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-22 813584]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-28 16:04 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 20:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AirPort\\APAgent.exe"=
"c:\\Program Files\\ParetoLogic\\DriverCure\\DriverCure.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:*:Disabled:Bonjour
R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [3/9/2005 10:58 AM 9344]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/22/2008 9:01 AM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/22/2008 9:01 AM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/3/2008 3:04 PM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/3/2008 3:04 PM 297752]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [1/22/2010 12:21 AM 10384]
S2 gupdate1c9edfc4664a5f4;Google Update Service (gupdate1c9edfc4664a5f4);c:\program files\Google\Update\GoogleUpdate.exe [6/15/2009 1:00 PM 133104]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [1/21/2010 10:09 PM 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [1/21/2010 10:09 PM 18432]
S4 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [3/9/2005 10:58 AM 448640]
.
Contents of the 'Scheduled Tasks' folder
2010-01-25 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]
2010-01-25 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-06 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = localhost;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List
IE: Easy-WebPrint High Speed Print
IE: Easy-WebPrint Preview
IE: Easy-WebPrint Print
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
- - - - ORPHANS REMOVED - - - -
BHO-{04F4254B-41B9-4A6C-BF62-1E2C972CFEC4} - c:\windows\System32\d3dim32.dll
HKLM-Run-Cmaudio - cmicnfg.cpl
HKU-Default-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Notify-143a744a741 - (no file)
Notify-WgaLogon - (no file)
Notify-__c0080ACB - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-26 21:35
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-725345543-1844237615-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(656)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
- - - - - - - > 'explorer.exe'(4056)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\windows\system32\IEFRAME.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wdfmgr.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\VTTimer.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-01-26 21:48:32 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-27 05:48
Pre-Run: 22,159,433,728 bytes free
Post-Run: 22,155,317,248 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 698CC930B9C88C029076D630A46D11EC
mbam log
Malwarebytes' Anti-Malware 1.44
Database version: 3729
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
2/12/2010 1:54:22 AM
mbam-log-2010-02-12 (01-54-22).txt
Scan type: Quick Scan
Objects scanned: 120473
Time elapsed: 7 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0080acb (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\11.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\7C.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
kscan
Date: Today (events: 58)
My Protection (events: 7)
2/12/2010 2:41:41 AM Databases are obsolete Kaspersky Internet Security
2/12/2010 2:42:22 AM Your computer is protected Kaspersky Internet Security
2/12/2010 3:02:01 AM Threats have been detected Kaspersky Internet Security
2/12/2010 3:59:41 AM Threats have been detected Kaspersky Internet Security
2/12/2010 7:43:11 AM Threats have been detected Kaspersky Internet Security
2/12/2010 7:43:34 AM Threats have been detected Kaspersky Internet Security
2/12/2010 7:47:28 AM Threats have been detected Kaspersky Internet Security
File Anti-Virus (events: 1)
2/12/2010 2:41:42 AM Task started Kaspersky Internet Security File Anti-Virus
Mail Anti-Virus (events: 1)
2/12/2010 2:41:42 AM Task started Kaspersky Internet Security Mail Anti-Virus
Web Anti-Virus (events: 1)
2/12/2010 2:41:47 AM Task started Kaspersky Internet Security Web Anti-Virus
Network Attack Blocker (events: 1)
2/12/2010 2:41:42 AM Task started Kaspersky Internet Security Network Attack Blocker
Anti-Spam (events: 1)
2/12/2010 2:41:42 AM Task started Kaspersky Internet Security Anti-Spam
Application Control (events: 35)
2/12/2010 2:41:42 AM Task started Kaspersky Internet Security Application Control
2/12/2010 2:41:54 AM Windows NT Session Manager Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:41:54 AM Client Server Runtime Process Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:41:54 AM Windows NT Logon Application Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:41:54 AM Services and Controller app Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:41:55 AM LSA Shell (Export Version) Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:41:55 AM Generic Host Process for Win32 Services Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:41:55 AM Windows Explorer Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:41:55 AM Spooler SubSystem App Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:41:56 AM Apple Mobile Device Service Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:41:57 AM Bonjour Service Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:41:58 AM PML Driver Placed in group Trusted Known on the database of the known software
2/12/2010 2:41:58 AM Google Installer Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:41:59 AM Windows User Mode Driver Manager Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:41:59 AM Windows Security Center Notification App Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:41:59 AM Application Layer Gateway Service Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:41:59 AM Windows® installer Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:42:00 AM VTTIMER.EXE Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:42:07 AM iTouch Application Placed in group Low Restricted High value of threat rating calculated heuristically
2/12/2010 2:42:08 AM iTunesHelper Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:42:08 AM Kaspersky Internet Security Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:42:09 AM AirPort Base Station Agent Placed in group Trusted Known on the database of the known software
2/12/2010 2:42:09 AM QuickTime Task Placed in group Trusted Known on the database of the known software
2/12/2010 2:42:10 AM OCR Aware (32-bit) Placed in group Low Restricted High value of threat rating calculated heuristically
2/12/2010 2:42:10 AM Microsoft® Works Update Detection Placed in group Trusted Known on the database of the known software
2/12/2010 2:42:11 AM InstallShield Update Service Scheduler Placed in group Trusted Known on the database of the known software
2/12/2010 2:42:11 AM Hewlett-Packard Product Assistant Placed in group Trusted Known on the database of the known software
2/12/2010 2:42:12 AM Adobe Acrobat SpeedLauncher Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:42:13 AM HP Digital Imaging Monitor Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:42:16 AM Logitech SetPoint Event Manager (UNICODE) Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:42:16 AM Logitech KHAL Main Process Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:42:18 AM iPodService Module (32-bit) Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 2:42:20 AM Kaspersky Anti-Virus GUI Windows part Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 4:32:25 AM Windows Update Placed in group Trusted Signed by the digital signature of entrusted manufacturers
2/12/2010 4:43:05 AM WMI Placed in group Trusted Signed by the digital signature of entrusted manufacturers
Proactive Defense (events: 1)
2/12/2010 2:41:42 AM Task started Kaspersky Internet Security Proactive Defense
Firewall (events: 1)
2/12/2010 2:41:42 AM Task started Kaspersky Internet Security Firewall
IM Anti-Virus (events: 1)
2/12/2010 2:41:42 AM Task started Kaspersky Internet Security IM Anti-Virus
Objects Scan (events: 4)
2/12/2010 2:55:18 AM Task started Kaspersky Internet Security Full Scan
2/12/2010 8:43:28 AM Task completed Kaspersky Internet Security Full Scan
2/12/2010 8:51:46 AM Task started Kaspersky Internet Security Rootkit Scan
2/12/2010 8:58:46 AM Task completed Kaspersky Internet Security Rootkit Scan
My Update Center (events: 4)
2/12/2010 2:42:11 AM Task started Kaspersky Internet Security My Update Center
2/12/2010 2:54:06 AM Task completed Kaspersky Internet Security My Update Center
2/12/2010 4:57:21 AM Task started Kaspersky Internet Security My Update Center
2/12/2010 6:58:27 AM Task completed Kaspersky Internet Security My Update Center