combofix {part 2}
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-04-18 17:58 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-04-18 17:58 2051328]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-04-18 17:58 2051328]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 19:16 454784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 09:56 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-04-07 19:56 36864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 02:05 122939]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [ ]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 14:42 1404928]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"lxdcmon.exe"="C:\Program Files\Lexmark 1300 Series\lxdcmon.exe" [ ]
"lxdcamon"="C:\Program Files\Lexmark 1300 Series\lxdcamon.exe" [2007-04-30 04:19 20480]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-09-05 12:19 94208 C:\WINDOWS\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-09-05 12:19 94208 C:\WINDOWS\KHALMNPR.Exe]
"Logitech BT Wizard"="LBTWiz.exe" []
"Easy Synchronization"="C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 12:00 53248]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-08-17 23:19:54 622653]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-04-07 19:56:23 196608]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-04-07 19:54:51 671744]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\
0]
Source= F:\vulcan_1024x768.jpg
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= F:\Nalu_1920x1440.jpg
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
Source= F:\Adrianne_1400x1050.jpg
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
Source= C:\Documents and Settings\Owner\My Documents\My Pictures\black_cat.jpg
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\4]
Source= C:\Documents and Settings\Owner\My Documents\My Pictures\cat13b.jpg
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\5]
Source= C:\Documents and Settings\Owner\My Documents\My Pictures\wanimal3t.gif
FriendlyName=
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= C:\Program Files\Logitech\Easy Synchronization\shellexecutehook.dll [2005-10-05 12:00 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2006-10-25 19:01 65536 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"msacm.mpegacm"= mpegacm.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoStart IR.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoStart IR.lnk
backup=C:\WINDOWS\pss\AutoStart IR.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Application Director 9.LNK]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Application Director 9.LNK
backup=C:\WINDOWS\pss\Desktop Application Director 9.LNKCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MySoftware InterCom.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MySoftware InterCom.lnk
backup=C:\WINDOWS\pss\MySoftware InterCom.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
--a------ 2008-04-18 17:58 1177368 C:\PROGRA~1\AVG\AVG8\avgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-03-19 19:32 1862144 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
--a------ 2007-02-05 19:52 849280 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
--a------ 2006-11-21 21:08 813912 C:\Program Files\Microsoft IntelliType Pro\itype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2007-01-08 22:17 52256 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSDiagnosticM]
--a------ 2007-02-27 16:29 315392 C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2007-01-08 22:26 68640 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Quick-Drop]
--------- 2006-06-06 11:47 118784 C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 5 SE\Ulead DVD MovieFactory 5\Quick-Drop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2004-01-07 02:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"UleadBurningHelper"=2 (0x2)
"RichVideo"=2 (0x2)
"NBService"=3 (0x3)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"GoogleDesktopManager"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\lxdccoms.exe"=
"C:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe"=
"C:\\Program Files\\Lexmark 1300 Series\\app4r.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcpswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcjswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdctime.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-04-18 17:58]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-18 17:58]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-04-18 17:57]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-18 17:57]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-04-18 17:57]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-04-18 17:58]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-10-25 19:10]
R2 lxdc_device;lxdc_device;C:\WINDOWS\system32\lxdccoms.exe [2007-05-25 05:38]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-04-18 17:38]
R3 hcw18bda;Hauppauge WinTV 418 Driver;C:\WINDOWS\system32\drivers\hcw18bda.sys [2007-05-10 14:43]
R3 lknuhst;Linksys Network USB Host Controller;C:\WINDOWS\system32\DRIVERS\lknuhst.sys [2006-10-18 18:32]
R3 LKNUHUB;Linksys Network USB Root Hub;C:\WINDOWS\system32\DRIVERS\lknuhub.sys [2006-10-18 18:32]
S2 lxdcCATSCustConnectService;lxdcCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe [2007-05-25 05:38]
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-04-18 17:38]
S3 HauppaugeTVServer;HauppaugeTVServer;C:\PROGRA~1\WinTV\HCWTVS~1.EXE [2007-02-20 15:11]
S3 ngrpci;NETGEAR FA310TX Fast Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\ngrpci.sys [2001-08-17 13:12]
*Newly Created Service* - CATCHME
*Newly Created Service* - GTNDIS5
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-04-21 08:31:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2008-04-21 8:34:03
ComboFix-quarantined-files.txt 2008-04-21 12:33:01
Pre-Run: 18,073,759,744 bytes free
Post-Run: 19,050,729,472 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
384 --- E O F --- 2008-04-09 02:06:51