I'm just trying to do some preventative maintenance on my PC so here are my CF and HJT logs. MB came up clean.
ComboFix 09-11-03.01 - Nate 11/03/2009 21:49.2.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.961 [GMT -6:00]
Running from: c:\documents and settings\Nate\Desktop\Nate's Stuff\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\LOG36.tmp
c:\windows\system32\kxqxbtee.dll
c:\windows\system32\prunnet.exe
c:\windows\system32\rhnmbwau.dll
((((((((((((((((((((((((( Files Created from 2009-10-04 to 2009-11-04 )))))))))))))))))))))))))))))))
2009-10-24 01:19 . 2009-10-24 01:41 -------- d-----w- C:\$AVG
2009-10-24 01:17 . 2009-10-24 01:17 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\avg9
2009-10-20 03:36 . 2009-10-20 03:36 -------- d-sh--w- c:\windows\ftpcache
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2009-10-25 20:07 . 2009-09-16 04:50 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\MediaMall
2009-10-24 01:19 . 2009-07-08 22:40 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-24 01:19 . 2009-07-08 22:40 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-24 01:19 . 2009-07-08 22:40 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-24 01:18 . 2009-07-08 22:40 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-24 01:17 . 2009-07-08 22:40 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-10-24 01:17 . 2009-07-08 22:40 -------- d-----w- c:\program files\AVG
2009-10-24 00:55 . 2008-04-27 04:55 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-10-20 03:34 . 2009-09-16 04:51 97944 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-20 03:30 . 2006-05-04 03:30 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Microsoft Help
2009-10-20 03:26 . 2005-05-29 18:56 -------- d-----w- c:\program files\Microsoft Works
2009-10-14 03:37 . 2005-06-09 18:32 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-24 02:17 . 2009-09-24 02:17 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\CanonIJPLM
2009-09-24 02:17 . 2009-09-24 02:08 -------- d-----w- c:\program files\Canon
2009-09-24 02:14 . 2009-09-24 02:14 -------- d-----w- c:\documents and settings\Nate\Application Data\ScanSoft
2009-09-24 02:14 . 2009-09-24 02:14 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\ScanSoft
2009-09-24 02:14 . 2009-09-24 02:14 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2009-09-24 02:14 . 2009-09-24 02:14 -------- d-----w- c:\program files\ScanSoft
2009-09-24 02:12 . 2009-09-24 02:12 -------- d-----w- c:\program files\Common Files\CANON
2009-09-24 02:09 . 2009-09-24 02:09 -------- d--h--w- c:\docume~1\ALLUSE~1\APPLIC~1\CanonBJ
2009-09-24 02:09 . 2009-09-24 02:09 -------- d--h--w- c:\program files\CanonBJ
2009-09-16 04:57 . 2005-06-05 04:37 97944 -c--a-w- c:\documents and settings\Nate\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-16 04:51 . 2009-09-16 04:51 -------- d-----w- c:\program files\Common Files\ffdshowEx
2009-09-16 04:51 . 2009-09-16 04:51 -------- d-----w- c:\program files\MediaMall
2009-09-16 04:51 . 2009-09-16 04:51 -------- d-----w- c:\program files\Common Files\TV-Websites
2009-09-16 01:13 . 2009-09-16 01:13 -------- d-----w- c:\program files\D-Link
2009-09-16 01:06 . 2009-09-16 00:58 -------- d-----w- c:\documents and settings\Nate\Application Data\VirtualStore
2009-09-16 00:35 . 2005-05-29 18:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-11 14:18 . 2004-08-10 17:51 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 01:53 . 2008-07-31 02:38 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-04 21:03 . 2004-08-10 17:51 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-10 17:51 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 04:33 . 2009-08-18 04:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-07 00:24 . 2004-08-10 18:02 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2004-08-10 18:02 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2005-05-26 09:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2004-08-10 18:02 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2004-08-10 18:02 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2004-08-10 17:50 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2004-08-10 18:02 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2009-04-01 21:21 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 00:23 . 2008-10-16 19:07 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-07 00:23 . 2004-08-10 18:02 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2008-11-19 02:27 . 2006-08-02 03:26 67696 -c--a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-11-19 02:27 . 2006-08-02 03:27 54376 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-11-19 02:27 . 2007-09-26 21:09 34952 -c--a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-11-19 02:27 . 2007-09-26 21:09 46720 -c--a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-11-19 02:27 . 2006-08-02 03:26 172144 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2007-08-09 18:08 . 2008-04-27 19:35 8784 -c--a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 18:10 . 2008-04-27 20:30 245408 -c--a-w- c:\program files\mozilla firefox\plugins\unicows.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-09 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"D-Link Network USB Utility"="c:\program files\D-Link\Network USB Utility\Network USB Utility.exe" [2008-08-19 1885952]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-10-24 2010904]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-09-21 55824]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 16:10 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-24 01:18 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2007-11-16 00:46 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jdk1.5.0\\jre\\bin\\java.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\D-Link\\Network USB Utility\\Network USB Utility.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\MediaMall\\MediaMallServer.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
"9303:UDP"= 9303:UDP:Network USB Utility UDP Port
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [7/8/2009 04:40 PM 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/8/2009 04:40 PM 333192]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/8/2009 04:40 PM 360584]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [10/23/2009 07:17 PM 285392]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/3/2007 03:09 PM 12992]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2/7/2008 09:58 PM 46112]
R2 MediaMall Server;MediaMall Server;c:\program files\MediaMall\MediaMallServer.exe [9/16/2009 12:46 AM 2993152]
R3 DlinkUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\drivers\DlinkUDSMBus.sys [8/18/2008 01:20 PM 73600]
S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [12/28/2006 12:14 AM 3712]
S3 ADM8211;802.11b Wireless PCI Card;c:\windows\system32\drivers\ADM8211.sys [6/9/2005 11:26 AM 76288]
S3 DlinkUDSTcpBus;DlinkUDSTcpBus;c:\windows\system32\drivers\DlinkUDSTcpBus.sys [8/18/2008 01:20 PM 97408]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*Deregistered* - mbr
------- Supplementary Scan -------
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: {C1660133-DD17-4814-B5AD-7A124BC92F62} = 192.168.0.1
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Nate\Application Data\Mozilla\Firefox\Profiles\43me5988.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://banking.commercebank.com/cbi/login.aspx
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
- - - - ORPHANS REMOVED - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-11-03 21:59
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(648)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\windows\system32\LMIinit.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\windows\system32\LMIRfsClientNP.dll
- - - - - - - > 'explorer.exe'(1112)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
------------------------ Other Running Processes ------------------------
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
**************************************************************************
Completion time: 2009-11-04 22:06 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-04 04:06
ComboFix2.txt 2008-12-17 05:22
Pre-Run: 33,442,381,824 bytes free
Post-Run: 33,318,821,888 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
ComboFix 09-11-03.01 - Nate 11/03/2009 21:49.2.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.961 [GMT -6:00]
Running from: c:\documents and settings\Nate\Desktop\Nate's Stuff\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\LOG36.tmp
c:\windows\system32\kxqxbtee.dll
c:\windows\system32\prunnet.exe
c:\windows\system32\rhnmbwau.dll
((((((((((((((((((((((((( Files Created from 2009-10-04 to 2009-11-04 )))))))))))))))))))))))))))))))
2009-10-24 01:19 . 2009-10-24 01:41 -------- d-----w- C:\$AVG
2009-10-24 01:17 . 2009-10-24 01:17 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\avg9
2009-10-20 03:36 . 2009-10-20 03:36 -------- d-sh--w- c:\windows\ftpcache
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2009-10-25 20:07 . 2009-09-16 04:50 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\MediaMall
2009-10-24 01:19 . 2009-07-08 22:40 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-24 01:19 . 2009-07-08 22:40 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-24 01:19 . 2009-07-08 22:40 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-24 01:18 . 2009-07-08 22:40 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-24 01:17 . 2009-07-08 22:40 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-10-24 01:17 . 2009-07-08 22:40 -------- d-----w- c:\program files\AVG
2009-10-24 00:55 . 2008-04-27 04:55 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-10-20 03:34 . 2009-09-16 04:51 97944 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-20 03:30 . 2006-05-04 03:30 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Microsoft Help
2009-10-20 03:26 . 2005-05-29 18:56 -------- d-----w- c:\program files\Microsoft Works
2009-10-14 03:37 . 2005-06-09 18:32 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-24 02:17 . 2009-09-24 02:17 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\CanonIJPLM
2009-09-24 02:17 . 2009-09-24 02:08 -------- d-----w- c:\program files\Canon
2009-09-24 02:14 . 2009-09-24 02:14 -------- d-----w- c:\documents and settings\Nate\Application Data\ScanSoft
2009-09-24 02:14 . 2009-09-24 02:14 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\ScanSoft
2009-09-24 02:14 . 2009-09-24 02:14 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2009-09-24 02:14 . 2009-09-24 02:14 -------- d-----w- c:\program files\ScanSoft
2009-09-24 02:12 . 2009-09-24 02:12 -------- d-----w- c:\program files\Common Files\CANON
2009-09-24 02:09 . 2009-09-24 02:09 -------- d--h--w- c:\docume~1\ALLUSE~1\APPLIC~1\CanonBJ
2009-09-24 02:09 . 2009-09-24 02:09 -------- d--h--w- c:\program files\CanonBJ
2009-09-16 04:57 . 2005-06-05 04:37 97944 -c--a-w- c:\documents and settings\Nate\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-16 04:51 . 2009-09-16 04:51 -------- d-----w- c:\program files\Common Files\ffdshowEx
2009-09-16 04:51 . 2009-09-16 04:51 -------- d-----w- c:\program files\MediaMall
2009-09-16 04:51 . 2009-09-16 04:51 -------- d-----w- c:\program files\Common Files\TV-Websites
2009-09-16 01:13 . 2009-09-16 01:13 -------- d-----w- c:\program files\D-Link
2009-09-16 01:06 . 2009-09-16 00:58 -------- d-----w- c:\documents and settings\Nate\Application Data\VirtualStore
2009-09-16 00:35 . 2005-05-29 18:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-11 14:18 . 2004-08-10 17:51 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 01:53 . 2008-07-31 02:38 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-04 21:03 . 2004-08-10 17:51 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-10 17:51 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 04:33 . 2009-08-18 04:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-07 00:24 . 2004-08-10 18:02 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2004-08-10 18:02 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2005-05-26 09:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2004-08-10 18:02 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2004-08-10 18:02 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2004-08-10 17:50 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2004-08-10 18:02 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2009-04-01 21:21 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 00:23 . 2008-10-16 19:07 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-07 00:23 . 2004-08-10 18:02 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2008-11-19 02:27 . 2006-08-02 03:26 67696 -c--a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-11-19 02:27 . 2006-08-02 03:27 54376 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-11-19 02:27 . 2007-09-26 21:09 34952 -c--a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-11-19 02:27 . 2007-09-26 21:09 46720 -c--a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-11-19 02:27 . 2006-08-02 03:26 172144 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2007-08-09 18:08 . 2008-04-27 19:35 8784 -c--a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 18:10 . 2008-04-27 20:30 245408 -c--a-w- c:\program files\mozilla firefox\plugins\unicows.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-09 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"D-Link Network USB Utility"="c:\program files\D-Link\Network USB Utility\Network USB Utility.exe" [2008-08-19 1885952]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-10-24 2010904]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-09-21 55824]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 16:10 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-24 01:18 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2007-11-16 00:46 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jdk1.5.0\\jre\\bin\\java.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\D-Link\\Network USB Utility\\Network USB Utility.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\MediaMall\\MediaMallServer.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
"9303:UDP"= 9303:UDP:Network USB Utility UDP Port
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [7/8/2009 04:40 PM 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/8/2009 04:40 PM 333192]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/8/2009 04:40 PM 360584]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [10/23/2009 07:17 PM 285392]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/3/2007 03:09 PM 12992]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2/7/2008 09:58 PM 46112]
R2 MediaMall Server;MediaMall Server;c:\program files\MediaMall\MediaMallServer.exe [9/16/2009 12:46 AM 2993152]
R3 DlinkUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\drivers\DlinkUDSMBus.sys [8/18/2008 01:20 PM 73600]
S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [12/28/2006 12:14 AM 3712]
S3 ADM8211;802.11b Wireless PCI Card;c:\windows\system32\drivers\ADM8211.sys [6/9/2005 11:26 AM 76288]
S3 DlinkUDSTcpBus;DlinkUDSTcpBus;c:\windows\system32\drivers\DlinkUDSTcpBus.sys [8/18/2008 01:20 PM 97408]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*Deregistered* - mbr
------- Supplementary Scan -------
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: {C1660133-DD17-4814-B5AD-7A124BC92F62} = 192.168.0.1
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Nate\Application Data\Mozilla\Firefox\Profiles\43me5988.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://banking.commercebank.com/cbi/login.aspx
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
- - - - ORPHANS REMOVED - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-11-03 21:59
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(648)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\windows\system32\LMIinit.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\windows\system32\LMIRfsClientNP.dll
- - - - - - - > 'explorer.exe'(1112)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
------------------------ Other Running Processes ------------------------
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
**************************************************************************
Completion time: 2009-11-04 22:06 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-04 04:06
ComboFix2.txt 2008-12-17 05:22
Pre-Run: 33,442,381,824 bytes free
Post-Run: 33,318,821,888 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect