(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 01:59 . 2008-03-18 22:22 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-08 02:50 . 2008-10-24 13:10 -------- d-----w- c:\documents and settings\Adrienne\Application Data\Skype
2009-06-07 20:00 . 2008-10-27 23:00 -------- d-----w- c:\documents and settings\Adrienne\Application Data\skypePM
2009-05-22 13:43 . 2008-06-17 00:26 -------- d-----w- c:\documents and settings\Adrienne\Application Data\LimeWire
2009-05-22 02:25 . 2008-04-10 12:43 -------- d-----w- c:\documents and settings\Adrienne\Application Data\Juniper Networks
2009-05-22 02:25 . 2008-04-10 12:43 36939 ----a-w- c:\documents and settings\Adrienne\Application Data\Juniper Networks\Setup\uninstall.exe
2009-05-22 02:25 . 2008-04-16 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Juniper Networks
2009-05-22 00:59 . 2008-06-24 12:54 26016 ----a-w- c:\documents and settings\Adrienne\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-22 00:45 . 2008-07-24 04:27 -------- d-----w- c:\program files\Common Files\Apple
2009-04-25 16:48 . 2009-04-25 16:34 -------- d-----w- c:\program files\QuickTax 2008
2009-04-25 16:34 . 2008-03-18 23:46 -------- d-----w- c:\documents and settings\Adrienne\Application Data\Intuit Canada
2009-04-25 16:33 . 2008-03-18 23:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit Canada
2009-04-11 13:12 . 2008-09-14 19:44 -------- d-----w- c:\program files\Norton 360
2009-04-01 07:47 . 2009-04-01 07:47 782896 ----a-w- c:\documents and settings\Adrienne\Application Data\Juniper Networks\Host Checker\AVManagerUnified.dll
2009-04-01 07:47 . 2009-04-01 07:47 30256 ----a-w- c:\documents and settings\Adrienne\Application Data\Juniper Networks\Host Checker\CFireWallCOM.dll
2009-04-01 07:47 . 2009-04-01 07:47 146992 ----a-w- c:\documents and settings\Adrienne\Application Data\Juniper Networks\Host Checker\FWManager.dll
2009-04-01 07:47 . 2008-06-02 12:09 91184 ----a-w- c:\documents and settings\Adrienne\Application Data\Juniper Networks\Host Checker\CAntiVirusCOM.dll
2009-04-01 07:47 . 2008-06-02 12:09 35888 ----a-w- c:\documents and settings\Adrienne\Application Data\Juniper Networks\Host Checker\OPSWATProcessesScanner.dll
2009-04-01 02:46 . 2008-02-24 02:07 9584 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\NCO20.dll
2009-03-27 13:16 . 2009-03-27 13:17 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-03-27 13:16 . 2009-03-27 13:16 152576 ----a-w- c:\documents and settings\Adrienne\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
2009-03-26 19:23 . 2008-07-24 04:28 36864 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 20:32 . 2008-01-29 16:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-01 02:47 . 2008-09-15 12:36 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
(((((((((((((((((((((((((((((
SnapShot@2009-06-09_13.07.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-10 01:59 . 2009-06-10 01:59 16384 c:\windows\Temp\Perflib_Perfdata_7c0.dat
+ 2009-06-10 01:59 . 2009-06-10 01:59 16384 c:\windows\Temp\Perflib_Perfdata_750.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-08 1397760]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-27 136600]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"USRobotics Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-06-19 1290240]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-10-11 31232]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"EPSON Stylus CX4200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE" [2005-03-08 98304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"P17Helper"="P17.dll" - c:\windows\system32\P17.dll [2005-05-04 64512]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-10-28 66864]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
PHOTOfunSTUDIO -viewer-.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2009-2-11 40960]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\left 4 dead demo\\left4dead.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\peggle extreme\\PeggleExtreme.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\empire total war\\Empire.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 3:37 PM 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/27/2009 8:41 PM 101936]
R3 NdisWDM;USRobotics NDIS-WDM Virtual Miniport Ethernet Adapter Service;c:\windows\system32\drivers\NdisWDM.sys [12/25/2008 2:26 AM 203920]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 10:32 PM 23888]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
2009-05-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.hotmail.com/uInternet Settings,ProxyOverride = *.local
Trusted Zone: bmofg.com\inet
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} -
hxxps://inet.bmofg.com/dana-cached/sc/JuniperSetupClient.cabFF - ProfilePath - c:\documents and settings\Adrienne\Application Data\Mozilla\Firefox\Profiles\96s379pc.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.ca/FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-06-09 21:59
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(896)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
- - - - - - - > 'explorer.exe'(7104)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\dllhost.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-06-10 22:06 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-10 02:06
ComboFix2.txt 2009-06-09 13:13
Pre-Run: 160,004,149,248 bytes free
Post-Run: 159,965,130,752 bytes free
295 --- E O F --- 2009-05-14 00:29