Logfile of HijackThis v1.99.1
Scan saved at 13:09:30, on 11/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svhhost.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\RamBooster 2.0\Rambooster.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\program files\mcafee\msc\mcuimgr.exe
D:\Hijack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\PROGRA~1\POPUPP~1\PopLib.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Microsoft Critical Services] svhhost.exe O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe O4 - HKLM\..\RunServices: [Microsoft Critical Services] svhhost.exe O4 - HKLM\..\RunServices: [InternetExplorer32] C:\WINDOWS\system32\iexplore32.exe O4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: PopupPopper Control Panel - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - C:\Program Files\PopupPopper\SiteList.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181481224750O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
ComboFix 07-06-11.3 - C:\Documents and Settings\Mark Hollyoak\Desktop\ComboFix.exe
"Mark Hollyoak" - 2007-06-11 12:21:56 - Service Pack 2 NTFS
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\ayodapxk.dll
C:\WINDOWS\system32\bittkorq.dll
C:\WINDOWS\system32\byxywxy.dll
C:\WINDOWS\system32\ewbuvpyh.dll
C:\WINDOWS\system32\ibmymkmo.dll
C:\WINDOWS\system32\jtvmdkrt.dll
C:\WINDOWS\system32\mjbjcjdi.dll
C:\WINDOWS\system32\opgfrycy.dll
C:\WINDOWS\system32\perlrmpc.dll
C:\WINDOWS\system32\pmnnmll.dll
C:\WINDOWS\system32\voxfnmss.dll
C:\WINDOWS\system32\ymkceniq.dll
C:\WINDOWS\system32\awtstqr.dll
C:\WINDOWS\system32\cbxvvwx.dll
C:\WINDOWS\system32\efcddec.dll
C:\WINDOWS\system32\fcccywx.dll
C:\WINDOWS\system32\hggfdcd.dll
C:\WINDOWS\system32\hggfebb.dll
C:\WINDOWS\system32\ljjhhgh.dll
C:\WINDOWS\system32\mljgfgh.dll
C:\WINDOWS\system32\mljjggh.dll
C:\WINDOWS\system32\opnmmkl.dll
C:\WINDOWS\system32\pmnnnoo.dll
C:\WINDOWS\system32\qomlmlj.dll
C:\WINDOWS\system32\qomnlki.dll
C:\WINDOWS\system32\vtuttqo.dll
C:\WINDOWS\system32\wvutust.dll
C:\WINDOWS\system32\yayxwvu.dll
C:\WINDOWS\system32\bbadd.bak1
C:\WINDOWS\system32\bbadd.bak2
C:\WINDOWS\system32\bbadd.ini
C:\WINDOWS\system32\bbadd.ini2
C:\WINDOWS\system32\bbadd.tmp
C:\WINDOWS\system32\ssmnfxov.ini
C:\WINDOWS\system32\bbadd.bak1
C:\WINDOWS\system32\bbadd.bak2
C:\WINDOWS\system32\bbadd.ini
C:\WINDOWS\system32\bbadd.ini2
C:\WINDOWS\system32\bbadd.tmp
C:\WINDOWS\system32\bbadd.bak1
C:\WINDOWS\system32\bbadd.bak2
C:\WINDOWS\system32\bbadd.ini
C:\WINDOWS\system32\bbadd.ini2
C:\WINDOWS\system32\bbadd.tmp
C:\WINDOWS\system32\ddabb.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\nm
((((((((((((((((((((((((( Files Created from 2007-05-11 to 2007-06-11 )))))))))))))))))))))))))))))))
2007-06-11 12:21 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-09 09:12 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor
2007-06-09 09:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
2007-06-09 09:07 <DIR> d-------- C:\DOCUME~1\MARKHO~1\APPLIC~1\AdobeUM
2007-06-08 21:22 <DIR> d-------- C:\DOCUME~1\MARKHO~1\APPLIC~1\CyberLink
2007-06-08 15:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\vsosdk
2007-06-06 22:57 <DIR> d-------- C:\DOCUME~1\MARKHO~1\APPLIC~1\McAfee
2007-06-06 22:53 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-06-06 22:51 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2007-06-06 22:50 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-06-06 22:48 <DIR> d-------- C:\Program Files\McAfee.com
2007-06-06 22:48 <DIR> d-------- C:\Program Files\McAfee
2007-06-06 22:48 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-06-06 22:45 90,112 --a------ C:\WINDOWS\system32\udfrunin.exe
2007-06-06 22:45 206,208 --a------ C:\WINDOWS\system32\drivers\udfreadr.sys
2007-06-06 21:35 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-06-06 20:56 <DIR> d-------- C:\DOCUME~1\MARKHO~1\APPLIC~1\SiteAdvisor
2007-06-06 20:26 55,316 --a------ C:\WINDOWS\system32\doixiuwe.dll
2007-06-06 11:20 14,868 --a------ C:\WINDOWS\system32\bellyjpp.exe
2007-06-06 11:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
2007-06-05 12:37 22,528 --a------ C:\WINDOWS\system32\lpdsvc.dll
2007-06-05 12:37 18,944 --a------ C:\WINDOWS\system32\lprmon.dll
2007-06-05 11:49 <DIR> d-------- C:\Program Files\Windows Live
2007-06-05 11:49 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2007-06-05 10:32 <DIR> d-------- C:\Program Files\PopupPopper
2007-06-05 10:31 <DIR> d-------- C:\DOCUME~1\MARKHO~1\APPLIC~1\DivX
2007-06-04 13:50 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-06-04 13:27 <DIR> d-------- C:\DOCUME~1\MARKHO~1\APPLIC~1\Corel
2007-06-04 13:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel
2007-06-04 13:24 <DIR> d-------- C:\Program Files\Common Files\Corel
2007-06-04 13:21 88 -r-hs---- C:\WINDOWS\system32\094A7070F0.sys
2007-06-04 13:21 3,766 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-06-04 13:08 <DIR> d-------- C:\Program Files\Corel
2007-06-04 11:59 <DIR> d-------- C:\Program Files\Microsoft Works
2007-06-04 11:52 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-06-04 11:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-06-04 11:50 <DIR> dr-h----- C:\MSOCache
2007-06-04 11:22 <DIR> d-------- C:\Program Files\MagicISO
2007-06-04 11:05 <DIR> d-------- C:\Program Files\PowerISO
2007-06-04 11:02 <DIR> d-------- C:\Program Files\Smart Projects
2007-06-04 11:01 2,766,576 --a------ C:\WINDOWS\system32\exec1.exe
2007-06-04 10:44 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2007-06-04 10:44 160,640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2007-06-04 10:44 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-06-04 10:27 <DIR> d-------- C:\DOCUME~1\MARKHO~1\APPLIC~1\Ahead
2007-06-04 10:20 <DIR> d-------- C:\Program Files\Nero
2007-06-04 10:20 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-06-04 00:39 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-06-04 00:34 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-06-04 00:34 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-06-04 00:10 <DIR> d-------- C:\WINDOWS\AiOTemp
2007-06-03 23:57 <DIR> d-------- C:\Program Files\CCleaner
2007-06-03 23:52 <DIR> d-------- C:\DOCUME~1\MARKHO~1\Contacts
2007-06-03 23:50 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-06-03 23:49 <DIR> d-------- C:\Program Files\MSN Messenger
2007-06-03 23:46 <DIR> d-------- C:\Program Files\Windows Defender
2007-06-03 23:32 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-06-03 23:18 <DIR> d-------- C:\Program Files\Uniblue
2007-06-03 22:47 <DIR> d-------- C:\DOCUME~1\MARKHO~1\APPLIC~1\Uniblue
2007-06-03 22:44 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-06-03 22:36 <DIR> d--hs---- C:\DOCUME~1\MARKHO~1\UserData
2007-06-03 22:19 90,112 -ra------ C:\WINDOWS\system32\hpocon09.exe
2007-06-03 22:19 22,139 -ra------ C:\WINDOWS\system32\hpocoi08.dll
2007-06-03 22:18 8,704 --a------ C:\WINDOWS\system32\drivers\Dot4scan.sys
2007-06-03 22:18 324,608 --a------ C:\WINDOWS\system32\hpojwia.dll
2007-06-03 22:18 23,808 --a------ C:\WINDOWS\system32\drivers\Dot4usb.sys
2007-06-03 22:18 207,360 --a------ C:\WINDOWS\system32\drivers\Dot4.sys
2007-06-03 22:18 12,928 --a------ C:\WINDOWS\system32\drivers\Dot4Prt.sys
2007-06-03 22:06 38,912 -ra------ C:\WINDOWS\system32\hh.exe
2007-06-03 22:06 <DIR> d-------- C:\DOCUME~1\MARKHO~1\APPLIC~1\Share-to-Web Upload Folder
2007-06-03 22:01 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-06-03 21:06 90,174 --a------ C:\WINDOWS\system32\bt848wst.dll
2007-06-03 21:06 9,539 --a------ C:\WINDOWS\system32\drivers\hcw88r9x.sys
2007-06-03 21:06 81,976 --a------ C:\WINDOWS\system32\hcwi2c32.dll
2007-06-03 21:06 498,176 --a------ C:\WINDOWS\system32\drivers\hcw88vid.sys
2007-06-03 21:06 466,944 --a------ C:\WINDOWS\system32\HCWTVWND.dll
2007-06-03 21:06 393,216 --a------ C:\WINDOWS\system32\hcwsnbd9.dll
2007-06-03 21:06 36,921 --a------ C:\WINDOWS\system32\hcwutl32.dll
2007-06-03 21:06 306,499 --a------ C:\WINDOWS\system32\drivers\HCW88enc.sys
2007-06-03 21:06 23,552 --a------ C:\WINDOWS\system32\drivers\hcw88bar.sys
2007-06-03 21:06 213,050 --a------ C:\WINDOWS\system32\Hcwchan.dll
2007-06-03 21:06 188,472 --a------ C:\WINDOWS\system32\hcwpnp32.dll
2007-06-03 21:06 149,504 --a------ C:\WINDOWS\system32\drivers\hcw88tun.sys
2007-06-03 21:06 141,376 --a------ C:\WINDOWS\system32\drivers\HCW88bda.sys
2007-06-03 21:06 13,248 --a------ C:\WINDOWS\system32\drivers\HCW88ts.sys
2007-06-03 21:06 12,288 --a------ C:\WINDOWS\system32\btgpio32.dll
2007-06-03 21:06 11,776 --a------ C:\WINDOWS\system32\drivers\hcw88rc5.sys
2007-06-03 21:06 11,264 --a------ C:\WINDOWS\system32\hcwhook.dll
2007-06-03 21:06 106,559 --a------ C:\WINDOWS\system32\Hcwtvdlg.dll
2007-06-03 21:06 <DIR> d-------- C:\Program Files\WinTV
2007-06-03 21:03 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-06-03 20:59 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-06-03 20:54 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-06-03 20:53 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-06-03 20:39 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
2007-06-03 20:39 469,696 --a------ C:\WINDOWS\system32\drivers\lvcm.sys
2007-06-03 20:39 372,736 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2007-06-03 20:39 208,896 --a------ C:\WINDOWS\system32\lvcodec2.dll
2007-06-03 20:39 204,800 --a------ C:\WINDOWS\system32\LVUI2.dll
2007-06-03 20:39 19,968 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2004-08-04 12:00:00 94,784 --sh--w C:\WINDOWS\twain.dll
2004-08-04 12:00:00 50,688 --sh--w C:\WINDOWS\twain_32.dll
2004-08-04 12:00:00 532,480 --sha-r C:\WINDOWS\system32\iexplore32.exe
2004-08-04 12:00:00 1,028,096 --sh--w C:\WINDOWS\system32\mfc42.dll
2004-08-04 12:00:00 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
2004-08-04 12:00:00 413,696 --sh--w C:\WINDOWS\system32\msvcp60.dll
2004-08-04 12:00:00 343,040 --sh--w C:\WINDOWS\system32\msvcrt.dll
2004-08-04 12:00:00 553,472 --sh--w C:\WINDOWS\system32\oleaut32.dll
2004-08-04 12:00:00 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll
2004-08-04 12:00:00 11,776 --sh--w C:\WINDOWS\system32\regsvr32.exe
2004-08-04 12:00:00 609,885 --sha-r C:\WINDOWS\system32\svhhost.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{089FD14D-132B-48FC-8861-0048AE113215}=C:\Program Files\SiteAdvisor\6066\SiteAdv.dll [2007-03-30 16:41]
{41353F8B-78CE-48A5-BE44-153ED293D192}=C:\PROGRA~1\POPUPP~1\PopLib.dll [2003-05-26 22:41]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 00:48]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 C:\WINDOWS\system32\bthprops.cpl]
"Microsoft Critical Services"="svhhost.exe" [2004-08-04 13:00 C:\WINDOWS\system32\svhhost.exe]
"C-Media Mixer"="Mixer.exe" [2003-03-20 07:21 C:\WINDOWS\mixer.exe]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-25 17:15]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-25 17:06]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"NWEReboot"="" []
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 13:23]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe" [2006-08-04 11:00]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 16:30]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2006-07-24 21:28]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RamBooster"="C:\Program Files\RamBooster 2.0\Rambooster.exe" [2005-11-17 07:32]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-06-03 17:37]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft Critical Services"=svhhost.exe
"InternetExplorer32"=C:\WINDOWS\system32\iexplore32.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"="C:\PROGRA~1\DVDREG~1\DVDShell.dll" [2003-12-20 21:58]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [2006-10-27 00:48]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
Contents of the 'Scheduled Tasks' folder
2007-06-06 21:49:29 C:\WINDOWS\tasks\McDefragTask.job
2007-06-06 21:49:28 C:\WINDOWS\tasks\McQcTask.job
2007-06-11 11:14:28 C:\WINDOWS\tasks\MP Scheduled Scan.job
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.netRootkit scan 2007-06-11 12:31:11 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]
Completion time: 2007-06-11 12:32:34 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-11 12:32
--- E O F ---
| 
|