Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:10 PM, on 8/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Chris Gray\Desktop\noname.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [EPSON Stylus C88 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE" /P23 "EPSON Stylus C88 Series" /O6 "USB001" /M "Stylus C88"
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [*MSConfig32] C:\WINDOWS\system32\aecache.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Customize Menu -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windows ... 7712912203
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) -
http://driveragent.com/files/driveragent.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 11888 bytes
ComboFix 07-08-30.1 - "Chris Gray" 2007-08-31 12:22:54.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.493 [GMT -7:00]
Command switches used :: C:\Documents and Settings\Chris Gray\Desktop\CFScript.txt
* Created a new restore point
((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-31 )))))))))))))))))))))))))))))))
2007-08-30 23:50 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-08-30 23:46 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-08-30 23:46 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-08-30 12:52 <DIR> d-------- C:\gmer
2007-08-29 12:48 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-29 11:15 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-29 11:07 <DIR> d-------- C:\Program Files\CCleaner
2007-08-28 19:58 <DIR> d-------- C:\VundoFix Backups
2007-08-28 14:05 <DIR> d-------- C:\DOCUME~1\CHRISG~1\APPLIC~1\Media Player Classic
2007-08-28 10:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-27 21:13 <DIR> d-------- C:\backup
2007-08-27 18:08 <DIR> d-------- C:\DOCUME~1\CHRISG~1\APPLIC~1\Apple Computer
2007-08-27 18:06 <DIR> d-------- C:\Program Files\iTunes
2007-08-27 18:06 <DIR> d-------- C:\Program Files\iPod
2007-08-27 18:03 <DIR> d-------- C:\Program Files\QuickTime
2007-08-27 18:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-08-27 18:01 <DIR> d-------- C:\Program Files\Apple Software Update
2007-08-27 17:59 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-08-27 17:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-08-27 16:53 <DIR> d-------- C:\DOCUME~1\CHRISG~1\APPLIC~1\AdobeUM
2007-08-27 16:40 <DIR> d-------- C:\WINDOWS\Cache
2007-08-27 13:07 57,344 --a------ C:\WINDOWS\system32\itmreg.dll
2007-08-27 13:07 548,864 --a------ C:\WINDOWS\system32\Triad2003e.dll
2007-08-27 13:07 <DIR> d-------- C:\Program Files\Triad Interactive
2007-08-27 13:07 <DIR> d-------- C:\Program Files\SimNet 2003 Enterprise
2007-08-26 10:27 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-08-26 10:27 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-08-26 10:27 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-08-26 10:27 144,448 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-08-26 10:27 <DIR> d-------- C:\Program Files\Webroot
2007-08-26 10:27 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot
2007-08-26 10:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
2007-08-26 10:26 <DIR> d-------- C:\DOCUME~1\CHRISG~1\APPLIC~1\Webroot
2007-08-25 21:47 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-25 21:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-25 02:00 90,112 --a------ C:\WINDOWS\unvise32.exe
2007-08-25 02:00 <DIR> d-------- C:\Program Files\YVD
2007-08-24 09:08 <DIR> d-------- C:\Program Files\Intelore
2007-08-24 09:02 <DIR> d-------- C:\Program Files\Passware
2007-08-23 14:00 91,136 --a------ C:\WINDOWS\system32\drivers\p4.exe
2007-08-23 14:00 89,088 --a------ C:\WINDOWS\system32\drivers\p5.exe
2007-08-23 14:00 84,480 --a------ C:\WINDOWS\system32\drivers\p6.exe
2007-08-23 10:21 <DIR> d--hs---- C:\Diskeeper
2007-08-23 09:28 <DIR> d-------- C:\Program Files\Diskeeper Corporation
2007-08-23 09:27 <DIR> d-------- C:\Program Files\X64
2007-08-23 09:24 <DIR> d-------- C:\Program Files\X86
2007-08-23 09:20 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-08-23 09:16 <DIR> d-------- C:\Program Files\propremierx86v110686
2007-08-23 09:15 35,085,416 --a------ C:\Program Files\Diskeeper2007-ProPremier.exe
2007-08-23 09:15 31,449,264 --a------ C:\Program Files\Diskeeper2007-Server.exe
2007-08-23 09:15 <DIR> d-------- C:\Program Files\propremierx64v110686
2007-08-23 09:15 <DIR> d-------- C:\Program Files\Disskeeper2007.License
2007-08-23 09:14 52,126,144 --a------ C:\Program Files\Diskeeper2007-Administrator.exe
2007-08-23 09:14 35,536,256 --a------ C:\Program Files\Diskeeper2007-EnterpriseServer.exe
2007-08-23 09:14 35,460,384 --a------ C:\Program Files\Diskeeper2007-Professional.exe
2007-08-23 09:14 14,539,984 --a------ C:\Program Files\Diskeeper2007-Home.exe
2007-08-23 09:02 <DIR> d-------- C:\Program Files\Common Files\L&H
2007-08-23 09:01 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-08-23 09:01 <DIR> d-------- C:\Program Files\GameMinimizer
2007-08-23 09:00 <DIR> d-------- C:\Program Files\Microsoft Works
2007-08-23 08:59 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-08-23 08:59 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-08-23 08:55 <DIR> dr-h----- C:\MSOCache
2007-08-23 08:54 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire
2007-08-23 08:47 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-08-23 08:43 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-08-23 08:43 32,256 --a------ C:\WINDOWS\system32\aecache.exe
2007-08-23 08:35 <DIR> d-------- C:\Program Files\Siber Systems
2007-08-23 08:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\RoboForm
2007-08-23 08:28 <DIR> d-------- C:\Program Files\The All-Seeing Eye
2007-08-23 08:26 <DIR> d-------- C:\Program Files\DAMN NFO Viewer
2007-08-23 08:17 <DIR> d-------- C:\Program Files\VoiceOverlay
2007-08-22 23:47 <DIR> d-------- C:\DOCUME~1\CHRISG~1\APPLIC~1\vlc
2007-08-22 23:22 <DIR> d-------- C:\Program Files\VideoLAN
2007-08-21 22:40 <DIR> d-------- C:\Program Files\visual boy
2007-08-21 17:01 594,238 --a--c--- C:\WINDOWS\system32\dllcache\es56hpi.sys
2007-08-21 17:01 594,238 --a------ C:\WINDOWS\system32\drivers\es56hpi.sys
2007-08-21 17:01 49,152 --------- C:\WINDOWS\remvess.exe
2007-08-21 17:01 163,840 --------- C:\WINDOWS\essspk.exe
2007-08-21 17:01 <DIR> d-------- C:\WINDOWS\options
2007-08-21 17:00 <DIR> d-------- C:\DOCUME~1\CHRISG~1\APPLIC~1\WinRAR
2007-08-21 16:22 <DIR> d-------- C:\DOCUME~1\CHRISG~1\Contacts
2007-08-21 16:20 <DIR> d-------- C:\Program Files\MSN Messenger
2007-08-21 16:14 <DIR> d-------- C:\Program Files\PCPitstop
2007-08-21 16:11 <DIR> d-------- C:\Program Files\uTorrent
2007-08-21 16:10 <DIR> d-------- C:\DOCUME~1\CHRISG~1\APPLIC~1\uTorrent
2007-08-21 13:50 1,458,176 --a------ C:\WINDOWS\system\SmWizard.exe
2007-08-21 13:42 <DIR> d-------- C:\Program Files\C-Media 3D Audio
2007-08-21 13:41 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-08-21 13:39 <DIR> d-------- C:\SOYO
2007-08-21 13:34 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Xfire
2007-08-21 13:33 <DIR> d---s---- C:\Program Files\Xfire
2007-08-21 13:33 <DIR> d-------- C:\DOCUME~1\CHRISG~1\APPLIC~1\Xfire
2007-08-21 13:22 <DIR> d-------- C:\Program Files\Call of Duty
2007-08-21 12:54 <DIR> d-------- C:\DOCUME~1\CHRISG~1\APPLIC~1\ATI
2007-08-21 12:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
2007-08-21 12:51 <DIR> d-------- C:\Program Files\Steam
2007-08-21 12:50 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-08-21 12:49 <DIR> d-------- C:\Program Files\ATI Technologies
2007-08-21 12:49 <DIR> d-------- C:\ATI
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-31 04:39 0 --a------ C:\WINDOWS\system32\drivers\lvuvc.hs
2007-08-21 10:58 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2007-08-21 10:51 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-08-21 10:51 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-27 22:44 45296 --a------ C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-07-27 20:30 269312 --a------ C:\WINDOWS\system32\ati2dvag.dll
2007-07-27 20:30 2371584 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-07-27 20:12 3067712 --a------ C:\WINDOWS\system32\ati3duag.dll
2007-07-27 20:01 1550208 --a------ C:\WINDOWS\system32\ativvaxx.dll
2007-07-27 19:40 450560 --a------ C:\WINDOWS\system32\ati2cqag.dll
2007-06-25 23:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 06:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 03:23 1033216 --a------ C:\WINDOWS\explorer.exe
2006-10-16 14:09 1209 --a------ C:\Program Files\License.dal
2006-10-01 02:24 73728 --a------ C:\Program Files\Autorun.exe
2001-11-22 20:08 712704 --a------ C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
((((((((((((((((((((((((((((( snapshot_2007-08-30_125124.90 )))))))))))))))))))))))))))))))))))))))))
----a-w 585,791 2007-08-30 19:52:40 C:\WINDOWS\gmer.dll
----a-w 581,632 2007-06-29 16:38:18 C:\WINDOWS\gmer.exe
----a-w 163,328 2005-10-20 19:02:28 C:\WINDOWS\erdnt\8-31-2007\ERDNT.EXE
----a-w 70,001 2007-08-30 19:52:40 C:\WINDOWS\system32\drivers\gmer.sys
----atw 16,384 2007-08-29 18:59:53 C:\WINDOWS\Temp\Perflib_Perfdata_624.dat
----atw 16,384 2007-08-31 11:39:38 C:\WINDOWS\Temp\Perflib_Perfdata_658.dat
----atw 16,384 2007-08-31 11:02:13 C:\WINDOWS\Temp\Perflib_Perfdata_740.dat
----atw 16,384 2007-08-31 11:41:00 C:\WINDOWS\Temp\Perflib_Perfdata_748.dat
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="rundll32.exe" [2004-08-04 00:56 C:\WINDOWS\system32\rundll32.exe]
"EPSON Stylus C88 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.exe" [2005-01-27 04:00]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" []
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 C:\WINDOWS\KHALMNPR.Exe]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 10:52]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 10:53]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
"Cmaudio"="cmicnfg.cpl" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-29 11:16]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"Steam"="C:\Program Files\Steam\Steam.exe" [2007-08-21 12:54]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-08-23 08:35]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 03:29]
"MSConfig32"="C:\WINDOWS\system32\aecache.exe" [2007-08-29 12:06]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"*MSConfig32"=C:\WINDOWS\system32\aecache.exe
C:\DOCUME~1\CHRISG~1\STARTM~1\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08]
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe [2007-08-23 16:41:12]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter;C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
S3 LVPrcMon;Logitech LVPrcMon Driver;\??\C:\WINDOWS\system32\drivers\LVPrcMon.sys
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B6A807N6-42DF-4W02-93E5-B156B3FA8AL1}]
C:\WINDOWS\system32\aecache.exe
Contents of the 'Scheduled Tasks' folder
2007-08-28 01:01:35 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-21 17:29:23 C:\WINDOWS\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe
2007-08-21 17:29:21 C:\WINDOWS\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-08-31 12:24:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-31 12:25:21
C:\ComboFix-quarantined-files.txt ... 2007-08-31 12:25
C:\ComboFix2.txt ... 2007-08-30 12:51
--- E O F ---
0 bytes size received / Se ha recibido un archivo vacio