View Full Version : Please check HJT log
gracious
10-30-2008, 12:04 PM
I have had the dreaded virtumonde rearing its ugly head again, found via spywareblaster...when I was trying to access the Quick Time website to download the viewer, IE would look as if it is opening the page and then it would just disappear. Other sites are fine so I don't know if it is an issue with Quick Time's website or something on the pc. Please take a look at my log, Malwarebyte's didn't pick up on anything.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:00:42 AM, on 10/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MSI\SecureDoc\Logon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SecureDoc.lnk = C:\Program Files\MSI\SecureDoc\Logon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
gracious
10-30-2008, 12:05 PM
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatieControl Object) - http://zone.msn.com/bingame/choc/default/ChocolatierWeb.1.0.0.15.cab
O16 - DPF: {226ACC34-3194-70E2-5AE7-864FCFE9E80D} (CPlayFirstmsiControl Object) - http://zone.msn.com/bingame/mosi/default/msi.1.0.0.9.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://zone.msn.com/bingame/dsh2/default/DinerDash2.1.0.0.68.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1213560318265
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://download-games.pogo.com/online2/pogo/luxor_2/mjolauncher.cab
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zpa_dmno.cab55579.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://l.yimg.com/jh/games/web_games/sony/bewitched/main.cab
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.98.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15035/CTPID.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/CheckersZPA.cab55579.cab
O20 - AppInit_DLLs: wbsys.dll lrrbpv.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 11148 bytes
classicsoftware
10-31-2008, 02:13 AM
First:
How to run a scan with Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware from Here (http://www.besttechie.net/tools/mbam-setup.exe) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.[/QUOTE]
Second:
Please do the following:
Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop (it needs to be run from the Desktop). Double click combofix.exe & follow the prompts.
When finished, it will produce a log for you.
Note:
Do not mouseclick Combofix's window while it is running. That may cause the program to stall...
Third:
Re-boot the system
Post the Combofix Log
Post the MBAM log
Post a new HJT log
Tell us how the system is running.
gracious
11-13-2008, 01:55 PM
Classic, I apologize for not responding in a quick manner. We had an emergency, :eek: hubbie did a number on his hand and had to have surgery......wasn't focused on computers at the time, been having to be his right hand so to speak....sorry.
Hubbie bought a new raptor and is wanting me to move all programs to this hdd and leave the OS on the old sata. Still contemplating how I am going to do this lol, was thinking of using either coa2 or funduc's application mover or just installing the programs onto the new drive and then uninstalling....
Anyway, I am sorry for not getting back to this thread sooner. I will let you know if I need further assistance, as always I am greatful for your help,
Gracious :p
Dorkspawn
11-13-2008, 05:59 PM
I bought a new HDD and transfered everything from my old drive to the new one with Acronis Migrate Easy. If that's what you're wanting to do, it works fine.
http://www.newegg.com/Product/Product.aspx?Item=N82E1681080903SF
gracious
11-13-2008, 06:31 PM
Hey Dorkspawn (love that name!:D ) well I am not wanting to ghost or copy entire hdd to the raptor. I am keeping the 1st sata drive and adding the raptor, not upgrading from one hdd to another. I basically want to move all program files over to the raptor drive and keep the 1st sata with only xp system files so that if I have to reformat, I have all the other junk safe on the raptor, the raptor is just a storage drive at this point. Have you heard of coa2? I have read a lot of people have used it with XP, messing with the registry is not my idea of having a good time and I am a little leery using a software that claims it can find all the links.:eek: The Acronis program does look nifty and it's only $39, and the fact that it has a partition management might come in handy. I am wondering if it will just migrate all the program files from one drive to another? I like the fact that it is stated to work with xp unlike coa2.
Dorkspawn
11-13-2008, 07:28 PM
Migrate Easy makes an exact copy of your old drive. Plus, XP doesn't know the difference so there's no activation issue afterwards. It looks like that's not really what you want to do. I've never heard of coa2, but Sylvander likes a program called Image for DOS. You might give that a look-see.
gracious
11-14-2008, 12:05 PM
Thank you for the info Dorkspawn, I am still thinking about what to do, but eventually will do something, I might go ahead and ghost the drive before I do anything in the event something does get messed up.
classicsoftware
11-15-2008, 05:27 PM
It makes no sense to move the data to a new drive if it is infected. The problem will persist. Also moving an entire partition will be no problem. Moving programs to a different location involves registry changes I would be loathe to make.
gracious
11-15-2008, 11:18 PM
It makes no sense to move the data to a new drive if it is infected :eek:
Yes you are so right! I am not doing anything until I am able to post the other logs, I basically wanted to let you know that I was preoccupied and did not want you to think I forgot about my initial post. Things are getting somewhat back to normal and I should be able to run combofix.......
Moving programs to a different location involves registry changes I would be loathe to make.
Yeah, that is about how I feel about it, been reading a lot about coa2 and a lot of people have used it quite successfully, but I am probably going to do the install/uninstall way.
gracious
12-25-2008, 10:50 PM
Finally able to run the scans requested, sorry about the delay but life kind of got in the way.....
Anyway, ran Spybot S&D and it found 2 instances relating to the virtumonde and I had the program remove both entries, then I ran Malwarebyte and than combo and finally a new HJT. System seems to be running better but it seems this pesky trojan keeps reappearing, hopefully it is gone now.
Thank you again for your help!!! Merry Christmas!!!
Here are the logs:
Malwarebytes' Anti-Malware 1.31
Database version: 1547
Windows 5.1.2600 Service Pack 2
12/25/2008 8:31:27 PM
mbam-log-2008-12-25 (20-31-27).txt
Scan type: Quick Scan
Objects scanned: 58613
Time elapsed: 2 minute(s), 34 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
gracious
12-25-2008, 10:52 PM
Combo Log:
ComboFix 08-12-25.02 - Marc 2008-12-25 20:37:09.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1487 [GMT -6:00]
Running from: c:\documents and settings\Marc\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\recycler\desktopA.sys
c:\windows\emMON.exe
c:\windows\IE4 Error Log.txt
c:\windows\system32\efcdbaxx.dll
----- BITS: Possible infected sites -----
hxxp://childhe.com
.
((((((((((((((((((((((((( Files Created from 2008-11-26 to 2008-12-26 )))))))))))))))))))))))))))))))
.
2008-12-12 10:32 . 2008-12-02 13:49 1,765 --a------ c:\windows\hpbvnstp.hi1
2008-12-12 10:32 . 2008-12-02 13:49 561 --a------ c:\windows\hpbvnstp.bu1
2008-12-02 13:49 . 2007-03-29 15:01 372,736 -ra------ c:\windows\system32\hppldcoi.dll
2008-12-02 13:49 . 2006-05-18 16:58 309,760 -ra------ c:\windows\system32\difxapi.dll
2008-12-02 13:49 . 2007-02-05 17:49 188,416 -ra------ c:\windows\system32\hppcew01.dll
2008-12-02 13:49 . 2006-04-04 15:19 17,024 -ra------ c:\windows\system32\drivers\hpfxgen.sys
2008-12-02 13:49 . 2006-04-04 15:20 9,344 -ra------ c:\windows\system32\drivers\hpfxbulk.sys
2008-12-02 13:49 . 2008-12-12 10:32 4,565 --a------ c:\windows\hpbvnstp.his
2008-12-02 13:49 . 2008-12-12 10:32 1,193 --a------ c:\windows\hpbvnstp.ini
2008-12-02 13:48 . 2008-12-02 13:48 <DIR> d----c--- c:\windows\system32\DRVSTORE
2008-12-02 13:48 . 2008-12-02 14:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-12-02 13:48 . 2007-02-05 14:32 782,336 -ra------ c:\windows\system32\hpptpml3.dll
2008-12-02 13:48 . 2007-03-22 11:45 573,440 -ra------ c:\windows\system32\hpxp3390.dll
2008-12-02 13:48 . 2007-02-28 13:39 458,752 -ra------ c:\windows\system32\hppasc01.dll
2008-12-02 13:48 . 2007-03-28 17:36 327,680 -ra------ c:\windows\system32\HPPEPR01.DLL
2008-12-02 13:48 . 2007-03-21 18:54 229,376 -ra------ c:\windows\system32\HPPCPR01.DLL
2008-12-02 13:48 . 2005-10-28 11:01 45,056 --a------ c:\windows\system32\HPPAPTS0.DLL
2008-12-02 13:48 . 2005-10-28 11:01 36,864 --a------ c:\windows\system32\HPPASNM0.DLL
2008-12-02 13:48 . 2005-10-28 11:01 36,864 --a------ c:\windows\system32\HPPAPML0.DLL
2008-12-02 13:48 . 2005-10-28 11:01 36,864 --a------ c:\windows\system32\HPPADT40.DLL
2008-12-02 13:48 . 2005-10-28 11:01 32,768 --a------ c:\windows\system32\HPPAMON0.DLL
2008-12-02 13:48 . 2007-03-15 13:45 630 -ra------ c:\windows\system32\HPPCPR01.DAT
2008-12-02 13:45 . 2008-12-02 14:03 128,785 --a------ c:\windows\hppins02.dat
2008-12-02 13:45 . 2007-06-15 15:18 1,883 --------- c:\windows\hppmdl02.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-12-26 02:26 91,930,656 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-26 02:26 1,080,320 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-26 02:20 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-26 02:12 --------- d-----w c:\program files\SpywareBlaster
2008-12-26 00:47 --------- d-----w c:\documents and settings\Marc\Application Data\MailWasherPro
2008-12-22 17:23 --------- d-----w c:\program files\Google
2008-12-09 09:15 6,777,078 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-12-05 18:52 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-12-04 01:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-04 01:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-12-02 20:00 --------- d-----w c:\documents and settings\Marc\Application Data\HP
2008-12-02 19:55 --------- d-----w c:\program files\HP
2008-11-07 09:37 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-06 21:14 --------- d-----w c:\program files\Lighthouse Interactive
2008-11-04 00:50 --------- d-----w c:\documents and settings\Marc\Application Data\Red Alert 3
2008-11-04 00:48 5,006 ----a-w c:\windows\system32\ealregsnapshot1.reg
2008-11-04 00:07 --------- d-----w c:\program files\Electronic Arts
2008-10-30 15:33 --------- d-----w c:\program files\Rhapsody
2008-10-30 15:32 --------- d-----w c:\program files\QuickTime
2008-10-30 15:32 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-30 15:19 --------- d-----w c:\documents and settings\Marc\Application Data\Apple Computer
2008-10-30 15:17 --------- d-----w c:\program files\Apple Software Update
2008-10-30 15:17 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-10-30 14:49 --------- d-----w c:\documents and settings\All Users\Application Data\QuickTime
2008-10-26 17:15 --------- d-----w c:\program files\Paint.NET
2008-10-22 14:49 108,784 ----a-w c:\documents and settings\Marc\Application Data\GDIPFONTCACHEV1.DAT
2008-10-08 22:53 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-09-30 18:53 40,357 ----a-w c:\windows\Internet Logs\zlclient_2nd_2008_09_30_13_26_00_small.dmp.zi p
2008-09-30 18:53 39,516 ----a-w c:\windows\Internet Logs\zlclient_2nd_2008_09_30_13_26_02_small.dmp.zi p
2008-09-30 16:57 1,906,688 ----a-w c:\windows\Internet Logs\xDB4.tmp
2008-06-16 23:32 22,328 ----a-w c:\documents and settings\Marc\Application Data\PnkBstrK.sys
2003-03-31 12:00 94,784 --sh--w c:\windows\twain.dll
2004-08-04 07:56 50,688 --sh--w c:\windows\twain_32.dll
2004-08-04 07:56 1,028,096 --sha-w c:\windows\system32\mfc42.dll
2004-08-04 07:56 54,784 --sha-w c:\windows\system32\msvcirt.dll
2004-08-04 07:56 413,696 --sha-w c:\windows\system32\msvcp60.dll
2004-08-04 07:56 343,040 --sha-w c:\windows\system32\msvcrt.dll
2004-08-04 07:56 553,472 --sha-w c:\windows\system32\oleaut32.dll
2004-08-04 07:56 83,456 --sha-w c:\windows\system32\olepro32.dll
2004-08-04 07:56 11,776 --sha-w c:\windows\system32\regsvr32.exe
.
gracious
12-25-2008, 10:55 PM
((((((((((((((((((((((((((((( snapshot@2008-09-30_15.45.03.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-02 19:55:48 10,752 ----a-w c:\windows\assembly\GAC\Interop.hpqusg\3.0.0.0__a5 3cf5803f4c3827\interop.hpqusg.dll
+ 2008-10-26 17:15:35 102,400 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Dds FileType\0da9fdde43eebd4f893db9d1f9bce637\DdsFileT ype.ni.dll
+ 2008-10-26 17:15:36 548,864 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ICS harpCode.SharpZi#\4b0e75bf22a2e3459bc2a91c8a709487 \ICSharpCode.SharpZipLib.ni.dll
+ 2008-10-26 17:15:31 114,688 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Int erop.WIA\94ca316b68071d48be69e06d7fcc1e54\Interop. WIA.ni.dll
+ 2008-10-26 17:15:28 249,856 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Pai ntDotNet.Base\de632b0de538734dace1394403440361\Pai ntDotNet.Base.ni.dll
+ 2008-10-26 17:15:33 1,912,832 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Pai ntDotNet.Core\8d46205b3f733243aa221adb1f7f90d4\Pai ntDotNet.Core.ni.dll
+ 2008-10-26 17:15:34 774,144 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Pai ntDotNet.Data\10d4dbadb03cfb4b8ac12297277fb19e\Pai ntDotNet.Data.ni.dll
+ 2008-10-26 17:15:44 757,760 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Pai ntDotNet.Effects\e9a6061ce9ab2f4d8a68d6a1537b55bc\ PaintDotNet.Effects.ni.dll
+ 2008-10-26 17:15:31 348,160 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Pai ntDotNet.Resourc#\6e5ae116606cfd40b02b429d344e7c96 \PaintDotNet.Resources.ni.dll
+ 2008-10-26 17:15:30 22,528 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Pai ntDotNet.StylusR#\1ec1e93b779be24b9853ba201d525b24 \PaintDotNet.StylusReader.ni.dll
+ 2008-10-26 17:15:29 643,072 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Pai ntDotNet.SystemL#\725cec4e14a76b4380a2b3c03c24a9cf \PaintDotNet.SystemLayer.ni.dll
+ 2008-10-26 17:15:48 2,199,552 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Pai ntDotNet\f458249873689747bd54db1caa130b3a\PaintDot Net.ni.exe
+ 2008-10-26 17:15:27 2,703,360 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Data.SqlXml\7db2d4507d42184486a2889aa275c3b6\S ystem.Data.SqlXml.ni.dll
+ 2008-10-26 17:15:28 339,968 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Runtime.Seri#\02424b47dcf5bb40a54b89f72224b0bd \System.Runtime.Serialization.Formatters.Soap.ni.d ll
+ 2008-10-26 17:15:53 28,672 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Wia Proxy32\b88b2a09b59bd647b9e39bfc88356cca\WiaProxy3 2.ni.exe
+ 2006-12-28 18:53:28 57,344 ----a-w c:\windows\devcon.exe
+ 2008-10-02 05:32:32 2,672,148 ----a-w c:\windows\Downloaded Program Files\bewitched.dat
+ 2008-09-27 00:08:16 3,204,368 ----a-w c:\windows\Downloaded Program Files\EPUWALcontrol.dll
+ 2007-04-03 20:08:34 344,664 ----a-w c:\windows\Downloaded Program Files\HPBasicDetection3.dll
+ 2007-04-30 22:09:12 34,360 ----a-w c:\windows\Downloaded Program Files\HPProductDetails.dll
+ 2007-04-30 22:09:50 83,512 ----a-w c:\windows\Downloaded Program Files\LogInfo.dll
+ 2006-10-03 20:48:28 327,680 ----a-w c:\windows\Downloaded Program Files\mjolauncher.dll
+ 2007-05-15 21:33:20 251,448 ----a-w c:\windows\Downloaded Program Files\SysInfo.dll
- 2005-10-21 01:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 02:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
+ 2008-11-04 00:41:08 29,310 ----a-r c:\windows\Installer\{296D8550-CB06-48E4-9A8B-E5034FB64715}\ra3.exe
+ 2008-10-26 17:15:15 77,610 ----a-r c:\windows\Installer\{43602F34-1AA3-44FB-AEB2-D08C2C73743F}\_6FEFF9B68218417F98F549.exe
+ 2008-10-30 15:17:02 27,136 ----a-r c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
+ 2008-11-04 00:48:59 7,598 ----a-r c:\windows\Installer\{EF7E931D-DC84-471B-8DB6-A83358095474}\ARPPRODUCTICON.exe
+ 2008-11-04 00:48:59 7,598 ----a-r c:\windows\Installer\{EF7E931D-DC84-471B-8DB6-A83358095474}\ead_desktop_shortcut_F557710133CC471 182353A95BCD49DB0.exe
+ 2008-11-04 00:48:59 7,598 ----a-r c:\windows\Installer\{EF7E931D-DC84-471B-8DB6-A83358095474}\ead_startmenu_shortc_F557710133CC471 182353A95BCD49DB0.exe
+ 2008-10-01 17:09:31 25,214 ----a-r c:\windows\Installer\{FD0955C7-C64C-45DC-A991-FDC4E50C4E09}\ARPPRODUCTICON.exe
+ 2008-10-31 14:59:51 689,456 ----a-r c:\windows\Installer\{FE57DE70-95DE-4B64-9266-84DA811053DB}\HPSUShortcut_BB85ED9CAFC943BDB8DC258 C3C7DF72E.exe
- 2000-08-31 13:00:00 28,672 ----a-w c:\windows\Nircmd.exe
+ 2000-08-31 14:00:00 28,672 ----a-w c:\windows\Nircmd.exe
- 2000-08-31 13:00:00 161,792 ----a-w c:\windows\swreg.exe
+ 2000-08-31 14:00:00 161,792 ----a-w c:\windows\swreg.exe
+ 2006-09-15 15:41:58 286,720 ----a-w c:\windows\system32\amicon.dll
- 2008-06-15 17:29:37 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\i ndex.dat
+ 2008-12-26 02:00:18 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\i ndex.dat
- 2008-06-15 17:29:37 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-26 02:00:18 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-06-15 17:29:37 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-26 02:00:18 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-07-19 23:14:42 1,358,192 ----a-w c:\windows\system32\D3DCompiler_35.dll
+ 2007-07-20 00:14:42 1,358,192 ----a-w c:\windows\system32\D3DCompiler_35.dll
- 2008-05-30 19:11:46 1,491,992 ----a-w c:\windows\system32\D3DCompiler_38.dll
+ 2008-05-30 20:11:46 1,491,992 ----a-w c:\windows\system32\D3DCompiler_38.dll
- 2007-07-19 23:14:42 444,776 ----a-w c:\windows\system32\d3dx10_35.dll
+ 2007-07-20 00:14:42 444,776 ----a-w c:\windows\system32\d3dx10_35.dll
- 2008-05-30 19:11:46 467,984 ----a-w c:\windows\system32\d3dx10_38.dll
+ 2008-05-30 20:11:46 467,984 ----a-w c:\windows\system32\d3dx10_38.dll
- 2005-07-23 00:59:04 2,319,568 ----a-w c:\windows\system32\d3dx9_27.dll
+ 2005-07-23 01:59:04 2,319,568 ----a-w c:\windows\system32\d3dx9_27.dll
- 2007-07-19 23:14:42 3,727,720 ----a-w c:\windows\system32\d3dx9_35.dll
+ 2007-07-20 00:14:42 3,727,720 ----a-w c:\windows\system32\d3dx9_35.dll
- 2008-05-30 19:11:46 3,850,760 ----a-w c:\windows\system32\D3DX9_38.dll
+ 2008-05-30 20:11:46 3,850,760 ----a-w c:\windows\system32\D3DX9_38.dll
- 2001-08-17 18:47:32 8,704 -c--a-w c:\windows\system32\dllcache\dot4scan.sys
+ 2001-08-17 19:47:32 8,704 -c--a-w c:\windows\system32\dllcache\dot4scan.sys
- 2001-08-17 18:47:32 8,704 ----a-w c:\windows\system32\drivers\Dot4Scan.sys
+ 2001-08-17 19:47:32 8,704 ----a-w c:\windows\system32\drivers\Dot4Scan.sys
- 2006-03-20 00:48:36 16,496 ----a-r c:\windows\system32\drivers\HPZipr12.sys
+ 2005-10-21 17:58:58 16,496 ----a-r c:\windows\system32\drivers\HPZipr12.sys
- 2006-03-20 00:48:37 21,568 ----a-r c:\windows\system32\drivers\HPZius12.sys
+ 2005-10-21 17:52:48 21,568 ----a-r c:\windows\system32\drivers\HPZius12.sys
gracious
12-25-2008, 10:56 PM
+ 2006-11-08 22:35:38 49,152 -c--a-r c:\windows\system32\DRVSTORE\hppasc01_EBE033E16463 F6EF09D374CC7001EE296F578906\drivers\dot4\Win2000\ hpzidr12.dll
+ 2006-11-08 22:35:38 53,248 -c--a-r c:\windows\system32\DRVSTORE\hppasc01_EBE033E16463 F6EF09D374CC7001EE296F578906\drivers\dot4\Win2000\ hpzipm12.dll
+ 2006-11-08 22:35:40 33,280 -c--a-r c:\windows\system32\DRVSTORE\hppasc01_EBE033E16463 F6EF09D374CC7001EE296F578906\drivers\dot4\Win2000\ hpzipr12.dll
+ 2004-10-25 19:28:12 229,376 -c--a-r c:\windows\system32\DRVSTORE\hppasc01_EBE033E16463 F6EF09D374CC7001EE296F578906\hpgtpusd.dll
+ 2007-02-28 19:39:22 458,752 -c--a-r c:\windows\system32\DRVSTORE\hppasc01_EBE033E16463 F6EF09D374CC7001EE296F578906\hppasc01.dll
+ 2007-02-05 20:32:33 782,336 -c--a-r c:\windows\system32\DRVSTORE\hppasc01_EBE033E16463 F6EF09D374CC7001EE296F578906\hpptpml3.dll
+ 2007-03-22 17:45:20 573,440 -c--a-r c:\windows\system32\DRVSTORE\hppasc01_EBE033E16463 F6EF09D374CC7001EE296F578906\hpxp3390.dll
+ 2006-04-04 21:20:37 9,344 -c--a-r c:\windows\system32\DRVSTORE\hppcew01_822AC12FC31B 86EE40F672E4949BFF941D027D3B\hpfxbulk.sys
+ 2006-04-04 21:19:11 17,024 -c--a-r c:\windows\system32\DRVSTORE\hppcew01_822AC12FC31B 86EE40F672E4949BFF941D027D3B\hpfxgen.sys
+ 2007-02-05 23:49:15 188,416 -c--a-r c:\windows\system32\DRVSTORE\hppcew01_822AC12FC31B 86EE40F672E4949BFF941D027D3B\hppcew01.dll
+ 2007-03-22 00:54:10 229,376 -c--a-r c:\windows\system32\DRVSTORE\hppcp601_8DCF382F1675 3DC4ED8690FF41A21303F9C99AFD\hppcpr01.dll
+ 2007-03-28 23:36:32 327,680 -c--a-r c:\windows\system32\DRVSTORE\hppcp601_8DCF382F1675 3DC4ED8690FF41A21303F9C99AFD\hppepr01.dll
+ 2005-10-21 17:58:52 49,920 -c--a-r c:\windows\system32\DRVSTORE\hpzid414_96E140791F47 3BE81F5C7617726CDC740CFFC84A\drivers\dot4\Win2000\ HPZid412.sys
+ 2005-10-21 17:58:58 16,496 -c--a-r c:\windows\system32\DRVSTORE\hpzipr13_46F40A09802A EFED7E09F08193BA94BE914ADC76\drivers\dot4\Win2000\ HPZipr12.sys
+ 2006-05-18 22:58:22 309,760 -c--a-r c:\windows\system32\DRVSTORE\hpzius13_A2CE9D2BCFB7 82472C86C186A71D16A8BB4557C4\drivers\dot4\Win2000\ difxapi.dll
+ 2007-03-29 21:01:20 372,736 -c--a-r c:\windows\system32\DRVSTORE\hpzius13_A2CE9D2BCFB7 82472C86C186A71D16A8BB4557C4\drivers\dot4\Win2000\ hppldcoi.dll
+ 2005-10-21 17:58:52 49,920 -c--a-r c:\windows\system32\DRVSTORE\hpzius13_A2CE9D2BCFB7 82472C86C186A71D16A8BB4557C4\drivers\dot4\Win2000\ hpzid412.sys
+ 2005-10-21 17:58:58 16,496 -c--a-r c:\windows\system32\DRVSTORE\hpzius13_A2CE9D2BCFB7 82472C86C186A71D16A8BB4557C4\drivers\dot4\Win2000\ hpzipr12.sys
+ 2005-10-21 17:52:48 21,568 -c--a-r c:\windows\system32\DRVSTORE\hpzius13_A2CE9D2BCFB7 82472C86C186A71D16A8BB4557C4\drivers\dot4\Win2000\ HPZius12.sys
+ 2005-10-21 17:52:52 16,800 -c--a-r c:\windows\system32\DRVSTORE\hpzius13_A2CE9D2BCFB7 82472C86C186A71D16A8BB4557C4\drivers\dot4\WinxP\Hp paufd0.sys
+ 2005-10-25 02:57:28 286,720 -c--a-r c:\windows\system32\DRVSTORE\hpzius13_A2CE9D2BCFB7 82472C86C186A71D16A8BB4557C4\HPZc3212.dll
+ 2005-06-24 22:04:36 161,280 ----a-w c:\windows\system32\fmod.dll
- 2008-09-28 16:41:02 359,344 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-12-02 19:59:28 417,448 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2006-08-30 18:32:46 49,152 ----a-w c:\windows\system32\FXCompChannel.dll
+ 2006-11-14 17:10:56 49,152 ----a-w c:\windows\system32\FXFaxChannel.dll
+ 2007-02-02 21:38:42 24,576 ----a-w c:\windows\system32\hpbmiapi.dll
+ 2007-02-02 21:38:46 25,600 ----a-w c:\windows\system32\hpboid.dll
+ 2007-02-02 21:38:48 7,680 ----a-w c:\windows\system32\hpboidps.dll
+ 2007-02-02 21:38:46 39,424 ----a-w c:\windows\system32\hpbpro.dll
+ 2007-02-02 21:38:44 7,680 ----a-w c:\windows\system32\hpbprops.dll
+ 2007-02-02 19:24:32 110,592 ----a-w c:\windows\system32\hplbdchn.dll
+ 2005-06-06 07:36:38 28,672 ----a-w c:\windows\system32\hppaecfpd.dll
+ 2005-07-29 08:20:50 16,384 ----a-w c:\windows\system32\hppaecfpdresEN.DLL
+ 2007-04-10 09:43:20 36,864 ----a-w c:\windows\system32\hppaecfpdui.dll
+ 2007-03-09 08:19:04 77,824 ----a-w c:\windows\system32\hppaecpm.dll
- 2005-12-23 18:11:02 102,400 ----a-w c:\windows\system32\HPTcpMib.dll
+ 2007-01-15 18:16:24 114,688 ----a-w c:\windows\system32\HPTcpMib.dll
- 2005-12-23 18:12:22 155,648 ----a-w c:\windows\system32\HPTcpMon.dll
+ 2007-01-15 18:17:52 172,032 ----a-w c:\windows\system32\HPTcpMon.dll
- 2005-12-23 18:14:44 233,472 ----a-w c:\windows\system32\HPTcpMUI.dll
+ 2007-01-15 18:20:08 241,664 ----a-w c:\windows\system32\HPTcpMUI.dll
- 2006-05-09 21:03:32 49,152 ----a-w c:\windows\system32\HPZidr12.dll
+ 2006-11-08 22:35:38 49,152 ----a-w c:\windows\system32\HPZidr12.dll
- 2006-05-09 21:03:30 43,520 ----a-w c:\windows\system32\HPZinw12.dll
+ 2006-11-08 22:35:36 43,520 ----a-w c:\windows\system32\HPZinw12.dll
- 2006-05-09 21:03:32 52,736 ----a-w c:\windows\system32\HPZipm12.dll
+ 2006-11-08 22:35:38 53,248 ----a-w c:\windows\system32\HPZipm12.dll
- 2006-05-09 21:03:32 33,792 ----a-w c:\windows\system32\HPZipr12.dll
+ 2006-11-08 22:35:40 33,280 ----a-w c:\windows\system32\HPZipr12.dll
- 2006-05-09 21:03:32 30,208 ----a-w c:\windows\system32\hpzipt12.DLL
gracious
12-25-2008, 10:57 PM
+ 2006-11-08 22:35:40 29,696 ----a-w c:\windows\system32\hpzipt12.dll
- 2006-05-09 21:03:34 20,480 ----a-w c:\windows\system32\hpzisn12.DLL
+ 2006-11-08 22:35:40 20,480 ----a-w c:\windows\system32\hpzisn12.dll
+ 2007-01-12 21:53:42 386,560 ----a-w c:\windows\system32\hpzjcd01.dll
- 2004-01-27 13:56:20 28,672 ----a-w c:\windows\system32\hpzjfw01.dll
+ 2006-10-03 16:55:28 17,408 ----a-w c:\windows\system32\hpzjfw01.dll
+ 2002-04-10 15:16:16 81,408 ----a-w c:\windows\system32\lffax11n.dll
+ 2002-04-10 15:17:10 152,064 ----a-w c:\windows\system32\lftif11n.dll
+ 2002-04-10 15:19:04 118,784 ----a-w c:\windows\system32\ltfil11n.DLL
+ 2002-04-10 15:19:20 392,192 ----a-w c:\windows\system32\ltkrn11n.dll
- 2008-07-14 03:53:09 62,344 ----a-w c:\windows\system32\perfc009.dat
+ 2008-10-28 16:23:37 62,344 ----a-w c:\windows\system32\perfc009.dat
- 2008-07-14 03:53:09 401,064 ----a-w c:\windows\system32\perfh009.dat
+ 2008-10-28 16:23:38 401,064 ----a-w c:\windows\system32\perfh009.dat
+ 2004-08-04 06:08:46 26,496 ----a-w c:\windows\system32\ReinstallBackups\0010\DriverFi les\i386\USBSTOR.SYS
+ 2006-03-20 00:48:37 21,568 ----a-r c:\windows\system32\ReinstallBackups\0011\DriverFi les\drivers\dot4\Win2000\HPZius12.sys
+ 2006-03-20 00:48:35 286,720 ----a-w c:\windows\system32\ReinstallBackups\0011\DriverFi les\HPZc3212.dll
+ 2006-03-20 00:48:36 16,496 ----a-r c:\windows\system32\ReinstallBackups\0012\DriverFi les\drivers\dot4\Win2000\HPZipr12.sys
- 2006-04-28 18:10:36 663,624 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpcdmc3 2.dll
+ 2006-11-29 23:26:42 671,816 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpcdmc3 2.dll
+ 2005-06-06 07:36:38 28,672 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hppaecf pd.dll
+ 2005-07-29 08:20:50 16,384 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hppaecf pdresEN.DLL
+ 2007-04-10 09:43:20 36,864 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hppaecf pdui.dll
+ 2007-01-25 17:05:34 977,920 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpz3c4w m.dll
+ 2007-01-25 19:25:10 1,468,928 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpz6r4w m.DLL
+ 2007-01-25 19:24:20 435,712 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpzev4w m.DLL
+ 2007-01-25 19:24:38 1,588,224 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpzls4w m.dll
+ 2007-01-25 19:24:22 179,200 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpzpe4w m.DLL
+ 2007-01-25 19:25:12 117,248 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpzpi4w m.DLL
+ 2007-01-25 17:57:06 670,208 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpzss4w m.dll
+ 2007-01-25 17:05:08 5,580,288 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpzst4w m.DLL
+ 2007-01-25 19:24:16 3,269,120 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpzui4w m.DLL
+ 2007-01-25 17:05:32 3,459,072 ----a-w c:\windows\system32\spool\drivers\w32x86\3\hpzur4w m.dll
+ 2006-09-28 14:48:40 169,472 ----a-w c:\windows\system32\spool\drivers\w32x86\3\pclxl.D LL
- 2004-08-04 17:26:48 264,704 ----a-w c:\windows\system32\spool\drivers\w32x86\3\UNIDRV. DLL
+ 2006-09-28 14:48:44 269,824 ----a-w c:\windows\system32\spool\drivers\w32x86\3\UNIDRV. DLL
- 2004-08-04 17:26:48 197,120 ----a-w c:\windows\system32\spool\drivers\w32x86\3\UNIDRVU I.DLL
+ 2006-09-28 14:48:46 197,120 ----a-w c:\windows\system32\spool\drivers\w32x86\3\UNIDRVU I.DLL
- 2004-08-04 17:26:36 619,520 ----a-w c:\windows\system32\spool\drivers\w32x86\3\UNIRES. DLL
+ 2006-09-28 14:48:46 619,520 ----a-w c:\windows\system32\spool\drivers\w32x86\3\UNIRES. DLL
+ 2005-06-06 07:36:38 28,672 ----a-w c:\windows\system32\spool\drivers\w32x86\hppaecfpd .dll
+ 2007-04-10 09:43:20 36,864 ----a-w c:\windows\system32\spool\drivers\w32x86\hppaecfpd ui.dll
+ 2007-03-09 08:19:04 77,824 ----a-w c:\windows\system32\spool\drivers\w32x86\hppaecpm. dll
+ 2006-11-29 23:26:42 671,816 ----a-w c:\windows\system32\spool\drivers\w32x86\vid_03f0_ pid_3217_mi_00_dot4_print_hpz\hpcdmc32.dll
+ 2007-01-25 17:05:34 977,920 ----a-w c:\windows\system32\spool\drivers\w32x86\vid_03f0_ pid_3217_mi_00_dot4_print_hpz\hpz3c4wm.dll
+ 2007-01-25 19:25:10 1,468,928 ----a-w c:\windows\system32\spool\drivers\w32x86\vid_03f0_ pid_3217_mi_00_dot4_print_hpz\hpz6r4wm.DLL
+ 2007-01-25 19:24:20 435,712 ----a-w c:\windows\system32\spool\drivers\w32x86\vid_03f0_ pid_3217_mi_00_dot4_print_hpz\hpzev4wm.DLL
+ 2007-01-25 19:24:38 1,588,224 ----a-w c:\windows\system32\spool\drivers\w32x86\vid_03f0_ pid_3217_mi_00_dot4_print_hpz\hpzls4wm.dll
+ 2007-01-25 19:24:22 179,200 ----a-w c:\windows\system32\spool\drivers\w32x86\vid_03f0_ pid_3217_mi_00_dot4_print_hpz\hpzpe4wm.DLL
+ 2007-01-25 19:25:12 117,248 ----a-w c:\windows\system32\spool\drivers\w32x86\vid_03f0_ pid_3217_mi_00_dot4_print_hpz\hpzpi4wm.DLL
+ 2007-01-25 17:57:06 670,208 ----a-w c:\windows\system32\spool\drivers\w32x86\vid_03f0_ pid_3217_mi_00_dot4_print_hpz\hpzss4wm.dll
+ 2007-01-25 17:05:08 5,580,288 ----a-w c:\windows\system32\spool\drivers\w32x86\vid_03f0_ pid_3217_mi_00_dot4_print_hpz\hpzst4wm.dll
+ 2007-01-25 19:24:16 3,269,120 ----a-w c:\windows\system32\spool\drivers\w32x86\vid_03f0_ pid_3217_mi_00_dot4_print_hpz\hpzui4wm.DLL
+ 2007-01-25 17:05:32 3,459,072 ----a-w c:\windows\system32\spool\drivers\w32x86\vid_03f0_ pid_3217_mi_00_dot4_print_hpz\hpzur4wm.dll
+ 2006-09-28 14:48:40 169,472 ----a-w c:\windows\system32\spool\drivers\w32x86\vid_03f0_ pid_3217_mi_00_dot4_print_hpz\pclxl.DLL
+ 2006-09-28 14:48:44 269,824 ----a-w c:\windows\system32\spool\drivers\w32x86\vid_03f0_ pid_3217_mi_00_dot4_print_hpz\UNIDRV.DLL
+ 2006-09-28 14:48:46 197,120 ----a-w c:\windows\system32\spool\drivers\w32x86\vid_03f0_ pid_3217_mi_00_dot4_print_hpz\UNIDRVUI.DLL
+ 2006-09-28 14:48:46 619,520 ----a-w c:\windows\system32\spool\drivers\w32x86\vid_03f0_ pid_3217_mi_00_dot4_print_hpz\UNIRES.DLL
+ 2007-01-25 19:24:04 286,208 ----a-w c:\windows\system32\spool\prtprocs\w32x86\hpzpp4wm .DLL
+ 2004-06-19 04:43:16 323,624 ----a-w c:\windows\system32\wiaaut.dll
+ 2007-01-02 23:27:50 12,288 ----a-r c:\windows\Twunk_16.dll
+ 2007-01-02 23:27:50 12,288 ----a-r c:\windows\Twunk_32.dll
+ 2006-11-22 15:40:22 163,896 ----a-r c:\windows\WinInstall.exe
+ 2008-07-29 11:23:06 59,904 ----a-w c:\windows\WinSxS\amd64_Microsoft.VC90.OpenMP_1fc8 b3b9a1e18e3b_9.0.30729.1_x-ww_bdb5a47a\vcomp90.dll
+ 2008-12-02 19:52:41 1,230,336 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf34 5378f_4.1.0.0_x-ww_b319d8da\msxml4.dll
+ 2007-01-02 23:27:38 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a 1e18e3b_8.0.50727.91_x-ww_6e85597b\ATL80.dll
+ 2006-12-12 09:39:16 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcm80.dll
+ 2006-12-12 09:39:16 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcp80.dll
+ 2006-12-12 09:39:16 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcr80.dll
+ 2006-12-12 09:39:18 1,093,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a 1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfc80.dll
+ 2006-12-12 09:39:18 1,079,808 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a 1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfc80u.dll
+ 2006-12-12 09:39:20 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a 1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfcm80.dll
+ 2006-12-12 09:39:20 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a 1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfcm80u.dll
+ 2008-07-29 14:05:08 54,272 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3 b9a1e18e3b_9.0.30729.1_x-ww_8babbe9a\vcomp90.dll
.
-- Snapshot reset to current date --
gracious
12-25-2008, 10:58 PM
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE " [2003-10-08 139264]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-06-15 68856]
"PMCRemote"="c:\program files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2007-02-12 253000]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184]
"DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-01-17 109304]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2007-02-12 1121016]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 1443072]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2004-08-04 208896]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2007-03-26 53248]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2007-05-03 36864]
"CTHelper"="CTHELPER.EXE" [2003-10-06 c:\windows\system32\CTHELPER.EXE]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-18 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2008-06-15 200704]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
SecureDoc.lnk - c:\program files\MSI\SecureDoc\Logon.exe [2008-06-22 82944]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 22:34 24576 c:\program files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll lrrbpv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= vdrcodec.dll
"VIDC.PIM1"= pclepim1.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer .exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfw tdir.sys [2008-03-13 33800]
R2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2008-03-13 472320]
R2 PfDetNT;PfDetNT;\??\c:\windows\system32\drivers\Pf ModNT.sys [2003-03-05 15840]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{fd650496-3b3e-11dd-b6f3-0019db6175ab}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
.
Contents of the 'Scheduled Tasks' folder
2008-12-26 c:\windows\Tasks\gqtgmqya.job
- c:\windows\system32\rundll32.exe [2004-08-04 01:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 -: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
c:\windows\Downloaded Program Files\MSIWDev.inf
c:\windows\system32\MFC71.dll - c:\windows\system32\msvcr71.dll
c:\windows\system32\fmod.dll
c:\windows\Downloaded Program Files\bewitched.dat
c:\windows\Downloaded Program Files\bewitched.xml
c:\windows\Downloaded Program Files\BewitchedGameClass.ocx
O16 -: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9}
hxxp://l.yimg.com/jh/games/web_games/sony/bewitched/main.cab
c:\windows\Downloaded Program Files\load.inf
.
************************************************** ************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2008-12-25 20:38:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(724)
c:\program files\AlienGUIse\fastload.dll
.
Completion time: 2008-12-25 20:39:47
ComboFix-quarantined-files.txt 2008-12-26 02:39:44
ComboFix2.txt 2008-09-30 20:45:28
Pre-Run: 274,939,047,936 bytes free
Post-Run: 274,923,290,624 bytes free
404
gracious
12-25-2008, 11:02 PM
HJT Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:41:09 PM, on 12/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SecureDoc.lnk = C:\Program Files\MSI\SecureDoc\Logon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: [url]http://asia.msi.com.tw[/url]
O15 - Trusted Zone: [url]http://global.msi.com.tw[/url]
O15 - Trusted Zone: [url]http://www.msi.com.tw[/url]
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?linkid=58813[/url]
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - [url]http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab[/url]
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - [url]http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab[/url]
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatieControl Object) - [url]http://zone.msn.com/bingame/choc/default/ChocolatierWeb.1.0.0.15.cab[/url]
O16 - DPF: {226ACC34-3194-70E2-5AE7-864FCFE9E80D} (CPlayFirstmsiControl Object) - [url]http://zone.msn.com/bingame/mosi/default/msi.1.0.0.9.cab[/url]
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - [url]http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab[/url]
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - [url]http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab[/url]
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - [url]https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab[/url]
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - [url]http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab[/url]
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - [url]http://zone.msn.com/bingame/dsh2/default/DinerDash2.1.0.0.68.cab[/url]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1213560318265[/url]
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - [url]http://download-games.pogo.com/online2/pogo/luxor_2/mjolauncher.cab[/url]
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - [url]http://zone.msn.com/bingame/zpagames/zpa_dmno.cab55579.cab[/url]
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - [url]http://liveupdate.msi.com.tw/autobios/LOnline/install.cab[/url]
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - [url]http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab[/url]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - [url]http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab[/url]
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - [url]http://l.yimg.com/jh/games/web_games/sony/bewitched/main.cab[/url]
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - [url]http://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab[/url]
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - [url]http://zone.msn.com/binframework/v10/StProxy.cab55579.cab[/url]
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - [url]http://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.98.cab[/url]
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - [url]http://www.creative.com/softwareupdate/su/ocx/15035/CTPID.cab[/url]
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - [url]http://zone.msn.com/bingame/zpagames/CheckersZPA.cab55579.cab[/url]
gracious
12-25-2008, 11:05 PM
HJT Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:41:09 PM, on 12/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SecureDoc.lnk = C:\Program Files\MSI\SecureDoc\Logon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: [url]http://asia.msi.com.tw[/url]
O15 - Trusted Zone: [url]http://global.msi.com.tw[/url]
O15 - Trusted Zone: [url]http://www.msi.com.tw[/url]
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?linkid=58813[/url]
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - [url]http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab[/url]
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - [url]http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab[/url]
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatieControl Object) - [url]http://zone.msn.com/bingame/choc/default/ChocolatierWeb.1.0.0.15.cab[/url]
O16 - DPF: {226ACC34-3194-70E2-5AE7-864FCFE9E80D} (CPlayFirstmsiControl Object) - [url]http://zone.msn.com/bingame/mosi/default/msi.1.0.0.9.cab[/url]
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - [url]http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab[/url]
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - [url]http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab[/url]
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - [url]https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab[/url]
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - [url]http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab[/url]
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - [url]http://zone.msn.com/bingame/dsh2/default/DinerDash2.1.0.0.68.cab[/url]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1213560318265[/url]
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - [url]http://download-games.pogo.com/online2/pogo/luxor_2/mjolauncher.cab[/url]
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - [url]http://zone.msn.com/bingame/zpagames/zpa_dmno.cab55579.cab[/url]
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - [url]http://liveupdate.msi.com.tw/autobios/LOnline/install.cab[/url]
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - [url]http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab[/url]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - [url]http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab[/url]
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - [url]http://l.yimg.com/jh/games/web_games/sony/bewitched/main.cab[/url]
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - [url]http://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab[/url]
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - [url]http://zone.msn.com/binframework/v10/StProxy.cab55579.cab[/url]
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - [url]http://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.98.cab[/url]
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - [url]http://www.creative.com/softwareupdate/su/ocx/15035/CTPID.cab[/url]
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - [url]http://zone.msn.com/bingame/zpagames/CheckersZPA.cab55579.cab[/url]
gracious
12-25-2008, 11:06 PM
O20 - AppInit_DLLs: wbsys.dll lrrbpv.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 10776 bytes
gracious
12-30-2008, 11:05 PM
*** Bump ***
gracious
12-31-2008, 02:53 PM
So far it is running smoothly. I have had this problem before and did the same things and for awhile the pc wouldn't have any issues and then the virus would appear again. Could it be sitting somewhere being undetected?
More likely an unpatched Windows/IE problem is leading to an infection from someplace you regularly visit.
Update Java...your install is woefully out of date (by about 9 releases...). Also make sure that you have the latest version of Flash/Shockwave installed as there are vulnerabilities in older versions that can lead to all sorts of infections just by surfing...you do seem to play quite a few games that are reliant on Flash and Java, so keeping them up to date is essential.
classicsoftware
01-01-2009, 12:52 AM
So far it is running smoothly. I have had this problem before and did the same things and for awhile the pc wouldn't have any issues and then the virus would appear again. Could it be sitting somewhere being undetected?
Based on what I see, you are doing two things that prevent you from staying clean:
1) You insist on using Internet Explorer. You need to use Firefox with the NoScript extension. I.E. is for Windows Update only.
2) You are not updating your software. Please use the Secunia Personal Software Inspector and keep your system up to date.
gracious
01-01-2009, 01:55 AM
Thank you for your assistance, it is greatly appreciated.
1) You insist on using Internet Explorer. You need to use Firefox with the NoScript extension. I.E. is for Windows Update only.
I am not sure what that means that I insist on using IE, my hubbie uses this PC and he likes IE. I will try and convince him to switch to Firefox with the Noscript extensions, he tried it once and couldn't stand it. Could you please explain how Firefox differs from IE with regards to security?
I updated the Java to version 6.0.110.3.
I downloaded and ran the PSI and after its initial scan, shows the system score at 87% with Adobe Flash needing to be updated as well as IE vs 6. These I will do tomorrow. We did update to SP3 but had all kinds of problems with the system after that update, audio quit working....programs would not run correctly,so it was removed.
Please advise on this.
classicsoftware
01-01-2009, 02:19 AM
Your hubby will not take the time to get used to the safety and inconvenience of NoScripts. He prefers the comfort of IE in between bouts of not being able to use the PC because it's infected. IE 6 is well sort of like having sex with a hooker with condom that has holes poked in it. It's not if you are going to get infected, it's when.
I.E. is just inherently more unsafe than FF. FF with NoScripts is about as safe as you can get.
SP3 is a roll-up of updates since SP2 so there should be no issues. I would address the issues rather than ditch SP3.
The alternative to SP3 is doing each and every update, one at a time, until either there is a problem (then you know which one caused it) or you get them all done...but you probably won't be able to get it done before the next Patch Tuesday rolls around...
gracious
01-01-2009, 01:02 PM
IE 6 is well sort of like having sex with a hooker with condom that has holes poked in it. It's not if you are going to get infected, it's when.
I will tell him that, he might understand it better when you put it that way :D :D :D :D :D
He works really long hours and it isn't that he won't take the time it is that he is too tired to deal with it, although he regularly scans with spybot, malwarebyte......
but you probably won't be able to get it done before the next Patch Tuesday rolls around...
So I guess I will wait until next Tues. to start updating. Yeah I could do it one by one but that would probably take forever.
The system had been running great for about 3 yrs until this virtumonde surfaced. The only place he really goes to is Ebay.
vBulletin v3.6.1, Copyright ©2000-2012, Jelsoft Enterprises Ltd.