Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:38:18 PM, on 8/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Realtek HD Sound Effect Manager.lnk = C:\WINDOWS\system32\RTSndMgr.CPL
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone:
http://toolbar.imageshack.us
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mahjong%20World/Images/stg_drm.ocx
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} -
http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) -
http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} -
https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6245 bytes
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, August 14, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, August 14, 2008 23:17:05
Records in database: 1093987
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - Critical Areas:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\Joe\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS
Scan statistics:
Files scanned: 100791
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 00:54:55
No malware has been detected. The scan area is clean.
The selected area was scanned.
ComboFix 08-08-10.05 - Joe 2008-08-12 15:02:04.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.522 [GMT -5:00]
Running from: C:\Documents and Settings\Joe\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Joe\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active
FILE ::
J:\mri.exe
.
((((((((((((((((((((((((( Files Created from 2008-07-12 to 2008-08-12 )))))))))))))))))))))))))))))))
.
2008-08-12 14:56 . 2008-08-12 14:56 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-08-12 14:50 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-12 14:47 . 2008-08-12 14:47 <DIR> d-------- C:\Program Files\Common Files\Java
2008-08-11 10:53 . 2008-08-11 10:53 <DIR> d-------- C:\Program Files\dvd43
2008-08-11 10:53 . 2008-08-11 10:53 18,816 --a------ C:\WINDOWS\system32\drivers\dvd43llh.sys
2008-08-01 10:37 . 2008-08-01 10:37 <DIR> d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-07-31 19:28 . 2008-07-31 19:28 <DIR> d-------- C:\Program Files\ASIO4ALL v2
2008-07-30 19:38 . 2008-07-30 19:38 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2008-07-30 12:37 . 2008-07-30 13:22 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\n-Track Studio5
2008-07-30 12:21 . 2008-07-30 12:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2008-07-30 12:20 . 2008-08-11 20:50 <DIR> d-------- C:\Program Files\Elaborate Bytes
2008-07-26 09:25 . 2008-07-26 09:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-07-26 09:21 . 2008-08-11 10:53 <DIR> d-------- C:\Program Files\SlySoft
2008-07-25 21:02 . 2008-07-27 00:19 1,766 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-25 18:38 . 2008-07-25 18:38 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-25 18:38 . 2008-07-25 18:38 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\SUPERAntiSpyware.com
2008-07-25 18:38 . 2008-07-25 18:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-25 18:37 . 2008-07-25 18:37 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-25 17:46 . 2008-07-25 17:46 <DIR> d-------- C:\Deckard
2008-07-25 15:05 . 2008-07-25 15:05 <DIR> d-------- C:\Documents and Settings\Catie\Application Data\Malwarebytes
2008-07-25 12:02 . 2008-07-25 17:25 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\DVD Flick
2008-07-24 23:49 . 2008-07-24 23:49 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-24 23:49 . 2008-07-24 23:49 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\Malwarebytes
2008-07-24 23:49 . 2008-07-24 23:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-24 23:49 . 2008-07-23 20:21 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-24 23:49 . 2008-07-23 20:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-24 23:44 . 2008-07-24 23:44 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-24 20:25 . 2008-07-24 23:48 <DIR> d-------- C:\Program Files\Safer Networking
2008-07-24 12:41 . 2008-07-24 12:41 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-24 12:41 . 2008-08-01 00:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-16 20:09 . 2008-07-16 20:09 <DIR> d-------- C:\Program Files\iPod
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-12 20:08 15,683,616 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-12 19:55 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-12 19:50 --------- d-----w C:\Program Files\Java
2008-08-12 19:43 210,140 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-12 17:19 158,208 ----a-w C:\WINDOWS\Internet Logs\xDB80.tmp
2008-08-12 01:41 --------- d-----w C:\Documents and Settings\Joe\Application Data\Audacity
2008-08-11 15:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-08-11 04:06 4,455,424 ----a-w C:\WINDOWS\Internet Logs\xDB7F.tmp
2008-08-11 04:06 136,192 ----a-w C:\WINDOWS\Internet Logs\xDB7E.tmp
2008-08-11 00:04 --------- d-----w C:\Program Files\GameShadow
2008-08-08 22:54 40,960 ----a-w C:\WINDOWS\Internet Logs\xDB7D.tmp
2008-08-08 22:35 17,563,461 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-08-08 15:49 4,446,208 ----a-w C:\WINDOWS\Internet Logs\xDB7C.tmp
2008-08-08 15:49 2,287,104 ----a-w C:\WINDOWS\Internet Logs\xDB7B.tmp
2008-08-08 05:49 4,448,256 ----a-w C:\WINDOWS\Internet Logs\xDB7A.tmp
2008-08-08 05:49 222,720 ----a-w C:\WINDOWS\Internet Logs\xDB79.tmp
2008-08-08 01:11 --------- d-----w C:\Documents and Settings\Angela\Application Data\Canon
2008-08-06 04:08 4,430,848 ----a-w C:\WINDOWS\Internet Logs\xDB78.tmp
2008-08-06 04:08 182,272 ----a-w C:\WINDOWS\Internet Logs\xDB77.tmp
2008-08-04 15:36 4,429,312 ----a-w C:\WINDOWS\Internet Logs\xDB76.tmp
2008-08-04 15:36 293,376 ----a-w C:\WINDOWS\Internet Logs\xDB75.tmp
2008-08-01 15:45 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-08-01 15:38 --------- d-----w C:\Program Files\SmartFTP Client 2.0
2008-08-01 15:38 --------- d-----w C:\Program Files\DivX
2008-08-01 15:26 --------- d-----w C:\Program Files\WMR11
2008-08-01 15:25 --------- d-----w C:\Program Files\Yahoo! Games
2008-08-01 15:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-01 15:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Oberon Games
2008-08-01 15:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-01 15:17 --------- d-----w C:\Program Files\FinePixViewer
2008-08-01 09:53 66,560 ----a-w C:\WINDOWS\Internet Logs\xDB74.tmp
2008-08-01 01:50 57,856 ----a-w C:\WINDOWS\Internet Logs\xDB72.tmp
2008-08-01 01:50 4,339,712 ----a-w C:\WINDOWS\Internet Logs\xDB73.tmp
2008-07-31 04:02 152,576 ----a-w C:\WINDOWS\Internet Logs\xDB71.tmp
2008-07-30 01:50 83,968 ----a-w C:\WINDOWS\Internet Logs\xDB70.tmp
2008-07-29 02:38 81,408 ----a-w C:\WINDOWS\Internet Logs\xDB6E.tmp
2008-07-29 02:38 4,324,352 ----a-w C:\WINDOWS\Internet Logs\xDB6F.tmp
2008-07-27 21:45 4,322,816 ----a-w C:\WINDOWS\Internet Logs\xDB6D.tmp
2008-07-27 21:45 115,200 ----a-w C:\WINDOWS\Internet Logs\xDB6C.tmp
2008-07-27 17:55 --------- d-----w C:\Documents and Settings\Joe\Application Data\TuneAid
2008-07-26 22:34 92,160 ----a-w C:\WINDOWS\Internet Logs\xDB6B.tmp
2008-07-26 14:22 77,312 ----a-w C:\WINDOWS\Internet Logs\xDB6A.tmp
2008-07-26 01:50 99,840 ----a-w C:\WINDOWS\Internet Logs\xDB69.tmp
2008-07-25 23:09 4,265,472 ----a-w C:\WINDOWS\Internet Logs\xDB68.tmp
2008-07-25 23:09 280,064 ----a-w C:\WINDOWS\Internet Logs\xDB67.tmp
2008-07-25 17:02 --------- d-----w C:\Program Files\DVD Flick
2008-07-25 05:17 76,800 ----a-w C:\WINDOWS\Internet Logs\xDB66.tmp
2008-07-25 02:06 4,198,912 ----a-w C:\WINDOWS\Internet Logs\xDB65.tmp
2008-07-25 01:36 99,840 ----a-w C:\WINDOWS\Internet Logs\xDB64.tmp
2008-07-24 20:53 3,102,208 ----a-w C:\WINDOWS\Internet Logs\xDB63.tmp
2008-07-24 12:45 4,181,504 ----a-w C:\WINDOWS\Internet Logs\xDB62.tmp
2008-07-23 21:39 9,216 ----a-w C:\WINDOWS\Internet Logs\xDB61.tmp
2008-07-21 18:46 --------- d-----w C:\Documents and Settings\Joe\Application Data\Canon
2008-07-19 19:11 --------- d-----w C:\Program Files\Microsoft Publisher
2008-07-18 18:20 --------- d-----w C:\Documents and Settings\Joe\Application Data\Apple Computer
2008-07-17 01:09 --------- d-----w C:\Program Files\iTunes
2008-07-17 01:08 --------- d-----w C:\Program Files\QuickTime
2008-07-10 14:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-09 14:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-07-09 14:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-07-08 00:59 --------- d-----w C:\Program Files\Rhapsody
2008-07-07 00:41 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-04 03:31 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-29 15:09 --------- d-----w C:\Program Files\Steam
2008-06-29 13:10 --------- d-----w C:\Program Files\Mah Jong Quest
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:45 360,320 ------w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-20 09:52 225,920 ------w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-17 14:46 --------- d-----w C:\Documents and Settings\Joe\Application Data\LimeWire
2008-06-13 18:28 --------- d-----w C:\Program Files\TotalAudioConverter
2008-06-13 18:28 --------- d-----w C:\Documents and Settings\Joe\Application Data\Softplicity
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-31 05:03 89,600 ----a-w C:\WINDOWS\Internet Logs\xDBEF.tmp
2008-05-29 08:07 4,160,000 ----a-w C:\WINDOWS\Internet Logs\xDB14D.tmp
2008-05-29 08:07 133,632 ----a-w C:\WINDOWS\Internet Logs\xDB14C.tmp
2008-05-21 12:14 4,154,880 ----a-w C:\WINDOWS\Internet Logs\xDB29C.tmp
2008-05-21 12:14 36,352 ----a-w C:\WINDOWS\Internet Logs\xDB29B.tmp
2008-05-20 18:13 4,154,368 ----a-w C:\WINDOWS\Internet Logs\xDB14B.tmp
2008-05-20 18:13 2,923,520 ----a-w C:\WINDOWS\Internet Logs\xDB14A.tmp
2008-05-06 20:18 88,576 ---ha-w C:\Documents and Settings\Joe\Application Data\rbap550.dll
2008-05-06 20:18 59,392 ---ha-w C:\Documents and Settings\Joe\Application Data\MBSQTImporterPlugin8680.dll
2008-05-06 20:18 44,032 ---ha-w C:\Documents and Settings\Joe\Application Data\MBSMainPlugin8841.dll
2008-05-06 20:18 38,912 ---ha-w C:\Documents and Settings\Joe\Application Data\RBShell550.dll
2008-05-06 20:18 26,624 ---ha-w C:\Documents and Settings\Joe\Application Data\MBSRegistrationPlugin8816.dll
2008-05-06 20:17 74,240 ---ha-w C:\Documents and Settings\Joe\Application Data\rbqt550.DLL
2007-08-17 04:25 140 ----a-w C:\Documents and Settings\Angela\Application Data\wklnhst.dat
2006-12-06 04:49 166 ----a-w C:\Documents and Settings\Joe\Application Data\wklnhst.dat
2006-09-18 02:24 394 ----a-w C:\Documents and Settings\Catie\Application Data\wklnhst.dat
2006-06-19 15:17 0 -c--a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2007-01-18 00:35 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( snapshot_2008-07-26_17.47.02.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 01:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2008-05-13 04:14:39 22,486 ----a-r C:\WINDOWS\Installer\{6F23C1A3-9F62-470C-BD12-B83F04E67865}\Icon_SFTPBackup.exe
+ 2008-08-01 15:38:43 22,486 ----a-r C:\WINDOWS\Installer\{6F23C1A3-9F62-470C-BD12-B83F04E67865}\Icon_SFTPBackup.exe
- 2008-05-13 04:14:39 157,733 ----a-r C:\WINDOWS\Installer\{6F23C1A3-9F62-470C-BD12-B83F04E67865}\Icon_SmartFTP.exe
+ 2008-08-01 15:38:43 157,733 ----a-r C:\WINDOWS\Installer\{6F23C1A3-9F62-470C-BD12-B83F04E67865}\Icon_SmartFTP.exe
+ 2007-12-12 20:06:42 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe
- 2006-10-12 07:35:14 49,248 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-10 06:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2006-10-12 07:35:24 53,346 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-10 06:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2006-10-12 09:10:56 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-10 07:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2008-07-25 23:29:56 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
+ 2008-08-11 21:23:17 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
- 2008-07-26 21:50:59 27,220 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
+ 2008-08-12 19:44:40 495,808 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
- 2008-07-26 14:11:48 9,840,557 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
+ 2008-08-08 14:01:03 10,090,839 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
- 2008-07-26 22:04:19 1,317,376 ----a-w C:\WINDOWS\system32\ZoneLabs\zlqrtdb.dat
+ 2008-08-12 20:02:12 1,519,104 ----a-w C:\WINDOWS\system32\ZoneLabs\zlqrtdb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 16:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=C:\WINDOWS\pss\Updates From HP.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Joe^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Joe\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-09 16:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
--a------ 2005-08-02 19:19 77312 C:\WINDOWS\arpwrmsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vsmon"=2 (0x2)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"MDM"=2 (0x2)
"LightScribeService"=2 (0x2)
"IDriverT"=3 (0x3)
"CAISafe"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"ScsiAccess"=2 (0x2)
"AresChatServer"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6"="C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Last.fm\\LastFM.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\randyc55\\sin episodes emergence\\SinEpisodes.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"C:\\Program Files\\Adobe\\Photoshop Elements 6.0\\AdobePhotoshopElementsMediaServer.exe"=
"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 01:45]
S0 DigiFilter;DigiFilter;C:\WINDOWS\system32\drivers\DigiFilt.sys []
S0 ntcdrdrv;ntcdrdrv;C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys []
S2 DigiNet;Digidesign Ethernet Support;C:\WINDOWS\system32\DRIVERS\diginet.sys []
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 12:11]
S3 mad600m;mad600m;C:\WINDOWS\system32\Drivers\mad600m.sys [2005-06-16 05:13]
S3 mad600u;mad600u;C:\WINDOWS\system32\Drivers\mad600u.sys [2005-11-07 22:10]
S3 MaRdPnp;MaRdPnp;C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2005-08-17 22:44]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-06-20 15:57]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 21:03]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-05-07 16:11]
S3 softctrl;Software Flow Control Driver;C:\WINDOWS\system32\DRIVERS\softctrl.sys [2006-06-01 19:05]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7079e95a-b2fc-11dc-8719-00173124a7e3}]
\Shell\AutoRun\command - E:\InstallTomTomHOME.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71f3f109-0d7e-11dc-aed6-00173124a7e3}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2de8bf9-a671-11db-ae4d-00173124a7e3}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2008-08-03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
2008-08-12 C:\WINDOWS\Tasks\User_Feed_Synchronization-{6E063A8F-54D5-45C8-A095-7E5668F7228C}.job
- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 13:58]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-08-12 15:08:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-12 15:11:52
ComboFix-quarantined-files.txt 2008-08-12 20:11:47
ComboFix2.txt 2008-08-11 21:08:17
ComboFix3.txt 2008-08-10 18:26:02
ComboFix4.txt 2008-07-27 05:18:00
ComboFix5.txt 2008-08-12 20:00:34
Pre-Run: 35,985,833,984 bytes free
Post-Run: 35,966,980,096 bytes free
298 --- E O F --- 2008-07-13 14:45:41
