mbam/hijack_logs - Tech & Computer Forums

Go Back   Tech & Computer Forums > Computer Software > Viruses, Spyware and Malware > HijackThis Logs (finished)
Reload this Page mbam/hijack_logs
 
 
Thread Tools Display Modes
 
Old 01-12-2010, 11:33 AM   #1 (permalink)
Junior Techie
 
Join Date: Jul 2009
Location: Abbotsford B.C. Canada
Posts: 41
Exclamation mbam/hijack_logs
Malwarebytes' Anti-Malware 1.44
Database version: 3544
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
1/11/2010 4:21:22 PM
mbam-log-2010-01-11 (16-21-22).txt
Scan type: Quick Scan
Objects scanned: 124403
Time elapsed: 6 minute(s), 10 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 11
Files Infected: 7
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\LREC75DND7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\E8WECRKKMV (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\All Users\Application Data\Link Axis Bat Wave (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\System Doctor Free (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VirusRemover2008 (Rogue.VirusRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VirusRemover2008\Logs (Rogue.VirusRemover) -> Quarantined and deleted successfully.
C:\Program Files\Registry Helper (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
C:\Program Files\Registry Helper\Full Backups (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
C:\Program Files\Registry Helper\Item Backups (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\1135910760 (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\775698937 (Rogue.WindowsSmartSecurity) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\All Users\Application Data\Link Axis Bat Wave\bind internet.dat (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VirusRemover2008\Logs\scns.log (Rogue.VirusRemover) -> Quarantined and deleted successfully.
C:\Program Files\Registry Helper\Full Backups\10-15-2006--6-15-12-pm.reg (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\1135910760\init.udb (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\1135910760\Langs.udb (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\775698937\init.udb (Rogue.WindowsSmartSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\775698937\Langs.udb (Rogue.WindowsSmartSecurity) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:33:33 PM, on 1/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Compaq_Owner\My Documents\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1237178676219
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01...l/MSNPUpld.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS. exe
O24 - Desktop Component 0: (no name) - http://bototyres.ru/files/bt168.JPG
--
End of file - 7533 bytes

daddywarbucks is offline  
Old 01-12-2010, 03:23 PM   #2 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,815
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default Re: mbam/hijack_logs
Log looks good.

You having any issues?
__________________
Osiris is offline  
Old 01-12-2010, 06:56 PM   #3 (permalink)
Junior Techie
 
Join Date: Jul 2009
Location: Abbotsford B.C. Canada
Posts: 41
Default Re: mbam/hijack_logs
Avg keeps finding trojan:Generic 16.ZUH
first found and removed in c:\Windows\system32\sshnas.dll
now today found it in c:\System Volume information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP344\A0041585.dll
Please advise on how to permanently remove.....Do I need to turn off system restore then run avg? thank you for help.
daddywarbucks is offline  
Old 01-12-2010, 07:00 PM   #4 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,815
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default Re: mbam/hijack_logs
Yes turn in off, run those scans again and you should be good to go.
__________________
Osiris is offline  
Old 01-13-2010, 12:42 PM   #5 (permalink)
Junior Techie
 
Join Date: Jul 2009
Location: Abbotsford B.C. Canada
Posts: 41
Default Re: mbam/hijack_logs
ok, turned off system restore and ran combofix,mbam,hijack: results as shown:ComboFix 10-01-12.05 - Compaq_Owner 01/13/2010 9:01.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.108 [GMT -8:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.((((((((((((((((((((((((( Files Created from 2009-12-13 to 2010-01-13
.2010-01-12 19:12 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-12 00:09 . 2010-01-12 00:09 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2010-01-12 00:09 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-12 00:08 . 2010-01-12 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-12 00:08 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-12 00:08 . 2010-01-12 00:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-11 19:42 . 2010-01-11 19:42 -------- d-----w- c:\program files\VirtualDJ
2010-01-11 19:34 . 2010-01-11 19:48 -------- d-----w- c:\program files\MagicISO
2010-01-11 18:43 . 2010-01-11 19:12 -------- d-----w- c:\documents and settings\Compaq_Owner\.ultramixer
2010-01-11 18:42 . 2010-01-11 19:48 -------- d-----w- c:\program files\UltraMixer
2010-01-11 17:51 . 2010-01-11 17:51 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-01-11 17:47 . 2010-01-11 23:20 -------- d-----w- c:\windows\Internet Logs
2010-01-09 19:04 . 2010-01-09 19:04 -------- d-sh--w- c:\documents and settings\Compaq_Owner\IECompatCache
2010-01-09 19:00 . 2010-01-09 19:00 -------- d-sh--w- c:\documents and settings\Compaq_Owner\PrivacIE
2010-01-09 18:58 . 2010-01-09 18:58 -------- d-sh--w- c:\documents and settings\Compaq_Owner\IETldCache
2010-01-09 18:53 . 2010-01-09 18:53 -------- d-----w- c:\windows\ie8updates
2010-01-09 18:47 . 2010-01-09 18:50 -------- dc-h--w- c:\windows\ie8
2010-01-09 18:42 . 2009-10-29 07:45 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-01-09 18:42 . 2009-10-29 07:45 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-09 18:42 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-01-08 20:05 . 2010-01-08 20:23 -------- d-----w- c:\program files\DICO
2010-01-08 19:51 . 2003-12-01 17:42 31787 ----a-w- c:\windows\system32\drivers\FADVR800.sys
2010-01-08 18:50 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2010-01-08 18:49 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-01-08 18:49 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-01-08 18:49 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-01-08 18:49 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-01-08 18:49 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-01-08 18:49 . 2009-06-25 08:25 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll
2010-01-08 18:49 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-01-08 18:49 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-01-08 18:49 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-01-08 18:48 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-01-08 18:48 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-01-08 18:48 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys
2010-01-08 18:48 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2010-01-08 18:48 . 2008-04-11 19:04 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2010-01-08 18:47 . 2010-01-09 19:19 364949 ----a-w- c:\windows\system32\drivers\BT848.sys
2010-01-08 18:46 . 2009-08-04 15:13 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-01-08 18:46 . 2009-08-04 14:20 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-01-08 18:46 . 2009-08-04 14:20 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-01-08 18:46 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-01-08 18:31 . 2010-01-08 18:31 -------- d-----w- c:\windows\system32\scripting
2010-01-08 18:31 . 2010-01-08 18:31 -------- d-----w- c:\windows\l2schemas
2010-01-08 18:31 . 2010-01-08 18:31 -------- d-----w- c:\windows\system32\en
2010-01-08 18:31 . 2010-01-08 18:31 -------- d-----w- c:\windows\system32\bits
2010-01-08 18:18 . 2010-01-08 18:18 -------- d-----w- c:\windows\EHome
2010-01-08 00:36 . 2010-01-08 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-01-07 19:16 . 2010-01-07 19:20 -------- d-----w- C:\Monitor1
2010-01-07 18:18 . 2010-01-07 18:18 -------- d-----w- c:\documents and settings\LocalService\Application Data\NCH Software
2010-01-07 18:12 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\mstee.sys
2010-01-07 18:12 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\ndisip.sys
2010-01-07 18:12 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\drivers\streamip.sys
2010-01-07 18:12 . 2008-04-13 18:46 11136 ----a-w- c:\windows\system32\drivers\slip.sys
2010-01-07 18:12 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\drivers\wstcodec.sys
2010-01-07 18:12 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\drivers\nabtsfec.sys
2010-01-07 18:11 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\drivers\ccdecode.sys
2010-01-07 18:10 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-01-07 18:10 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-01-07 17:51 . 2010-01-08 19:52 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\NCH Software
2010-01-05 00:43 . 2010-01-05 04:42 -------- d-----w- C:\Photoshop_cs3
2010-01-04 21:26 . 2010-01-04 21:26 -------- d-----w- c:\program files\Bonjour
2010-01-04 21:15 . 2010-01-04 21:15 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-01-04 21:08 . 2010-01-04 21:08 -------- d-----w- C:\Adobe CS3
2010-01-04 18:36 . 2010-01-04 18:36 -------- d-----w- C:\Adobe Reader 9 Installer
2010-01-04 18:20 . 2008-05-28 23:03 37176 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2010-01-04 18:18 . 2010-01-04 18:18 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-01-04 18:18 . 2010-01-04 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-01-04 18:18 . 2010-01-04 18:18 -------- d-----w- c:\program files\NOS
2010-01-04 17:21 . 2010-01-04 17:21 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Uniblue
2009-12-31 22:39 . 2009-11-25 21:01 1230080 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-12-31 22:26 . 2009-12-31 22:26 -------- d-----w- C:\$AVG
2009-12-31 22:26 . 2009-12-31 22:26 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-31 22:26 . 2009-12-31 22:26 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-31 22:26 . 2009-12-31 22:26 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-31 22:25 . 2009-12-31 22:25 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-31 22:25 . 2010-01-13 16:57 -------- d-----w- c:\windows\system32\drivers\Avg
2009-12-31 22:25 . 2009-12-31 22:39 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-12-31 22:25 . 2009-12-31 22:25 -------- d-----w- c:\program files\AVG
2009-12-31 22:25 . 2010-01-11 23:19 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-31 18:53 . 2009-12-31 18:53 -------- d-----w- c:\windows\system32\XPSViewer
2009-12-31 18:53 . 2009-12-31 18:53 -------- d-----w- c:\program files\MSBuild
2009-12-31 18:53 . 2009-12-31 18:53 -------- d-----w- c:\program files\Reference Assemblies
2009-12-31 18:53 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpi pelineprintproc.dll
2009-12-31 18:52 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintpr oc.dll
2009-12-31 18:52 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-12-31 18:52 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-12-31 18:52 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-12-31 18:52 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfil terpipelinesvc.exe
2009-12-31 18:52 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesv c.exe
2009-12-31 18:52 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-12-31 18:52 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-12-31 18:50 . 2009-12-31 18:50 -------- d-----w- c:\program files\MSXML 6.0
2009-12-31 18:25 . 2007-02-21 00:04 190696 ----a-w- c:\windows\system32\NPSWF32_FlashUtil.exe
2009-12-31 18:25 . 2007-02-21 00:04 2463976 ----a-w- c:\windows\system32\NPSWF32.dll
2009-12-31 17:42 . 2009-12-31 17:42 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-31 17:40 . 2009-12-31 17:51 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\DAEMON Tools Lite
2009-12-31 17:40 . 2009-12-31 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-12-30 23:46 . 2009-12-30 23:46 111144 ----a-w- C:\GDIPFONTCACHEV1.DAT
2009-12-30 23:46 . 2009-12-30 23:46 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-12-30 22:31 . 2009-12-30 22:31 -------- d-----w- c:\program files\Adobe Media Player
2009-12-30 22:28 . 2009-12-30 22:28 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-29 23:01 . 2009-12-29 23:01 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\xddvev
2009-12-28 21:36 . 2009-12-28 21:36 -------- d-----w- C:\audio
2009-12-28 19:12 . 2009-12-28 19:12 -------- d-----w- c:\program files\ASIO4ALL v2
2009-12-28 19:10 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2009-12-28 19:10 . 2009-12-28 19:10 -------- d-----w- c:\program files\VstPlugins
2009-12-28 19:10 . 2009-12-28 19:10 -------- d-----w- c:\program files\Outsim
2009-12-28 19:07 . 2009-12-28 19:31 -------- d-----w- c:\program files\Image-Line
2009-12-28 18:38 . 2009-12-28 18:38 -------- d-----w- c:\program files\uTorrent
Find3M Report
.2010-01-13 17:06 . 2008-07-28 22:01 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\uTorrent
2010-01-13 16:47 . 2008-07-28 23:05 111912 -c--a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-13 01:02 . 2008-08-23 18:44 7444 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2008\qbbackup.sys
2010-01-08 23:22 . 2009-03-10 16:45 -------- d-----w- c:\program files\NCH Software
2010-01-08 19:52 . 2009-11-23 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2010-01-08 18:34 . 2005-01-27 05:13 83187 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-08 18:33 . 2010-01-08 18:33 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSet up.exe
2010-01-08 18:33 . 2010-01-08 18:33 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2010-01-08 01:12 . 2009-03-10 16:44 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\NCH Swift Sound
2010-01-08 00:58 . 2009-03-10 16:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-01-04 21:26 . 2005-09-15 19:22 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-31 22:58 . 2002-01-11 03:13 -------- d-----w- c:\program files\QuickTime
2009-12-31 18:06 . 2002-01-11 03:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-31 18:03 . 2009-03-16 04:31 -------- d-----w- c:\program files\McAfee
2009-12-31 18:03 . 2008-06-28 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-12-29 22:18 . 2008-07-02 22:34 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\AdobeUM
2009-11-24 00:22 . 2009-11-24 00:18 -------- d-----w- c:\program files\Invoice2go 4.0
2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-03 01:02 . 2009-11-03 01:05 816456 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2008\Components\DownloadQB17\Patch\qbpatch2.exe
2009-10-29 07:45 . 2004-08-04 11:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 11:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
Reg Loading Points
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 21:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-28 289584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwat cher.exe" [2004-10-14 253952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2005-04-05 114688]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-01 2033432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-31 22:26 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-03-18 07:10 61952 ----a-w- c:\windows\system32\Hdaudpropshortcut.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 23:44 3883856----a-w-c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"j:\\Raj Khela's PC BACKUP\\My Documents\\utorrent.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"20396:TCP"= 20396:TCP:BitComet 20396 TCP
"20396:UDP"= 20396:UDP:BitComet 20396 UDP
"14672:TCP"= 14672:TCP:BitComet 14672 TCP
"14672:UDP"= 14672:UDP:BitComet 14672 UDP
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/31/2009 2:26 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/31/2009 2:26 PM 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/31/2009 2:25 PM 285392]
R2 BT848;Conexant's BtPCI WDM Video Capture;c:\windows\system32\drivers\BT848.sys [1/8/2010 10:47 AM 364949]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/31/2009 9:42 AM 691696]
S2 FADVR800;FADVR800;c:\windows\system32\drivers\FADV R800.sys [1/8/2010 11:51 AM 31787]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.Contents of the 'Scheduled Tasks' folder
2009-12-24 c:\windows\Tasks\Khela Tire Service Ltd. 1221419904.job
- c:\program files\Intuit\QuickBooks 2008\AutoBackupEXE.exe [2008-12-11 18:36]
2010-01-13 c:\windows\Tasks\Khela Tire Service Ltd. 1240417286.job
- c:\program files\Intuit\QuickBooks 2008\AutoBackupEXE.exe [2008-12-11 18:36]
2010-01-13 c:\windows\Tasks\Khela Tire Service Ltd. 1254785729.job
- c:\program files\Intuit\QuickBooks 2008\AutoBackupEXE.exe [2008-12-11 18:36]
2010-01-13 c:\windows\Tasks\User_Feed_Synchronization-{0575B580-0A5B-49B7-857E-C3D85B727FE5}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 12:31]
2010-01-12 c:\windows\Tasks\{ED4EC287-B9DA-46BB-8D36-CF856FCA7B4D}_RAJ_Compaq_Owner.job
- c:\windows\system32\mobsync.exe [2004-08-04 00:12]
.------- Supplementary Scan -------
.uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
.************************************************* *****************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-01-13 09:09
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
DLLs Loaded Under Running Processes - - - - - - - > 'explorer.exe'(3780)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\webcheck.dll
.Completion time: 2010-01-13 09:13:03
ComboFix-quarantined-files.txt 2010-01-13 17:12
ComboFix2.txt 2010-01-11 23:58
Pre-Run: 54,140,817,408 bytes free
Post-Run: 54,109,630,464 bytes free
End Of File - - 7B7CFBF8A3A5E3154D8441AEF7E7E49F
currently scanning with avg.
daddywarbucks is offline  
Old 01-13-2010, 12:42 PM   #6 (permalink)
Junior Techie
 
Join Date: Jul 2009
Location: Abbotsford B.C. Canada
Posts: 41
Default Re: mbam/hijack_logs
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:19:26 AM, on 1/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\windows\system\hpsysdrv.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\U2Q1CUEF\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1237178676219
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01...l/MSNPUpld.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS. exe
O24 - Desktop Component 0: (no name) - http://bototyres.ru/files/bt168.JPG

--
End of file - 7723 bytes
daddywarbucks is offline  
Old 01-13-2010, 12:46 PM   #7 (permalink)
Junior Techie
 
Join Date: Jul 2009
Location: Abbotsford B.C. Canada
Posts: 41
Default Re: mbam/hijack_logs
Malwarebytes' Anti-Malware 1.44
Database version: 3544
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/13/2010 10:11:03 AM
mbam-log-2010-01-13 (10-11-03).txt

Scan type: Full Scan (C:\|D:\|J:\|)
Objects scanned: 243142
Time elapsed: 52 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP347\A0042258.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\rlservice.exe.vir (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\rlvknlg.exe.vir (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
daddywarbucks is offline  
Old 01-14-2010, 08:17 AM   #8 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,815
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default Re: mbam/hijack_logs
Run malwarebytes one more time and post its log
__________________
Osiris is offline  
 

« please take a look at logs | Hijack this log »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


All times are GMT -5. The time now is 11:56 AM.

Contact Us - Computer Technology Forums - Archive - Community Rules - Terms of Service - Privacy - Top

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2013, vBulletin Solutions, Inc.
Content Relevant URLs by vBSEO