mbam/hijack_logs

Status
Not open for further replies.
D

daddywarbucks

Baseband Member
Messages
41
Location
Abbotsford B.C. Canada
Malwarebytes' Anti-Malware 1.44
Database version: 3544
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
1/11/2010 4:21:22 PM
mbam-log-2010-01-11 (16-21-22).txt
Scan type: Quick Scan
Objects scanned: 124403
Time elapsed: 6 minute(s), 10 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 11
Files Infected: 7
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\LREC75DND7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\E8WECRKKMV (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\All Users\Application Data\Link Axis Bat Wave (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\System Doctor Free (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VirusRemover2008 (Rogue.VirusRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VirusRemover2008\Logs (Rogue.VirusRemover) -> Quarantined and deleted successfully.
C:\Program Files\Registry Helper (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
C:\Program Files\Registry Helper\Full Backups (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
C:\Program Files\Registry Helper\Item Backups (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\1135910760 (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\775698937 (Rogue.WindowsSmartSecurity) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\All Users\Application Data\Link Axis Bat Wave\bind internet.dat (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\VirusRemover2008\Logs\scns.log (Rogue.VirusRemover) -> Quarantined and deleted successfully.
C:\Program Files\Registry Helper\Full Backups\10-15-2006--6-15-12-pm.reg (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\1135910760\init.udb (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\1135910760\Langs.udb (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\775698937\init.udb (Rogue.WindowsSmartSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\775698937\Langs.udb (Rogue.WindowsSmartSecurity) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:33:33 PM, on 1/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Compaq_Owner\My Documents\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237178676219
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O24 - Desktop Component 0: (no name) - http://bototyres.ru/files/bt168.JPG
--
End of file - 7533 bytes
 
Avg keeps finding trojan:Generic 16.ZUH
first found and removed in c:\Windows\system32\sshnas.dll
now today found it in c:\System Volume information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP344\A0041585.dll
Please advise on how to permanently remove.....Do I need to turn off system restore then run avg? thank you for help.
 
ok, turned off system restore and ran combofix,mbam,hijack: results as shown:ComboFix 10-01-12.05 - Compaq_Owner 01/13/2010 9:01.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.108 [GMT -8:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.((((((((((((((((((((((((( Files Created from 2009-12-13 to 2010-01-13
.2010-01-12 19:12 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-12 00:09 . 2010-01-12 00:09 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2010-01-12 00:09 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-12 00:08 . 2010-01-12 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-12 00:08 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-12 00:08 . 2010-01-12 00:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-11 19:42 . 2010-01-11 19:42 -------- d-----w- c:\program files\VirtualDJ
2010-01-11 19:34 . 2010-01-11 19:48 -------- d-----w- c:\program files\MagicISO
2010-01-11 18:43 . 2010-01-11 19:12 -------- d-----w- c:\documents and settings\Compaq_Owner\.ultramixer
2010-01-11 18:42 . 2010-01-11 19:48 -------- d-----w- c:\program files\UltraMixer
2010-01-11 17:51 . 2010-01-11 17:51 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-01-11 17:47 . 2010-01-11 23:20 -------- d-----w- c:\windows\Internet Logs
2010-01-09 19:04 . 2010-01-09 19:04 -------- d-sh--w- c:\documents and settings\Compaq_Owner\IECompatCache
2010-01-09 19:00 . 2010-01-09 19:00 -------- d-sh--w- c:\documents and settings\Compaq_Owner\PrivacIE
2010-01-09 18:58 . 2010-01-09 18:58 -------- d-sh--w- c:\documents and settings\Compaq_Owner\IETldCache
2010-01-09 18:53 . 2010-01-09 18:53 -------- d-----w- c:\windows\ie8updates
2010-01-09 18:47 . 2010-01-09 18:50 -------- dc-h--w- c:\windows\ie8
2010-01-09 18:42 . 2009-10-29 07:45 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-01-09 18:42 . 2009-10-29 07:45 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-09 18:42 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-01-08 20:05 . 2010-01-08 20:23 -------- d-----w- c:\program files\DICO
2010-01-08 19:51 . 2003-12-01 17:42 31787 ----a-w- c:\windows\system32\drivers\FADVR800.sys
2010-01-08 18:50 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2010-01-08 18:49 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-01-08 18:49 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-01-08 18:49 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-01-08 18:49 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-01-08 18:49 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-01-08 18:49 . 2009-06-25 08:25 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll
2010-01-08 18:49 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-01-08 18:49 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-01-08 18:49 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-01-08 18:48 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-01-08 18:48 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-01-08 18:48 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys
2010-01-08 18:48 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2010-01-08 18:48 . 2008-04-11 19:04 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2010-01-08 18:47 . 2010-01-09 19:19 364949 ----a-w- c:\windows\system32\drivers\BT848.sys
2010-01-08 18:46 . 2009-08-04 15:13 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-01-08 18:46 . 2009-08-04 14:20 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-01-08 18:46 . 2009-08-04 14:20 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-01-08 18:46 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-01-08 18:31 . 2010-01-08 18:31 -------- d-----w- c:\windows\system32\scripting
2010-01-08 18:31 . 2010-01-08 18:31 -------- d-----w- c:\windows\l2schemas
2010-01-08 18:31 . 2010-01-08 18:31 -------- d-----w- c:\windows\system32\en
2010-01-08 18:31 . 2010-01-08 18:31 -------- d-----w- c:\windows\system32\bits
2010-01-08 18:18 . 2010-01-08 18:18 -------- d-----w- c:\windows\EHome
2010-01-08 00:36 . 2010-01-08 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-01-07 19:16 . 2010-01-07 19:20 -------- d-----w- C:\Monitor1
2010-01-07 18:18 . 2010-01-07 18:18 -------- d-----w- c:\documents and settings\LocalService\Application Data\NCH Software
2010-01-07 18:12 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\mstee.sys
2010-01-07 18:12 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\ndisip.sys
2010-01-07 18:12 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\drivers\streamip.sys
2010-01-07 18:12 . 2008-04-13 18:46 11136 ----a-w- c:\windows\system32\drivers\slip.sys
2010-01-07 18:12 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\drivers\wstcodec.sys
2010-01-07 18:12 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\drivers\nabtsfec.sys
2010-01-07 18:11 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\drivers\ccdecode.sys
2010-01-07 18:10 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-01-07 18:10 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-01-07 17:51 . 2010-01-08 19:52 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\NCH Software
2010-01-05 00:43 . 2010-01-05 04:42 -------- d-----w- C:\Photoshop_cs3
2010-01-04 21:26 . 2010-01-04 21:26 -------- d-----w- c:\program files\Bonjour
2010-01-04 21:15 . 2010-01-04 21:15 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-01-04 21:08 . 2010-01-04 21:08 -------- d-----w- C:\Adobe CS3
2010-01-04 18:36 . 2010-01-04 18:36 -------- d-----w- C:\Adobe Reader 9 Installer
2010-01-04 18:20 . 2008-05-28 23:03 37176 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-04 18:18 . 2010-01-04 18:18 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-01-04 18:18 . 2010-01-04 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-01-04 18:18 . 2010-01-04 18:18 -------- d-----w- c:\program files\NOS
2010-01-04 17:21 . 2010-01-04 17:21 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Uniblue
2009-12-31 22:39 . 2009-11-25 21:01 1230080 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-12-31 22:26 . 2009-12-31 22:26 -------- d-----w- C:\$AVG
2009-12-31 22:26 . 2009-12-31 22:26 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-31 22:26 . 2009-12-31 22:26 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-31 22:26 . 2009-12-31 22:26 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-31 22:25 . 2009-12-31 22:25 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-31 22:25 . 2010-01-13 16:57 -------- d-----w- c:\windows\system32\drivers\Avg
2009-12-31 22:25 . 2009-12-31 22:39 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-12-31 22:25 . 2009-12-31 22:25 -------- d-----w- c:\program files\AVG
2009-12-31 22:25 . 2010-01-11 23:19 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-31 18:53 . 2009-12-31 18:53 -------- d-----w- c:\windows\system32\XPSViewer
2009-12-31 18:53 . 2009-12-31 18:53 -------- d-----w- c:\program files\MSBuild
2009-12-31 18:53 . 2009-12-31 18:53 -------- d-----w- c:\program files\Reference Assemblies
2009-12-31 18:53 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-31 18:52 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-12-31 18:52 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-12-31 18:52 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-12-31 18:52 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-12-31 18:52 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-12-31 18:52 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-12-31 18:52 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-12-31 18:52 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-12-31 18:50 . 2009-12-31 18:50 -------- d-----w- c:\program files\MSXML 6.0
2009-12-31 18:25 . 2007-02-21 00:04 190696 ----a-w- c:\windows\system32\NPSWF32_FlashUtil.exe
2009-12-31 18:25 . 2007-02-21 00:04 2463976 ----a-w- c:\windows\system32\NPSWF32.dll
2009-12-31 17:42 . 2009-12-31 17:42 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-31 17:40 . 2009-12-31 17:51 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\DAEMON Tools Lite
2009-12-31 17:40 . 2009-12-31 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-12-30 23:46 . 2009-12-30 23:46 111144 ----a-w- C:\GDIPFONTCACHEV1.DAT
2009-12-30 23:46 . 2009-12-30 23:46 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-12-30 22:31 . 2009-12-30 22:31 -------- d-----w- c:\program files\Adobe Media Player
2009-12-30 22:28 . 2009-12-30 22:28 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-29 23:01 . 2009-12-29 23:01 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\xddvev
2009-12-28 21:36 . 2009-12-28 21:36 -------- d-----w- C:\audio
2009-12-28 19:12 . 2009-12-28 19:12 -------- d-----w- c:\program files\ASIO4ALL v2
2009-12-28 19:10 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2009-12-28 19:10 . 2009-12-28 19:10 -------- d-----w- c:\program files\VstPlugins
2009-12-28 19:10 . 2009-12-28 19:10 -------- d-----w- c:\program files\Outsim
2009-12-28 19:07 . 2009-12-28 19:31 -------- d-----w- c:\program files\Image-Line
2009-12-28 18:38 . 2009-12-28 18:38 -------- d-----w- c:\program files\uTorrent
Find3M Report
.2010-01-13 17:06 . 2008-07-28 22:01 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\uTorrent
2010-01-13 16:47 . 2008-07-28 23:05 111912 -c--a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-13 01:02 . 2008-08-23 18:44 7444 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2008\qbbackup.sys
2010-01-08 23:22 . 2009-03-10 16:45 -------- d-----w- c:\program files\NCH Software
2010-01-08 19:52 . 2009-11-23 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2010-01-08 18:34 . 2005-01-27 05:13 83187 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-08 18:33 . 2010-01-08 18:33 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2010-01-08 18:33 . 2010-01-08 18:33 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2010-01-08 01:12 . 2009-03-10 16:44 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\NCH Swift Sound
2010-01-08 00:58 . 2009-03-10 16:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-01-04 21:26 . 2005-09-15 19:22 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-31 22:58 . 2002-01-11 03:13 -------- d-----w- c:\program files\QuickTime
2009-12-31 18:06 . 2002-01-11 03:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-31 18:03 . 2009-03-16 04:31 -------- d-----w- c:\program files\McAfee
2009-12-31 18:03 . 2008-06-28 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-12-29 22:18 . 2008-07-02 22:34 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\AdobeUM
2009-11-24 00:22 . 2009-11-24 00:18 -------- d-----w- c:\program files\Invoice2go 4.0
2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-03 01:02 . 2009-11-03 01:05 816456 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2008\Components\DownloadQB17\Patch\qbpatch2.exe
2009-10-29 07:45 . 2004-08-04 11:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 11:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
Reg Loading Points
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 21:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-28 289584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-01 2033432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-31 22:26 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-03-18 07:10 61952 ----a-w- c:\windows\system32\Hdaudpropshortcut.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 23:44 3883856----a-w-c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"j:\\Raj Khela's PC BACKUP\\My Documents\\utorrent.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20396:TCP"= 20396:TCP:BitComet 20396 TCP
"20396:UDP"= 20396:UDP:BitComet 20396 UDP
"14672:TCP"= 14672:TCP:BitComet 14672 TCP
"14672:UDP"= 14672:UDP:BitComet 14672 UDP
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/31/2009 2:26 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/31/2009 2:26 PM 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/31/2009 2:25 PM 285392]
R2 BT848;Conexant's BtPCI WDM Video Capture;c:\windows\system32\drivers\BT848.sys [1/8/2010 10:47 AM 364949]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/31/2009 9:42 AM 691696]
S2 FADVR800;FADVR800;c:\windows\system32\drivers\FADVR800.sys [1/8/2010 11:51 AM 31787]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.Contents of the 'Scheduled Tasks' folder
2009-12-24 c:\windows\Tasks\Khela Tire Service Ltd. 1221419904.job
- c:\program files\Intuit\QuickBooks 2008\AutoBackupEXE.exe [2008-12-11 18:36]
2010-01-13 c:\windows\Tasks\Khela Tire Service Ltd. 1240417286.job
- c:\program files\Intuit\QuickBooks 2008\AutoBackupEXE.exe [2008-12-11 18:36]
2010-01-13 c:\windows\Tasks\Khela Tire Service Ltd. 1254785729.job
- c:\program files\Intuit\QuickBooks 2008\AutoBackupEXE.exe [2008-12-11 18:36]
2010-01-13 c:\windows\Tasks\User_Feed_Synchronization-{0575B580-0A5B-49B7-857E-C3D85B727FE5}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 12:31]
2010-01-12 c:\windows\Tasks\{ED4EC287-B9DA-46BB-8D36-CF856FCA7B4D}_RAJ_Compaq_Owner.job
- c:\windows\system32\mobsync.exe [2004-08-04 00:12]
.------- Supplementary Scan -------
.uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
.******************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-01-13 09:09
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
DLLs Loaded Under Running Processes - - - - - - - > 'explorer.exe'(3780)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\webcheck.dll
.Completion time: 2010-01-13 09:13:03
ComboFix-quarantined-files.txt 2010-01-13 17:12
ComboFix2.txt 2010-01-11 23:58
Pre-Run: 54,140,817,408 bytes free
Post-Run: 54,109,630,464 bytes free
End Of File - - 7B7CFBF8A3A5E3154D8441AEF7E7E49F
currently scanning with avg.
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:19:26 AM, on 1/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\windows\system\hpsysdrv.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\U2Q1CUEF\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237178676219
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O24 - Desktop Component 0: (no name) - http://bototyres.ru/files/bt168.JPG

--
End of file - 7723 bytes
 
Malwarebytes' Anti-Malware 1.44
Database version: 3544
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/13/2010 10:11:03 AM
mbam-log-2010-01-13 (10-11-03).txt

Scan type: Full Scan (C:\|D:\|J:\|)
Objects scanned: 243142
Time elapsed: 52 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP347\A0042258.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\rlservice.exe.vir (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\rlvknlg.exe.vir (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
 
Status
Not open for further replies.

Similar threads

XWrench3
hijack this scan
Replies
6
Views
2K
XWrench3
XWrench3
G
Computer slow and work in background
Replies
0
Views
2K
grecycle99
G
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
R
how do i fix permissions after user name change?
Replies
6
Views
1K
rogermane588
R
M
computer suddenly slowed down.
Replies
0
Views
3K
mike3dp
M
Back
Top Bottom