HijackThis log, please look at it, thanks!

Status
Not open for further replies.
I

iNeedHelpFast

Solid State Member
Messages
16
Ok so this is my log for Hijackthis, I also have logs for Malwarebytes, Combofix and smitfraudfix which I did not post right now so it won't be confused to as one big Hijackthis log. thanks for all your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:52:05, on 8/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 74.125.45.100 test1111.com
O1 - Hosts: 74.125.45.100 test1112.com
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 Antivirus Plus - KEEP YOUR SECURITY AND PRIVACY!
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 Antivirus Plus - KEEP YOUR SECURITY AND PRIVACY!
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 test1111.com
O1 - Hosts: 74.125.45.100 test1112.com
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 Antivirus Plus - KEEP YOUR SECURITY AND PRIVACY!
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 Antivirus Plus - KEEP YOUR SECURITY AND PRIVACY!
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKUS\S-1-5-21-1665471555-4030590811-3538944395-501\..\Run: [cdloader] "C:\Documents and Settings\Guest\Application Data\mjusbsp\cdloader2.exe" MAGICJACK (User 'Guest')
O4 - HKUS\S-1-5-21-1665471555-4030590811-3538944395-501\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User 'Guest')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1204741521953
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 4675 bytes
 
My bad, I must have accidentally moved it with the others.

Remove these entries

O1 - Hosts: 74.125.45.100 test1111.com
O1 - Hosts: 74.125.45.100 test1112.com
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 Antivirus Plus - KEEP YOUR SECURITY AND PRIVACY!
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 Antivirus Plus - KEEP YOUR SECURITY AND PRIVACY!
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 test1111.com
O1 - Hosts: 74.125.45.100 test1112.com
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 Antivirus Plus - KEEP YOUR SECURITY AND PRIVACY!
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 Antivirus Plus - KEEP YOUR SECURITY AND PRIVACY!
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com


Then post a new hijackthis log
 
Hey, Ok I deleted those entries, some came back though, here is my new log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:43:13 AM, on 8/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\magnify.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 74.125.45.100 test1111.com
O1 - Hosts: 74.125.45.100 test1112.com
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 Antivirus Plus - KEEP YOUR SECURITY AND PRIVACY!
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 Antivirus Plus - KEEP YOUR SECURITY AND PRIVACY!
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKUS\S-1-5-21-1665471555-4030590811-3538944395-501\..\Run: [cdloader] "C:\Documents and Settings\Guest\Application Data\mjusbsp\cdloader2.exe" MAGICJACK (User 'Guest')
O4 - HKUS\S-1-5-21-1665471555-4030590811-3538944395-501\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User 'Guest')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1204741521953
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 4064 bytes

Thanks for everything
 
When I try and post Combofix, it tells me the text I entered is too long, is there a section you need more then the other?
 
Ok thanks sorry for replaying 2 days later

2009-06-29 03:11 . 2009-06-29 03:11 187392 ----a-w- c:\documents and settings\Administrator\Application Data\IMVUClient\boost_python.dll
2009-06-29 03:11 . 2009-06-29 03:11 256000 ----a-w- c:\documents and settings\Administrator\Application Data\IMVUClient\audiere.dll
2009-06-26 16:50 . 2006-03-04 03:33 666624 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-25 00:15 . 2009-06-25 00:15 20480 ----a-w- c:\documents and settings\Administrator\Application Data\IMVUClient\GeckoBin\xpcshell.exe
2009-06-25 00:15 . 2009-06-25 00:15 161792 ----a-w- c:\documents and settings\Administrator\Application Data\IMVUClient\GeckoBin\crashreporter.exe
2009-06-25 00:15 . 2009-06-25 00:15 99328 ----a-w- c:\documents and settings\Administrator\Application Data\IMVUClient\GeckoBin\xulrunner-stub.exe
2009-06-25 00:15 . 2009-06-25 00:15 92672 ----a-w- c:\documents and settings\Administrator\Application Data\IMVUClient\GeckoBin\xulrunner.exe
2009-06-25 00:15 . 2009-06-25 00:15 7168 ----a-w- c:\documents and settings\Administrator\Application Data\IMVUClient\GeckoBin\mangle.exe
2009-06-25 00:15 . 2009-06-25 00:15 49152 ----a-w- c:\documents and settings\Administrator\Application Data\IMVUClient\GeckoBin\shlibsign.exe
2009-06-25 00:15 . 2009-06-25 00:15 309248 ----a-w- c:\documents and settings\Administrator\Application Data\IMVUClient\GeckoBin\xpidl.exe
2009-06-25 00:15 . 2009-06-25 00:15 239104 ----a-w- c:\documents and settings\Administrator\Application Data\IMVUClient\GeckoBin\updater.exe
2009-06-25 00:15 . 2009-06-25 00:15 22016 ----a-w- c:\documents and settings\Administrator\Application Data\IMVUClient\GeckoBin\xpt_dump.exe
2009-06-25 00:15 . 2009-06-25 00:15 18432 ----a-w- c:\documents and settings\Administrator\Application Data\IMVUClient\GeckoBin\xpt_link.exe
2009-06-25 00:15 . 2009-06-25 00:15 18432 ----a-w- c:\documents and settings\Administrator\Application Data\IMVUClient\GeckoBin\ssltunnel.exe
2009-06-25 00:15 . 2009-06-25 00:15 12288 ----a-w- c:\documents and settings\Administrator\Application Data\IMVUClient\GeckoBin\regxpcom.exe
2009-06-24 12:30 . 2009-02-22 04:06 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-24 12:30 . 2009-02-22 04:06 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-22 03:39 . 2009-06-22 03:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\acccore
2009-06-22 03:39 . 2009-06-22 03:37 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL OCP
2009-06-22 03:38 . 2009-06-22 03:35 -------- d-----w- c:\program files\AIM6
2009-06-22 03:37 . 2009-06-22 03:37 -------- d-----w- c:\program files\Viewpoint
2009-06-22 03:37 . 2009-06-22 03:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-22 03:37 . 2009-06-22 03:37 -------- d-----w- c:\documents and settings\All Users\Application Data\acccore
2009-06-22 03:37 . 2009-06-22 03:37 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-06-22 03:36 . 2009-06-22 03:36 -------- d-----w- c:\program files\Common Files\AOL
2009-06-19 19:24 . 2009-06-19 19:24 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-06-19 19:24 . 2009-06-19 19:24 -------- d--h--r- c:\documents and settings\Administrator\Application Data\SecuROM
2009-06-16 14:36 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-11 19:36 . 2009-06-11 19:36 3771296 ----a-w- c:\documents and settings\Administrator\Application Data\IMVUClient\ui\plugins\npswf32.dll
2009-06-08 23:45 . 2009-06-08 23:45 271929 ----a-w- c:\documents and settings\Administrator\Application Data\IMVUClient\pixomatic.dll
2009-06-08 23:43 . 2009-06-08 23:43 4608 ----a-w- c:\documents and settings\Administrator\Application Data\IMVUClient\w9xpopen.exe
2009-06-08 23:43 . 2009-06-08 23:43 348160 ----a-w- c:\documents and settings\Administrator\Application Data\IMVUClient\MSVCR71.dll
2009-06-08 23:43 . 2009-06-08 23:43 327680 ----a-w- c:\documents and settings\Administrator\Application Data\IMVUClient\pythoncom25.dll
2009-06-08 23:43 . 2009-06-08 23:43 2113536 ----a-w- c:\documents and settings\Administrator\Application Data\IMVUClient\python25.dll
2009-06-08 23:43 . 2009-06-08 23:43 102400 ----a-w- c:\documents and settings\Administrator\Application Data\IMVUClient\pywintypes25.dll
2009-06-07 20:54 . 2009-03-15 05:15 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-03 19:09 . 2004-08-04 10:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-26 23:50 . 2009-07-07 00:52 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-05-17 12:10 . 2009-02-22 04:06 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-08-04_07.29.55 )))))))))))))))))))))))))))))))))))))))))
 
ComboFix 09-08-10.01 - Morpheus 08/10/2009 14:46.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.607 [GMT -4:00]
Running from: c:\documents and settings\Morpheus\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-07-10 to 2009-08-10 )))))))))))))))))))))))))))))))
.

2009-08-10 02:07 . 2009-08-01 16:16 6256600 ---ha-w- c:\documents and settings\Guest\Application Data\mjusbsp\in00000\setup.exe
2009-08-10 02:07 . 2009-08-01 16:12 728600 ---ha-w- c:\documents and settings\Guest\Application Data\mjusbsp\ar00000\install.exe
2009-08-08 06:01 . 2009-08-08 06:01 -------- d-----w- c:\documents and settings\Guest\Application Data\Malwarebytes
2009-08-04 18:52 . 2009-08-03 18:26 3036024 ----a-w- c:\documents and settings\Morpheus\Application Data\Simply Super Software\Trojan Remover\vka9.exe
2009-08-04 17:42 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-08-04 17:42 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-08-04 17:42 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-08-04 17:42 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-08-04 17:42 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-08-04 17:42 . 2009-08-04 17:42 -------- d-----w- c:\program files\Trojan Remover
2009-08-04 17:42 . 2009-08-04 17:42 -------- d-----w- c:\documents and settings\Morpheus\Application Data\Simply Super Software
2009-08-04 17:42 . 2009-08-04 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-08-04 05:59 . 2009-08-04 05:59 -------- d-----w- c:\program files\Trend Micro
2009-08-04 05:42 . 2009-08-04 05:42 -------- d-----w- c:\program files\CCleaner
2009-08-04 05:38 . 2009-08-04 05:38 -------- d-----w- c:\program files\CleanUp!
2009-08-04 05:29 . 2009-08-04 05:29 -------- d-----w- c:\program files\MSConfig CleanUp
2009-08-04 05:24 . 2009-08-04 05:24 -------- d-----w- c:\documents and settings\Morpheus\Local Settings\Application Data\Adobe
2009-08-04 05:04 . 2009-08-04 05:04 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Adobe
2009-08-03 09:54 . 2009-08-03 09:54 -------- d-----w- c:\documents and settings\Morpheus\Application Data\Malwarebytes
2009-08-03 09:43 . 2009-08-03 09:43 -------- d-----w- c:\documents and settings\Morpheus\Application Data\IObit
2009-08-03 09:35 . 2009-02-21 18:09 -------- d-----w- c:\documents and settings\Morpheus\Local Settings\Application Data\ApplicationHistory
2009-08-03 09:35 . 2008-03-05 18:25 -------- d-sh--w- c:\documents and settings\Morpheus\UserData
2009-08-03 09:28 . 2009-08-03 09:28 -------- d-----w- c:\documents and settings\Guest\Application Data\IObit
2009-08-03 09:19 . 2009-08-03 09:19 -------- d-----w- c:\documents and settings\Psytrocious\Application Data\IObit
2009-08-03 09:01 . 2009-08-03 09:01 -------- d-----w- c:\documents and settings\Psytrocious\Local Settings\Application Data\Mozilla
2009-08-02 06:26 . 2009-08-02 06:26 -------- d-----w- c:\documents and settings\Guest\Application Data\acccore
2009-08-02 06:26 . 2009-08-02 06:26 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\AOL OCP
2009-08-02 06:26 . 2009-08-02 06:26 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\AOL
2009-08-02 04:47 . 2009-08-01 16:16 6256600 ---ha-w- c:\documents and settings\Guest\Application Data\mjusbsp\Upgrade\setup1.exe
2009-08-02 04:47 . 2009-08-01 16:12 728600 ---ha-w- c:\documents and settings\Guest\Application Data\mjusbsp\Upgrade\install1.exe
2009-08-01 16:16 . 2009-08-01 16:16 95576 ----a-w- c:\documents and settings\Guest\Application Data\mjusbsp\ug00000\magicJack.dll
2009-08-01 16:16 . 2009-08-01 16:16 6256600 ----a-w- c:\documents and settings\Guest\Application Data\mjusbsp\ug00000\setup.exe
2009-08-01 16:16 . 2009-08-01 16:16 413304 ----a-w- c:\documents and settings\Guest\Application Data\mjusbsp\magicJackLoader.exe
2009-08-01 16:16 . 2009-08-01 16:16 480608 ----a-w- c:\documents and settings\Guest\Application Data\mjusbsp\octvqe1_apiw.dll
2009-08-01 16:16 . 2009-08-01 16:16 214360 ----a-w- c:\documents and settings\Guest\Application Data\mjusbsp\TjVista.dll
2009-08-01 16:16 . 2009-08-01 16:16 325040 ----a-w- c:\documents and settings\Guest\Application Data\mjusbsp\TjIpSys.dll
2009-08-01 16:16 . 2009-08-01 16:16 570736 ----a-w- c:\documents and settings\Guest\Application Data\mjusbsp\SJHandsetMagicJack.dll
2009-08-01 16:15 . 2009-08-01 16:15 87384 ----a-w- c:\documents and settings\Guest\Application Data\mjusbsp\st00000\mjsetup.exe
2009-08-01 16:15 . 2009-08-01 16:15 95576 ----a-w- c:\documents and settings\Guest\Application Data\mjusbsp\st00000\magicJack.dll
2009-08-01 16:15 . 2009-08-01 16:15 95576 ----a-w- c:\documents and settings\Guest\Application Data\mjusbsp\magicJack.dll
2009-08-01 16:13 . 2009-08-01 16:13 12231512 ----a-w- c:\documents and settings\Guest\Application Data\mjusbsp\magicJack.exe
2009-08-01 16:12 . 2009-08-01 16:12 728600 ----a-w- c:\documents and settings\Guest\Application Data\mjusbsp\ug00000\install.exe
2009-08-01 16:12 . 2009-08-01 16:12 87384 ----a-w- c:\documents and settings\Guest\Application Data\mjusbsp\in00000\mjsetup.exe
2009-08-01 16:12 . 2009-08-01 16:12 95576 ----a-w- c:\documents and settings\Guest\Application Data\mjusbsp\in00000\magicJack.dll
2009-08-01 16:11 . 2009-08-01 16:11 441704 ----a-w- c:\documents and settings\Guest\Application Data\mjusbsp\ug00000\magicJackSplash.exe
2009-08-01 16:11 . 2009-08-01 16:11 441704 ----a-w- c:\documents and settings\Guest\Application Data\mjusbsp\st00000\magicJackSplash.exe
2009-08-01 16:11 . 2009-08-01 16:11 441704 ----a-w- c:\documents and settings\Guest\Application Data\mjusbsp\magicJackSplash.exe
2009-08-01 16:11 . 2009-08-01 16:11 441704 ----a-w- c:\documents and settings\Guest\Application Data\mjusbsp\in00000\magicJackSplash.exe
2009-08-01 16:11 . 2009-08-01 16:11 50520 ----a-w- c:\documents and settings\Guest\Application Data\mjusbsp\cdloader2.exe
2009-07-27 10:00 . 2008-10-16 18:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-07-27 10:00 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-07-26 16:55 . 2009-08-03 08:43 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-13 19:03 . 2009-06-14 20:30 435704 ----a-w- c:\documents and settings\All Users\Application Data\a6b1bb4\sqlite3.dll
2009-07-13 19:03 . 2009-06-14 20:30 710136 ----a-w- c:\documents and settings\All Users\Application Data\a6b1bb4\mozcrt19.dll
2009-07-13 19:02 . 2009-07-13 19:55 -------- d-sh--w- c:\documents and settings\All Users\Application Data\a6b1bb4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-10 02:08 . 2009-06-06 13:21 -------- d-----w- c:\documents and settings\Guest\Application Data\mjusbsp
2009-08-04 18:53 . 2009-04-17 15:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-04 07:19 . 2009-02-22 04:06 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-04 06:15 . 2009-02-23 21:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-03 17:36 . 2009-02-23 21:11 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 17:36 . 2009-02-23 21:11 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-21 08:39 . 2008-07-01 12:52 13888 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-20 21:06 . 2009-02-25 10:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2009-07-19 20:04 . 2009-02-22 14:16 -------- d-----w- c:\program files\DivX
2009-07-13 19:03 . 2009-04-24 04:28 3775176 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-12 20:27 . 2009-04-17 15:42 83456 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\SDCondition.dll
2009-07-12 13:44 . 2009-02-22 04:06 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-10 06:02 . 2009-06-18 03:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\IMVU
2009-07-10 05:32 . 2009-06-18 03:48 80967 ----a-w- c:\documents and settings\Administrator\Application Data\IMVUClient\Uninstall.exe
2009-07-10 05:32 . 2009-06-18 03:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\IMVUClient
2009-07-10 05:32 . 2009-07-10 05:30 16149640 ----a-w- c:\documents and settings\Administrator\Application Data\IMVUClient\installer\SetupImvu_update.exe
2009-07-07 00:52 . 2009-05-27 19:57 -------- d-----w- c:\program files\Yahoo!
2009-07-06 02:24 . 2009-07-06 02:24 -------- d-----w- c:\program files\Common Files\INCA Shared
2009-07-05 21:57 . 2009-07-05 21:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\Lexmark Productivity Studio
2009-07-05 21:51 . 2009-02-26 11:20 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-05 21:46 . 2009-07-05 21:46 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-05 21:41 . 2009-07-05 21:41 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-07-05 21:31 . 2009-07-05 21:31 0 ----a-w- c:\windows\system32\SET86.tmp
2009-07-05 21:30 . 2009-07-05 21:30 0 ----a-w- c:\windows\system32\SET85.tmp
2009-06-29 03:12 . 2009-06-29 03:12 95576 ----a-w- c:\documents and settings\Administrator\Application Data\IMVUClient\IMVUupdater.exe
2009-06-29 03:12 . 2009-06-29 03:12 49920 ----a-w- c:\documents and settings\Administrator\Application Data\IMVUClient\IMVUClient.exe
2009-06-29 03:12 . 2009-06-29 03:12 18176 ----a-w- c:\documents and settings\Administrator\Application Data\IMVUClient\imvuqualityagent.exe
2009-06-29 03:11 . 2009-06-29 03:11 1245184 ----a-w- c:\documents and settings\Administrator\Application Data\IMVUClient\SceneWindow.dll
2009-06-29 03:11 . 2009-06-29 03:11 14848 ----a-w- c:\documents and settings\Administrator\Application Data\IMVUClient\MemoryHook.dll
2009-06-29 03:11 . 2009-06-29 03:11 289792 ----a-w- c:\documents and settings\Administrator\Application Data\IMVUClient\cal3d.dll
2009-06-29 03:11 . 2009-06-29 03:11 25600 ----a-w- c:\documents and settings\Administrator\Application Data\IMVUClient\CallStack.dll

.
+ 2008-03-05 09:44 . 2009-08-08 05:56 100640 c:\windows\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-24 1948440]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-08-03 1067912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-24 12:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\Guest\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/22/2009 12:06 AM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/22/2009 12:06 AM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2/22/2009 12:06 AM 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/22/2009 12:06 AM 298776]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/21/2009 11:37 PM 24652]
S3 clr_optimization_v4.0.20506_32;.NET Runtime Optimization Service v4.0.20506_X86;c:\windows\Microsoft.NET\Framework\v4.0.20506\mscorsvw.exe [5/6/2009 9:08 AM 104272]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\documents and settings\Morpheus\Application Data\Mozilla\Firefox\Profiles\5aiwszj2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gaiaonline.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\windows\Microsoft.NET\Framework\v4.0.20506\WPF\NPWPF.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v4.0.20506\WPF\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-08-10 14:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-08-10 14:52
ComboFix-quarantined-files.txt 2009-08-10 18:52
ComboFix2.txt 2009-08-04 07:31

Pre-Run: 16,835,559,424 bytes free
Post-Run: 16,806,617,088 bytes free

251 --- E O F --- 2009-07-31 18:38
 
malwarebytes Log

Malwarebytes' Anti-Malware 1.40
Database version: 2614
Windows 5.1.2600 Service Pack 3

8/12/2009 9:54:09 PM
mbam-log-2009-08-12 (21-54-09).txt

Scan type: Full Scan (C:\|)
Objects scanned: 152314
Time elapsed: 59 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Status
Not open for further replies.

Similar threads

XWrench3
hijack this scan
Replies
6
Views
2K
XWrench3
XWrench3
G
Computer slow and work in background
Replies
0
Views
2K
grecycle99
G
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
R
Please Help
Replies
3
Views
3K
carnageX
carnageX
M
computer suddenly slowed down.
Replies
0
Views
3K
mike3dp
M
Back
Top Bottom