hijack log

Printable View

Show 40 post(s) from this thread on one page

June 27th, 2010, 01:59 PM
noid

hijack log

I have no name-able problems, but could someone please check the log?
thanks, Noid

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:00:30, on 27/06/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\dllhost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\UPHClean\uphclean.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\WINDOWS\Explorer.EXE
D:\Program Files\hijibanana\banana 2.exe

O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} -

e:\program files\wsbho2k0.dll (file missing)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program

Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Skype add-on for Internet Explorer -

{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer -

{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - D:\Program

Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

--
End of file - 1896 bytes
June 27th, 2010, 06:03 PM
Broni

Make sure to disable "word wrap" in Notepad.

Please, download DDS from one of the 2 mirrors and save it to your desktop.

Mirror 1
Mirror 2

* Disable any script blocking protection (if present)
* Double click the dds icon to run the tool.
* When done, DDS will open two logs:
1. DDS.txt
2. Attach.txt
* Save both reports to your desktop by clicking File>Save As in each log.

Include the contents of both logs in your new topic. The scan will instruct you to post Attach.txt as an attachment. No need for that though ..... just post it's contents as you would any other log.

==============================================================

STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

RESTART COMPUTER

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
June 28th, 2010, 05:28 PM
noid

why are you suggesting these malware programs?
thanks, Noid
June 28th, 2010, 10:09 PM
Broni

Hmmm...because I do this every day tens of times.
Why are you asking?
June 29th, 2010, 04:17 PM
noid

I am using ad aware and spybot - in the past just installing other programs messed up things. And what do you think about my hijack txt? This is what I wanted to know about - do you see something there requiring the programs you recommended?
thanks, Noid
June 29th, 2010, 05:00 PM
Train

They will show things that hijack will not show.
June 29th, 2010, 09:45 PM
Broni

HJT is no longer enough to determine security status of someone's computer.
On a top of it, the log is incomplete.
June 30th, 2010, 05:52 PM
noid

Hi Broni, below the complete hijack log, I think of it as a first step. I had some terrible trouble in the past when I installed two anti-mal programs at the same time - is it ok to go forward despite having ad-aware and spybot installed? thanks, Noid

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:51:28, on 30/06/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\program files\HighCriteriaTotalRecorder\TotRecSched.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\program files\active sync\WCESCOMM.EXE
D:\Program Files\PC-TV\WinManager\WinManager.exe
D:\Program Files\YCIII\YankClip.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\dllhost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\UPHClean\uphclean.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\PC-TV\TwinhanDTV\TwinhanDTV.exe
D:\Program Files\Microsoft Office\Office10\WINWORD.EXE
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\notepad.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
D:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
D:\Program Files\Outlook Express\msimn.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\hijibanana\banana 2.exe

O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - e:\program files\wsbho2k0.dll (file missing)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

--
End of file - 2417 bytes
June 30th, 2010, 07:57 PM
Broni

Please, re-read my reply #2.
That's the only way, we can continue here.
July 1st, 2010, 04:50 PM
noid

3 Attachment(s)

Please find these attached,

Noid
July 1st, 2010, 05:22 PM
Broni

My instructions say to paste all logs, not to attach them.
July 2nd, 2010, 10:09 AM
noid

I did as you requested, this is what virutal Forum said:The text that you have entered is too long (21665 characters). Please shorten it to 20000 characters long.

What do you suggest?
July 2nd, 2010, 11:37 PM
Broni

Split logs between couple of posts.
July 3rd, 2010, 05:52 AM
noid

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 03/11/2003 10:13:24
System Uptime: 07/01/2010 09:06:25 (4212 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | GA-7VA
Processor: AMD Athlon(tm) XP 1700+ | Socket A | 1473/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (FAT32) - 6 GiB total, 1.213 GiB free.
D: is FIXED (FAT32) - 13 GiB total, 1.611 GiB free.
E: is FIXED (FAT32) - 20 GiB total, 10.906 GiB free.
F: is CDROM (UDF)
G: is CDROM ()
I: is FIXED (NTFS) - 43 GiB total, 7.138 GiB free.
J: is FIXED (FAT32) - 29 GiB total, 20.987 GiB free.
K: is FIXED (FAT32) - 29 GiB total, 7.257 GiB free.
L: is FIXED (FAT32) - 11 GiB total, 5.817 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1305: 13/06/2010 11:32:50 - Installed LG PC Suite III
RP1306: 14/06/2010 12:10:24 - System Checkpoint
RP1307: 15/06/2010 13:44:41 - System Checkpoint
RP1308: 17/06/2010 07:32:09 - System Checkpoint
RP1309: 18/06/2010 10:04:28 - System Checkpoint
RP1310: 22/06/2010 10:36:11 - System Checkpoint
RP1311: 23/06/2010 17:40:53 - System Checkpoint
RP1312: 27/06/2010 13:06:27 - bef firefox
RP1313: 29/06/2010 19:43:22 - System Checkpoint
RP1314: 01/07/2010 07:32:02 - System Checkpoint

==== Installed Programs ======================

128-bit Encryption Pack for Handheld PC Pro
Acronis*True*Image
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.7
ArcSoft PhotoBase 3
ArcSoft PhotoStudio 5
Art Plus Download Assistant
ASUSDVD
ATI Display Driver
Avance AC'97 Audio
avast! Antivirus
Canon iP4200
Canon Setup Utility 2.0
CCleaner (remove only)
Copy
CreativeProjects
CreativeProjectsTemplates
CueTour
Destinations
Director
DocProc
Enable S3 for USB Device
EVEREST Home Edition v1.51
eWallet for Handheld PC Pro/2000
eWallet for Windows PCs
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Diagnostic Assistant
HP Image Zone 4.0
HP Scanjet 4070
HP Software Update
hpg4070
HPSystemDiagnostics
InstantShare
Ipswitch WS_FTP Pro
IrfanView (remove only)
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1
JetLinks
jv16 PowerTools 1.3
LG PC Suite III
LG USB Modem Drivers
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft ActiveSync 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional
Microsoft Plus! Windows CE, Handheld PC Edition 3.0
Microsoft Power Toys, Handheld PC Edition 3.0
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.15)
MSXML 4.0 SP2 (KB927978)
MSXML 6.0 Parser (KB933579)
MT882
MyPhoneExplorer
Nero OEM
Olympus Voice Album
Overland
PartitionMagic
PhotoGallery
PowerPresent v1.0hp
PowerQuest PartitionMagic 8.0
PrintScreen
QFolder
QuickProjects
QuickTime
Readiris Pro 9
RealPlayer
Scan
SeaTools for Windows
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB946026)
Shockwave
SkinsHP1
Skype Toolbars
Skype™ 4.2
Solar Fire Deluxe
Spybot - Search & Destroy 1.3
TalkTalk Broadband
Total Recorder 4.5
TrayApp
Tweak UI
TwinhanDTV
Unload
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB938828)
User Profile Hive Cleanup Service
VisitURL 1.74
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WebReg
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinZip
XML Paper Specification Shared Components Pack 1.0
xTerminator 4.5.2
Yankee Clipper III
ZoneAlarm

==== Event Viewer Messages From Past Week ========

28/06/2010 21:24:34, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
27/06/2010 14:36:20, error: Service Control Manager [7034] - The User Profile Hive Cleanup service terminated unexpectedly. It has done this 1 time(s).
26/06/2010 10:16:46, error: Service Control Manager [7000] - The USBDTT - USB 1.1 DVB-T adapter Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
24/06/2010 21:13:13, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.

==== End Of File ===========================
July 3rd, 2010, 06:00 AM
noid

DDS (Ver_10-03-17.01) - FAT32x86
Run by at 21:34:59.34 on 01/07/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Home Edition 5.1.2xx0.2.1252.1.1033.xx.767.390 [GMT 1:00]

AV: avast! antivirus 4.8.1351 [VPS 100627-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
D:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
D:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\program files\HighCriteriaTotalRecorder\TotRecSched.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\program files\active sync\WCESCOMM.EXE
D:\Program Files\PC-TV\WinManager\WinManager.exe
D:\Program Files\YCIII\YankClip.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\dllhost.exe
D:\WINDOWS\System32\svchost.exe -k HTTPFilter
D:\WINDOWS\System32\svchost.exe -k imgsvc
D:\Program Files\UPHClean\uphclean.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\notepad.exe
D:\WINDOWS\system32\notepad.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Outlook Express\msimn.exe
D:\WINDOWS\system32\notepad.exe
D:\Documents and Settings\c\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - e:\program files\wsbho2k0.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - d:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - d:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "e:\program files\active sync\WCESCOMM.EXE"
mRun: [TotalRecorderScheduler] "e:\program files\highcriteriatotalrecorder\TotRecSched.exe"
mRun: [Zone Labs Client] "d:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [avast!] e:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [QuickTime Task] "e:\quick\quicktimecdinstaller\qttask.exe" -atboottime
StartupFolder: d:\docume~1\ursula~1\startm~1\programs\startup\yankee~1.lnk - d:\program files\yciii\YankClip.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\winman~1.lnk - d:\program files\pc-tv\winmanager\WinManager.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - d:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
uPolicies-explorer: NoNetworkConnections = 01000000
uPolicies-explorer: NoLogoff =
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - d:\program files\java\jre1.6.0_02\bin\npjpi160_02.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - d:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Trusted Zone: amazon.co.uk\www
Trusted Zone: aol.com\my.screenname
Trusted Zone: argos.co.uk\www
Trusted Zone: beautyflash.co.uk\www
Trusted Zone: easyjet.com\www
Trusted Zone: ebay.co.uk\www
Trusted Zone: egg.com\new
Trusted Zone: epdq.co.uk\secure2
Trusted Zone: firstgreatwestern.co.uk\www.buytickets
Trusted Zone: google.com\mail
Trusted Zone: justanswer.com\www
Trusted Zone: londoneye.com\secure
Trusted Zone: microsoft.com\update
Trusted Zone: nationet.com\olb2
Trusted Zone: netbanx.com\www
Trusted Zone: org.uk\tickets.tate
Trusted Zone: quelle.at\www
Trusted Zone: ryanair.com
Trusted Zone: sadlerswells.com\tickets
Trusted Zone: skype.com\secure
Trusted Zone: spiritofnature.co.uk\www
Trusted Zone: sportinglife.com\www
Trusted Zone: stanstedexpress.com\www
Trusted Zone: tfl.gov.uk\oyster
Trusted Zone: williamhill.com\sports
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {25336921-03F9-11CF-8FD0-00AA00686F13} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38183.2530671296
DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} - hxxp://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - hxxp://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - d:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - d:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - e:\program files\active sync\aatp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - d:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\ursula~1\applic~1\mozilla\firefox\profiles\p2tz0fvv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1647887&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\real\realplayer\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpjplug.dll
FF - plugin: e:\quick\quicktimecdinstaller\plugins\npqtplugin.dll
FF - plugin: e:\quick\quicktimecdinstaller\plugins\npqtplugin2.dll
FF - plugin: e:\quick\quicktimecdinstaller\plugins\npqtplugin3.dll
FF - plugin: e:\quick\quicktimecdinstaller\plugins\npqtplugin4.dll
FF - plugin: e:\quick\quicktimecdinstaller\plugins\npqtplugin5.dll
FF - plugin: e:\quick\quicktimecdinstaller\plugins\npqtplugin6.dll
FF - plugin: e:\quick\quicktimecdinstaller\plugins\npqtplugin7.dll
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;d:\windows\system32\drivers\aswSP.sys [2008-10-11 114768]
R1 vsdatant;vsdatant;d:\windows\system32\vsdatant.sys [2007-10-16 392824]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [2008-10-11 20560]
R2 avast! Antivirus;avast! Antivirus;e:\program files\alwil software\avast4\ashServ.exe [2008-10-11 138680]
R2 UDTTCAP;USBDTT - USB 1.1 DVB-T adapter Driver;d:\windows\system32\drivers\UDTTCAP.sys [2007-1-16 24646]
R2 vsmon;TrueVector Internet Monitor;d:\windows\system32\zonelabs\vsmon.exe -service --> d:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 avast! Web Scanner;avast! Web Scanner;e:\program files\alwil software\avast4\ashWebSv.exe [2008-10-11 352920]
R3 iadusb;MT882;d:\windows\system32\drivers\glauiad.sys [2006-11-17 30336]
S3 avast! Mail Scanner;avast! Mail Scanner;e:\program files\alwil software\avast4\ashMaiSv.exe [2008-10-11 254040]
S3 Ca100v;Smart Cam, WDM Video Capture;d:\windows\system32\drivers\ca100v.sys --> d:\windows\system32\drivers\Ca100v.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
S3 pctvvbi;PCTVVBI;d:\windows\system32\drivers\pctvvbi.sys --> d:\windows\system32\drivers\pctvvbi.sys [?]
S3 u3kmini;ASUS My Cinema-U3000 Mini;d:\windows\system32\drivers\u3kmini.sys [2008-3-29 352000]
S3 UDTTLOAD;DVB-T USB adapter firmware loader;d:\windows\system32\drivers\UDTTload.sys [2007-1-16 17754]
S3 UDTTUSB;USBDTT - USB DVB-T adapter Driver;d:\windows\system32\drivers\UDTTCAP.sys [2007-1-16 24646]
S3 VVRUSB;VVRUSB Device;d:\windows\system32\drivers\VVRUSB.sys [2005-5-8 38479]

=============== Created Last 30 ================

2010-06-13 10:33:14 630784 ----a-w- d:\windows\system32\vsflex8u.ocx
2010-06-13 10:33:14 419240 ----a-w- d:\windows\system32\Vsflex7L.ocx
2010-06-13 10:33:14 244416 ----a-w- d:\windows\system32\Msflxgrd.ocx
2010-06-13 10:33:14 1164728 ----a-w- d:\windows\system32\NMSDVDXU.dll

==================== Find3M ====================

2005-01-04 11:02:48 3142859 ----a-w- d:\program files\everesthome151.exe
2004-12-18 19:38:00 1846164 ----a-w- d:\program files\wink15.exe
2003-11-06 23:36:54 1101216 ------w- d:\program files\YC3Setup.EXE
2003-11-05 21:53:32 150192 ------w- d:\program files\TweakUiPowertoySetup.exe
2003-11-05 20:41:34 3146177 ------w- d:\program files\aida32pe_385.exe
2003-04-08 16:08:44 12254 ------w- d:\program files\Readme.doc
2001-09-21 15:22:12 1259960 ----a-r- d:\program files\winzip80.exe
2001-07-31 12:53:18 34051 ------w- d:\program files\autorun.exe
1998-06-18 08:29:48 51 ------w- d:\program files\AUTORUN.INF
2007-10-11 17:06:26 2080 --sha-w- d:\windows\system32\drivers\fidbox.dat

============= FINISH: 21:35:26.21 ===============
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-07-01 21:51:40
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: D:\DOCUME~1\1\LOCALS~1\Temp\fgtdqkoc.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

Show 40 post(s) from this thread on one page