hijack log

Printable View

June 27th, 2010, 01:59 PM
noid

hijack log

I have no name-able problems, but could someone please check the log?
thanks, Noid

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:00:30, on 27/06/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\dllhost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\UPHClean\uphclean.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\WINDOWS\Explorer.EXE
D:\Program Files\hijibanana\banana 2.exe

O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} -

e:\program files\wsbho2k0.dll (file missing)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program

Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Skype add-on for Internet Explorer -

{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer -

{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - D:\Program

Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

--
End of file - 1896 bytes
June 27th, 2010, 06:03 PM
Broni

Make sure to disable "word wrap" in Notepad.

Please, download DDS from one of the 2 mirrors and save it to your desktop.

Mirror 1
Mirror 2

* Disable any script blocking protection (if present)
* Double click the dds icon to run the tool.
* When done, DDS will open two logs:
1. DDS.txt
2. Attach.txt
* Save both reports to your desktop by clicking File>Save As in each log.

Include the contents of both logs in your new topic. The scan will instruct you to post Attach.txt as an attachment. No need for that though ..... just post it's contents as you would any other log.

==============================================================

STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

RESTART COMPUTER

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
June 28th, 2010, 05:28 PM
noid

why are you suggesting these malware programs?
thanks, Noid
June 28th, 2010, 10:09 PM
Broni

Hmmm...because I do this every day tens of times.
Why are you asking?
June 29th, 2010, 04:17 PM
noid

I am using ad aware and spybot - in the past just installing other programs messed up things. And what do you think about my hijack txt? This is what I wanted to know about - do you see something there requiring the programs you recommended?
thanks, Noid
June 29th, 2010, 05:00 PM
Train

They will show things that hijack will not show.
June 29th, 2010, 09:45 PM
Broni

HJT is no longer enough to determine security status of someone's computer.
On a top of it, the log is incomplete.
June 30th, 2010, 05:52 PM
noid

Hi Broni, below the complete hijack log, I think of it as a first step. I had some terrible trouble in the past when I installed two anti-mal programs at the same time - is it ok to go forward despite having ad-aware and spybot installed? thanks, Noid

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:51:28, on 30/06/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\program files\HighCriteriaTotalRecorder\TotRecSched.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\program files\active sync\WCESCOMM.EXE
D:\Program Files\PC-TV\WinManager\WinManager.exe
D:\Program Files\YCIII\YankClip.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\dllhost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\UPHClean\uphclean.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\PC-TV\TwinhanDTV\TwinhanDTV.exe
D:\Program Files\Microsoft Office\Office10\WINWORD.EXE
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\notepad.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
D:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
D:\Program Files\Outlook Express\msimn.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\hijibanana\banana 2.exe

O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - e:\program files\wsbho2k0.dll (file missing)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

--
End of file - 2417 bytes
June 30th, 2010, 07:57 PM
Broni

Please, re-read my reply #2.
That's the only way, we can continue here.
July 1st, 2010, 04:50 PM
noid

3 Attachment(s)

Please find these attached,

Noid
July 1st, 2010, 05:22 PM
Broni

My instructions say to paste all logs, not to attach them.
July 2nd, 2010, 10:09 AM
noid

I did as you requested, this is what virutal Forum said:The text that you have entered is too long (21665 characters). Please shorten it to 20000 characters long.

What do you suggest?
July 2nd, 2010, 11:37 PM
Broni

Split logs between couple of posts.
July 3rd, 2010, 05:52 AM
noid

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 03/11/2003 10:13:24
System Uptime: 07/01/2010 09:06:25 (4212 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | GA-7VA
Processor: AMD Athlon(tm) XP 1700+ | Socket A | 1473/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (FAT32) - 6 GiB total, 1.213 GiB free.
D: is FIXED (FAT32) - 13 GiB total, 1.611 GiB free.
E: is FIXED (FAT32) - 20 GiB total, 10.906 GiB free.
F: is CDROM (UDF)
G: is CDROM ()
I: is FIXED (NTFS) - 43 GiB total, 7.138 GiB free.
J: is FIXED (FAT32) - 29 GiB total, 20.987 GiB free.
K: is FIXED (FAT32) - 29 GiB total, 7.257 GiB free.
L: is FIXED (FAT32) - 11 GiB total, 5.817 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1305: 13/06/2010 11:32:50 - Installed LG PC Suite III
RP1306: 14/06/2010 12:10:24 - System Checkpoint
RP1307: 15/06/2010 13:44:41 - System Checkpoint
RP1308: 17/06/2010 07:32:09 - System Checkpoint
RP1309: 18/06/2010 10:04:28 - System Checkpoint
RP1310: 22/06/2010 10:36:11 - System Checkpoint
RP1311: 23/06/2010 17:40:53 - System Checkpoint
RP1312: 27/06/2010 13:06:27 - bef firefox
RP1313: 29/06/2010 19:43:22 - System Checkpoint
RP1314: 01/07/2010 07:32:02 - System Checkpoint

==== Installed Programs ======================

128-bit Encryption Pack for Handheld PC Pro
Acronis*True*Image
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.7
ArcSoft PhotoBase 3
ArcSoft PhotoStudio 5
Art Plus Download Assistant
ASUSDVD
ATI Display Driver
Avance AC'97 Audio
avast! Antivirus
Canon iP4200
Canon Setup Utility 2.0
CCleaner (remove only)
Copy
CreativeProjects
CreativeProjectsTemplates
CueTour
Destinations
Director
DocProc
Enable S3 for USB Device
EVEREST Home Edition v1.51
eWallet for Handheld PC Pro/2000
eWallet for Windows PCs
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Diagnostic Assistant
HP Image Zone 4.0
HP Scanjet 4070
HP Software Update
hpg4070
HPSystemDiagnostics
InstantShare
Ipswitch WS_FTP Pro
IrfanView (remove only)
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1
JetLinks
jv16 PowerTools 1.3
LG PC Suite III
LG USB Modem Drivers
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft ActiveSync 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional
Microsoft Plus! Windows CE, Handheld PC Edition 3.0
Microsoft Power Toys, Handheld PC Edition 3.0
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.15)
MSXML 4.0 SP2 (KB927978)
MSXML 6.0 Parser (KB933579)
MT882
MyPhoneExplorer
Nero OEM
Olympus Voice Album
Overland
PartitionMagic
PhotoGallery
PowerPresent v1.0hp
PowerQuest PartitionMagic 8.0
PrintScreen
QFolder
QuickProjects
QuickTime
Readiris Pro 9
RealPlayer
Scan
SeaTools for Windows
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB946026)
Shockwave
SkinsHP1
Skype Toolbars
Skype™ 4.2
Solar Fire Deluxe
Spybot - Search & Destroy 1.3
TalkTalk Broadband
Total Recorder 4.5
TrayApp
Tweak UI
TwinhanDTV
Unload
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB938828)
User Profile Hive Cleanup Service
VisitURL 1.74
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WebReg
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinZip
XML Paper Specification Shared Components Pack 1.0
xTerminator 4.5.2
Yankee Clipper III
ZoneAlarm

==== Event Viewer Messages From Past Week ========

28/06/2010 21:24:34, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
27/06/2010 14:36:20, error: Service Control Manager [7034] - The User Profile Hive Cleanup service terminated unexpectedly. It has done this 1 time(s).
26/06/2010 10:16:46, error: Service Control Manager [7000] - The USBDTT - USB 1.1 DVB-T adapter Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
24/06/2010 21:13:13, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.

==== End Of File ===========================
July 3rd, 2010, 06:00 AM
noid

DDS (Ver_10-03-17.01) - FAT32x86
Run by at 21:34:59.34 on 01/07/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Home Edition 5.1.2xx0.2.1252.1.1033.xx.767.390 [GMT 1:00]

AV: avast! antivirus 4.8.1351 [VPS 100627-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
D:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
D:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\program files\HighCriteriaTotalRecorder\TotRecSched.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\program files\active sync\WCESCOMM.EXE
D:\Program Files\PC-TV\WinManager\WinManager.exe
D:\Program Files\YCIII\YankClip.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\dllhost.exe
D:\WINDOWS\System32\svchost.exe -k HTTPFilter
D:\WINDOWS\System32\svchost.exe -k imgsvc
D:\Program Files\UPHClean\uphclean.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\notepad.exe
D:\WINDOWS\system32\notepad.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Outlook Express\msimn.exe
D:\WINDOWS\system32\notepad.exe
D:\Documents and Settings\c\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - e:\program files\wsbho2k0.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - d:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - d:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "e:\program files\active sync\WCESCOMM.EXE"
mRun: [TotalRecorderScheduler] "e:\program files\highcriteriatotalrecorder\TotRecSched.exe"
mRun: [Zone Labs Client] "d:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [avast!] e:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [QuickTime Task] "e:\quick\quicktimecdinstaller\qttask.exe" -atboottime
StartupFolder: d:\docume~1\ursula~1\startm~1\programs\startup\yankee~1.lnk - d:\program files\yciii\YankClip.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\winman~1.lnk - d:\program files\pc-tv\winmanager\WinManager.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - d:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
uPolicies-explorer: NoNetworkConnections = 01000000
uPolicies-explorer: NoLogoff =
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - d:\program files\java\jre1.6.0_02\bin\npjpi160_02.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - d:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Trusted Zone: amazon.co.uk\www
Trusted Zone: aol.com\my.screenname
Trusted Zone: argos.co.uk\www
Trusted Zone: beautyflash.co.uk\www
Trusted Zone: easyjet.com\www
Trusted Zone: ebay.co.uk\www
Trusted Zone: egg.com\new
Trusted Zone: epdq.co.uk\secure2
Trusted Zone: firstgreatwestern.co.uk\www.buytickets
Trusted Zone: google.com\mail
Trusted Zone: justanswer.com\www
Trusted Zone: londoneye.com\secure
Trusted Zone: microsoft.com\update
Trusted Zone: nationet.com\olb2
Trusted Zone: netbanx.com\www
Trusted Zone: org.uk\tickets.tate
Trusted Zone: quelle.at\www
Trusted Zone: ryanair.com
Trusted Zone: sadlerswells.com\tickets
Trusted Zone: skype.com\secure
Trusted Zone: spiritofnature.co.uk\www
Trusted Zone: sportinglife.com\www
Trusted Zone: stanstedexpress.com\www
Trusted Zone: tfl.gov.uk\oyster
Trusted Zone: williamhill.com\sports
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {25336921-03F9-11CF-8FD0-00AA00686F13} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38183.2530671296
DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} - hxxp://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - hxxp://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - d:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - d:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - e:\program files\active sync\aatp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - d:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\ursula~1\applic~1\mozilla\firefox\profiles\p2tz0fvv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1647887&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\real\realplayer\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpjplug.dll
FF - plugin: e:\quick\quicktimecdinstaller\plugins\npqtplugin.dll
FF - plugin: e:\quick\quicktimecdinstaller\plugins\npqtplugin2.dll
FF - plugin: e:\quick\quicktimecdinstaller\plugins\npqtplugin3.dll
FF - plugin: e:\quick\quicktimecdinstaller\plugins\npqtplugin4.dll
FF - plugin: e:\quick\quicktimecdinstaller\plugins\npqtplugin5.dll
FF - plugin: e:\quick\quicktimecdinstaller\plugins\npqtplugin6.dll
FF - plugin: e:\quick\quicktimecdinstaller\plugins\npqtplugin7.dll
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;d:\windows\system32\drivers\aswSP.sys [2008-10-11 114768]
R1 vsdatant;vsdatant;d:\windows\system32\vsdatant.sys [2007-10-16 392824]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [2008-10-11 20560]
R2 avast! Antivirus;avast! Antivirus;e:\program files\alwil software\avast4\ashServ.exe [2008-10-11 138680]
R2 UDTTCAP;USBDTT - USB 1.1 DVB-T adapter Driver;d:\windows\system32\drivers\UDTTCAP.sys [2007-1-16 24646]
R2 vsmon;TrueVector Internet Monitor;d:\windows\system32\zonelabs\vsmon.exe -service --> d:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 avast! Web Scanner;avast! Web Scanner;e:\program files\alwil software\avast4\ashWebSv.exe [2008-10-11 352920]
R3 iadusb;MT882;d:\windows\system32\drivers\glauiad.sys [2006-11-17 30336]
S3 avast! Mail Scanner;avast! Mail Scanner;e:\program files\alwil software\avast4\ashMaiSv.exe [2008-10-11 254040]
S3 Ca100v;Smart Cam, WDM Video Capture;d:\windows\system32\drivers\ca100v.sys --> d:\windows\system32\drivers\Ca100v.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
S3 pctvvbi;PCTVVBI;d:\windows\system32\drivers\pctvvbi.sys --> d:\windows\system32\drivers\pctvvbi.sys [?]
S3 u3kmini;ASUS My Cinema-U3000 Mini;d:\windows\system32\drivers\u3kmini.sys [2008-3-29 352000]
S3 UDTTLOAD;DVB-T USB adapter firmware loader;d:\windows\system32\drivers\UDTTload.sys [2007-1-16 17754]
S3 UDTTUSB;USBDTT - USB DVB-T adapter Driver;d:\windows\system32\drivers\UDTTCAP.sys [2007-1-16 24646]
S3 VVRUSB;VVRUSB Device;d:\windows\system32\drivers\VVRUSB.sys [2005-5-8 38479]

=============== Created Last 30 ================

2010-06-13 10:33:14 630784 ----a-w- d:\windows\system32\vsflex8u.ocx
2010-06-13 10:33:14 419240 ----a-w- d:\windows\system32\Vsflex7L.ocx
2010-06-13 10:33:14 244416 ----a-w- d:\windows\system32\Msflxgrd.ocx
2010-06-13 10:33:14 1164728 ----a-w- d:\windows\system32\NMSDVDXU.dll

==================== Find3M ====================

2005-01-04 11:02:48 3142859 ----a-w- d:\program files\everesthome151.exe
2004-12-18 19:38:00 1846164 ----a-w- d:\program files\wink15.exe
2003-11-06 23:36:54 1101216 ------w- d:\program files\YC3Setup.EXE
2003-11-05 21:53:32 150192 ------w- d:\program files\TweakUiPowertoySetup.exe
2003-11-05 20:41:34 3146177 ------w- d:\program files\aida32pe_385.exe
2003-04-08 16:08:44 12254 ------w- d:\program files\Readme.doc
2001-09-21 15:22:12 1259960 ----a-r- d:\program files\winzip80.exe
2001-07-31 12:53:18 34051 ------w- d:\program files\autorun.exe
1998-06-18 08:29:48 51 ------w- d:\program files\AUTORUN.INF
2007-10-11 17:06:26 2080 --sha-w- d:\windows\system32\drivers\fidbox.dat

============= FINISH: 21:35:26.21 ===============
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-07-01 21:51:40
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: D:\DOCUME~1\1\LOCALS~1\Temp\fgtdqkoc.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----
July 3rd, 2010, 12:22 PM
Broni

...and Malwarebytes...
July 3rd, 2010, 05:47 PM
noid

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4273

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

03/07/2010 22:46:39
mbam-log-2010-07-03 (22-46-39).txt

Scan type: Quick scan
Objects scanned: 143696
Time elapsed: 15 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I do not want to activate the MS security keys, should be fine, N
July 3rd, 2010, 05:51 PM
Broni
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  - Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  - Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.
  - Close any open browsers.
  - WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  - Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  - If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
July 3rd, 2010, 07:39 PM
noid

Would you be so kind to explain why you suggest I should download another intrusive program? i.e. what have you made out of the three logs you told me to do?

I have been a member here for 8 years and I have never just been told what to do without an explanation.

thanks, Noid
July 3rd, 2010, 07:43 PM
Broni

I've been checking your computer for infections and garbage.
So far MBAM found a trojan.
This whole process is all up to you.
If you don't feel like going through it, for any reason, you can stop any time.
July 4th, 2010, 05:46 PM
noid

Thanks for your efforts, I have decided I don't feel currently comfortable with extreme programs,

Noid
July 4th, 2010, 05:47 PM
Broni

No problem at all :)