Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » possible security problem

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

possible security problem

Reply
Page 1 of 2 1 2
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #1 (permalink)  
Old 17-03-2009, 09:37 AM
Junior Member
D-A-L Newbie
  
Join Date: Mar 2009
Posts: 23
richirich Is a beginner here at D-A-L
possible security problem
Unable to print, indication of security breach. can you plese check hijack log.
Scan saved at 08:26, on 2009-03-17
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.ex e
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSI\Star Key Bluetooth Software\BTTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\Documents and Settings\Richy.HME-NUIBE8BKU36\Desktop\gmer\gmer.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\lsprly.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1228579363656
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1228579353593
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - https://ukplay.toontown.com/download....10/ttinst.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe...bat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.ex e
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 6572 bytes
Ref to print spooler error 1067 in hardware.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 17-03-2009, 05:58 PM
Junior Member
D-A-L Newbie
  
Join Date: Mar 2009
Posts: 23
richirich Is a beginner here at D-A-L
GMER 1.0.15.14939 - http://www.gmer.net
Rootkit scan 2009-03-17 1601
Windows 5.1.2600 Service Pack 3


---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[520] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 00FF6EB0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[520] ADVAPI32.dll!CryptGenKey 77E117D9 5 Bytes JMP 00FF5010 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[520] Crypt32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00FF5020 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[520] WININET.dll!InternetCloseHandle 7805DA59 5 Bytes JMP 00FF5540 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[520] WININET.dll!InternetCloseHandle + 156A 7805EFC3 5 Bytes JMP 00FF68A0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[520] WININET.dll!HttpQueryInfoA 78060C6D 5 Bytes JMP 00FF6000 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[520] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 00FF2FF0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[520] WININET.dll!InternetQueryDataAvailable 7806ADF5 5 Bytes JMP 00FF2FC0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[520] WININET.dll!InternetReadFileExW 78082AAA 5 Bytes JMP 00FF3020 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[520] WININET.dll!InternetReadFileExA 78082AE2 5 Bytes JMP 00FF3050 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[520] WININET.dll!InternetGetCookieExA 7808386E 5 Bytes JMP 00FF29F0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[520] WININET.dll!InternetSetCookieExW 78083AE5 5 Bytes JMP 00FF2790 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1352] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 10006EB0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1352] ADVAPI32.dll!CryptGenKey 77E117D9 5 Bytes JMP 10005010 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1352] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 10005020 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1352] WININET.dll!InternetCloseHandle 7805DA59 5 Bytes JMP 10005540 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1352] WININET.dll!InternetCloseHandle + 156A 7805EFC3 5 Bytes JMP 100068A0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1352] WININET.dll!HttpQueryInfoA 78060C6D 5 Bytes JMP 10006000 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1352] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 10002FF0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1352] WININET.dll!InternetQueryDataAvailable 7806ADF5 5 Bytes JMP 10002FC0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1352] WININET.dll!InternetReadFileExW 78082AAA 5 Bytes JMP 10003020 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1352] WININET.dll!InternetReadFileExA 78082AE2 5 Bytes JMP 10003050 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1352] WININET.dll!InternetGetCookieExA 7808386E 5 Bytes JMP 100029F0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1352] WININET.dll!InternetSetCookieExW 78083AE5 5 Bytes JMP 10002790 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe[1548] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 10006EB0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe[1548] ADVAPI32.dll!CryptGenKey 77E117D9 5 Bytes JMP 10005010 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe[1548] Crypt32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 10005020 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe[1548] WININET.dll!InternetCloseHandle 7805DA59 5 Bytes JMP 10005540 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe[1548] WININET.dll!InternetCloseHandle + 156A 7805EFC3 5 Bytes JMP 100068A0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe[1548] WININET.dll!HttpQueryInfoA 78060C6D 5 Bytes JMP 10006000 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe[1548] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 10002FF0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe[1548] WININET.dll!InternetQueryDataAvailable 7806ADF5 5 Bytes JMP 10002FC0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe[1548] WININET.dll!InternetReadFileExW 78082AAA 5 Bytes JMP 10003020 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe[1548] WININET.dll!InternetReadFileExA 78082AE2 5 Bytes JMP 10003050 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe[1548] WININET.dll!InternetGetCookieExA 7808386E 5 Bytes JMP 100029F0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe[1548] WININET.dll!InternetSetCookieExW 78083AE5 5 Bytes JMP 10002790 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\WINDOWS\system32\SearchIndexer.exe[1552] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[1744] kernel32.dll!CreateThread + 1A 7C8106E1 4 Bytes CALL 0008ED99 C:\Program Files\Webroot\Washer\WasherSvc.exe (Window Washer Engine/Webroot Software, Inc.)
.text C:\Program Files\IncrediMail\bin\ImApp.exe[3932] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 01DB6EB0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\Program Files\IncrediMail\bin\ImApp.exe[3932] ADVAPI32.dll!CryptGenKey 77E117D9 5 Bytes JMP 01DB5010 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\Program Files\IncrediMail\bin\ImApp.exe[3932] WININET.dll!InternetCloseHandle 7805DA59 5 Bytes JMP 01DB5540 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\Program Files\IncrediMail\bin\ImApp.exe[3932] WININET.dll!InternetCloseHandle + 156A 7805EFC3 5 Bytes JMP 01DB68A0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\Program Files\IncrediMail\bin\ImApp.exe[3932] WININET.dll!HttpQueryInfoA 78060C6D 5 Bytes JMP 01DB6000 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\Program Files\IncrediMail\bin\ImApp.exe[3932] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 01DB2FF0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\Program Files\IncrediMail\bin\ImApp.exe[3932] WININET.dll!InternetQueryDataAvailable 7806ADF5 5 Bytes JMP 01DB2FC0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\Program Files\IncrediMail\bin\ImApp.exe[3932] WININET.dll!InternetReadFileExW 78082AAA 5 Bytes JMP 01DB3020 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\Program Files\IncrediMail\bin\ImApp.exe[3932] WININET.dll!InternetReadFileExA 78082AE2 5 Bytes JMP 01DB3050 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\Program Files\IncrediMail\bin\ImApp.exe[3932] WININET.dll!InternetGetCookieExA 7808386E 5 Bytes JMP 01DB29F0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\Program Files\IncrediMail\bin\ImApp.exe[3932] WININET.dll!InternetSetCookieExW 78083AE5 5 Bytes JMP 01DB2790 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\Program Files\IncrediMail\bin\ImApp.exe[3932] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 01DB5020 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4076] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 026C6EB0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4076] ADVAPI32.dll!CryptGenKey 77E117D9 5 Bytes JMP 026C5010 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4076] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 42F0F341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4076] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 430A187F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4076] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 430A1800 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4076] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 430A1844 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4076] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 430A178C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4076] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 430A17C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4076] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 430A18BA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4076] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 42F316F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4076] WININET.dll!InternetCloseHandle 7805DA59 5 Bytes JMP 026C5540 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4076] WININET.dll!InternetCloseHandle + 156A 7805EFC3 5 Bytes JMP 026C68A0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4076] WININET.dll!HttpQueryInfoA 78060C6D 5 Bytes JMP 026C6000 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4076] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 026C2FF0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4076] WININET.dll!InternetQueryDataAvailable 7806ADF5 5 Bytes JMP 026C2FC0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4076] WININET.dll!InternetReadFileExW 78082AAA 5 Bytes JMP 026C3020 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4076] WININET.dll!InternetReadFileExA 78082AE2 5 Bytes JMP 026C3050 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4076] WININET.dll!InternetGetCookieExA 7808386E 5 Bytes JMP 026C29F0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4076] WININET.dll!InternetSetCookieExW 78083AE5 5 Bytes JMP 026C2790 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4076] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 026C5020 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Ip ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)

Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
Device \Driver\AFD \Device\Afd vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- EOF - GMER 1.0.15 ----
hope this helps,thanks for your time
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 18-03-2009, 03:03 AM
broni's Avatar
Senior Member
  
Join Date: Nov 2004
Posts: 2,273
broni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniture
I'd like you to go through all steps prescribed here: http://www.techhelpforum.com/showthread.php?t=6820, and post appropriate logs.
At the end, I'll need fresh HJT log.
__________________
My Home Page
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 18-03-2009, 09:02 AM
Junior Member
D-A-L Newbie
  
Join Date: Mar 2009
Posts: 23
richirich Is a beginner here at D-A-L
The first 2 on the list are in my previous thread of print spooler error 1067, and the latter here as it was a security issue, i was asked to put my logs in a new thread.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 18-03-2009, 04:29 PM
jephree's Avatar
¨*·.¸ «.·°·..·°·.» ¸.·*¨
  
Join Date: Jun 2004
Posts: 25,328
jephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniture
http://www.techhelpforum.com/showthr...?t=6786&page=2
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 18-03-2009, 11:44 PM
Junior Member
D-A-L Newbie
  
Join Date: Mar 2009
Posts: 23
richirich Is a beginner here at D-A-L
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/18/2009 at 10:22 PM

Application Version : 4.22.1014

Core Rules Database Version : 3803
Trace Rules Database Version: 1758

Scan type : Complete Scan
Total Scan Time : 02:41:46

Memory items scanned : 169
Memory threats detected : 0
Registry items scanned : 4882
Registry threats detected : 0
File items scanned : 76784
File threats detected : 0
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 19-03-2009, 12:56 AM
Junior Member
D-A-L Newbie
  
Join Date: Mar 2009
Posts: 23
richirich Is a beginner here at D-A-L
Malwarebytes' Anti-Malware 1.34
Database version: 1866
Windows 5.1.2600 Service Pack 3

2009-03-18 23:54:09
mbam-log-2009-03-18 (23-54-09).txt

Scan type: Full Scan (C:\|)
Objects scanned: 157446
Time elapsed: 57 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #8 (permalink)  
Old 19-03-2009, 02:13 AM
broni's Avatar
Senior Member
  
Join Date: Nov 2004
Posts: 2,273
broni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniture
Thanks, guys.
I don't really see any security threats.
We have couple of AVG Security Toolbar leftovers, so we can fix those.
Open HJT, and checkmark:
- O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
- O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
Click "Fix checked" button.

We also have one unknown Winsock file: lsprly.dll, so let's fix this one as well.
Download, and run LSP-Fix: http://www.cexx.org/lspfix.htm
Next, double-click on LSPFix.exe to start the application. Place a check in the box for "I know what I am doing", then highlight the file:
lsprly.dll
Move that file from "Keep" to "Remove" box using the >> arrow. Click the finish button, then OK to close.

Restart computer.

Post fresh HJT log.
__________________
My Home Page
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #9 (permalink)  
Old 19-03-2009, 06:46 PM
Junior Member
D-A-L Newbie
  
Join Date: Mar 2009
Posts: 23
richirich Is a beginner here at D-A-L
Thumbs up
Thaks very much, deletind the dll file has solved my printing probled.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #10 (permalink)  
Old 19-03-2009, 07:07 PM
Junior Member
D-A-L Newbie
  
Join Date: Mar 2009
Posts: 23
richirich Is a beginner here at D-A-L
sorry dont know how to cose this thead as solved.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Security Toolbar 7.1 PROBLEM adam_psi@cogeco.ca Spyware, Adware, Viruses and HijackThis Logs 1 06-08-2008 01:14 PM
security problem win2000 JIMMYV Windows 2000 Help 1 28-11-2007 04:12 PM
Norton Security Problem schehallion Spyware, Adware, Viruses and HijackThis Logs 1 07-09-2006 06:48 PM
network problem with norton internet security davebrown Windows XP Help 3 22-01-2006 10:22 PM
Norton Internet Security 2004 problem Richard.Harper@ukgateway Firewalls and Networks 4 06-07-2004 02:49 PM


All times are GMT +1. The time now is 07:21 PM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav