Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92335 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Hijack Logfile


  • Please log in to reply
6 replies to this topic

#1 tomdav

tomdav

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 19 March 2007 - 01:44 PM

Hi, my GF is getting these annoying "your computer is infected" pop-ups when browsing IE. I have no clue, but maybe you guys can help. Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 12:21:28 PM, on 3/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\S24EvMon.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\ZCfgSvc.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\Program Files\TriActive\MicroAgent\Bin\matray-2.0.18-mt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\TriActive\MicroAgent\Bin\ma.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\System32\RegSrvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\System32\1XConfig.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [matray] C:\Program Files\TriActive\MicroAgent\Bin\matray-2.0.18-mt.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://cbnet
O15 - Trusted Zone: vpn.accentcare.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...tup1.0.0.15.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.co...ll/gtdownlr.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Cutterbuck.com
O17 - HKLM\Software\..\Telephony: DomainName = Cutterbuck.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Cutterbuck.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Cutterbuck.com
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O20 - Winlogon Notify: Sebring - c:\WINNT\System32\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TriActive MicroAgent (MA) - TriActive, Inc. - C:\Program Files\TriActive\MicroAgent\Bin\ma.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINNT\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINNT\System32\S24EvMon.exe

    Advertisements

Register to Remove


#2 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 19 March 2007 - 02:59 PM

1) Download F-Secure's BlackLight from here and save it to your Desktop.

2) Log off from the internet and disconnect your modem cable.

3) Go to Start > Run, copy and paste the following into the text box and hit OK:
"%userprofile%\desktop\blbeta.exe" /expert

The F-Secure Blacklight Beta window should open.
  • Accept the agreement and click Next >.
  • Click the Scan button to begin.
  • Leave the PC idle while the scan takes place.
  • When it has completed, click the Close button.
  • A text file, fsbl-date/time, will be saved onto your Desktop - copy and paste this into your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download gmer.zip from here and save it to your Desktop.
You will need to unzip it before you run it.

To do this: Right click on the zipped folder and from the menu that appears, click on Extract All...
In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish


Double click gmer.exe to begin:
  • If you get a message about "system modification", click Yes and work through the rest of the instructions.
  • Ensure that the Rootkit Tab at the top is selected.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click the Scan button on the right.
  • When the scan has completed, (you'll have time for a snack and a cuppa!), click the Copy button underneath - this will save the report to your Clipboard.
  • Paste it into Notepad (Start > All Programs > Accessories > Notepad) and save it somewhere convenient.
  • Click the >>> Tab at the top and select the Autostart Tab.
  • Click the Scan button on the right - this one should only take seconds to complete.
  • Save the log as before.
Copy and paste both reports into your next reply - you may need to post them separately.
The Preview option may show the whole logs being posted, but they sometimes get cut down when the actual post is made, so check the post once it is completed.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Run HJT and click on Open the Misc Tools section.
  • Click Open Uninstall Manager...
  • Click Save list... and save it to your Desktop.
  • Copy and paste the file uninstall_list.txt into your next reply.

Death to the salad eaters!

#3 tomdav

tomdav

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 20 March 2007 - 03:16 AM

A text file, fsbl-date/time, will be saved onto your Desktop - copy and paste this into your next reply.

03/19/07 22:40:25 [Info]: BlackLight Engine 1.0.55 initialized
03/19/07 22:40:25 [Info]: OS: 5.1 build 2600 (Service Pack 2)
03/19/07 22:40:25 [Note]: 7019 4
03/19/07 22:40:25 [Note]: 7005 0
03/19/07 22:40:51 [Note]: 7006 0
03/19/07 22:40:51 [Note]: 7022 0
03/19/07 22:40:51 [Note]: 7011 676
03/19/07 22:40:51 [Note]: 7026 0
03/19/07 22:40:51 [Note]: 7026 0
03/19/07 22:41:00 [Note]: FSRAW library version 1.7.1021
03/19/07 22:50:35 [Note]: 2000 1012
03/20/07 01:33:57 [Note]: 7007 0

Double click gmer.exe to begin...Copy and paste both reports into your next reply

GMER 1.0.12.12086 - http://www.gmer.net
Rootkit scan 2007-03-20 01:54:27
Windows 5.1.2600 Service Pack 2


---- Modules - GMER 1.0.12 ----

Module (noname) (*** hidden *** ) B7A98000

---- EOF - GMER 1.0.12 ----



GMER 1.0.12.12086 - http://www.gmer.net
Autostart scan 2007-03-20 01:55:39
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINNT\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
AtiExtEvent@DLLName = Ati2evxx.dll
NavLogon@DLLName = C:\WINNT\System32\NavLogon.dll
Sebring@DLLName = c:\WINNT\System32\LgNotify.dll
WgaLogon@DLLName = WgaLogon.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
aswUpdSv /*avast! iAVS4 Control Service*/@ = "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe
avast! Antivirus /*avast! Antivirus*/@ = "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
MA /*TriActive MicroAgent*/@ = "C:\Program Files\TriActive\MicroAgent\Bin\ma.exe"
MDM /*Machine Debug Manager*/@ = "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
RegSrvc /*RegSrvc*/@ = C:\WINNT\System32\RegSrvc.exe
S24EventMonitor /*Spectrum24 Event Monitor*/@ = C:\WINNT\System32\S24EvMon.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
Spooler /*Print Spooler*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINNT\system32\wdfmgr.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SynTPLprC:\Program Files\Synaptics\SynTP\SynTPLpr.exe = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
@SynTPEnhC:\Program Files\Synaptics\SynTP\SynTPEnh.exe = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
@ATIPTAC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
@PRONoMgr.exec:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe = c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
@NeroCheckC:\WINNT\System32\NeroCheck.exe = C:\WINNT\System32\NeroCheck.exe
@Synchronization Manager%SystemRoot%\system32\mobsync.exe /logon = %SystemRoot%\system32\mobsync.exe /logon
@matrayC:\Program Files\TriActive\MicroAgent\Bin\matray-2.0.18-mt.exe = C:\Program Files\TriActive\MicroAgent\Bin\matray-2.0.18-mt.exe
@avast!C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
@QuickTime Task"C:\Program Files\QuickTime\qttask.exe" -atboottime = "C:\Program Files\QuickTime\qttask.exe" -atboottime

HKCU\Software\Microsoft\Windows\CurrentVersion\Run@ctfmon.exe = C:\WINNT\system32\ctfmon.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINNT\system32\ieframe.dll = C:\WINNT\system32\ieframe.dll
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINNT\system32\ieframe.dll = C:\WINNT\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINNT\system32\ieframe.dll = C:\WINNT\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINNT\system32\ieframe.dll = C:\WINNT\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINNT\system32\ieframe.dll = C:\WINNT\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINNT\system32\ieframe.dll = C:\WINNT\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINNT\system32\ieframe.dll = C:\WINNT\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINNT\system32\ieframe.dll = C:\WINNT\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINNT\system32\ieframe.dll = C:\WINNT\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINNT\system32\ieframe.dll = C:\WINNT\system32\ieframe.dll
@{BDA77241-42F6-11d0-85E2-00AA001FE28C} /*LDVP Shell Extensions*/(null) =
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\OFFICE11\msohev.dll = C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINNT\System32\twext.dll = C:\WINNT\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINNT\System32\twext.dll = C:\WINNT\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINNT\system32\extmgr.dll = C:\WINNT\system32\extmgr.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINNT\system32\dfshim.dll = C:\WINNT\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINNT\system32\dfshim.dll = C:\WINNT\system32\dfshim.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINNT\system32\ieframe.dll = C:\WINNT\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINNT\system32\ieframe.dll = C:\WINNT\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINNT\system32\ieframe.dll = C:\WINNT\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINNT\system32\ieframe.dll = C:\WINNT\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINNT\system32\ieframe.dll = C:\WINNT\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINNT\system32\ieframe.dll = C:\WINNT\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINNT\system32\ieframe.dll = C:\WINNT\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINNT\system32\ieframe.dll = C:\WINNT\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINNT\system32\ieframe.dll = C:\WINNT\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINNT\system32\ieframe.dll = C:\WINNT\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINNT\system32\ieframe.dll = C:\WINNT\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINNT\system32\ieframe.dll = C:\WINNT\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINNT\system32\ieframe.dll = C:\WINNT\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINNT\system32\ieframe.dll = C:\WINNT\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINNT\system32\ieframe.dll = C:\WINNT\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINNT\system32\ieframe.dll = C:\WINNT\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINNT\system32\ieframe.dll = C:\WINNT\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINNT\system32\ieframe.dll = C:\WINNT\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINNT\system32\ieframe.dll = C:\WINNT\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINNT\system32\ieframe.dll = C:\WINNT\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINNT\system32\ieframe.dll = C:\WINNT\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINNT\system32\ieframe.dll = C:\WINNT\system32\ieframe.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Program Files\Alwil Software\Avast4\ashShell.dll = C:\Program Files\Alwil Software\Avast4\ashShell.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Program Files\Real\RealPlayer\rpshell.dll = C:\Program Files\Real\RealPlayer\rpshell.dll
@{B8323370-FF27-11D2-97B6-204C4F4F5020} /*SmartFTP Shell Extension DLL*/C:\Program Files\SmartFTP Client 2.0\smarthook.dll = C:\Program Files\SmartFTP Client 2.0\smarthook.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll
LDVPMenu@{BDA77241-42F6-11d0-85E2-00AA001FE28C} =

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINNT\System32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft....k/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft....k/?LinkId=69157
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.yahoo.com/ = http://www.yahoo.com/
@Local PageC:\WINNT\system32\blank.htm = C:\WINNT\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINNT\system32\msvidctl.dll
its@CLSID = C:\WINNT\System32\itss.dll
mctp@CLSID = C:\Program Files\Microsoft ActiveSync\aatp.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINNT\System32\itss.dll
ms-itss@CLSID = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
mso-offdap@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINNT\system32\msvidctl.dll
wia@CLSID = C:\WINNT\System32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain = Cutterbuck.com

C:\Documents and Settings\All Users\Start Menu\Programs\Startup = Adobe Reader Speed Launch.lnk

---- EOF - GMER 1.0.12 ----

Copy and paste the file uninstall_list.txt into your next reply.

Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.8
Ahead Nero BurnRights
Apple Software Update
ATI Control Panel
ATI Display Driver
avast! Antivirus
Canon iP6220D
DVD
FastStone Image Viewer 2.8
GTW Modem
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wireless
Java 2 Runtime Environment, SE v1.4.2
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft ActiveSync 3.7
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Visio Viewer 2003 (English)
Mozilla Firefox (2.0.0.2)
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
Nero OEM
overland
PC-Doctor for Windows
Picasa 2
QuickTime
RealPlayer
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
SmartFTP Client 2.0
SmartFTP Client 2.0 Setup Files (remove only)
Synaptics Pointing Device Driver
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Connect
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2

#4 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 20 March 2007 - 01:46 PM

my GF is getting these annoying "your computer is infected" pop-ups when browsing IE.

Does she only get these while surfing and are they restricted to any particular websites?
Death to the salad eaters!

#5 tomdav

tomdav

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 22 March 2007 - 10:48 PM

Not sure. The last time it happened she was filling out job application at careerbuilder.com and it took her out of the window she was working on. Sounds like you see nothing in the logs above? It's always a similar pop-up that says "your computer is at risk" from some bogus security site. I'll try to get the web address of the pop up the next time it happens.

Edited by tomdav, 22 March 2007 - 10:49 PM.


#6 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 23 March 2007 - 01:28 PM

I don't see what I would have expected to see which isn't helpful. It may not be something on your PC - it could be site specific, or perhaps Windows Messenger. Let me know the site or sites and i'll look into it.
Death to the salad eaters!

#7 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 09 April 2007 - 06:44 PM

Because no reply was made. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:
http://forums.tomcoy...showtopic=31418

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

Also follow the recommendations in Tony Klein's article
So how did I get infected in the first place?

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users