possible security problem

  1. 17-03-2009  #1
    richirich
    richirich is offline Junior Member

    possible security problem

    Unable to print, indication of security breach. can you plese check hijack log.
    Scan saved at 08:26, on 2009-03-17
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.ex e
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSI\Star Key Bluetooth Software\BTTray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Webroot\Washer\WasherSvc.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\IncrediMail\bin\ImApp.exe
    C:\Documents and Settings\Richy.HME-NUIBE8BKU36\Desktop\gmer\gmer.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: AutorunsDisabled
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\lsprly.dll
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1228579363656
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1228579353593
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - https://ukplay.toontown.com/download....10/ttinst.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe...bat/nos/gp.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.ex e
    O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

    --
    End of file - 6572 bytes
    Ref to print spooler error 1067 in hardware.

  3. 17-03-2009  #2
    richirich
    richirich is offline Junior Member
    GMER 1.0.15.14939 - http://www.gmer.net
    Rootkit scan 2009-03-17 1601
    Windows 5.1.2600 Service Pack 3


    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[520] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 00FF6EB0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[520] ADVAPI32.dll!CryptGenKey 77E117D9 5 Bytes JMP 00FF5010 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[520] Crypt32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00FF5020 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[520] WININET.dll!InternetCloseHandle 7805DA59 5 Bytes JMP 00FF5540 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[520] WININET.dll!InternetCloseHandle + 156A 7805EFC3 5 Bytes JMP 00FF68A0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[520] WININET.dll!HttpQueryInfoA 78060C6D 5 Bytes JMP 00FF6000 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[520] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 00FF2FF0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[520] WININET.dll!InternetQueryDataAvailable 7806ADF5 5 Bytes JMP 00FF2FC0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[520] WININET.dll!InternetReadFileExW 78082AAA 5 Bytes JMP 00FF3020 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[520] WININET.dll!InternetReadFileExA 78082AE2 5 Bytes JMP 00FF3050 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[520] WININET.dll!InternetGetCookieExA 7808386E 5 Bytes JMP 00FF29F0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[520] WININET.dll!InternetSetCookieExW 78083AE5 5 Bytes JMP 00FF2790 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1352] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 10006EB0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1352] ADVAPI32.dll!CryptGenKey 77E117D9 5 Bytes JMP 10005010 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1352] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 10005020 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1352] WININET.dll!InternetCloseHandle 7805DA59 5 Bytes JMP 10005540 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1352] WININET.dll!InternetCloseHandle + 156A 7805EFC3 5 Bytes JMP 100068A0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1352] WININET.dll!HttpQueryInfoA 78060C6D 5 Bytes JMP 10006000 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1352] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 10002FF0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1352] WININET.dll!InternetQueryDataAvailable 7806ADF5 5 Bytes JMP 10002FC0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1352] WININET.dll!InternetReadFileExW 78082AAA 5 Bytes JMP 10003020 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1352] WININET.dll!InternetReadFileExA 78082AE2 5 Bytes JMP 10003050 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1352] WININET.dll!InternetGetCookieExA 7808386E 5 Bytes JMP 100029F0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1352] WININET.dll!InternetSetCookieExW 78083AE5 5 Bytes JMP 10002790 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe[1548] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 10006EB0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe[1548] ADVAPI32.dll!CryptGenKey 77E117D9 5 Bytes JMP 10005010 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe[1548] Crypt32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 10005020 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe[1548] WININET.dll!InternetCloseHandle 7805DA59 5 Bytes JMP 10005540 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe[1548] WININET.dll!InternetCloseHandle + 156A 7805EFC3 5 Bytes JMP 100068A0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe[1548] WININET.dll!HttpQueryInfoA 78060C6D 5 Bytes JMP 10006000 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe[1548] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 10002FF0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe[1548] WININET.dll!InternetQueryDataAvailable 7806ADF5 5 Bytes JMP 10002FC0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe[1548] WININET.dll!InternetReadFileExW 78082AAA 5 Bytes JMP 10003020 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe[1548] WININET.dll!InternetReadFileExA 78082AE2 5 Bytes JMP 10003050 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe[1548] WININET.dll!InternetGetCookieExA 7808386E 5 Bytes JMP 100029F0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe[1548] WININET.dll!InternetSetCookieExW 78083AE5 5 Bytes JMP 10002790 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\WINDOWS\system32\SearchIndexer.exe[1552] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
    .text C:\Program Files\Webroot\Washer\WasherSvc.exe[1744] kernel32.dll!CreateThread + 1A 7C8106E1 4 Bytes CALL 0008ED99 C:\Program Files\Webroot\Washer\WasherSvc.exe (Window Washer Engine/Webroot Software, Inc.)
    .text C:\Program Files\IncrediMail\bin\ImApp.exe[3932] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 01DB6EB0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\Program Files\IncrediMail\bin\ImApp.exe[3932] ADVAPI32.dll!CryptGenKey 77E117D9 5 Bytes JMP 01DB5010 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\Program Files\IncrediMail\bin\ImApp.exe[3932] WININET.dll!InternetCloseHandle 7805DA59 5 Bytes JMP 01DB5540 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\Program Files\IncrediMail\bin\ImApp.exe[3932] WININET.dll!InternetCloseHandle + 156A 7805EFC3 5 Bytes JMP 01DB68A0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\Program Files\IncrediMail\bin\ImApp.exe[3932] WININET.dll!HttpQueryInfoA 78060C6D 5 Bytes JMP 01DB6000 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\Program Files\IncrediMail\bin\ImApp.exe[3932] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 01DB2FF0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\Program Files\IncrediMail\bin\ImApp.exe[3932] WININET.dll!InternetQueryDataAvailable 7806ADF5 5 Bytes JMP 01DB2FC0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\Program Files\IncrediMail\bin\ImApp.exe[3932] WININET.dll!InternetReadFileExW 78082AAA 5 Bytes JMP 01DB3020 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\Program Files\IncrediMail\bin\ImApp.exe[3932] WININET.dll!InternetReadFileExA 78082AE2 5 Bytes JMP 01DB3050 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\Program Files\IncrediMail\bin\ImApp.exe[3932] WININET.dll!InternetGetCookieExA 7808386E 5 Bytes JMP 01DB29F0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\Program Files\IncrediMail\bin\ImApp.exe[3932] WININET.dll!InternetSetCookieExW 78083AE5 5 Bytes JMP 01DB2790 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\Program Files\IncrediMail\bin\ImApp.exe[3932] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 01DB5020 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4076] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 026C6EB0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4076] ADVAPI32.dll!CryptGenKey 77E117D9 5 Bytes JMP 026C5010 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4076] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 42F0F341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4076] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 430A187F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4076] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 430A1800 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4076] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 430A1844 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4076] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 430A178C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4076] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 430A17C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4076] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 430A18BA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4076] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 42F316F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4076] WININET.dll!InternetCloseHandle 7805DA59 5 Bytes JMP 026C5540 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4076] WININET.dll!InternetCloseHandle + 156A 7805EFC3 5 Bytes JMP 026C68A0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4076] WININET.dll!HttpQueryInfoA 78060C6D 5 Bytes JMP 026C6000 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4076] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 026C2FF0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4076] WININET.dll!InternetQueryDataAvailable 7806ADF5 5 Bytes JMP 026C2FC0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4076] WININET.dll!InternetReadFileExW 78082AAA 5 Bytes JMP 026C3020 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4076] WININET.dll!InternetReadFileExA 78082AE2 5 Bytes JMP 026C3050 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4076] WININET.dll!InternetGetCookieExA 7808386E 5 Bytes JMP 026C29F0 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4076] WININET.dll!InternetSetCookieExW 78083AE5 5 Bytes JMP 026C2790 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4076] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 026C5020 C:\WINDOWS\system32\lsprly.dll (LSP Dynamic Link Library/Adobe)

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)

    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Ip ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)

    Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)

    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)

    Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)

    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)

    Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)

    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)

    Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
    Device \Driver\AFD \Device\Afd vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

    ---- EOF - GMER 1.0.15 ----
    hope this helps,thanks for your time
  4. 18-03-2009  #3
    broni
    broni is offline Senior Member
    I'd like you to go through all steps prescribed here: http://www.techhelpforum.com/showthread.php?t=6820, and post appropriate logs.
    At the end, I'll need fresh HJT log.
  5. 18-03-2009  #4
    richirich
    richirich is offline Junior Member
    The first 2 on the list are in my previous thread of print spooler error 1067, and the latter here as it was a security issue, i was asked to put my logs in a new thread.
  6. 18-03-2009  #5
    jephree
    jephree is offline ¨*·.¸ «.·°·..·°·.» ¸.·*¨
    http://www.techhelpforum.com/showthr...?t=6786&page=2
  7. 18-03-2009  #6
    richirich
    richirich is offline Junior Member
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 03/18/2009 at 10:22 PM

    Application Version : 4.22.1014

    Core Rules Database Version : 3803
    Trace Rules Database Version: 1758

    Scan type : Complete Scan
    Total Scan Time : 02:41:46

    Memory items scanned : 169
    Memory threats detected : 0
    Registry items scanned : 4882
    Registry threats detected : 0
    File items scanned : 76784
    File threats detected : 0
  8. 19-03-2009  #7
    richirich
    richirich is offline Junior Member
    Malwarebytes' Anti-Malware 1.34
    Database version: 1866
    Windows 5.1.2600 Service Pack 3

    2009-03-18 23:54:09
    mbam-log-2009-03-18 (23-54-09).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 157446
    Time elapsed: 57 minute(s), 46 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  9. 19-03-2009  #8
    broni
    broni is offline Senior Member
    Thanks, guys.
    I don't really see any security threats.
    We have couple of AVG Security Toolbar leftovers, so we can fix those.
    Open HJT, and checkmark:
    - O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
    - O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
    Click "Fix checked" button.

    We also have one unknown Winsock file: lsprly.dll, so let's fix this one as well.
    Download, and run LSP-Fix: http://www.cexx.org/lspfix.htm
    Next, double-click on LSPFix.exe to start the application. Place a check in the box for "I know what I am doing", then highlight the file:
    lsprly.dll
    Move that file from "Keep" to "Remove" box using the >> arrow. Click the finish button, then OK to close.

    Restart computer.

    Post fresh HJT log.
  10. 19-03-2009  #9
    richirich
    richirich is offline Junior Member
    Thaks very much, deletind the dll file has solved my printing probled.
  11. 19-03-2009  #10
    richirich
    richirich is offline Junior Member
    Save 20% on AVG Internet Security 2012 Suite!
    sorry dont know how to cose this thead as solved.
+ Reply to Thread
Page 1 of 2 1 2 LastLast
« Hijackthislog | uninstalling avg »