Hi guys. I have a xp comp. I couldn't stop iexplore.exe from working in my taskmanager. i used the 7 steps and i realize that now iexplore.exe seems gone. Anyway here is my logs. I want to ask am i clear now this trojan or virus?
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6583
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
15/05/2011 16:05:17
mbam-log-2011-05-15 (16-05-17).txt
Scan type: Quick scan
Objects scanned: 140252
Time elapsed: 7 minute(s), 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{YF32WR50-6SXW-582A-5CR4-AGK5D0T52038} (Trojan.Cybergate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{YF32WR50-6SXW-582A-5CR4-AGK5D0T52038} (Trojan.Cybergate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ActiveX.DLL (Adware.180Solutions) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKLM (Trojan.Cybergate) -> Value: HKLM -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Trojan.Cybergate) -> Value: Policies -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU (Trojan.Cybergate) -> Value: HKCU -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Trojan.Cybergate) -> Value: Policies -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
h:\WINDOWS\system32\config\systemprofile\local settings\temporary internet files\Content.IE5\0DM7GXMZ\nun[1] (Trojan.Inject) -> Quarantined and deleted successfully.
h:\WINDOWS\system32\install\svchost.exe (Trojan.Cybergate) -> Quarantined and deleted successfully.
h:\documents and settings\ogan\application data\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
h:\WINDOWS\system32\tilecomfree.com (Backdoor.Bot) -> Quarantined and deleted successfully.
h:\documents and settings\ogan\local settings\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
h:\documents and settings\ogan\local settings\Temp\XxX.xXx (Malware.Trace) -> Delete on reboot.
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit quick scan 2011-05-15 16:16:21
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST380011A rev.8.01
Running: 3yhmqlwp.exe; Driver: H:\DOCUME~1\ogan\LOCALS~1\Temp\pgpcykob.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0
---- System - GMER 1.0.15 ----
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xBA6942A8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xBA69F910]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA92A582E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xA92A5652]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xA92A578C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdePort0 8A460D08
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A460D08
Device \Driver\atapi \Device\Ide\IdePort1 8A460D08
Device \Driver\atapi \Device\Ide\IdePort2 8A460D08
Device \Driver\atapi \Device\Ide\IdePort3 8A460D08
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b 8A460D08
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 8A460D08
Device \Driver\d347prt \Device\Scsi\d347prt1 8A7501D8
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 8A754430
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- Modules - GMER 1.0.15 ----
Module _________ BA5D3000-BA5EB000 (98304 bytes)
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by ogan at 16:47:21.46 on 15/05/2011
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1535.989 [GMT 3:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sygate Personal Firewall *Enabled*
.
============== Running Processes ===============
.
H:\WINDOWS\System32\Ati2evxx.exe
H:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
H:\WINDOWS\System32\svchost.exe -k netsvcs
H:\Program Files\Sygate\SPF\smc.exe
svchost.exe
svchost.exe
H:\Program Files\Alwil Software\Avast5\AvastSvc.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\WINDOWS\runservice.exe
H:\WINDOWS\System32\svchost.exe -k imgsvc
H:\WINDOWS\system32\wscntfy.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
H:\Program Files\AvaFind\AvaFind.exe
H:\WINDOWS\system32\taskmgr.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Mozilla Firefox\plugin-container.exe
H:\WINDOWS\system32\NOTEPAD.EXE
H:\WINDOWS\system32\NOTEPAD.EXE
H:\Documents and Settings\ogan\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - h:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - h:\program files\free download manager\iefdmcks.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - h:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - h:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - h:\program files\google\googletoolbar4.dll
TB: Stumble&Upon: {22d003ce-6952-46c5-80b9-d19b479620ab} - h:\windows\system32\s1939.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [AvaFind] "h:\program files\avafind\AvaFind.exe" /minimized
mRun: [SmcService] h:\progra~1\sygate\spf\smc.exe -startgui
mRun: [ZSSnp211] h:\windows\ZSSnp211.exe
mRun: [Domino] h:\windows\Domino.exe
mRun: [avast5] h:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [SunJavaUpdateSched] "h:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
IE: &Google Search
IE: &Translate English Word
IE: Backward Links
IE: Cached Snapshot of Page
IE: Download all by Free Download Manager
IE: Download by Free Download Manager
IE: Download selected by Free Download Manager
IE: Download web site by Free Download Manager
IE: Similar Pages
IE: Translate Page into English
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - h:\program files\messenger\msmsgs.exe
Trusted Zone: gamyun.net\www
DPF: DirectAnimation Java Classes - file://h:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://h:\windows\java\classes\xmldso.cab
DPF: {0000000A-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/8/B/E/8BE028EC-F134-4AA0-84AB-64F76D6B9842/wmsp9dmo.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {41C6D82A-159E-4006-8ED5-DA50DE458B80} = 4.2.2.2,4.2.2.5
Notify: AtiExtEvent - Ati2evxx.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
LSA: Authentication Packages = msv1_0 nwprovau
Hosts: 72.55.188.183 richarddawkins.net
Hosts: 72.55.188.183 www.richarddawkins.net
Hosts: 74.125.79.100 sites.google.com
Hosts: 208.109.181.194 makat.org
Hosts: 208.109.181.194 www.makat.org
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - h:\docume~1\ogan\applic~1\mozilla\firefox\profiles\tvz9nn9p.default\
FF - prefs.js: browser.startup.homepage -
FF - plugin: h:\documents and settings\ogan\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: h:\documents and settings\ogan\application data\move networks\plugins\npqmp071504000001.dll
FF - plugin: h:\program files\google\picasa3\npPicasa3.dll
FF - plugin: h:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: h:\program files\microsoft silverlight\4.0.50826.0\npctrlui.dll
FF - plugin: h:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: h:\program files\mozilla firefox\plugins\NPMXENG.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 d347bus;d347bus;h:\windows\system32\drivers\d347bus.sys [2006-2-16 155136]
R0 d347prt;d347prt;h:\windows\system32\drivers\d347prt.sys [2006-2-16 5248]
R0 xmasbus;xmasbus;h:\windows\system32\drivers\xmasbus.sys [2005-11-30 140800]
R1 aswSP;aswSP;h:\windows\system32\drivers\aswSP.sys [2008-4-5 294608]
R2 acedrv10;acedrv10;h:\windows\system32\drivers\ACEDRV10.sys [2007-7-24 328824]
R2 acehlp10;acehlp10;h:\windows\system32\drivers\acehlp10.sys [2007-7-11 201848]
R2 aswFsBlk;aswFsBlk;h:\windows\system32\drivers\aswFsBlk.sys [2011-1-19 17744]
R2 avast! Antivirus;avast! Antivirus;h:\program files\alwil software\avast5\AvastSvc.exe [2010-9-9 40384]
R2 LicCtrlService;LicCtrl Service;h:\windows\Runservice.exe [2005-12-16 2560]
R2 SBKUPNT;SBKUPNT;h:\windows\system32\drivers\SBKUPNT.SYS [2011-3-4 14976]
R3 Tetris;Tetris driver;h:\windows\system32\drivers\Tetris.sys [2005-12-16 48928]
S0 xmasscsi;xmasscsi;h:\windows\system32\drivers\xmasscsi.sys [2005-11-30 5248]
S2 BT848;CxVCap, WDM Video Capture;h:\windows\system32\drivers\cxvcap.sys --> h:\windows\system32\drivers\cxvcap.sys [?]
S2 CXTUNER;CxTuner, WDM TvTuner;h:\windows\system32\drivers\cxtuner.sys --> h:\windows\system32\drivers\CXTUNER.sys [?]
S2 CXXBAR;CxXBar, WDM Crossbar;h:\windows\system32\drivers\cxxbar.sys --> h:\windows\system32\drivers\CXXBAR.sys [?]
S3 atidgllk;atidgllk;c:\program files\asus\smartdoctor\atidgllk.sys [2004-6-16 4608]
S3 PCAlertDriver;PCAlertDriver;h:\program files\msi\core center\NTGLM7X.SYS [2005-11-29 21728]
S4 vsdatant;vsdatant; [x]
.
=============== Created Last 30 ================
.
2011-05-15 12:52:05 -------- d-----w- h:\docume~1\ogan\applic~1\Malwarebytes
2011-05-15 12:51:53 38224 ----a-w- h:\windows\system32\drivers\mbamswissarmy.sys
2011-05-15 12:51:52 -------- d-----w- h:\docume~1\alluse~1\applic~1\Malwarebytes
2011-05-15 12:51:48 20952 ----a-w- h:\windows\system32\drivers\mbam.sys
2011-05-15 12:51:48 -------- d-----w- h:\program files\Malwarebytes' Anti-Malware
2011-05-07 20:14:15 781272 ----a-w- h:\program files\mozilla firefox\mozsqlite3.dll
2011-05-07 20:14:14 89048 ----a-w- h:\program files\mozilla firefox\libEGL.dll
2011-05-07 20:14:14 465880 ----a-w- h:\program files\mozilla firefox\libGLESv2.dll
2011-05-07 20:14:14 1874904 ----a-w- h:\program files\mozilla firefox\mozjs.dll
2011-05-07 20:14:14 15832 ----a-w- h:\program files\mozilla firefox\mozalloc.dll
2011-05-07 20:14:13 1974616 ----a-w- h:\program files\mozilla firefox\D3DCompiler_42.dll
2011-05-07 20:14:13 1892184 ----a-w- h:\program files\mozilla firefox\d3dx9_42.dll
2011-05-07 20:14:13 142296 ----a-w- h:\program files\mozilla firefox\components\browsercomps.dll
.
==================== Find3M ====================
.
2011-05-15 13:08:14 49 --sha-w- h:\windows\system32\mmf.sys
.
============= FINISH: 16:47:44.67 ===============
attachment txt is below
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6583
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
15/05/2011 16:05:17
mbam-log-2011-05-15 (16-05-17).txt
Scan type: Quick scan
Objects scanned: 140252
Time elapsed: 7 minute(s), 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{YF32WR50-6SXW-582A-5CR4-AGK5D0T52038} (Trojan.Cybergate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{YF32WR50-6SXW-582A-5CR4-AGK5D0T52038} (Trojan.Cybergate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ActiveX.DLL (Adware.180Solutions) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKLM (Trojan.Cybergate) -> Value: HKLM -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Trojan.Cybergate) -> Value: Policies -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU (Trojan.Cybergate) -> Value: HKCU -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Trojan.Cybergate) -> Value: Policies -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
h:\WINDOWS\system32\config\systemprofile\local settings\temporary internet files\Content.IE5\0DM7GXMZ\nun[1] (Trojan.Inject) -> Quarantined and deleted successfully.
h:\WINDOWS\system32\install\svchost.exe (Trojan.Cybergate) -> Quarantined and deleted successfully.
h:\documents and settings\ogan\application data\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
h:\WINDOWS\system32\tilecomfree.com (Backdoor.Bot) -> Quarantined and deleted successfully.
h:\documents and settings\ogan\local settings\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
h:\documents and settings\ogan\local settings\Temp\XxX.xXx (Malware.Trace) -> Delete on reboot.
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit quick scan 2011-05-15 16:16:21
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST380011A rev.8.01
Running: 3yhmqlwp.exe; Driver: H:\DOCUME~1\ogan\LOCALS~1\Temp\pgpcykob.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0
---- System - GMER 1.0.15 ----
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xBA6942A8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xBA69F910]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA92A582E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xA92A5652]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xA92A578C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdePort0 8A460D08
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A460D08
Device \Driver\atapi \Device\Ide\IdePort1 8A460D08
Device \Driver\atapi \Device\Ide\IdePort2 8A460D08
Device \Driver\atapi \Device\Ide\IdePort3 8A460D08
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b 8A460D08
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 8A460D08
Device \Driver\d347prt \Device\Scsi\d347prt1 8A7501D8
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 8A754430
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- Modules - GMER 1.0.15 ----
Module _________ BA5D3000-BA5EB000 (98304 bytes)
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by ogan at 16:47:21.46 on 15/05/2011
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1535.989 [GMT 3:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sygate Personal Firewall *Enabled*
.
============== Running Processes ===============
.
H:\WINDOWS\System32\Ati2evxx.exe
H:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
H:\WINDOWS\System32\svchost.exe -k netsvcs
H:\Program Files\Sygate\SPF\smc.exe
svchost.exe
svchost.exe
H:\Program Files\Alwil Software\Avast5\AvastSvc.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\WINDOWS\runservice.exe
H:\WINDOWS\System32\svchost.exe -k imgsvc
H:\WINDOWS\system32\wscntfy.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
H:\Program Files\AvaFind\AvaFind.exe
H:\WINDOWS\system32\taskmgr.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Mozilla Firefox\plugin-container.exe
H:\WINDOWS\system32\NOTEPAD.EXE
H:\WINDOWS\system32\NOTEPAD.EXE
H:\Documents and Settings\ogan\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - h:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - h:\program files\free download manager\iefdmcks.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - h:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - h:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - h:\program files\google\googletoolbar4.dll
TB: Stumble&Upon: {22d003ce-6952-46c5-80b9-d19b479620ab} - h:\windows\system32\s1939.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [AvaFind] "h:\program files\avafind\AvaFind.exe" /minimized
mRun: [SmcService] h:\progra~1\sygate\spf\smc.exe -startgui
mRun: [ZSSnp211] h:\windows\ZSSnp211.exe
mRun: [Domino] h:\windows\Domino.exe
mRun: [avast5] h:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [SunJavaUpdateSched] "h:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
IE: &Google Search
IE: &Translate English Word
IE: Backward Links
IE: Cached Snapshot of Page
IE: Download all by Free Download Manager
IE: Download by Free Download Manager
IE: Download selected by Free Download Manager
IE: Download web site by Free Download Manager
IE: Similar Pages
IE: Translate Page into English
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - h:\program files\messenger\msmsgs.exe
Trusted Zone: gamyun.net\www
DPF: DirectAnimation Java Classes - file://h:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://h:\windows\java\classes\xmldso.cab
DPF: {0000000A-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/8/B/E/8BE028EC-F134-4AA0-84AB-64F76D6B9842/wmsp9dmo.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {41C6D82A-159E-4006-8ED5-DA50DE458B80} = 4.2.2.2,4.2.2.5
Notify: AtiExtEvent - Ati2evxx.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
LSA: Authentication Packages = msv1_0 nwprovau
Hosts: 72.55.188.183 richarddawkins.net
Hosts: 72.55.188.183 www.richarddawkins.net
Hosts: 74.125.79.100 sites.google.com
Hosts: 208.109.181.194 makat.org
Hosts: 208.109.181.194 www.makat.org
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - h:\docume~1\ogan\applic~1\mozilla\firefox\profiles\tvz9nn9p.default\
FF - prefs.js: browser.startup.homepage -
FF - plugin: h:\documents and settings\ogan\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: h:\documents and settings\ogan\application data\move networks\plugins\npqmp071504000001.dll
FF - plugin: h:\program files\google\picasa3\npPicasa3.dll
FF - plugin: h:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: h:\program files\microsoft silverlight\4.0.50826.0\npctrlui.dll
FF - plugin: h:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: h:\program files\mozilla firefox\plugins\NPMXENG.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 d347bus;d347bus;h:\windows\system32\drivers\d347bus.sys [2006-2-16 155136]
R0 d347prt;d347prt;h:\windows\system32\drivers\d347prt.sys [2006-2-16 5248]
R0 xmasbus;xmasbus;h:\windows\system32\drivers\xmasbus.sys [2005-11-30 140800]
R1 aswSP;aswSP;h:\windows\system32\drivers\aswSP.sys [2008-4-5 294608]
R2 acedrv10;acedrv10;h:\windows\system32\drivers\ACEDRV10.sys [2007-7-24 328824]
R2 acehlp10;acehlp10;h:\windows\system32\drivers\acehlp10.sys [2007-7-11 201848]
R2 aswFsBlk;aswFsBlk;h:\windows\system32\drivers\aswFsBlk.sys [2011-1-19 17744]
R2 avast! Antivirus;avast! Antivirus;h:\program files\alwil software\avast5\AvastSvc.exe [2010-9-9 40384]
R2 LicCtrlService;LicCtrl Service;h:\windows\Runservice.exe [2005-12-16 2560]
R2 SBKUPNT;SBKUPNT;h:\windows\system32\drivers\SBKUPNT.SYS [2011-3-4 14976]
R3 Tetris;Tetris driver;h:\windows\system32\drivers\Tetris.sys [2005-12-16 48928]
S0 xmasscsi;xmasscsi;h:\windows\system32\drivers\xmasscsi.sys [2005-11-30 5248]
S2 BT848;CxVCap, WDM Video Capture;h:\windows\system32\drivers\cxvcap.sys --> h:\windows\system32\drivers\cxvcap.sys [?]
S2 CXTUNER;CxTuner, WDM TvTuner;h:\windows\system32\drivers\cxtuner.sys --> h:\windows\system32\drivers\CXTUNER.sys [?]
S2 CXXBAR;CxXBar, WDM Crossbar;h:\windows\system32\drivers\cxxbar.sys --> h:\windows\system32\drivers\CXXBAR.sys [?]
S3 atidgllk;atidgllk;c:\program files\asus\smartdoctor\atidgllk.sys [2004-6-16 4608]
S3 PCAlertDriver;PCAlertDriver;h:\program files\msi\core center\NTGLM7X.SYS [2005-11-29 21728]
S4 vsdatant;vsdatant; [x]
.
=============== Created Last 30 ================
.
2011-05-15 12:52:05 -------- d-----w- h:\docume~1\ogan\applic~1\Malwarebytes
2011-05-15 12:51:53 38224 ----a-w- h:\windows\system32\drivers\mbamswissarmy.sys
2011-05-15 12:51:52 -------- d-----w- h:\docume~1\alluse~1\applic~1\Malwarebytes
2011-05-15 12:51:48 20952 ----a-w- h:\windows\system32\drivers\mbam.sys
2011-05-15 12:51:48 -------- d-----w- h:\program files\Malwarebytes' Anti-Malware
2011-05-07 20:14:15 781272 ----a-w- h:\program files\mozilla firefox\mozsqlite3.dll
2011-05-07 20:14:14 89048 ----a-w- h:\program files\mozilla firefox\libEGL.dll
2011-05-07 20:14:14 465880 ----a-w- h:\program files\mozilla firefox\libGLESv2.dll
2011-05-07 20:14:14 1874904 ----a-w- h:\program files\mozilla firefox\mozjs.dll
2011-05-07 20:14:14 15832 ----a-w- h:\program files\mozilla firefox\mozalloc.dll
2011-05-07 20:14:13 1974616 ----a-w- h:\program files\mozilla firefox\D3DCompiler_42.dll
2011-05-07 20:14:13 1892184 ----a-w- h:\program files\mozilla firefox\d3dx9_42.dll
2011-05-07 20:14:13 142296 ----a-w- h:\program files\mozilla firefox\components\browsercomps.dll
.
==================== Find3M ====================
.
2011-05-15 13:08:14 49 --sha-w- h:\windows\system32\mmf.sys
.
============= FINISH: 16:47:44.67 ===============
attachment txt is below