Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Runscanner Advice


  • Please log in to reply
2 replies to this topic

#1 flatiron__2

flatiron__2

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Alabama
  • Local time:05:54 AM

Posted 23 February 2008 - 08:11 PM

I don't have a spyware/adware problem but you were recommended by
http://www.runscanner.net/helperforums.aspx when I ran Runscanner.
I don't understand the entries found in the scan. Quite a few of them are in red.
I posted here since I'm already a member.
A list of runscanner specialist helper forums
Geeks to go
TomCoyote
Bleeping computer
Castlecops
Gladiator security
Temerc

Note: All entries that were red are in bold letters.

Runscanner logfile http://www.runscanner.net

* = signed file
- = file not found

000 General info
----------------
Computer name : SONY
Creation time : 2/23/2008 5:02:39 PM
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.5730.11
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 2
RunScanner Version : 1.6.3.0
User Language : English (Trinidad)
User rights : Administrator
Windows folder : C:\WINDOWS

001 Running processes
---------------------
- c:\windows\system32\drivers\changer.sys (Changer) File not found
- c:\windows\system32\gtndis5.sys (GTNDIS5 NDIS Protocol Driver) File not found
- c:\windows\system32\drivers\i2omgmt.sys (i2omgmt) File not found
- c:\windows\system32\drivers\lbrtfdc.sys (lbrtfdc) File not found
- c:\windows\system32\drivers\naiavf5x.sys (NaiAvFilter1) File not found
- c:\windows\system32\drivers\pcidump.sys (PCIDump) File not found
- c:\windows\system32\drivers\pdcomp.sys (PDCOMP) File not found
- c:\windows\system32\drivers\pdframe.sys (PDFRAME) File not found
- c:\windows\system32\drivers\pdreli.sys (PDRELI) File not found
- c:\windows\system32\drivers\pdrframe.sys (PDRFRAME) File not found
- c:\progra~1\mozill~1\sabprocenum.sys (SABProcEnum) File not found
TSP c:\windows\system32\drivers\klif.sys File not found
WDICA c:\windows\system32\drivers\wdica.sys File not found

Item: 042 HKLM\Software\Microsoft\Internet Explorer\Extensions
Description: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
Path: GUID / CLSID not found
MD5: NA
Registry path: HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

Item: 102 HKLM - HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
Description: {32683183-48a0-441b-a342-7c2a440a9478}
Path: GUID / CLSID not found
MD5: NA
Registry path: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}

Item: 102 HKLM - HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
Description: {4528BBE0-4E08-11D5-AD55-00010333D0AD}
Path: GUID / CLSID not found
MD5: NA
Registry path: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}

Item: 102 HKLM - HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
Description: {4528BBE0-4E08-11D5-AD55-00010333D0AD}
Path: GUID / CLSID not found
MD5: NA
Registry path: HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}

Item: 104 HKLM\Software\Microsoft\Code Store Database\Distribution Units
Description: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Path: GUID / CLSID not found
MD5: NA
Registry path: HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}



-----------------------------------
Entries disabled by CodeStuff Starter

"CMStart.exe","C:\Documents and Settings\Michael Tew.SONY\Start Menu\Programs\Startup (Disabled by Starter)\CMStart.exe","Startup - Current User","0","",""
"NeroFilterCheck","C:\WINDOWS\system32\NeroCheck.exe","Registry - Machine Run","0","NeroCheck (Ahead Software Gmbh NeroCheck)","Ahead Software Gmbh"
"NvCplDaemon","RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup","Registry - Machine Run","0","NVIDIA Display Properties Extension (NVIDIA Compatible Windows 2000 Display driver, Version 40.72 )","NVIDIA Corporation"
"nwiz","nwiz.exe /install","Registry - Machine Run","0","NVIDIA nView Wizard, Version 40.72 ","NVIDIA Corporation"
"VAIO Action Setup (Server).lnk","C:\Program Files\Sony\VAIO Action Setup\VAServ.exe","Startup - All Users","0","VAServ Application (VAIO Action Setup)","Sony Corporation"
"ZTgServerSwitch","c:\program files\support.com\client\lserver\server.vbs","Registry - Machine Run","0","",""

If I need/should recheck them I will and post new log!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:59:20 PM, on 2/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
C:\Program Files\abelhadigital.com\HostsMan\hm.exe
C:\Program Files\abelhadigital.com\HostsMan\hostssrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\System32\alg.exe
C:\HJT 2.0.2\hjtscan.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
O4 - HKCU\..\Run: [HostsMan] "C:\Program Files\abelhadigital.com\HostsMan\hm.exe" -s
O4 - HKCU\..\Run: [HostsServer] "C:\Program Files\abelhadigital.com\HostsMan\hostssrv.exe" --start
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1188398370093
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1142363246937
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

--
End of file - 4246 bytes

Edited by flatiron__2, 24 February 2008 - 06:27 PM.


BC AdBot (Login to Remove)

 


#2 flatiron__2

flatiron__2
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Alabama
  • Local time:05:54 AM

Posted 08 March 2008 - 03:39 PM

Bump.
A new Hijackthis log since it's been a few weeks.
I've installed PalTalk, Skype and updated Java.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:19:07 PM, on 3/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ThreatFire\TFService.exe
C:\HJT 2.0.2\hjtscan.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1B9B97D0-C0F4-4045-9B42-50A4535C9041} (WCLoaderCtl Class) - http://download.paltalk.com/wcloader_prod/wcloader.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1188398370093
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1142363246937
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

--
End of file - 4166 bytes

Edited by flatiron__2, 08 March 2008 - 03:42 PM.


#3 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:54 AM

Posted 09 March 2008 - 02:18 PM

Hi flatiron__2. those are all part of Autorun's reporting. See their thread here: http://forum.sysinternals.com/forum_posts....=11781&PN=1

It's just what they report. there are alot of device services that get entries without having files included. It's the same thing with MS's Explorer bars. IE puts in a bunch of entries that have no CLSID to go with them. It's just the default settings. Only MS knows why lol.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users