Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

GMER LOG


  • Please log in to reply
9 replies to this topic

#1 agallas

agallas

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 20 November 2008 - 09:02 PM

I did all the topic log told me. I want to know how use the Gmer log, ive attached also a Tjt log.

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-11-20 21:58:57
Windows 6.0.6001 Service Pack 1


---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!DialogBoxIndirectParamW 763FBD25 5 Bytes JMP 72785A3B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!DialogBoxParamW 76411FD5 5 Bytes JMP 727859C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!DialogBoxParamA 764380B2 5 Bytes JMP 72785A00 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!DialogBoxIndirectParamA 764383DD 5 Bytes JMP 72785A76 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!MessageBoxIndirectA 7644D471 5 Bytes JMP 72785981 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!MessageBoxIndirectW 7644D56B 5 Bytes JMP 7278593D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!MessageBoxExA 7644D5D1 5 Bytes JMP 72785903 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!MessageBoxExW 7644D5F5 5 Bytes JMP 727858C9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe[5652] kernel32.dll!IsDebuggerPresent 75D6F9C3 6 Bytes JMP 004DA090 C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe (Media Player Classic - Homecinema/mpc-hc@Sourceforge)
.text C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe[5652] kernel32.dll!DeviceIoControl 75D7C22F 7 Bytes JMP 004689D0 C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe (Media Player Classic - Homecinema/mpc-hc@Sourceforge)
.text C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe[5652] kernel32.dll!CreateFileW 75D9CC4E 5 Bytes JMP 004689A0 C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe (Media Player Classic - Homecinema/mpc-hc@Sourceforge)
.text C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe[5652] kernel32.dll!CreateFileA 75D9CF71 5 Bytes JMP 00468990 C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe (Media Player Classic - Homecinema/mpc-hc@Sourceforge)
.text C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe[5652] USER32.dll!ChangeDisplaySettingsExA 764213E2 5 Bytes JMP 0046FD50 C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe (Media Player Classic - Homecinema/mpc-hc@Sourceforge)
.text C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe[5652] USER32.dll!ChangeDisplaySettingsExW 7643A981 5 Bytes JMP 0046FD80 C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe (Media Player Classic - Homecinema/mpc-hc@Sourceforge)
.text C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe[5652] ADVAPI32.dll!RegDeleteKeyW 761B9C7E 7 Bytes JMP 0041E220 C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe (Media Player Classic - Homecinema/mpc-hc@Sourceforge)
.text C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe[5652] ADVAPI32.dll!RegDeleteKeyA 761B9D63 5 Bytes JMP 0041E1F0 C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe (Media Player Classic - Homecinema/mpc-hc@Sourceforge)
.text C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe[5652] ADVAPI32.dll!RegQueryInfoKeyA 761B9E42 7 Bytes JMP 0041E410 C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe (Media Player Classic - Homecinema/mpc-hc@Sourceforge)
.text C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe[5652] ADVAPI32.dll!RegDeleteValueA 761BA565 7 Bytes JMP 0041E250 C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe (Media Player Classic - Homecinema/mpc-hc@Sourceforge)
.text C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe[5652] ADVAPI32.dll!RegQueryValueA 761BB1C1 7 Bytes JMP 0041E470 C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe (Media Player Classic - Homecinema/mpc-hc@Sourceforge)
.text C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe[5652] ADVAPI32.dll!RegCreateKeyExA 761BB5E7 5 Bytes JMP 0041E1B0 C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe (Media Player Classic - Homecinema/mpc-hc@Sourceforge)
.text C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe[5652] ADVAPI32.dll!RegCreateKeyA 761BB8AE 5 Bytes JMP 0041E170 C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe (Media Player Classic - Homecinema/mpc-hc@Sourceforge)
.text C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe[5652] ADVAPI32.dll!RegSetValueExA 761BB8F1 7 Bytes JMP 0041E590 C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe (Media Player Classic - Homecinema/mpc-hc@Sourceforge)
.text C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe[5652] ADVAPI32.dll!RegDeleteValueW 761BBC79 7 Bytes JMP 0041E280 C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe (Media Player Classic - Homecinema/mpc-hc@Sourceforge)
.text C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe[5652] ADVAPI32.dll!RegOpenKeyA 761C0BF5 5 Bytes JMP 0041E370 C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe (Media Player Classic - Homecinema/mpc-hc@Sourceforge)
.text C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe[5652] ADVAPI32.dll!RegEnumValueA 761C0D57 7 Bytes JMP 0041E310 C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe (Media Player Classic - Homecinema/mpc-hc@Sourceforge)
.text C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe[5652] ADVAPI32.dll!RegEnumValueW 761C16D2 7 Bytes JMP 0041E340 C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe (Media Player Classic - Homecinema/mpc-hc@Sourceforge)
.text C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe[5652] ADVAPI32.dll!RegEnumKeyExA 761CA78C 5 Bytes JMP 0041E2B0 C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe (Media Player Classic - Homecinema/mpc-hc@Sourceforge)
.text C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe[5652] ADVAPI32.dll!RegQueryValueW 761CAF5D 7 Bytes JMP 0041E4A0 C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe (Media Player Classic - Homecinema/mpc-hc@Sourceforge)
.text C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe[5652] ADVAPI32.dll!RegCreateKeyW 761CB83D 5 Bytes JMP 0041E190 C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe (Media Player Classic - Homecinema/mpc-hc@Sourceforge)
.text C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe[5652] ADVAPI32.dll!RegSetValueExW 761CBA90 7 Bytes JMP 0041E5C0 C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe (Media Player Classic - Homecinema/mpc-hc@Sourceforge)
.text C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe[5652] ADVAPI32.dll!RegCreateKeyExW 761CBCE1 5 Bytes JMP 0041E1D0 C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe (Media Player Classic - Homecinema/mpc-hc@Sourceforge)
.text C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe[5652] ADVAPI32.dll!RegQueryInfoKeyW 761CC5AF 7 Bytes JMP 0041E440 C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe (Media Player Classic - Homecinema/mpc-hc@Sourceforge)
.text C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe[5652] ADVAPI32.dll!RegOpenKeyExA 761CD4E8 5 Bytes JMP 0041E3B0 C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe (Media Player Classic - Homecinema/mpc-hc@Sourceforge)
.text C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe[5652] ADVAPI32.dll!RegQueryValueExA 761CD639 7 Bytes JMP 0041E4D0 C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe (Media Player Classic - Homecinema/mpc-hc@Sourceforge)
.text C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe[5652] ADVAPI32.dll!RegOpenKeyW 761D3CB0 5 Bytes JMP 0041E390 C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe (Media Player Classic - Homecinema/mpc-hc@Sourceforge)
.text C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe[5652] ADVAPI32.dll!RegOpenKeyExW 761DF09D 5 Bytes JMP 0041E3E0 C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe (Media Player Classic - Homecinema/mpc-hc@Sourceforge)
.text C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe[5652] ADVAPI32.dll!RegCloseKey 761DF429 7 Bytes JMP 0041E110 C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe (Media Player Classic - Homecinema/mpc-hc@Sourceforge)
.text C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe[5652] ADVAPI32.dll!RegQueryValueExW 761DF79F 7 Bytes JMP 0041E500 C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe (Media Player Classic - Homecinema/mpc-hc@Sourceforge)
.text C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe[5652] ADVAPI32.dll!RegEnumKeyExW 761DFAF8 7 Bytes JMP 0041E2E0 C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe (Media Player Classic - Homecinema/mpc-hc@Sourceforge)
.text C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe[5652] ADVAPI32.dll!RegFlushKey 761E3116 7 Bytes JMP 0041E140 C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe (Media Player Classic - Homecinema/mpc-hc@Sourceforge)
.text C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe[5652] ADVAPI32.dll!RegSetValueW 761E507C 5 Bytes JMP 0041E560 C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe (Media Player Classic - Homecinema/mpc-hc@Sourceforge)
.text C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe[5652] ADVAPI32.dll!RegSetValueA 762252E1 5 Bytes JMP 0041E530 C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe (Media Player Classic - Homecinema/mpc-hc@Sourceforge)
.text C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe[5652] ole32.dll!CoCreateInstance 7733E188 5 Bytes JMP 0041E890 C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe (Media Player Classic - Homecinema/mpc-hc@Sourceforge)

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 000A0002
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 000A0000

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\FVXSCSI\Parameters\PnpInterface@0 1
Reg HKLM\SYSTEM\ControlSet003\Services\FVXSCSI\Parameters\PnpInterface@0 1

---- EOF - GMER 1.0.14 ----


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:43, on 20-11-08
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Comodo\CBOClean\BOC427.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Windows\ehome\ehtray.exe
C:\WINDOWS\SYSTEM32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\sander\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\explorer.exe
C:\Program Files\UltraRecall\UltraRecall.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\X Codec Pack Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe
C:\Windows\system32\conime.exe
C:\Program Files\Dziobas Rar Player\DziobasPlayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Dziobas Rar Player\binary\DZIOBAS.exe
C:\Users\sander\Desktop\gmer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Video Download Toolbar Helper - {83BD144C-5E53-4E12-8E99-5A7F1BBF3EA0} - C:\Program Files\Video Download Toolbar\v3.3.0.1\Video_Download_Toolbar.dll
O2 - BHO: Video Download Toolbar IE Browser Helper Object - {B29002A0-87A1-4DC4-AC55-5982034EB61E} - C:\PROGRA~1\VIDEOD~1\V330~1.1\RESOUR~1\VIDEOD~1.DLL
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: Ultra Recall - {C501607C-4A98-4f5e-B9AF-425E6BBD5186} - C:\Program Files\UltraRecall\Integration\IEToolbar.dll
O3 - Toolbar: Video Download Toolbar - {E52BE12D-A44A-4F51-9DC1-34F37A488CC7} - C:\Program Files\Video Download Toolbar\v3.3.0.1\Video_Download_Toolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe"
O4 - HKLM\..\Run: [CookieWall] C:\Program Files\AnalogX\CookieWall\cookie.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Ultra Recall] C:\Program Files\UltraRecall\UltraRecall.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\sander\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Send To &Ultra Recall (copy) - C:\Program Files\UltraRecall\Integration\StoreFromIE.html
O8 - Extra context menu item: Send To Ultra &Recall (link) - C:\Program Files\UltraRecall\Integration\LinkFromIE.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Copy to Ultra Recall - {24187A0F-0FDD-411b-80C6-F1F22F2ED10E} - C:\Program Files\UltraRecall\Integration\IEToolbar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Link to Ultra Recall - {FD1FF307-68BC-462f-8718-AAEDB6DB7EA2} - C:\Program Files\UltraRecall\Integration\IEToolbar.dll
O9 - Extra button: Copy to Ultra Recall - {24187A0F-0FDD-411b-80C6-F1F22F2ED10E} - C:\Program Files\UltraRecall\Integration\IEToolbar.dll (HKCU)
O9 - Extra button: Link to Ultra Recall - {FD1FF307-68BC-462f-8718-AAEDB6DB7EA2} - C:\Program Files\UltraRecall\Integration\IEToolbar.dll (HKCU)
O15 - Trusted Zone: http://www.eset.com
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Windows\
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Freenet 0.7 darknet-8888 (freenet-darknet-8888) - Unknown owner - C:\Program Files\Freenet\bin\wrapper-windows-x86-32.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\Program Files\Stardock\Object Desktop\WindowBlinds\vistasrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9078 bytes

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:40 PM

Posted 06 December 2008 - 08:21 AM

Hello agallas

Welcome to BleepingComputer :thumbsup:
========================
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 agallas

agallas
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 06 December 2008 - 11:57 AM

file assosiations doesnt exist error message (txt)? and doesnt appear in defalut programs . i dont know how to make this out of scratch.

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:40 PM

Posted 06 December 2008 - 02:28 PM

Hi you will have to re-read my previous post.
Where it says click here then click there and then you will need to download Rsit.
Save it to your desktop then run it.
It will produce 2 .txt files just as the instructions state.
Please post the contents of those files here for me to review
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 agallas

agallas
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 07 December 2008 - 11:00 AM

I have done all you said, and downloaded the tool and used it. The thing is my Vista computer doesnt produce the .txt file. It says my Vista commputer doesnt have the file assosiation. And in my Control Panel Default extencion i am usable to find or fix it.
Please help!

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:40 PM

Posted 07 December 2008 - 11:11 AM

Hi save the attached .zip file to your desktop.
Right click on it and choose extract all.
Then choose next then let it extract.
Double click the .reg file inside of the folder then choose Yes to let it merge with the registry.
Do not worry about the warning.

After that reboot then try it again.
Let me know how it goes.


[attachment=9133:txtfix_vista.zip]
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 agallas

agallas
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 07 December 2008 - 03:22 PM

RSIT produced 1 log text only.
As you can see ive have installed and uninstalled some programs.
My computer has become very slow. MAybe i should unistall old Java versions.


Logfile of random's system information tool 1.04 (written by random/random)
Run by sander at 2008-12-07 16:17:15
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 39 GB (8%) free of 467 GB
Total RAM: 1916 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:17, on 07-12-08
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Comodo\CBOClean\BOC427.EXE
C:\WINDOWS\SYSTEM32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\VistaFirewallControl\VistaFirewallControl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\sander\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\sander.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [VistaFirewallControl] C:\Program Files\VistaFirewallControl\VistaFirewallControl.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O15 - Trusted Zone: http://www.eset.com
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: StumbleUponUpdateService - stumbleupon.com - C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe
O23 - Service: VistaFirewallService - Sphinx Software - C:\Program Files\VistaFirewallControl\VistaFirewallService.exe

--
End of file - 6650 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{400FE5E0-AE65-4C8F-BBE3-F2CF93E05CC1}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
SnagIt Toolbar Loader - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll [2008-05-15 66888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{145B29F4-A56B-4b90-BBAC-45784EBEBBB7}]
StumbleUpon Launcher - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll [2008-11-25 1181000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-25 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-25 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll [2008-05-15 161096]
{5093EB4C-3E93-40AB-9266-B607BA87BDC8} - StumbleUpon Toolbar - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll [2008-11-25 1181000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\WINDOWS\RtHDVCpl.exe [2008-07-03 6266880]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]
"BOC-427"=C:\PROGRA~1\Comodo\CBOClean\BOC427.exe [2008-07-14 351480]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-18 81000]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-22 13539872]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-22 92704]
"TMRUBottedTray"=C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe [2008-11-06 288088]
"VistaFirewallControl"=C:\Program Files\VistaFirewallControl\VistaFirewallControl.exe [2008-07-11 716800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"

======File associations======

.ini - open - "C:\Program Files\GetDiz\GetDiz.exe" "%1"
.reg - open - regedit.exe "%1" %*

======List of files/folders created in the last 1 months======

2008-12-06 12:24:45 ----D---- C:\rsit
2008-12-05 13:57:54 ----D---- C:\Users\sander\AppData\Roaming\XnView
2008-12-05 13:57:17 ----D---- C:\Program Files\XnView
2008-12-04 03:29:12 ----D---- C:\ProgramData\WindowsSearch
2008-12-01 23:10:57 ----D---- C:\Program Files\Orban
2008-12-01 07:44:06 ----D---- C:\Program Files\IceChat7
2008-11-30 14:52:25 ----D---- C:\Program Files\VistaFirewallControl
2008-11-28 22:21:16 ----D---- C:\Program Files\Transmission
2008-11-28 00:50:11 ----D---- C:\Program Files\StumbleUpon
2008-11-27 23:41:13 ----D---- C:\Users\sander\AppData\Roaming\eBay
2008-11-27 23:35:14 ----D---- C:\ProgramData\WholeSecurity
2008-11-27 23:35:08 ----D---- C:\ProgramData\eBay
2008-11-27 20:46:46 ----D---- C:\Users\sander\AppData\Roaming\PCF-VLC
2008-11-27 20:35:34 ----D---- C:\Users\sander\AppData\Roaming\Participatory Culture Foundation
2008-11-27 20:33:01 ----D---- C:\Program Files\Participatory Culture Foundation
2008-11-27 20:31:44 ----D---- C:\OpenCandy
2008-11-27 20:26:05 ----A---- C:\Windows\IPMonitor.ini
2008-11-25 22:05:08 ----D---- C:\Users\sander\AppData\Roaming\Delicious IE Extension
2008-11-25 22:04:39 ----D---- C:\Program Files\Delicious Add-on for Internet Explorer
2008-11-25 17:05:54 ----D---- C:\Program Files\VDOWNLOADER
2008-11-25 16:38:51 ----D---- C:\Users\sander\AppData\Roaming\TeamViewer
2008-11-25 16:38:51 ----D---- C:\Program Files\QS
2008-11-25 16:10:11 ----D---- C:\Users\sander\AppData\Roaming\gnupg
2008-11-25 01:12:24 ----A---- C:\Windows\system32\deploytk.dll
2008-11-25 01:12:23 ----A---- C:\Windows\system32\javaws.exe
2008-11-25 01:12:23 ----A---- C:\Windows\system32\javaw.exe
2008-11-25 01:12:23 ----A---- C:\Windows\system32\java.exe
2008-11-23 21:30:52 ----D---- C:\tmpDownload
2008-11-23 18:41:42 ----D---- C:\sysreset
2008-11-23 18:40:28 ----D---- C:\SDFix
2008-11-23 04:18:50 ----D---- C:\Program Files\QuickPar
2008-11-23 04:11:52 ----A---- C:\Windows\system32\wersvc.dll
2008-11-23 04:11:52 ----A---- C:\Windows\system32\Faultrep.dll
2008-11-23 04:11:49 ----A---- C:\Windows\system32\wmpeffects.dll
2008-11-23 04:11:41 ----A---- C:\Windows\system32\EncDec.dll
2008-11-23 04:11:38 ----A---- C:\Windows\system32\psisdecd.dll
2008-11-23 04:11:28 ----A---- C:\Windows\system32\netapi32.dll
2008-11-23 04:11:20 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-11-23 04:11:19 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-11-23 04:11:04 ----A---- C:\Windows\system32\msxml3.dll
2008-11-23 04:10:55 ----A---- C:\Windows\system32\win32spl.dll
2008-11-23 04:10:31 ----A---- C:\Windows\system32\mshtml.dll
2008-11-23 04:10:29 ----A---- C:\Windows\system32\urlmon.dll
2008-11-23 04:10:29 ----A---- C:\Windows\system32\ieframe.dll
2008-11-23 04:10:28 ----A---- C:\Windows\system32\wininet.dll
2008-11-23 04:10:28 ----A---- C:\Windows\system32\iertutil.dll
2008-11-23 04:10:27 ----A---- C:\Windows\system32\mstime.dll
2008-11-23 04:10:27 ----A---- C:\Windows\system32\jsproxy.dll
2008-11-23 04:10:17 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-11-23 04:10:17 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-11-23 04:08:42 ----A---- C:\Windows\system32\emdmgmt.dll
2008-11-23 04:08:42 ----A---- C:\Windows\system32\dataclen.dll
2008-11-23 04:08:42 ----A---- C:\Windows\system32\cdd.dll
2008-11-23 04:07:48 ----A---- C:\Windows\system32\msxml6.dll
2008-11-23 03:51:52 ----A---- C:\Windows\system32\wups2.dll
2008-11-23 03:51:52 ----A---- C:\Windows\system32\wucltux.dll
2008-11-23 03:51:52 ----A---- C:\Windows\system32\wuaueng.dll
2008-11-23 03:51:52 ----A---- C:\Windows\system32\wuauclt.exe
2008-11-23 03:51:32 ----A---- C:\Windows\system32\wups.dll
2008-11-23 03:51:32 ----A---- C:\Windows\system32\wudriver.dll
2008-11-23 03:51:32 ----A---- C:\Windows\system32\wuapi.dll
2008-11-23 03:51:24 ----A---- C:\Windows\system32\wuwebv.dll
2008-11-23 03:51:24 ----A---- C:\Windows\system32\wuapp.exe
2008-11-22 21:11:51 ----D---- C:\ie-spyad_zo
2008-11-22 04:45:13 ----D---- C:\Users\sander\AppData\Roaming\Comodo
2008-11-22 04:44:13 ----D---- C:\ProgramData\Comodo
2008-11-22 04:12:31 ----D---- C:\Temp
2008-11-21 21:00:14 ----A---- C:\Windows\RTKAUDIOSERVICE.EXE
2008-11-21 20:58:56 ----A---- C:\Windows\DIFxAPI.dll
2008-11-21 20:58:32 ----A---- C:\Windows\RtlUpd.exe
2008-11-21 20:58:30 ----A---- C:\Windows\system32\RtkPgExt.dll
2008-11-21 20:58:30 ----A---- C:\Windows\system32\RtkApoApi.dll
2008-11-21 20:58:29 ----A---- C:\Windows\system32\RtkAPO.dll
2008-11-21 20:58:27 ----A---- C:\Windows\RtHDVCpl.exe
2008-11-21 20:58:26 ----D---- C:\Program Files\Realtek
2008-11-21 20:58:25 ----A---- C:\Windows\RtlExUpd.dll
2008-11-21 20:58:25 ----A---- C:\Windows\HideWin.exe
2008-11-21 20:58:11 ----D---- C:\Users\sander\AppData\Roaming\WinBatch
2008-11-21 18:48:49 ----D---- C:\Windows\Minidump
2008-11-21 17:19:26 ----D---- C:\Program Files\Preee
2008-11-21 11:59:43 ----D---- C:\Windows\BDOSCAN8
2008-11-19 23:29:01 ----A---- C:\Windows\gmer.ini
2008-11-19 23:28:58 ----A---- C:\Windows\gmer_uninstall.cmd
2008-11-19 23:28:58 ----A---- C:\Windows\gmer.exe
2008-11-19 23:28:58 ----A---- C:\Windows\gmer.dll
2008-11-18 01:33:52 ----D---- C:\Program Files\Halite
2008-11-17 11:29:44 ----A---- C:\Windows\custvoic.ini
2008-11-17 08:55:11 ----D---- C:\Users\sander\AppData\Roaming\vlc
2008-11-17 08:40:25 ----D---- C:\Program Files\VideoLAN
2008-11-15 23:38:38 ----D---- C:\Program Files\Mavis
2008-11-15 21:30:41 ----D---- C:\Users\sander\AppData\Roaming\Opera
2008-11-15 21:21:32 ----D---- C:\Users\sander\AppData\Roaming\HTML Executable
2008-11-14 11:12:23 ----D---- C:\Program Files\Haali
2008-11-14 11:12:04 ----D---- C:\Program Files\CoreCodec
2008-11-13 22:50:09 ----D---- C:\Users\sander\AppData\Roaming\FLVPlayer4Free
2008-11-13 20:13:09 ----A---- C:\Windows\Autumn Life.ini
2008-11-13 20:11:19 ----A---- C:\Windows\unins003.exe
2008-11-13 14:56:48 ----D---- C:\Program Files\Google
2008-11-12 18:59:34 ----D---- C:\Program Files\uTorrent
2008-11-12 18:59:32 ----D---- C:\Users\sander\AppData\Roaming\uTorrent

======List of files/folders modified in the last 1 months======

2008-12-07 16:14:04 ----A---- C:\Windows\BOC427.INI
2008-12-07 16:13:36 ----D---- C:\Windows\System32
2008-12-07 16:13:36 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-12-07 16:13:35 ----D---- C:\Windows\inf
2008-12-07 16:10:48 ----D---- C:\Windows\Prefetch
2008-12-07 16:09:52 ----D---- C:\Windows\Temp
2008-12-07 16:09:52 ----D---- C:\Windows
2008-12-07 14:42:07 ----A---- C:\m.txt
2008-12-07 14:09:43 ----SHD---- C:\System Volume Information
2008-12-07 13:50:13 ----D---- C:\Users\sander\AppData\Roaming\Kinook Software
2008-12-07 13:50:08 ----RD---- C:\Program Files
2008-12-07 13:47:47 ----D---- C:\Program Files\Creative
2008-12-07 13:46:44 ----D---- C:\ProgramData\Creative
2008-12-06 18:36:53 ----D---- C:\Windows\system32\drivers
2008-12-05 19:07:08 ----SD---- C:\Windows\Downloaded Program Files
2008-12-04 08:27:52 ----D---- C:\Users\sander\AppData\Roaming\Skype
2008-12-04 03:29:12 ----HD---- C:\ProgramData
2008-12-02 21:41:09 ----D---- C:\Program Files\Common Files
2008-12-02 20:49:51 ----D---- C:\Windows\system32\LogFiles
2008-12-02 20:20:12 ----D---- C:\Users\sander\AppData\Roaming\SUPERAntiSpyware.com
2008-12-02 19:40:58 ----D---- C:\Users\sander\AppData\Roaming\OpenOffice.org2
2008-12-01 07:29:45 ----SHD---- C:\Windows\Installer
2008-11-30 19:33:41 ----D---- C:\Program Files\a-squared Free
2008-11-30 18:04:14 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-30 17:00:24 ----D---- C:\Users\sander\AppData\Roaming\mIRC
2008-11-30 14:16:51 ----D---- C:\Users\sander\AppData\Roaming\Vso
2008-11-29 03:16:30 ----D---- C:\Windows\system32\Tasks
2008-11-28 20:29:14 ----SD---- C:\Users\sander\AppData\Roaming\Microsoft
2008-11-27 23:03:49 ----D---- C:\Windows\system32\Macromed
2008-11-27 20:56:55 ----A---- C:\Windows\_MSRSTRT.EXE
2008-11-27 20:35:47 ----D---- C:\Users\sander\AppData\Roaming\Mozilla
2008-11-27 03:13:28 ----D---- C:\Program Files\REAPER
2008-11-26 20:14:46 ----D---- C:\ProgramData\BOC427
2008-11-26 14:47:04 ----RD---- C:\Users
2008-11-25 04:30:00 ----RSD---- C:\Windows\assembly
2008-11-25 04:30:00 ----D---- C:\Windows\Microsoft.NET
2008-11-25 01:11:58 ----D---- C:\Program Files\Java
2008-11-24 23:48:30 ----D---- C:\Program Files\Comodo
2008-11-24 23:42:44 ----D---- C:\Windows\rescache
2008-11-24 23:37:19 ----D---- C:\Windows\winsxs
2008-11-24 23:27:12 ----D---- C:\Windows\system32\catroot
2008-11-24 23:27:11 ----D---- C:\Windows\system32\catroot2
2008-11-24 23:23:35 ----D---- C:\Windows\system32\en-US
2008-11-24 23:23:35 ----D---- C:\Windows\ehome
2008-11-24 23:23:35 ----D---- C:\Windows\AppPatch
2008-11-24 23:23:34 ----D---- C:\Windows\system32\migration
2008-11-24 23:23:34 ----D---- C:\Program Files\Windows Mail
2008-11-24 02:32:17 ----D---- C:\Program Files\Dziobas Rar Player
2008-11-24 00:22:24 ----D---- C:\Windows\LiveKernelReports
2008-11-23 21:35:30 ----D---- C:\Windows\Debug
2008-11-23 04:36:49 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-23 02:48:12 ----D---- C:\Program Files\Internet Explorer
2008-11-22 17:03:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-22 15:10:17 ----SD---- C:\ProgramData\Microsoft
2008-11-22 02:56:48 ----D---- C:\Windows\Tasks
2008-11-22 01:58:53 ----RSD---- C:\Windows\Fonts
2008-11-21 21:00:03 ----D---- C:\Windows\system32\RTCOM
2008-11-21 19:21:57 ----A---- C:\Windows\WININIT.INI
2008-11-21 19:17:44 ----D---- C:\Program Files\EsetOnlineScanner
2008-11-21 12:22:46 ----D---- C:\Program Files\Trend Micro
2008-11-19 15:46:11 ----D---- C:\Users\sander\AppData\Roaming\IrfanView
2008-11-18 13:41:38 ----A---- C:\Windows\system32\aswBoot.exe
2008-11-15 11:02:35 ----D---- C:\Program Files\MediaMonkey
2008-11-15 09:04:17 ----D---- C:\Program Files\mozilla.org
2008-11-15 09:03:17 ----D---- C:\Program Files\SightSpeed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2008-11-18 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2008-11-18 110160]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2008-11-18 50864]
R1 pfmfs_0CC;pfmfs_0CC; C:\Windows\system32\Drivers\pfmfs_0CC.sys [2007-12-31 175576]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-11-18 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-11-18 51792]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 BOCDRIVE;BOClean Kernel Monitor.; \??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys [2007-04-17 15376]
R3 dsnpfd;DeskSoft Service; C:\Windows\system32\DRIVERS\dsnpfd.sys [2008-08-26 26920]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-07-03 2152088]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-11-17 1040544]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-22 7465312]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2008-07-22 47360]
R3 TMPassthruMP;TMPassthruMP; C:\Windows\system32\DRIVERS\TMPassthru.sys [2008-03-02 206608]
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-20 73088]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
R3 VF0350Afx;VF0350 Audio FX; C:\Windows\system32\Drivers\V0350Afx.sys [2007-06-10 142656]
R3 VF0350Vfx;VF0350 Video FX; C:\Windows\system32\DRIVERS\V0350VFx.sys [2007-03-05 7424]
R3 VF0350Vid;Live! Cam Video IM (VF0350); C:\Windows\system32\DRIVERS\V0350Vid.sys [2007-05-10 170368]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 fcdabus;fcdabus; C:\Windows\system32\DRIVERS\fcdabus.sys []
S3 fsRamDsk;RamDisk Drive Service; C:\Windows\system32\DRIVERS\fsRamDsk.sys []
S3 gmer;gmer; C:\Windows\System32\DRIVERS\gmer.sys [2008-11-19 85969]
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 TMPassthru;Trend Micro Passthru Ndis Service; C:\Windows\system32\DRIVERS\TMPassthru.sys [2008-03-02 206608]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 39936]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
S4 nvsmu;nvsmu; C:\Windows\system32\drivers\nvsmu.sys [2007-10-12 13312]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2008-11-22 419448]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-18 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-18 155160]
R2 BOCore;BOCore; C:\Program Files\Comodo\CBOClean\BOCORE.exe [2008-07-14 73464]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-22 118784]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 RUBotted;Trend Micro RUBotted Service; C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe [2008-11-06 582992]
R2 VistaFirewallService;VistaFirewallService; C:\Program Files\VistaFirewallControl\VistaFirewallService.exe [2008-07-11 286720]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-18 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-18 352920]
S3 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
S3 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-11-19 79136]
S3 QBCFMonitorService;QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [2008-02-27 20480]
S3 QBFCService;Intuit QuickBooks FCS; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [2007-05-24 61440]
S3 StumbleUponUpdateService;StumbleUponUpdateService; C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe [2008-11-25 120168]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-23 181800]
S4 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]

-----------------EOF-----------------

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:40 PM

Posted 07 December 2008 - 08:31 PM

Hi can tell me what problems that are currently with the computer still?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 agallas

agallas
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 07 December 2008 - 10:15 PM

Right now ,
the computers very slow from what it was original. SearchHost keeps diling out. My vista validation suddently quit on me, also. I was trying to harden my pc for irc icechat and clean it up before.

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:40 PM

Posted 08 December 2008 - 07:43 AM

The issues that you are having are not from malware.
Since your log is clean please start a thread in the Vista Forums they can be found here :

http://www.bleepingcomputer.com/forums/f/72/windows-vista/

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users