Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Everything going so SLOW


  • This topic is locked This topic is locked
34 replies to this topic

#1 samuel3

samuel3

  • Members
  • 2,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 AM

Posted 10 December 2008 - 05:58 PM

My computer has been acting very slow recently in programs etc. Firefox goes white faded screen along with my IRC client, Openofficeorg took a long time to come up aswell.. I have 4GB of RAM my computer is about 3 months old and have got CCleaner, ATF cleaner, and Auslogics disk defrag so might computer runs well.. But im really not sure why it would all of a sudden go slow at opening programs and not responding...

My Os is Vista.


Anyone that can help clear this problem up?
Also if there is anything else that shouldn't be there and needs clearing up?

Cheers,
Samuel3.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:52:47, on 10/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\OpenOffice.org 3\program\scalc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.thetechguys.com/welcome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\Windows\system32\guard32.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

--
End of file - 4177 bytes

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:31 AM

Posted 17 December 2008 - 04:18 PM

Hi samuel3,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • To get an idea about the current condition of you computer download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

      Note 1: If you have difficulty finding the logs, the logs are in this folder: C:\rsit

      Note 2: The tool takes not more than one minute to scan the system.
  • Tell me if you have done anything since previous post. Or you have run any other tools. Also tell me how is the current condition of your computer.

You might want to save this page on your favorites, so you can find it again when you return.

#3 samuel3

samuel3
  • Topic Starter

  • Members
  • 2,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 AM

Posted 18 December 2008 - 11:23 AM

This is the second hijackthis log in case i have made some changes:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:18:26, on 18/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Users\Sam\Desktop\RSIT.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\Sam.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.thetechguys.com/welcome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\Windows\system32\guard32.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

--
End of file - 3866 bytes



And this is the 2 logs of RSIT:

LOG:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Sam at 2008-12-18 16:17:24
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 378 GB (81%) free of 466 GB
Total RAM: 3454 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:18:26, on 18/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Users\Sam\Desktop\RSIT.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\Sam.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.thetechguys.com/welcome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\Windows\system32\guard32.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

--
End of file - 3866 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-11-23 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-11-23 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-11-23 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-27 1261336]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2008-12-05 1797880]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll C:\Windows\system32\guard32.dll "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2008-12-18 08:02:54 ----A---- C:\Windows\system32\mshtml.dll
2008-12-18 00:07:34 ----D---- C:\rsit
2008-12-10 22:51:46 ----D---- C:\Program Files\Trend Micro
2008-12-10 21:57:48 ----A---- C:\Windows\system32\tzres.dll
2008-12-10 20:32:00 ----A---- C:\Windows\system32\urlmon.dll
2008-12-10 20:31:59 ----A---- C:\Windows\system32\wininet.dll
2008-12-10 20:31:59 ----A---- C:\Windows\system32\mstime.dll
2008-12-10 20:31:59 ----A---- C:\Windows\system32\ieframe.dll
2008-12-10 20:31:58 ----A---- C:\Windows\system32\jsproxy.dll
2008-12-10 20:31:58 ----A---- C:\Windows\system32\iertutil.dll
2008-12-10 19:37:23 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-10 19:37:21 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-10 19:07:45 ----A---- C:\Windows\system32\shell32.dll
2008-12-10 19:07:23 ----A---- C:\Windows\system32\mf.dll
2008-12-10 19:07:22 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-10 19:07:22 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-10 19:07:22 ----A---- C:\Windows\system32\logagent.exe
2008-12-10 19:06:35 ----A---- C:\Windows\explorer.exe
2008-12-10 19:06:34 ----A---- C:\Windows\system32\gdi32.dll
2008-12-05 19:44:54 ----A---- C:\Windows\system32\javaws.exe
2008-12-05 19:44:54 ----A---- C:\Windows\system32\javaw.exe
2008-12-05 19:44:54 ----A---- C:\Windows\system32\java.exe
2008-12-05 19:24:45 ----A---- C:\Windows\system32\cssdll32.dll
2008-12-05 19:22:24 ----D---- C:\ProgramData\comodo
2008-12-05 19:22:24 ----A---- C:\Windows\system32\guard32.dll
2008-12-05 19:22:23 ----D---- C:\Program Files\COMODO
2008-12-05 18:02:45 ----A---- C:\Windows\system32\tcpipcfg.dll
2008-12-05 18:02:45 ----A---- C:\Windows\system32\netiougc.exe
2008-11-26 15:43:06 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-11-26 15:42:56 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-26 15:42:56 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-26 15:42:56 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-26 15:42:52 ----A---- C:\Windows\system32\connect.dll
2008-11-23 18:05:29 ----A---- C:\Windows\system32\avgrsstx.dll
2008-11-22 15:37:45 ----D---- C:\Users\Sam\AppData\Roaming\WinRAR
2008-11-22 15:37:17 ----D---- C:\Program Files\WinRAR
2008-11-19 16:24:14 ----A---- C:\Windows\system32\wups2.dll
2008-11-19 16:24:14 ----A---- C:\Windows\system32\wucltux.dll
2008-11-19 16:24:14 ----A---- C:\Windows\system32\wuaueng.dll
2008-11-19 16:24:14 ----A---- C:\Windows\system32\wuauclt.exe
2008-11-19 16:24:01 ----A---- C:\Windows\system32\wups.dll
2008-11-19 16:24:00 ----A---- C:\Windows\system32\wudriver.dll
2008-11-19 16:24:00 ----A---- C:\Windows\system32\wuapi.dll
2008-11-19 16:23:55 ----A---- C:\Windows\system32\wuwebv.dll
2008-11-19 16:23:55 ----A---- C:\Windows\system32\wuapp.exe

======List of files/folders modified in the last 1 months======

2008-12-18 16:18:26 ----D---- C:\Windows\Temp
2008-12-18 16:17:48 ----D---- C:\Windows\Prefetch
2008-12-18 08:03:18 ----D---- C:\Windows\system32\LogFiles
2008-12-18 08:03:15 ----D---- C:\Windows\winsxs
2008-12-18 08:03:15 ----D---- C:\Windows\System32
2008-12-18 08:03:08 ----D---- C:\Windows\system32\catroot
2008-12-18 08:02:13 ----SHD---- C:\System Volume Information
2008-12-18 07:58:29 ----D---- C:\Users\Sam\AppData\Roaming\mIRC
2008-12-18 07:55:51 ----D---- C:\Windows\inf
2008-12-18 07:55:51 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-12-18 00:06:27 ----D---- C:\Windows
2008-12-17 18:57:38 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-12-17 17:00:04 ----D---- C:\Users\Sam\AppData\Roaming\teamspeak2
2008-12-17 15:53:49 ----D---- C:\Windows\system32\Tasks
2008-12-11 19:53:34 ----D---- C:\Windows\Debug
2008-12-11 16:08:03 ----D---- C:\Windows\system32\catroot2
2008-12-10 23:02:47 ----D---- C:\Windows\rescache
2008-12-10 22:51:46 ----RD---- C:\Program Files
2008-12-10 22:46:48 ----D---- C:\Windows\system32\en-US
2008-12-10 22:46:48 ----D---- C:\Windows\AppPatch
2008-12-10 22:46:48 ----D---- C:\Program Files\Windows Mail
2008-12-09 23:24:37 ----A---- C:\Windows\system32\mrt.exe
2008-12-09 21:08:02 ----D---- C:\Windows\Internet Logs
2008-12-05 22:19:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-05 22:19:46 ----D---- C:\Windows\system32\drivers
2008-12-05 20:01:32 ----SHD---- C:\Windows\Installer
2008-12-05 20:01:28 ----D---- C:\Program Files\Java
2008-12-05 20:01:28 ----D---- C:\Program Files\Common Files
2008-12-05 19:49:37 ----D---- C:\Program Files\Mozilla Firefox
2008-12-05 19:22:24 ----HD---- C:\ProgramData
2008-12-05 18:57:51 ----D---- C:\Windows\system32\ZoneLabs
2008-12-05 18:36:31 ----D---- C:\Windows\system32\migration
2008-12-03 22:27:29 ----D---- C:\Windows\system32\WDI
2008-12-03 17:43:03 ----D---- C:\Program Files\Windows Live
2008-12-02 19:14:33 ----D---- C:\ProgramData\WLInstaller
2008-11-23 18:05:00 ----D---- C:\ProgramData\avg8
2008-11-23 18:04:19 ----SD---- C:\Users\Sam\AppData\Roaming\Microsoft
2008-11-23 17:21:40 ----AD---- C:\ProgramData\TEMP

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2008-11-23 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2008-11-23 26824]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2008-12-05 99344]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2008-12-05 25104]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-21 95744]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-06-03 3695104]
R3 AvgWfpX;AVG Free8 Firewall Driver x86; C:\Windows\System32\Drivers\avgwfpx.sys [2008-11-23 69128]
R3 Inspect;Comodo Firewall Network Driver; C:\Windows\system32\DRIVERS\inspect.sys [2008-12-05 72720]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-05-14 2136920]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-08-06 124928]
R3 RTL85n86;Belkin Wireless G Notebook Card Service v8; C:\Windows\system32\DRIVERS\RTL85n86.sys [2007-03-12 354816]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 irsir;Microsoft Serial Infrared Driver; C:\Windows\system32\DRIVERS\irsir.sys [2008-01-21 20992]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-06-03 684032]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-11-23 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-11-23 231704]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2008-12-05 618232]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

-----------------EOF-----------------





INFO:


info.txt logfile of random's system information tool 1.05 2008-12-18 16:18:29

======Uninstall list======

Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
AusLogics Disk Defrag-->"C:\Program Files\Auslogics\AusLogics Disk Defrag\unins000.exe"
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Belkin Wireless Driver-->C:\Program Files\InstallShield Installation Information\{E8ADC69C-4F11-483B-A3C9-B42E6A451CD2}\SETUP.EXE -v"ISSCRIPTCMDLINE=\"-d -zREMOVE\"" -l0x0009 -removeonly
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
COMODO Internet Security-->C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe -u
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HydraVision-->MsiExec.exe /X{222B4C14-28F2-9F03-D91C-7596818C008E}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
OpenOffice.org 3.0-->MsiExec.exe /I{F44DA61E-720D-4E79-871F-F6E628B33242}
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
USB Video Driver-->C:\Program Files\InstallShield Installation Information\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}\setup.exe -runfromtemp -l0x0009 -removeonly
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst32.exe /u C:\Windows\System32\DriverStore\FileRepository\emaudio.inf_6afbf8f6\emaudio.inf
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG Anti-Virus Free
FW: COMODO Firewall
AS: COMODO Defense+
AS: AVG Anti-Virus Free (disabled)
AS: Windows Defender

System event log

Computer Name: Sam-PC
Event Code: 7036
Message: The AVG Free8 WatchDog service entered the running state.
Record Number: 27622
Source Name: Service Control Manager
Time Written: 20081218161725.000000-000
Event Type: Information
User:

Computer Name: Sam-PC
Event Code: 7036
Message: The AVG Free8 E-mail Scanner service entered the running state.
Record Number: 27623
Source Name: Service Control Manager
Time Written: 20081218161725.000000-000
Event Type: Information
User:

Computer Name: Sam-PC
Event Code: 7036
Message: The Diagnostic System Host service entered the running state.
Record Number: 27624
Source Name: Service Control Manager
Time Written: 20081218161725.000000-000
Event Type: Information
User:

Computer Name: Sam-PC
Event Code: 7036
Message: The Network Connections service entered the running state.
Record Number: 27625
Source Name: Service Control Manager
Time Written: 20081218161725.000000-000
Event Type: Information
User:

Computer Name: Sam-PC
Event Code: 7036
Message: The Application Information service entered the running state.
Record Number: 27626
Source Name: Service Control Manager
Time Written: 20081218161725.000000-000
Event Type: Information
User:

Application event log

Computer Name: Sam-PC
Event Code: 6000
Message: The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
Record Number: 6320
Source Name: Microsoft-Windows-Winlogon
Time Written: 20081218161709.000000-000
Event Type: Information
User:

Computer Name: Sam-PC
Event Code: 1
Message:
Record Number: 6321
Source Name: avg8emc
Time Written: 20081218161710.000000-000
Event Type: Information
User:

Computer Name: Sam-PC
Event Code: 1
Message: Certificate Services Client has been started successfully.
Record Number: 6322
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20081218161712.526475-000
Event Type: Information
User: NT AUTHORITY\SYSTEM

Computer Name: Sam-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 6323
Source Name: Microsoft-Windows-WMI
Time Written: 20081218161725.000000-000
Event Type: Error
User:

Computer Name: Sam-PC
Event Code: 1
Message: Certificate Services Client has been started successfully.
Record Number: 6324
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20081218161810.453275-000
Event Type: Information
User: Sam-PC\Sam

Security event log

Computer Name: Sam-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 8082
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081218161824.477675-000
Event Type: Audit Failure
User:

Computer Name: Sam-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 8083
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081218161824.524475-000
Event Type: Audit Failure
User:

Computer Name: Sam-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 8084
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081218161824.540075-000
Event Type: Audit Failure
User:

Computer Name: Sam-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 8085
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081218161824.571275-000
Event Type: Audit Failure
User:

Computer Name: Sam-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 8086
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081218161824.633675-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=x86 Family 16 Model 2 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=0203
"NUMBER_OF_PROCESSORS"=4
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE

-----------------EOF-----------------

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:31 AM

Posted 19 December 2008 - 04:24 AM

Hi again,

Please don't post any other log than those that are asked. One Hijackthis log gives the same amount of information as two Hijackthis logs. It makes the post populated without giving me extra information.

I don't see any apparent indication of malware. We are going to check it and at the same time take a closer look at your computer.

To Run Kaspersy or any online scanner you can use Internet Explorer. To run IE right-click and select "Run As Administrator".
  • Could you tell me if you have been infected prior to slowness? Or has done any major change (like installing a program or a driver) related to internet connection?

  • Have you already used system restore ? This is just an open question not that I'm recommending to use it now.

  • Now we need to make sure to turn off UAC ( UAC = User Account Control )
    • Click Start, and then click Control Panel.
    • In Control Panel, click User Accounts.
    • In the User Accounts window, click User Accounts.
    • In the User Accounts tasks window, click Turn User Account Control on or off.
    • If UAC is currently configured in Admin Approval Mode, the User Account Control message appears. Click Continue.
    • Clear the Use User Account Control (UAC) to help protect your computer check box, and then click OK. If it is already uncheck, then you should also notice a red shield with an X in it located in your system tray. Ignore any messages about UAC being disabled.
    • Click Restart Now to apply the change right away. (Restart even if you did not make the above change, we need to be sure that a reboot has occurred since the first time that UAC was disabled.)
    NOTE: DO NOT CONTINUE UNTIL UAC has been disabled and you have rebooted. The UAC should be kept disabled until I give you the clean sign.

  • Download Find File Information (scroll down the page) and save it to your desktop.
    • Double-click on FileInfo.vbs to start and follow the prompts.
    • When you see a prompt like this "Enter drive letter to search (letter only)", enter an asterisk (*) and click OK.
    • In the next window, enter: tcpip
      File name only (without extension)
    • Click OK. A text file named searched.txt will open and automatically be saved in the root of your C:\ directory.
    • Please copy/paste the information from searched.txt in your next reply.
    Note: If you have a script blocking program you may get a warning asking if you want to allow the script to run. Some will say "malicious script warning" or something to that effect. There is nothing malicious about this script, you can click to allow it to execute.

  • Please do a scan with Kaspersky Online Scanner

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    Click on the Accept button and install any components it needs.
    • The program will install and then begin downloading the latest definition files.
    • After the files have been downloaded on the left side of the page in the Scan section select My Computer
    • This will start the program and scan your system.
    • The scan will take a while, so be patient and let it run.
    • Once the scan is complete, click on View scan report
    • Now, click on the Save Report as button.
    • Save the file to your desktop.
    • Copy and paste that information in your next post.


#5 samuel3

samuel3
  • Topic Starter

  • Members
  • 2,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 AM

Posted 19 December 2008 - 10:02 AM

I had recently installed COMODO Firewall about a week ago.



Thats the log of the Filename thing

c:\windows\help\mui\0409\tcpip.chm
Version:
Created: 21/01/2008 08:05:26
Modified: 21/01/2008 08:05:26
Size: 30,980 bytes
Attributes: Archive

c:\windows\system32\drivers\tcpip.sys
Version: 6.0.6001.22167
Created: 08/11/2008 13:47:32
Modified: 26/04/2008 08:08:16
Size: 891,448 bytes
Attributes: Archive

c:\windows\system32\wbem\tcpip.mof
Version:
Created: 02/11/2006 07:46:11
Modified: 18/09/2006 21:36:40
Size: 3,066 bytes
Attributes: Archive

c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
Version: 6.0.6001.18000
Created: 21/01/2008 02:25:03
Modified: 21/01/2008 02:25:03
Size: 891,448 bytes
Attributes: Archive

c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
Version: 6.0.6001.18063
Created: 08/11/2008 13:47:32
Modified: 26/04/2008 08:26:49
Size: 891,448 bytes
Attributes: Archive

c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22121_none_b3930f8f7f9331f9\tcpip.sys
Version: 6.0.6001.22121
Created: 05/12/2008 18:02:45
Modified: 23/02/2008 04:41:37
Size: 890,936 bytes
Attributes: Archive

c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
Version: 6.0.6001.22167
Created: 08/11/2008 13:47:32
Modified: 26/04/2008 08:08:16
Size: 891,448 bytes
Attributes: Archive

c:\windows\winsxs\x86_microsoft-windows-tcpip-mof_31bf3856ad364e35_6.0.6000.16386_none_35a721da88047d1b\tcpip.mof
Version:
Created: 02/11/2006 07:46:11
Modified: 18/09/2006 21:36:40
Size: 3,066 bytes
Attributes: Archive

c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20778_none_5fe546ddab8247e0\tcpip.sys
Version: 6.0.6000.20778
Created: 05/12/2008 18:02:45
Modified: 23/02/2008 02:41:29
Size: 806,400 bytes
Attributes: Archive

c:\windows\winsxs\x86_server-help-chm.tcpip.resources_31bf3856ad364e35_6.0.6000.16386_en-us_2360d422b69f0e36\tcpip.chm
Version:
Created: 02/11/2006 12:41:46
Modified: 02/11/2006 12:41:46
Size: 31,036 bytes
Attributes: Archive

c:\windows\winsxs\x86_server-help-chm.tcpip.resources_31bf3856ad364e35_6.0.6001.18000_en-us_2597961eb38a1f0a\tcpip.chm
Version:
Created: 21/01/2008 08:05:26
Modified: 21/01/2008 08:05:26
Size: 30,980 bytes
Attributes: Archive

#6 samuel3

samuel3
  • Topic Starter

  • Members
  • 2,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 AM

Posted 19 December 2008 - 11:39 AM

And the online kaspersky scanner did not find anything.

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:31 AM

Posted 19 December 2008 - 02:58 PM

Well done.

We need a couple of logs to determine which application has altered an important registry item leading to the problem you describe.
  • Download regsearch.zip by Bobbi Flekman and Save it to your desktop.
    • Extract it to your desktop. It will extract the zip file to a folder named regsearch.
    • Open the folder and double click regsearch.exe to start the program.
    • Type tcpip.sys in the upper window.
    • Click "OK" and Registry Search will search the Registry and report what it finds.
    • Copy and paste the result into your next reply.
    Note: The search takes a while. If you get notifications of access violation click Ok as many times as it needed.

  • We need to see some information about what is happening in your machine. Please perform the following scan:
    • Download DDS by sUBs from one of the following links. Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    • Notepad will open with the results. Save the result to a notepad text file and click yes to the Optional_Scan
    • Save the scan result and copy and paste both logs to your replay. Please don't zip or attach the logs.
    Please note: If the scanner fails to run. Disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

  • Please download gmer.zip and save to your desktop.
    • Extract (unzip) the file to its own folder such as C:\Gmer. (Click here for information on how to do this if not sure.)
    • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
    • Click on this link to see a list of programs that should be disabled.
    • Disconnect from the Internet and close all running programs.
    • Double-click on gmer.exe to start the program.
    • Allow the gmer.sys driver to load if asked.
    • You may be prompted to scan immediately if GMER detects rootkit activity.
    • If you are prompted to scan your system click "Yes" to begin the scan.
    • On the right-side, all items to be scanned should be checked by default.
    • On the right-side select all drives that are connected to your system to be scanned.
    • Click the Scan button to begin. (Please be patient as it can take some time to complete)
    • When the scan is finished, you see the scan button appears again. Click Save to save the scan results to your Desktop.
    • Save the file as gmer.log and copy/paste the contents in your next reply.
    • Exit GMER and re-enable all active protection when done.

Edited by farbar, 19 December 2008 - 04:54 PM.


#8 samuel3

samuel3
  • Topic Starter

  • Members
  • 2,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 AM

Posted 19 December 2008 - 03:44 PM

RegsearchZip Log:

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 19/12/2008 20:42:56 for strings:
; 'tcpip.sys'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6]
; Contents of value:
; t c p i p . s y s
"f!tcpip.sys"=hex:74,00,63,00,70,00,69,00,70,00,2e,00,73,00,79,00,73,00

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1]
; Contents of value:
; t c p i p . s y s
"f!tcpip.sys"=hex:74,00,63,00,70,00,69,00,70,00,2e,00,73,00,79,00,73,00

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22121_none_b3930f8f7f9331f9]
; Contents of value:
; t c p i p . s y s
"f!tcpip.sys"=hex:74,00,63,00,70,00,69,00,70,00,2e,00,73,00,79,00,73,00

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7]
; Contents of value:
; t c p i p . s y s
"f!tcpip.sys"=hex:74,00,63,00,70,00,69,00,70,00,2e,00,73,00,79,00,73,00

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20778_none_5fe546ddab8247e0]
; Contents of value:
; t c p i p . s y s
"f!tcpip.sys"=hex:74,00,63,00,70,00,69,00,70,00,2e,00,73,00,79,00,73,00

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6001.18000_001c50b5\ComponentFamilies\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_none_aaf8a46599b19664\f256!tcpip.sys]

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6001.18000_001c50b5\ComponentFamilies\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_none_aaf8a46599b19664\f256!tcpip.sys\0621b6e36fc4805a4ab9864bedcec2a92c36782a138a649e282813c94e124922]

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6001.18000_001c50b5\ComponentFamilies\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_none_aaf8a46599b19664\f256!tcpip.sys\1f462e882a662b2a133df035c435001b2ef6364f49a9ed6a6d98bd643093b666]

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6001.18000_001c50b5\ComponentFamilies\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_none_aaf8a46599b19664\f256!tcpip.sys\3a8c34da0b8ed1509d9dd0621699ed1d75fe95ae6e8c1d5781921314131e1e63]

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6001.18000_001c50b5\ComponentFamilies\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_none_aaf8a46599b19664\f256!tcpip.sys\4b34b8c40acf2fbb64a59fe72c69430080b376eba7c5019087171f555bb9b03f]

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6001.18000_001c50b5\ComponentFamilies\x86_microsoft-windows-tcpip_31bf3856ad364e35_none_2e491b123fcf6e32\f256!tcpip.sys]

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6001.18000_001c50b5\ComponentFamilies\x86_microsoft-windows-tcpip_31bf3856ad364e35_none_2e491b123fcf6e32\f256!tcpip.sys\745dbce96bed7219728ffd5f509c60796e3d7b57df97332a1e07c2f9c6d08076]

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6001.18000_001c50b5\ComponentFamilies\x86_microsoft-windows-tcpip_31bf3856ad364e35_none_2e491b123fcf6e32\f256!tcpip.sys\d888feeddae3b724efd4251dfd93fcc9b5e024c1528a85bd35e125fee45679bd]

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6001.18000_001c50b5\ComponentFamilies\x86_microsoft-windows-tcpip_31bf3856ad364e35_none_2e491b123fcf6e32\v!6.0.6000.16386\UnstagedFiles]
; Contents of value:
;
"tcpip.sys"=hex:00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6]
; Contents of value:
; t c p i p . s y s
"f!tcpip.sys"=hex:74,00,63,00,70,00,69,00,70,00,2e,00,73,00,79,00,73,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1]
; Contents of value:
; t c p i p . s y s
"f!tcpip.sys"=hex:74,00,63,00,70,00,69,00,70,00,2e,00,73,00,79,00,73,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22121_none_b3930f8f7f9331f9]
; Contents of value:
; t c p i p . s y s
"f!tcpip.sys"=hex:74,00,63,00,70,00,69,00,70,00,2e,00,73,00,79,00,73,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7]
; Contents of value:
; t c p i p . s y s
"f!tcpip.sys"=hex:74,00,63,00,70,00,69,00,70,00,2e,00,73,00,79,00,73,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20778_none_5fe546ddab8247e0]
; Contents of value:
; t c p i p . s y s
"f!tcpip.sys"=hex:74,00,63,00,70,00,69,00,70,00,2e,00,73,00,79,00,73,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6001.18000_001c50b5\ComponentFamilies\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_none_aaf8a46599b19664\f256!tcpip.sys]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6001.18000_001c50b5\ComponentFamilies\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_none_aaf8a46599b19664\f256!tcpip.sys\0621b6e36fc4805a4ab9864bedcec2a92c36782a138a649e282813c94e124922]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6001.18000_001c50b5\ComponentFamilies\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_none_aaf8a46599b19664\f256!tcpip.sys\1f462e882a662b2a133df035c435001b2ef6364f49a9ed6a6d98bd643093b666]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6001.18000_001c50b5\ComponentFamilies\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_none_aaf8a46599b19664\f256!tcpip.sys\3a8c34da0b8ed1509d9dd0621699ed1d75fe95ae6e8c1d5781921314131e1e63]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6001.18000_001c50b5\ComponentFamilies\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_none_aaf8a46599b19664\f256!tcpip.sys\4b34b8c40acf2fbb64a59fe72c69430080b376eba7c5019087171f555bb9b03f]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6001.18000_001c50b5\ComponentFamilies\x86_microsoft-windows-tcpip_31bf3856ad364e35_none_2e491b123fcf6e32\f256!tcpip.sys]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6001.18000_001c50b5\ComponentFamilies\x86_microsoft-windows-tcpip_31bf3856ad364e35_none_2e491b123fcf6e32\f256!tcpip.sys\745dbce96bed7219728ffd5f509c60796e3d7b57df97332a1e07c2f9c6d08076]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6001.18000_001c50b5\ComponentFamilies\x86_microsoft-windows-tcpip_31bf3856ad364e35_none_2e491b123fcf6e32\f256!tcpip.sys\d888feeddae3b724efd4251dfd93fcc9b5e024c1528a85bd35e125fee45679bd]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6001.18000_001c50b5\ComponentFamilies\x86_microsoft-windows-tcpip_31bf3856ad364e35_none_2e491b123fcf6e32\v!6.0.6000.16386\UnstagedFiles]
; Contents of value:
;
"tcpip.sys"=hex:00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip]
; Contents of value:
; System32\drivers\tcpip.sys
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,\
72,00,69,00,76,00,65,00,72,00,73,00,5c,00,74,00,63,00,70,00,69,00,70,00,2e,\
00,73,00,79,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6]
; Contents of value:
; system32\DRIVERS\tcpip.sys
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,74,00,63,00,70,00,69,00,70,00,2e,\
00,73,00,79,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip]
; Contents of value:
; System32\drivers\tcpip.sys
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,\
72,00,69,00,76,00,65,00,72,00,73,00,5c,00,74,00,63,00,70,00,69,00,70,00,2e,\
00,73,00,79,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip6]
; Contents of value:
; system32\DRIVERS\tcpip.sys
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,74,00,63,00,70,00,69,00,70,00,2e,\
00,73,00,79,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip]
; Contents of value:
; System32\drivers\tcpip.sys
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,\
72,00,69,00,76,00,65,00,72,00,73,00,5c,00,74,00,63,00,70,00,69,00,70,00,2e,\
00,73,00,79,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6]
; Contents of value:
; system32\DRIVERS\tcpip.sys
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,74,00,63,00,70,00,69,00,70,00,2e,\
00,73,00,79,00,73,00,00,00

; End Of The Log...

#9 samuel3

samuel3
  • Topic Starter

  • Members
  • 2,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 AM

Posted 19 December 2008 - 03:46 PM

DDS Log:



DDS (Version 1.1.0) - NTFSx86
Run by Sam at 20:44:57.69 on 19/12/2008
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3454.2078 [GMT 0:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Users\Sam\Desktop\regsearch.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Sam\Desktop\dds.com
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.thetechguys.com/welcome
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\sam\appdata\roaming\mozilla\firefox\profiles\ys7q1nht.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-23 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-11-23 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-11-23 231704]
R3 AvgWfpX;AVG Free8 Firewall Driver x86;c:\windows\system32\drivers\avgwfpx.sys [2008-11-23 69128]
R3 RTL85n86;Belkin Wireless G Notebook Card Service v8;c:\windows\system32\drivers\RTL85n86.sys [2008-6-7 354816]

=============== Created Last 30 ================

2008-12-10 22:51 <DIR> --d----- c:\program files\Trend Micro
2008-12-10 21:57 2,048 a------- c:\windows\system32\tzres.dll
2008-12-10 20:31 827,392 a------- c:\windows\system32\wininet.dll
2008-12-10 19:37 28,672 a------- c:\windows\system32\Apphlpdm.dll
2008-12-10 19:37 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2008-12-10 19:07 2,868,736 a------- c:\windows\system32\mf.dll
2008-12-10 19:07 996,352 a------- c:\windows\system32\WMNetMgr.dll
2008-12-10 19:07 94,720 a------- c:\windows\system32\logagent.exe
2008-12-10 19:06 2,927,104 a------- c:\windows\explorer.exe
2008-12-10 19:06 296,960 a------- c:\windows\system32\gdi32.dll
2008-12-05 19:24 249,592 a------- c:\windows\system32\cssdll32.dll
2008-12-05 19:22 <DIR> --d----- c:\program files\COMODO
2008-12-05 18:02 170,496 a------- c:\windows\system32\tcpipcfg.dll
2008-12-05 18:02 22,528 a------- c:\windows\system32\netiougc.exe
2008-11-26 15:43 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2008-11-26 15:42 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2008-11-26 15:42 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2008-11-26 15:42 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2008-11-26 15:42 1,645,568 a------- c:\windows\system32\connect.dll
2008-11-23 18:05 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-11-23 18:05 69,128 a------- c:\windows\system32\drivers\avgwfpx.sys
2008-11-23 18:05 97,928 a------- c:\windows\system32\drivers\avgldx86.sys
2008-11-23 18:05 <DIR> --d----- c:\windows\system32\drivers\Avg
2008-11-21 18:05 <DIR> --d----- c:\users\sam\temp

==================== Find3M ====================

2008-12-19 15:03 31 a------- c:\users\sam\jagex_runescape_preferences.dat
2008-12-05 19:24 86,016 a------- c:\windows\inf\infstrng.dat
2008-12-05 19:24 51,200 a------- c:\windows\inf\infpub.dat
2008-12-05 19:24 86,016 a------- c:\windows\inf\infstor.dat
2008-12-03 19:52 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-03 19:52 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-11-10 05:43 410,984 a------- c:\windows\system32\deploytk.dll
2008-11-08 15:22 665,600 a------- c:\windows\inf\drvindex.dat
2008-11-01 03:44 52,736 a------- c:\windows\apppatch\iebrshim.dll
2008-11-01 03:44 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2008-11-01 03:44 541,696 a------- c:\windows\apppatch\AcLayers.dll
2008-11-01 03:44 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2008-11-01 03:44 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2008-10-16 20:56 1,524,736 a------- c:\windows\system32\wucltux.dll
2008-10-16 20:55 83,456 a------- c:\windows\system32\wudriver.dll
2008-10-16 14:08 162,064 a------- c:\windows\system32\wuwebv.dll
2008-10-16 13:56 31,232 a------- c:\windows\system32\wuapp.exe
2008-01-21 02:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 12:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 12:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-04-21 14:46 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 20:45:25.35 ===============

#10 samuel3

samuel3
  • Topic Starter

  • Members
  • 2,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 AM

Posted 19 December 2008 - 03:57 PM

Nothing from Gmer.zip

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:31 AM

Posted 19 December 2008 - 04:46 PM

You have to extract the zip file.

Then right-click gmer.exe and select "Run as Administrator" and follow the rest of the instruction.

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:31 AM

Posted 19 December 2008 - 04:56 PM

In addition to the last post please follow the instruction to produce and post the second DDS log.

#13 samuel3

samuel3
  • Topic Starter

  • Members
  • 2,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 AM

Posted 19 December 2008 - 08:27 PM

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-20 01:39:18
Windows 6.0.6001 Service Pack 1


---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4288] kernel32.dll!SetUnhandledExceptionFilter 77156E2D 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Windows Live Messenger/Microsoft Corporation)

---- EOF - GMER 1.0.14 ----

Edited by samuel3, 19 December 2008 - 08:39 PM.


#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:31 AM

Posted 20 December 2008 - 03:29 AM

DDS makes two logs as instructed. You have posted the first. Could you make and post also the second log?

#15 samuel3

samuel3
  • Topic Starter

  • Members
  • 2,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 AM

Posted 20 December 2008 - 05:59 AM

I cannot use the program no more while it scanning it will say the program is not responding i click ok and it crashes my computer makes everything flash and go fuzzy on my monitar and goes to a blue screen with a error code etc.. then it will restart.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users