Help getting Started

[colmec]

Need help getting started after downloading and running erunt (ran correctly) proceeded to download HiJackThis which doesn't copy the scan to notepad. Prompting "For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this. If that happens, you need to edit the file yourself. To do this, click Start, Run, and Type: notepadC:\Windows \System32\drivers\etc\hosts and press Enter. Find the line(s) HijackThis reports and delete them. Save the file as 'hosts'(with quotes), and reboot.
For Vista: simply exit HijackThis, right click on the HijackThis ion, choose 'Run as adminstrator'
This option is not there on a right click. HijackThis ran the scan but couldnt/wouldnt sent it to notepad which came up. please advice on getting me started so i can send the logs on notepad. need to know if i have malware running on my computer... thankyou. Col

[Blade81]

Hi Col,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt
• Save both reports to your desktop. Post them back to your topic.

-

Download GMER here by clicking download exe -button and then saving it your desktop:

• Double-click .exe that you downloaded
• Click rootkit-tab and then scan.
• Don't check
  Show All
  box while scanning in progress!
• When scanning is ready, click Copy.
• This copies log to clipboard
• Post log in your reply.

[colmec]

Appreciate your time, Im looking to see if the computer had anything put on it prior to myself personally acquiring/receiving it from a now questionable source. MALWARE etc. Thanks in advance.



DDS (Ver_09-12-01.01) - NTFSx86
Run by Colleen at 18:15:57.69 on 13/01/2010
Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1789.919 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\WS_FTP Pro\ftpsched.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\WS_FTP Pro\ftpqueue.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Colleen\Downloads\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [Google Update] "c:\users\colleen\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [ftpqueue] c:\program files\ws_ftp pro\ftpqueue.exe -tray
mRun: [Corel File Shell Monitor] c:\program files\corel\corel paint shop pro photo x2\CorelIOMonitor.exe
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
StartupFolder: c:\users\colleen\appdata\roaming\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\logitech webcam software\eReg.exe
StartupFolder: c:\users\colleen\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\corelf~1.lnk - c:\program files\corel\print house magic deluxe\cffrem.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\colleen\appdata\roaming\mozilla\firefox\profiles\iqtxxjar.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&scc=1&ltmpl=default&ltmplcache=2&hl=enhttp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\users\colleen\appdata\roaming\mozilla\firefox\profiles\iqtxxjar.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\users\colleen\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\colleen\appdata\local\yahoo!\browserplus\2.4.21\plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\users\colleen\appdata\roaming\mozilla\firefox\profiles\iqtxxjar.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\users\colleen\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-9-11 108792]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2009-10-17 25896]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-9-11 735960]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-9-11 95896]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-4-25 7168]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [2009-10-17 344064]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

=============== Created Last 30 ================

2010-01-13 20:07:05 82 ----a-w- c:\windows\MPLAYER.INI
2010-01-13 20:06:35 0 d-----w- c:\program files\Family Tree Maker 2005
2010-01-11 01:55:35 0 d-----w- c:\program files\Paint.NET
2010-01-06 15:59:55 34068 ----a-w- c:\windows\system32\Repository.reg
2010-01-06 15:59:49 6756632 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2010-01-06 15:59:49 539160 ----a-w- c:\windows\system32\LVUI2RC.dll
2010-01-06 15:59:48 539160 ----a-w- c:\windows\system32\LVUI2.dll
2010-01-06 15:59:46 266008 ----a-w- c:\windows\system32\drivers\lvrs.sys
2010-01-06 15:59:43 416280 ----a-w- c:\windows\system32\lvcodec2.dll
2010-01-06 15:59:43 199192 ----a-w- c:\windows\system32\lvci12101110.dll
2010-01-05 16:34:50 0 d-----w- c:\users\colleen\appdata\roaming\OpenOffice.org
2010-01-05 16:31:34 0 d-----w- c:\program files\JRE
2010-01-05 16:31:17 0 d-----w- c:\program files\OpenOffice.org 3
2010-01-05 02:36:10 266828 ----a-w- c:\windows\system32\drivers\LVAFT.cfg
2010-01-05 02:36:09 82289 ----a-w- c:\windows\system32\lvcoinst.ini
2010-01-05 02:36:09 199192 ----a-w- c:\windows\system32\lvci1201278.dll
2010-01-02 04:44:44 0 d-----w- c:\windows\MSSecurityNS
2010-01-02 04:44:44 0 d-----w- c:\windows\MSSecurityNi
2010-01-01 00:34:23 0 d-----w- c:\programdata\WindowsSearch
2009-12-30 11:02:23 0 d-----w- c:\program files\Windows Portable Devices
2009-12-30 11:02:07 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-12-30 10:59:37 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-12-30 10:59:36 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-12-30 10:59:36 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-12-30 10:57:59 5105 ----a-w- c:\windows\system32\wbem\portabledeviceapi.mof
2009-12-30 10:56:38 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-12-30 10:56:38 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-12-30 10:56:38 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-12-30 03:13:20 13030 ----a-w- C:\PDOXUSRS.NET
2009-12-30 02:51:17 133904 ------w- c:\windows\system32\mfcans32.dll
2009-12-30 02:51:17 108032 ------w- c:\windows\system32\mfcuia32.dll
2009-12-30 02:50:32 0 d-----w- c:\windows\COREL
2009-12-29 08:23:40 0 d-----w- c:\windows\system32\eu-ES
2009-12-29 08:23:40 0 d-----w- c:\windows\system32\ca-ES
2009-12-29 08:23:19 0 d-----w- c:\windows\system32\vi-VN
2009-12-21 12:39:01 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-20 06:00:03 0 d-----w- c:\programdata\WinZip
2009-12-19 19:44:29 147368 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-19 18:17:10 0 d-----w- c:\users\colleen\appdata\roaming\Jasc
2009-12-19 03:00:26 0 d-----w- c:\users\colleen\appdata\roaming\Millennia
2009-12-19 01:44:23 0 d-----w- c:\program files\Jasc Software Inc
2009-12-19 01:15:36 0 d-----w- c:\users\colleen\appdata\roaming\FTW

==================== Find3M ====================

2010-01-13 16:25:35 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-01-06 16:04:27 51200 ----a-w- c:\windows\inf\infpub.dat
2010-01-06 16:04:27 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-01-06 16:04:23 86016 ----a-w- c:\windows\inf\infstor.dat
2010-01-06 02:08:43 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2010-01-05 23:35:29 130824 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-12-30 11:02:17 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-29 07:51:18 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-09 12:31:42 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30:03 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-03 01:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:17:42 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-19 23:52:00 8 --sh--r- c:\programdata\7338EF46A6.sys
2009-10-17 13:15:03 319456 ----a-w- c:\windows\DIFxAPI.dll
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 18:17:54.09 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 17/10/2009 11:59:43 PM
System Uptime: 01/12/2010 4:49:22 PM (-7726 hours ago)

Motherboard: TOSHIBA | | Portable PC
Processor: AMD Athlon(tm) X2 Dual-Core QL-65 | Socket M2/S1G1 | 1050/2000mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 216 GiB total, 127.437 GiB free.
D: is FIXED (NTFS) - 8 GiB total, 6.837 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP218: 30/12/2009 5:54:10 AM - Windows Update
RP220: 31/12/2009 4:14:51 AM - Removed V-Gear LiveShow 2.1.0.0
RP221: 01/01/2010 1:16:39 AM - Windows Update
RP222: 01/01/2010 9:25:06 PM - Scheduled Checkpoint
RP223: 02/01/2010 9:39:56 AM - Scheduled Checkpoint
RP224: 03/01/2010 5:04:13 PM - Installed HiJackThis
RP225: 04/01/2010 5:48:56 AM - Scheduled Checkpoint
RP226: 04/01/2010 12:46:32 PM - Logitech Webcam Software v12.0.1278
RP227: 04/01/2010 4:06:08 PM - Logitech Webcam Software v12.0.1278
RP228: 04/01/2010 5:20:05 PM - Restore Operation
RP229: 04/01/2010 5:34:23 PM - Windows Update
RP230: 04/01/2010 5:40:35 PM - Removed Logitech Vid.
RP231: 04/01/2010 5:41:49 PM - Removed Logitech Webcam Software.
RP232: 04/01/2010 5:47:03 PM - Logitech Webcam Software v12.0.1278
RP233: 04/01/2010 9:21:51 PM - Logitech Webcam Software v12.0.1278
RP234: 05/01/2010 11:26:43 AM - Installed Java(TM) 6 Update 16
RP235: 05/01/2010 11:30:01 AM - Installed OpenOffice.org 3.1
RP236: 06/01/2010 10:58:43 AM - Logitech Webcam Software v12.10.1110
RP237: 07/01/2010 6:35:57 AM - Scheduled Checkpoint
RP238: 07/01/2010 10:19:32 AM - Windows Update
RP239: 08/01/2010 6:21:04 PM - Scheduled Checkpoint
RP240: 10/01/2010 2:59:11 AM - Scheduled Checkpoint
RP242: 10/01/2010 8:54:49 PM - Paint.NET v3.5.2
RP243: 11/01/2010 9:51:35 AM - Windows Update
RP244: 12/01/2010 3:28:51 AM - Scheduled Checkpoint
RP245: 13/01/2010 4:29:31 AM - Scheduled Checkpoint
RP247: 13/01/2010 3:06:03 PM - Installed Family Tree Maker 2005

==== Installed Programs ======================

Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
ATI Catalyst Install Manager
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner (remove only)
CD/DVD Drive Acoustic Silencer
Color Efex Pro 3.0 Corel Sampler
Compatibility Pack for the 2007 Office system
Corel Applications
Corel Paint Shop Pro Photo X2
Corel Painter Photo Essentials 4
DVD MovieFactory for TOSHIBA
ESET NOD32 Antivirus
Family Tree Maker 2005
Google Desktop
Google Earth
Google Talk (remove only)
Google Talk Plugin
Google Toolbar for Internet Explorer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImageSkill Background Remover 3
Ipswitch WS_FTP Pro Uninstall
Java(TM) 6 Update 16
Java(TM) 6 Update 17
Java(TM) 6 Update 3
Legacy 7.0
Legacy Charting 7.0
Logitech Vid
Logitech Webcam Software
Logitech Webcam Software Driver Package
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft XML Parser
Mozilla Firefox (3.5.7)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OnlinePlay 1.0
OpenOffice.org 3.1
Paint Shop Pro 7
Paint.NET v3.5.2
Picasa 3
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WiFi Protected Setup Library
Realtek WLAN driver
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Windows Media Encoder (KB954156)
Skins
Skype web features
Skype™ 4.1
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
TOSHIBA Recovery Disc Creator
Toshiba Registration
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
WildTangent Games
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Encoder 9 Series
WinZip 14.0
Yahoo! BrowserPlus
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

12/01/2010 4:49:37 PM, Error: EventLog [6008] - The previous system shutdown at 1:38:41 PM on 12/01/2010 was unexpected.
11/01/2010 11:49:27 AM, Error: EventLog [6008] - The previous system shutdown at 11:47:42 AM on 11/01/2010 was unexpected.

==== End Of File ===========================



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-13 19:22:45
Windows 6.0.6002 Service Pack 2
Running: g101l37l.exe; Driver: C:\Users\Colleen\AppData\Local\Temp\pxrdqpoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x87356480, 0x3C939, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x87397900, 0x3CA, 0x48000040]
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8B60E000, 0x231202, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[460] kernel32.dll!SetUnhandledExceptionFilter 77B6A84F 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3668] kernel32.dll!ExitProcess 77B841D8 5 Bytes JMP 05051F3E C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3668] USER32.dll!MessageBoxA 76DED681 5 Bytes JMP 05051EE8 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3668] USER32.dll!MessageBoxW 76DED6CF 5 Bytes JMP 05051F13 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[2292] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01822F20] C:\Windows\TEMP\logishrd\LVPrcInj02.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[2292] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01822CF0] C:\Windows\TEMP\logishrd\LVPrcInj02.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[2292] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01822C90] C:\Windows\TEMP\logishrd\LVPrcInj02.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[2292] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01822CC0] C:\Windows\TEMP\logishrd\LVPrcInj02.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[4908] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [06642F20] C:\Windows\TEMP\logishrd\LVPrcInj02.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[4908] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [06642CF0] C:\Windows\TEMP\logishrd\LVPrcInj02.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[4908] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [06642C90] C:\Windows\TEMP\logishrd\LVPrcInj02.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[4908] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [06642CC0] C:\Windows\TEMP\logishrd\LVPrcInj02.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:436] 860F0930

---- EOF - GMER 1.0.15 ----

[Blade81]

Hi,

Looks otherwise good but some updating is needed.

Uninstall old Adobe Reader versions and get the latest one (9.3) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.


Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here.


Uninstall these old Javas:
Java(TM) 6 Update 16
Java(TM) 6 Update 3

[Blade81]

Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.