Infected with Antivirus Soft

View previous topic View next topic Go down

Infected with Antivirus Soft

Post by bobo337 on 31st January 2010, 8:36 pm

Hi last night my computer got infected with the antivirus soft virus and I tried to run avast and it would run but not do anything to clean the infection, I tried to run malwarebytes but it wouldn't let it run, and i tried to run hijackthis but it would not let it run fully I could get it running but then the virus would close it before it could finish. Please help I'm a big gamer and my computer means a lot, thanks for any help.

bobo337
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-01-30
OS OS : Windows XP
Points Points : 25396
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected with Antivirus Soft

Post by Belahzur on 1st February 2010, 1:17 am

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Infected with Antivirus Soft

Post by bobo337 on 1st February 2010, 2:02 am

When I try it says "Application cannot be executed. The file (file name) is infected. Do you want to activate your antivirus software now?", just like the other anti-virus programs.

bobo337
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-01-30
OS OS : Windows XP
Points Points : 25396
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected with Antivirus Soft

Post by Metalmusk on 1st February 2010, 2:23 am

Rename OTL.exe as iexplore.exe & run it.

Metalmusk
Novice
Novice

Posts Posts : 43
Joined Joined : 2009-06-21
OS OS : XP
Points Points : 27920
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected with Antivirus Soft

Post by bobo337 on 1st February 2010, 3:53 am

Okay it worked


OTL logfile created on: 1/31/2010 9:50:23 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.23 Gb Total Space | 15.38 Gb Free Space | 22.21% Space Free | Partition Type: NTFS
Drive D: | 659.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOEY-6F5C874A00
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/31 20:01:37 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\iexplore.exe
PRC - [2010/01/21 14:45:00 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2010/01/05 20:00:27 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/24 17:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 17:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 17:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 17:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 17:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/11/20 20:32:14 | 000,154,216 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2009/08/19 10:23:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 10:23:22 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/11/07 15:40:52 | 017,421,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2008/05/26 21:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/15 14:59:14 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\Lachesis\razertra.exe
PRC - [2007/09/12 10:52:18 | 000,172,032 | ---- | M] () -- C:\Program Files\Razer\Lachesis\razerhid.exe
PRC - [2007/08/16 16:05:16 | 000,274,432 | ---- | M] (razercfg MFC Application) -- C:\Program Files\Razer\Lachesis\OSD.exe
PRC - [2007/06/05 09:37:12 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Lachesis\razerofa.exe
PRC - [2006/11/27 15:44:48 | 000,135,221 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2006/11/27 15:44:26 | 000,065,593 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2006/04/13 14:14:26 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe


========== Modules (SafeList) ==========

MOD - [2010/01/31 20:01:37 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\iexplore.exe
MOD - [2009/11/21 09:51:04 | 000,471,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\aclayers.dll
MOD - [2008/04/14 06:00:00 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shimeng.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/21 14:45:00 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/11/24 17:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 17:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 17:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 17:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/11/20 20:32:14 | 000,154,216 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (nvsvc)
SRV - [2006/11/27 15:44:48 | 000,135,221 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2006/11/27 15:44:26 | 000,065,593 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2006/04/13 14:14:26 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)


========== Driver Services (SafeList) ==========

DRV - [2009/11/24 17:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 17:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 17:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 17:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 17:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 17:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/11/20 20:34:54 | 010,235,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/08/03 07:56:07 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2009/05/13 15:56:18 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/11/11 16:21:52 | 004,946,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/01 17:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 17:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/04/14 06:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 06:00:00 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/14 06:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2008/04/13 23:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/08/08 10:04:16 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Lachesis.sys -- (LachesisFltr)
DRV - [2007/04/16 20:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2004/02/25 22:27:04 | 000,038,904 | ---- | M] (Razer Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\razerusb.sys -- (razerusb)
DRV - [2001/08/17 11:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========



FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/05 20:00:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/21 14:45:08 | 000,000,000 | ---D | M]

[2009/08/05 09:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/01/22 17:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f094zcze.default\extensions
[2010/01/28 18:35:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2008/04/14 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [razertra] C:\Program Files\Razer\razertra.exe (Razer Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [ugvchtxa] C:\Documents and Settings\Owner\Local Settings\Application Data\fmctco\rllmsysguard.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 69.1.30.43 69.1.30.42
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/31 16:06:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/02/05 11:15:22 | 000,000,022 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/29 19:28:08 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/29 18:24:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/01/29 18:24:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/29 18:24:42 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/29 18:24:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/29 18:24:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/29 17:37:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\fmctco
[2010/01/29 17:37:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/01/21 22:19:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/01/21 22:18:22 | 000,069,632 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2010/01/21 22:18:20 | 011,374,592 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2010/01/21 14:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2010/01/21 14:45:42 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010/01/21 14:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010/01/21 14:45:08 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/01/21 14:45:08 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/01/21 14:45:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/01/21 14:45:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/01/21 14:45:08 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/01/21 14:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/01/21 14:44:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Sun
[2010/01/21 14:44:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\OpenOffice.org 3.1 (en-US) Installation Files
[2010/01/19 14:16:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\acccore
[2010/01/19 14:16:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\AOL
[2010/01/19 14:16:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\AIM
[2010/01/19 14:16:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/01/19 14:16:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/01/19 14:16:39 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
[2010/01/19 14:16:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2010/01/16 17:10:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\DivX
[2009/09/04 13:39:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/08/27 09:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/08/23 15:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/07/31 16:08:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/07/31 16:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/31 21:49:55 | 000,272,291 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/01/31 21:48:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/31 21:48:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/31 20:04:34 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/01/31 19:58:47 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/29 19:32:01 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2010/01/29 18:24:45 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/29 18:01:01 | 000,016,504 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/29 10:35:02 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/01/29 02:18:11 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/01/28 10:09:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/23 19:30:16 | 000,000,810 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CoreTemp.ini
[2010/01/23 17:25:16 | 003,466,752 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Combat_1.4.4.xls
[2010/01/23 11:50:50 | 000,000,011 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Plugins.ini
[2010/01/23 01:27:26 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/22 09:49:08 | 000,110,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/21 22:14:44 | 001,735,680 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Mutilate_1.3.2.xls
[2010/01/21 14:47:40 | 000,000,864 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
[2010/01/21 14:46:23 | 000,000,905 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.1.lnk
[2010/01/21 14:44:59 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/01/21 14:44:59 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/01/21 14:44:59 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/01/21 14:44:59 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/01/21 14:44:58 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/01/21 01:43:22 | 004,812,614 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/01/19 14:16:50 | 000,000,460 | -H-- | M] () -- C:\IPH.PH
[2010/01/19 14:16:43 | 000,001,574 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/01/13 03:01:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/29 19:28:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2010/01/29 18:24:45 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/23 13:33:58 | 003,466,752 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Combat_1.4.4.xls
[2010/01/23 11:50:50 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Plugins.ini
[2010/01/23 11:50:49 | 000,000,810 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CoreTemp.ini
[2010/01/23 03:46:15 | 000,378,384 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Core Temp.exe
[2010/01/21 22:18:22 | 000,008,743 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2010/01/21 14:49:10 | 001,735,680 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Mutilate_1.3.2.xls
[2010/01/21 14:47:40 | 000,000,864 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
[2010/01/21 14:46:23 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.1.lnk
[2010/01/19 14:16:43 | 000,001,574 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/01/19 14:16:27 | 000,000,460 | -H-- | C] () -- C:\IPH.PH
[2009/08/23 19:42:15 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/05 17:50:11 | 000,206,557 | ---- | C] () -- C:\Program Files\g13.jpg
[2009/08/05 17:30:52 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/04/14 06:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2008/04/14 06:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2008/04/14 06:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2008/04/14 06:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2008/04/14 06:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
< End of report >



-------------





OTL Extras logfile created on: 1/31/2010 9:50:23 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.23 Gb Total Space | 15.38 Gb Free Space | 22.21% Space Free | Partition Type: NTFS
Drive D: | 659.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOEY-6F5C874A00
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Steam\steamapps\rivertam337\counter-strike source\hl2.exe" = C:\Program Files\Steam\steamapps\rivertam337\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\RayV\RayV\RayV.exe" = C:\Program Files\RayV\RayV\RayV.exe:*:Enabled:RayV -- File not found
"C:\Program Files\RayV\RayV\RayV.dll" = C:\Program Files\RayV\RayV\RayV.dll:*:Enabled:RayV -- File not found
"C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe" = C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2 -- (Sony Creative Software Inc.)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\Steam\steamapps\rivertam337\counter-strike\hl.exe" = C:\Program Files\Steam\steamapps\rivertam337\counter-strike\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL LLC)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{85C6CE1E-2A22-4C5A-A8A1-9DBFBEA81DE1}" = Razer
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{9EB1504E-FD95-4BCD-8E93-B4039F59C469}" = Sony Ericsson Media Manager 1.2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}" = Razer Lachesis
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"0D91165CEEB2095316E8A04A59CDF0AE4B957C61" = Windows Driver Package - MOTOROLA (uisp) USB (09/08/2006 1.2.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"avast!" = avast! Antivirus
"D44822B3621EFD220D3A7DDA72DE5A4B6476748F" = Windows Driver Package - Razer (HidUsb) HIDClass (05/10/2007 1.00)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Fraps" = Fraps (remove only)
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Station Launcher" = Station Launcher
"Steam App 10" = Counter-Strike
"Steam App 240" = Counter-Strike: Source
"VLC media player" = VLC media player 1.0.2
"Warcraft III" = Warcraft III
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/9/2009 11:53:36 AM | Computer Name = JOEY-6F5C874A00 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
[You must be registered and logged in to see this link.]
failed, 0000A413.

[ Application Events ]
Error - 1/15/2010 2:06:11 AM | Computer Name = JOEY-6F5C874A00 | Source = Application Error | ID = 1000
Description = Faulting application hl2.exe, version 0.0.0.0, faulting module datacache.dll,
version 0.0.0.0, fault address 0x0000b423.

[ System Events ]
Error - 1/10/2010 4:36:44 PM | Computer Name = JOEY-6F5C874A00 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.100 for the Network Card with network
address 00E04D27CF87 has been denied by the DHCP server 192.168.2.2 (The DHCP Server
sent a DHCPNACK message).

Error - 1/10/2010 4:41:29 PM | Computer Name = JOEY-6F5C874A00 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.100 for the Network Card with network
address 00E04D27CF87 has been denied by the DHCP server 192.168.2.2 (The DHCP Server
sent a DHCPNACK message).

Error - 1/10/2010 5:56:36 PM | Computer Name = JOEY-6F5C874A00 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.100 for the Network Card with network
address 00E04D27CF87 has been denied by the DHCP server 192.168.2.2 (The DHCP Server
sent a DHCPNACK message).

Error - 1/21/2010 7:05:41 PM | Computer Name = JOEY-6F5C874A00 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.100 for the Network Card with network
address 00E04D27CF87 has been denied by the DHCP server 192.168.2.2 (The DHCP Server
sent a DHCPNACK message).

Error - 1/21/2010 7:27:40 PM | Computer Name = JOEY-6F5C874A00 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.100 for the Network Card with network
address 00E04D27CF87 has been denied by the DHCP server 192.168.2.2 (The DHCP Server
sent a DHCPNACK message).

Error - 1/26/2010 1:02:21 AM | Computer Name = JOEY-6F5C874A00 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.100 for the Network Card with network
address 00E04D27CF87 has been denied by the DHCP server 192.168.2.2 (The DHCP Server
sent a DHCPNACK message).

Error - 1/26/2010 1:10:36 AM | Computer Name = JOEY-6F5C874A00 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.100 for the Network Card with network
address 00E04D27CF87 has been denied by the DHCP server 192.168.2.2 (The DHCP Server
sent a DHCPNACK message).

Error - 1/26/2010 1:35:12 AM | Computer Name = JOEY-6F5C874A00 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.100 for the Network Card with network
address 00E04D27CF87 has been denied by the DHCP server 192.168.2.2 (The DHCP Server
sent a DHCPNACK message).

Error - 1/26/2010 2:06:01 AM | Computer Name = JOEY-6F5C874A00 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.100 for the Network Card with network
address 00E04D27CF87 has been denied by the DHCP server 192.168.2.2 (The DHCP Server
sent a DHCPNACK message).

Error - 1/26/2010 2:06:50 AM | Computer Name = JOEY-6F5C874A00 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.100 for the Network Card with network
address 00E04D27CF87 has been denied by the DHCP server 192.168.2.2 (The DHCP Server
sent a DHCPNACK message).


< End of report >

bobo337
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-01-30
OS OS : Windows XP
Points Points : 25396
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected with Antivirus Soft

Post by bobo337 on 1st February 2010, 7:08 pm

The virus seems to be just gone, it doesn't stop me from opening hijackthis.exe or Malewarebytes' Anti-Malware.exe like it used to and it doesn't close the add or remove programs application in the control panel. Could the virus just be gone or does the OldTimer clean viruses too?

EDIT: While I was posting this the Malewarebytes' Anti-Maleware was finishing, and it found a registry error so I told it to fix selected.

bobo337
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-01-30
OS OS : Windows XP
Points Points : 25396
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected with Antivirus Soft

Post by Belahzur on 1st February 2010, 7:44 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    PRC - [2007/10/15 14:59:14 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\Lachesis\razertra.exe
    PRC - [2007/09/12 10:52:18 | 000,172,032 | ---- | M] () -- C:\Program Files\Razer\Lachesis\razerhid.exe
    O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe ()
    O4 - HKLM..\Run: [razertra] C:\Program Files\Razer\razertra.exe (Razer Inc.)
    O4 - HKCU..\Run: [ugvchtxa] C:\Documents and Settings\Owner\Local Settings\Application Data\fmctco\rllmsysguard.exe File not found
    O32 - AutoRun File - [2003/02/05 11:15:22 | 000,000,022 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
    [2010/01/29 17:37:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\fmctco

    :files
    C:\Program Files\Razer\razertra.exe
    C:\Program Files\Razer\Lachesis\razerhid.exe


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Last edited by Belahzur on 2nd February 2010, 8:21 pm; edited 1 time in total


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Infected with Antivirus Soft

Post by bobo337 on 1st February 2010, 8:28 pm

The first time I tried, I copied from :OTL through razerhid.exe and OTL stopped responding then about a minute later a blue screen popped up and said "A problem has been detected and windows has been shut down to prevent damage to your computer" and when I copied from PRC through razerhid.exe it worked and the log is
Code:
Error: Unable to interpret <PRC - [2007/10/15 14:59:14 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\Lachesis\razertra.exe> in the current context!
Error: Unable to interpret <PRC - [2007/09/12 10:52:18 | 000,172,032 | ---- | M] () -- C:\Program Files\Razer\Lachesis\razerhid.exe> in the current context!
Error: Unable to interpret <IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" => in the current context!
Error: Unable to interpret <IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [razertra] C:\Program Files\Razer\razertra.exe (Razer Inc.)> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [ugvchtxa] C:\Documents and Settings\Owner\Local Settings\Application Data\fmctco\rllmsysguard.exe File not found> in the current context!
Error: Unable to interpret <O32 - AutoRun File - [2003/02/05 11:15:22 | 000,000,022 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]> in the current context!
Error: Unable to interpret <[2010/01/29 17:37:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\fmctco> in the current context!
========== FILES ==========
C:\Program Files\Razer\razertra.exe moved successfully.
C:\Program Files\Razer\Lachesis\razerhid.exe moved successfully.
 
OTL by OldTimer - Version 3.1.27.1 log created on 02012010_142541

bobo337
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-01-30
OS OS : Windows XP
Points Points : 25396
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected with Antivirus Soft

Post by Belahzur on 1st February 2010, 8:34 pm

Hello.
When it ran that time, did you miss :OTL as the top line?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Infected with Antivirus Soft

Post by bobo337 on 1st February 2010, 8:39 pm

[You must be registered and logged in to see this link.] wrote:Hello.
When it ran that time, did you miss :OTL as the top line?
Yes, when I tried it as the top line it stopped responding and I assume that if i let it stay not responding it would go into the blue screen again.

EDIT: I tried again to make it work, OTL stopped responding again so i exited it and after a few minutes I got another blue screen saying what it did before same "Technical Information" and everything. OTL seems to stop right around the proxyoverride or proxysever.

bobo337
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-01-30
OS OS : Windows XP
Points Points : 25396
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected with Antivirus Soft

Post by Belahzur on 2nd February 2010, 8:21 pm

Okay, I have edited my post that contains my script and removed the proxy part, we'll deal with that later.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Infected with Antivirus Soft

Post by bobo337 on 2nd February 2010, 10:34 pm

Okay it worked, and the log is:
Code:
========== OTL ==========
No active process named razertra.exe was found!
No active process named razerhid.exe was found!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Alcmtr deleted successfully.
C:\WINDOWS\ALCMTR.EXE moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Lachesis deleted successfully.
File C:\Program Files\Razer\Lachesis\razerhid.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\razertra deleted successfully.
File C:\Program Files\Razer\razertra.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ugvchtxa not found.
File D:\AUTORUN.INF not found.
C:\Documents and Settings\Owner\Local Settings\Application Data\fmctco folder moved successfully.
========== FILES ==========
File\Folder C:\Program Files\Razer\razertra.exe not found.
File\Folder C:\Program Files\Razer\Lachesis\razerhid.exe not found.
 
OTL by OldTimer - Version 3.1.27.1 log created on 02022010_163350

bobo337
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-01-30
OS OS : Windows XP
Points Points : 25396
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected with Antivirus Soft

Post by bobo337 on 4th February 2010, 10:34 pm

Bump

bobo337
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-01-30
OS OS : Windows XP
Points Points : 25396
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected with Antivirus Soft

Post by Belahzur on 4th February 2010, 11:38 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Infected with Antivirus Soft

Post by bobo337 on 5th February 2010, 12:22 am

The first time I loaded it I went afk after combofix started the scan and came back to a blue screen with "DRIVER_IRQL_NOT_LESS_OR_EQUAL" (and I did not click any during the scan) but when I restarted and ran it again it worked and the log is
Code:
ComboFix 10-02-04.03 - Owner 02/04/2010  18:17:31.2.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2046.1543 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
AV: avast! antivirus 4.8.1368 [VPS 100204-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\driver

.
(((((((((((((((((((((((((  Files Created from 2010-01-05 to 2010-02-05  )))))))))))))))))))))))))))))))
.

2010-02-01 20:13 . 2010-02-01 20:13   --------   d-----w-   C:\_OTL
2010-01-30 01:28 . 2010-01-30 01:28   --------   d-----w-   c:\program files\Trend Micro
2010-01-30 00:24 . 2010-01-30 00:24   --------   d-----w-   c:\documents and settings\Owner\Application Data\Malwarebytes
2010-01-30 00:24 . 2010-01-07 22:07   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-30 00:24 . 2010-01-30 00:24   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-01-30 00:24 . 2010-01-30 00:24   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-30 00:24 . 2010-01-07 22:07   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-01-29 23:37 . 2010-01-29 23:37   --------   d-----w-   c:\windows\Sun
2010-01-22 04:18 . 2009-11-21 02:34   69632   ----a-w-   c:\windows\system32\OpenCL.dll
2010-01-22 04:18 . 2009-11-21 02:34   11374592   ----a-w-   c:\windows\system32\nvcompiler.dll
2010-01-21 20:47 . 2010-02-04 00:52   1   ----a-w-   c:\documents and settings\Owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-21 20:47 . 2010-01-21 20:47   --------   d-----w-   c:\documents and settings\Owner\Application Data\OpenOffice.org
2010-01-21 20:45 . 2010-01-21 20:45   --------   d-----w-   c:\program files\JRE
2010-01-21 20:45 . 2010-01-21 20:45   --------   d-----w-   c:\program files\OpenOffice.org 3
2010-01-21 20:45 . 2010-01-21 20:44   411368   ----a-w-   c:\windows\system32\deploytk.dll
2010-01-21 20:44 . 2010-01-21 20:44   --------   d-----w-   c:\program files\Java
2010-01-19 20:16 . 2010-01-19 20:16   --------   d-----w-   c:\documents and settings\Owner\Application Data\acccore
2010-01-19 20:16 . 2010-01-19 20:18   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\AIM
2010-01-19 20:16 . 2010-01-19 20:16   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\AOL
2010-01-19 20:16 . 2010-01-19 20:16   --------   d-----w-   c:\documents and settings\All Users\Application Data\AIM
2010-01-19 20:16 . 2010-01-19 20:16   --------   d-----w-   c:\program files\AIM
2010-01-19 20:16 . 2010-01-19 20:16   --------   d-----w-   c:\program files\Common Files\Software Update Utility
2010-01-19 20:16 . 2010-01-19 20:16   --------   d-----w-   c:\program files\Common Files\AOL
2010-01-16 23:10 . 2010-01-16 23:10   --------   d-----w-   c:\documents and settings\Owner\Application Data\DivX

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-03 23:45 . 2009-09-28 21:12   --------   d-----w-   c:\program files\World of Warcraft
2010-02-01 20:25 . 2009-08-05 23:20   --------   d-----w-   c:\program files\Razer
2010-01-30 00:01 . 2009-08-23 22:07   16504   ----a-w-   c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-28 23:37 . 2009-08-05 18:40   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2010-01-23 07:26 . 2009-10-13 14:55   --------   d-----w-   c:\documents and settings\Owner\Application Data\vlc
2010-01-22 04:19 . 2009-08-03 14:00   --------   d-----w-   c:\program files\NVIDIA Corporation
2010-01-22 04:19 . 2009-08-03 14:31   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2010-01-22 04:19 . 2009-08-03 14:31   --------   d-----w-   c:\program files\AGEIA Technologies
2010-01-16 01:13 . 2009-08-04 18:30   --------   d-----w-   c:\program files\WoW
2010-01-15 05:40 . 2009-08-05 17:57   --------   d-----w-   c:\program files\Steam
2009-12-21 19:14 . 2008-04-14 12:00   916480   ----a-w-   c:\windows\system32\wininet.dll
2009-12-17 00:27 . 2009-12-17 00:12   --------   d-----w-   c:\documents and settings\Owner\Application Data\GetRightToGo
2009-11-24 23:54 . 2009-12-22 16:31   1280480   ----a-w-   c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-12-22 16:32   93424   ----a-w-   c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-12-22 16:32   94160   ----a-w-   c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-12-22 16:32   114768   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-12-22 16:32   20560   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-12-22 16:32   48560   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-12-22 16:32   23120   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-12-22 16:32   27408   ----a-w-   c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-12-22 16:32   97480   ----a-w-   c:\windows\system32\AvastSS.scr
2009-11-21 15:51 . 2008-04-14 12:00   471552   ----a-w-   c:\windows\AppPatch\aclayers.dll
2009-11-21 02:34 . 2009-08-03 14:30   592488   ----a-w-   c:\windows\system32\nvudisp.exe
2009-11-21 02:34 . 2009-08-03 14:30   2259560   ----a-w-   c:\windows\system32\nvcuvid.dll
2009-11-21 02:34 . 2009-08-03 14:30   1989224   ----a-w-   c:\windows\system32\nvcuvenc.dll
2009-11-21 02:34 . 2009-08-03 14:30   13602816   ----a-w-   c:\windows\system32\nvoglnt.dll
2009-11-21 02:34 . 2009-08-03 14:30   10235968   ----a-w-   c:\windows\system32\drivers\nv4_mini.sys
2009-11-21 02:34 . 2009-08-03 14:30   6282752   ----a-w-   c:\windows\system32\nv4_disp.dll
2009-11-21 02:34 . 2009-08-03 14:30   4038656   ----a-w-   c:\windows\system32\nvcuda.dll
2009-11-21 02:34 . 2009-08-03 14:30   2293286   ----a-w-   c:\windows\system32\nvdata.bin
2009-11-21 02:34 . 2009-08-03 14:30   182888   ----a-w-   c:\windows\system32\nvcodins.dll
2009-11-21 02:34 . 2009-08-03 14:30   182888   ----a-w-   c:\windows\system32\nvcod.dll
2009-11-21 02:34 . 2009-08-03 14:30   1056768   ----a-w-   c:\windows\system32\nvapi.dll
2009-11-21 02:32 . 2009-11-21 02:32   278120   ----a-w-   c:\windows\system32\nvmccs.dll
2009-11-21 02:32 . 2009-11-21 02:32   154216   ----a-w-   c:\windows\system32\nvsvc32.exe
2009-11-21 02:32 . 2009-11-21 02:32   145000   ----a-w-   c:\windows\system32\nvcolor.exe
2009-11-21 02:32 . 2009-11-21 02:32   12669544   ----a-w-   c:\windows\system32\nvcpl.dll
2009-11-21 02:32 . 2009-11-21 02:32   110184   ----a-w-   c:\windows\system32\nvmctray.dll
2009-11-21 02:32 . 2009-11-21 02:32   81920   ----a-w-   c:\windows\system32\nvwddi.dll
2009-11-20 03:42 . 2009-08-03 13:56   592488   ----a-w-   c:\windows\system32\NVUNINST.EXE
2009-08-05 23:50 . 2009-08-05 23:50   206557   ----a-w-   c:\program files\g13.jpg
2009-05-13 21:55 . 2009-05-13 21:55   1044480   ----a-w-   c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55   200704   ----a-w-   c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-07 17421824]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-21 12669544]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-21 110184]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\Steam\\steamapps\\rivertam337\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\Steam\\steamapps\\rivertam337\\counter-strike\\hl.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/22/2009 10:32 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/22/2009 10:32 AM 20560]
R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [8/9/2009 4:55 PM 12032]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [8/3/2009 7:50 AM 20160]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\Owner\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\Owner\LOCALS~1\Temp\ALSysIO.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-02-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\f094zcze.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKLM-Run-nwiz - nwiz.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-{CB4532F7-A1BD-46D2-9938-3E7D4656FB18} - c:\program files\InstallShield Installation Information\{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}\Setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-04 18:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ... 

scanning hȋdden autostart entries ...

scanning hȋdden files ... 

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2808)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-02-04  18:20:34
ComboFix-quarantined-files.txt  2010-02-05 00:20

Pre-Run: 16,652,570,624 bytes free
Post-Run: 16,615,489,536 bytes free

- - End Of File - - F61CF46E7064F01E19E6E6078B91B838

bobo337
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-01-30
OS OS : Windows XP
Points Points : 25396
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected with Antivirus Soft

Post by Belahzur on 5th February 2010, 1:36 am


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    uInternet Settings,ProxyOverride =
  4. Save this as CFscript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFscript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Infected with Antivirus Soft

Post by bobo337 on 5th February 2010, 2:12 am

I did that and the log is
Code:
ComboFix 10-02-04.04 - Owner 02/04/2010  20:10:09.4.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2046.1515 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFscript.txt
AV: avast! antivirus 4.8.1368 [VPS 100204-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((  Files Created from 2010-01-05 to 2010-02-05  )))))))))))))))))))))))))))))))
.

2010-02-01 20:13 . 2010-02-01 20:13   --------   d-----w-   C:\_OTL
2010-01-30 01:28 . 2010-01-30 01:28   --------   d-----w-   c:\program files\Trend Micro
2010-01-30 00:24 . 2010-01-30 00:24   --------   d-----w-   c:\documents and settings\Owner\Application Data\Malwarebytes
2010-01-30 00:24 . 2010-01-07 22:07   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-30 00:24 . 2010-01-30 00:24   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-01-30 00:24 . 2010-01-30 00:24   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-30 00:24 . 2010-01-07 22:07   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-01-29 23:37 . 2010-01-29 23:37   --------   d-----w-   c:\windows\Sun
2010-01-22 04:18 . 2009-11-21 02:34   69632   ----a-w-   c:\windows\system32\OpenCL.dll
2010-01-22 04:18 . 2009-11-21 02:34   11374592   ----a-w-   c:\windows\system32\nvcompiler.dll
2010-01-21 20:47 . 2010-02-04 00:52   1   ----a-w-   c:\documents and settings\Owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-21 20:47 . 2010-01-21 20:47   --------   d-----w-   c:\documents and settings\Owner\Application Data\OpenOffice.org
2010-01-21 20:45 . 2010-01-21 20:45   --------   d-----w-   c:\program files\JRE
2010-01-21 20:45 . 2010-01-21 20:45   --------   d-----w-   c:\program files\OpenOffice.org 3
2010-01-21 20:45 . 2010-01-21 20:44   411368   ----a-w-   c:\windows\system32\deploytk.dll
2010-01-21 20:44 . 2010-01-21 20:44   --------   d-----w-   c:\program files\Java
2010-01-19 20:16 . 2010-01-19 20:16   --------   d-----w-   c:\documents and settings\Owner\Application Data\acccore
2010-01-19 20:16 . 2010-01-19 20:18   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\AIM
2010-01-19 20:16 . 2010-01-19 20:16   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\AOL
2010-01-19 20:16 . 2010-01-19 20:16   --------   d-----w-   c:\documents and settings\All Users\Application Data\AIM
2010-01-19 20:16 . 2010-01-19 20:16   --------   d-----w-   c:\program files\AIM
2010-01-19 20:16 . 2010-01-19 20:16   --------   d-----w-   c:\program files\Common Files\Software Update Utility
2010-01-19 20:16 . 2010-01-19 20:16   --------   d-----w-   c:\program files\Common Files\AOL
2010-01-16 23:10 . 2010-01-16 23:10   --------   d-----w-   c:\documents and settings\Owner\Application Data\DivX

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-03 23:45 . 2009-09-28 21:12   --------   d-----w-   c:\program files\World of Warcraft
2010-02-01 20:25 . 2009-08-05 23:20   --------   d-----w-   c:\program files\Razer
2010-01-30 00:01 . 2009-08-23 22:07   16504   ----a-w-   c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-28 23:37 . 2009-08-05 18:40   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2010-01-23 07:26 . 2009-10-13 14:55   --------   d-----w-   c:\documents and settings\Owner\Application Data\vlc
2010-01-22 04:19 . 2009-08-03 14:00   --------   d-----w-   c:\program files\NVIDIA Corporation
2010-01-22 04:19 . 2009-08-03 14:31   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2010-01-22 04:19 . 2009-08-03 14:31   --------   d-----w-   c:\program files\AGEIA Technologies
2010-01-16 01:13 . 2009-08-04 18:30   --------   d-----w-   c:\program files\WoW
2010-01-15 05:40 . 2009-08-05 17:57   --------   d-----w-   c:\program files\Steam
2009-12-21 19:14 . 2008-04-14 12:00   916480   ------w-   c:\windows\system32\wininet.dll
2009-12-17 00:27 . 2009-12-17 00:12   --------   d-----w-   c:\documents and settings\Owner\Application Data\GetRightToGo
2009-11-24 23:54 . 2009-12-22 16:31   1280480   ----a-w-   c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-12-22 16:32   93424   ----a-w-   c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-12-22 16:32   94160   ----a-w-   c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-12-22 16:32   114768   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-12-22 16:32   20560   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-12-22 16:32   48560   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-12-22 16:32   23120   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-12-22 16:32   27408   ----a-w-   c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-12-22 16:32   97480   ----a-w-   c:\windows\system32\AvastSS.scr
2009-11-21 15:51 . 2008-04-14 12:00   471552   ----a-w-   c:\windows\AppPatch\aclayers.dll
2009-11-21 02:34 . 2009-08-03 14:30   592488   ----a-w-   c:\windows\system32\nvudisp.exe
2009-11-21 02:34 . 2009-08-03 14:30   2259560   ----a-w-   c:\windows\system32\nvcuvid.dll
2009-11-21 02:34 . 2009-08-03 14:30   1989224   ----a-w-   c:\windows\system32\nvcuvenc.dll
2009-11-21 02:34 . 2009-08-03 14:30   13602816   ----a-w-   c:\windows\system32\nvoglnt.dll
2009-11-21 02:34 . 2009-08-03 14:30   10235968   ----a-w-   c:\windows\system32\drivers\nv4_mini.sys
2009-11-21 02:34 . 2009-08-03 14:30   6282752   ----a-w-   c:\windows\system32\nv4_disp.dll
2009-11-21 02:34 . 2009-08-03 14:30   4038656   ----a-w-   c:\windows\system32\nvcuda.dll
2009-11-21 02:34 . 2009-08-03 14:30   2293286   ----a-w-   c:\windows\system32\nvdata.bin
2009-11-21 02:34 . 2009-08-03 14:30   182888   ----a-w-   c:\windows\system32\nvcodins.dll
2009-11-21 02:34 . 2009-08-03 14:30   182888   ----a-w-   c:\windows\system32\nvcod.dll
2009-11-21 02:34 . 2009-08-03 14:30   1056768   ----a-w-   c:\windows\system32\nvapi.dll
2009-11-21 02:32 . 2009-11-21 02:32   278120   ----a-w-   c:\windows\system32\nvmccs.dll
2009-11-21 02:32 . 2009-11-21 02:32   154216   ----a-w-   c:\windows\system32\nvsvc32.exe
2009-11-21 02:32 . 2009-11-21 02:32   145000   ----a-w-   c:\windows\system32\nvcolor.exe
2009-11-21 02:32 . 2009-11-21 02:32   12669544   ----a-w-   c:\windows\system32\nvcpl.dll
2009-11-21 02:32 . 2009-11-21 02:32   110184   ----a-w-   c:\windows\system32\nvmctray.dll
2009-11-21 02:32 . 2009-11-21 02:32   81920   ----a-w-   c:\windows\system32\nvwddi.dll
2009-11-20 03:42 . 2009-08-03 13:56   592488   ----a-w-   c:\windows\system32\NVUNINST.EXE
2009-08-05 23:50 . 2009-08-05 23:50   206557   ----a-w-   c:\program files\g13.jpg
2009-05-13 21:55 . 2009-05-13 21:55   1044480   ----a-w-   c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55   200704   ----a-w-   c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-07 17421824]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-21 12669544]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-21 110184]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService]
@="Service"

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/22/2009 10:32 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/22/2009 10:32 AM 20560]
R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [8/9/2009 4:55 PM 12032]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [8/3/2009 7:50 AM 20160]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\Owner\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\Owner\LOCALS~1\Temp\ALSysIO.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
FastUserSwitchingCompatibility
HidServ
LanmanServer
LanmanWorkstation
Messenger
Nla
NWCWorkstation
Schedule
Seclogon
SRService
Themes
TrkWks
W32Time
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
napagent
hkmsvc
BITS
wuauserv
ShellHWDetection
helpsvc
.
Contents of the 'Scheduled Tasks' folder

2010-02-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\f094zcze.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-04 20:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ... 

scanning hȋdden autostart entries ...

scanning hȋdden files ... 

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2916)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-02-04  20:12:04
ComboFix-quarantined-files.txt  2010-02-05 02:12
ComboFix2.txt  2010-02-05 02:06
ComboFix3.txt  2010-02-05 00:20

Pre-Run: 16,609,832,960 bytes free
Post-Run: 16,596,172,800 bytes free

- - End Of File - - 7309CDF09E92E0FFECA1F1ED8AD77E5D

bobo337
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-01-30
OS OS : Windows XP
Points Points : 25396
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected with Antivirus Soft

Post by Belahzur on 5th February 2010, 2:15 am

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Infected with Antivirus Soft

Post by bobo337 on 5th February 2010, 2:21 am

It's been running well for the past 3 or 4 days, but I did not want to risk still having the virus. Thank you so much

bobo337
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-01-30
OS OS : Windows XP
Points Points : 25396
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected with Antivirus Soft

Post by Belahzur on 5th February 2010, 4:52 pm

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Uncheck (untick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Infected with Antivirus Soft

Post by bobo337 on 5th February 2010, 7:08 pm

It turned out to be in C:\Program Files\ESET\ESET Online Scanner but it ran fine and the log is
Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1642bd5173fe59439fb971e1d18bb15a
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-02-05 06:42:04
# local_time=2010-02-05 12:42:04 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=769 16775125 100 98 0 200753901 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=45503
# found=0
# cleaned=0
# scan_time=979
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1642bd5173fe59439fb971e1d18bb15a
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-02-05 06:59:26
# local_time=2010-02-05 12:59:26 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=769 16775125 100 98 0 200755003 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=46287
# found=0
# cleaned=0
# scan_time=920

bobo337
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-01-30
OS OS : Windows XP
Points Points : 25396
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected with Antivirus Soft

Post by Belahzur on 5th February 2010, 7:10 pm

This should be fine now.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Infected with Antivirus Soft

Post by bobo337 on 5th February 2010, 8:02 pm

Thank you so much for your help, and I was going to ask if there was anything I could do to help prevent that but you already have that covered. Thank you so much again for your help.

bobo337
Novice
Novice

Posts Posts : 26
Joined Joined : 2010-01-30
OS OS : Windows XP
Points Points : 25396
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum