AV Security Suite Is Destroying My Very Soul

View previous topic View next topic Go down

AV Security Suite Is Destroying My Very Soul

Post by Dr Strangelove on Sun Jun 20, 2010 8:41 am

So yeah, i have this bloody AV virus thing, i've ran Malwarebytes' Anti Malware scans on numerous occasions, but it finds nothing, i've also tired the HijackThis method as recommended on the removal guide but that didnt work due to the fact that the 2 things i need to check, aka C:\documents and settings\user\local settings\application, were not there to check, i believe i may have made the mistake of deleting the virus from the regedit thing, i mean i dont know, i am a complete philistine when it comes to all things like this so i very much need my hand held during this removal process. Any help will be much appreciated to remove this awful virus, thank you in advance Smile

Dr Strangelove
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-06-20
OS OS : Vista
Points Points : 23658
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AV Security Suite Is Destroying My Very Soul

Post by Crush on Sun Jun 20, 2010 8:55 am

Hi Dr. Strangelove,

Welcome to GeekPolice Forums! I'm Crush but, you can call me Chris too Smile and I will be helping you with your Malware issues.

A few things to keep in mind as we progress:

1. We are all volunteer staff here so we log in and assess threads when real life, work, family, and other obligations permit. Additionally, we are located all over the world. There may be a bit of a time delay due to this.

2. Malware Removal threads are very time intensive. Each entry must be researched until it can be said with 100% certainty whether or not it can stay or needs to be removed. Sometimes additional work is needed to weed out suspect entries

3. This may turn into a long ordeal but, rest assured we will stay with you until you are completely disinfected.

4. Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer. Do not run any tools unless specifically asked to by a member of one of these usergroups

5. If you are not the original poster of this thread DO NOT run any fixes given to the poster in this thread. They are all custom tailored specifically to this user. It could prove to be disastrous.

6. Please keep responding until I give you the "All Clear". Absence of symptoms does not mean that everything is clear.

7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

8. If you have any questions or issues please stop and ask! We are all here to help.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.


If you follow these instructions, everything should go smoothly Smile.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

To do this click , then click Preferences. Make sure Always notify me of replies is set to Yes


With that out of the way:

Download [You must be registered and logged in to see this link.] to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    Code:
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    nvstor32.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    ws2_32.dll
    proquota.exe
    imm32.dll
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    nvrd32.sys
    /md5stop
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles



  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time


Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42098
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AV Security Suite Is Destroying My Very Soul

Post by Dr Strangelove on Sun Jun 20, 2010 9:57 am

copy the files to where?

Dr Strangelove
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-06-20
OS OS : Vista
Points Points : 23658
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AV Security Suite Is Destroying My Very Soul

Post by Dr Strangelove on Sun Jun 20, 2010 10:41 am

[code]
OTL Extras logfile created on: 20/06/2010 10:16:43 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Shearer\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.32 Gb Total Space | 0.05 Gb Free Space | 0.07% Space Free | Partition Type: NTFS
Drive D: | 33.68 Gb Total Space | 33.40 Gb Free Space | 99.17% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHEARER-PC
Current User Name: Shearer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0x00000000
"FirewallDisableNotify" = 0x00000000
"UpdatesDisableNotify" = 0x00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\xchat\xchat.exe" = C:\Program Files\xchat\xchat.exe:*:Enabled:XChat IRC Client -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C0958A3-7C14-4EDC-BA62-E20E87EDC53D}" = rport=445 | protocol=6 | dir=out | app=system |
"{1ED72A29-A00E-42FB-B346-67800327E7B2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{26951C15-1554-4704-9924-DCFCFA4AD87E}" = lport=138 | protocol=17 | dir=in | app=system |
"{299AE843-239F-4C76-A2B4-7679471FB011}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{29B6C246-FF6D-4BCD-A07E-3D2AEF59E113}" = rport=137 | protocol=17 | dir=out | app=system |
"{38FE058E-C70B-4F7D-AC73-26AF027B6567}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3FFDDC92-7A1E-4A9C-8A62-A89DC2B1798D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4A8F82EF-B2D1-4428-A049-C07089595964}" = lport=139 | protocol=6 | dir=in | app=system |
"{51A2DC86-7D5D-4CC0-B316-D2DFDBB4D225}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5D1AEA93-1AC8-448F-A459-931E667CE331}" = lport=445 | protocol=6 | dir=in | app=system |
"{6438047C-E42C-476F-A7CC-713B3EA99806}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6815B009-4A0A-465B-969A-6E53E4031DDF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{69C8C8E4-1037-4BBD-9FE1-790823843284}" = rport=139 | protocol=6 | dir=out | app=system |
"{6FB95A4A-6887-49AC-B1C1-0F94D2031347}" = rport=10243 | protocol=6 | dir=out | app=system |
"{78DF8786-3F75-4FFD-A9AB-243454C199E9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7B27C02D-C28B-4A78-92D8-090E413989C2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8A2FD5A6-5AFE-44D8-A045-501CF69FA508}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9943FA47-0ED6-417D-AE7E-B2CE56CE6DCB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9D615194-955E-4FFA-9BE5-9DE0391890DD}" = lport=3074 | protocol=6 | dir=in | name=xbox 360 |
"{B590B255-36C6-4FD9-8666-7873470F0AA5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D32018D9-2B02-4086-992F-65167219D02E}" = lport=137 | protocol=17 | dir=in | app=system |
"{DCBE9D2E-BB8D-4741-9E8A-2B3B66B31A2F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E93F14EE-F52B-4E0D-9E4E-08F9108C754B}" = rport=138 | protocol=17 | dir=out | app=system |
"{EC6E6FC1-BFCA-428D-924F-0DAE9AC183B2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06A565E4-6B6A-42B2-B780-22E83E4F9E01}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{083FA93A-CBFA-4A8C-839E-64F471CDE44A}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{08F7AFC8-6C35-499E-A038-2E425D501D47}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{09FBDA5F-49E8-43B6-B593-ED61C8FFA19A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0CDDC8C2-1EC6-4222-810B-86E138814871}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1630DC6A-96AC-4E2F-9D42-3FC8B29E3F4A}" = protocol=6 | dir=in | app=c:\tiscali\virgin broadband wireless\wireless manager.exe |
"{167D18F0-4AA8-4F9C-A698-CA90E02A206C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{19DD64DB-4B18-4758-8788-41A68AEEA515}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1B87B1AB-2CC4-4490-90F1-AEE966FA9C11}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1CD325EF-6229-421B-ADA4-40E3E048B5D4}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{291006E3-46CF-4AF0-BD14-174F80D33870}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2AB4B54D-EBB2-41B9-A211-CA625EC9AA21}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{3A2027CB-D6D7-43AB-AA14-F1542D0FB1A0}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{40048D5F-5251-47A7-8BE3-9E778877F7A0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{42253524-8285-4AAD-B0EB-332E2BB0F88D}" = protocol=6 | dir=out | app=system |
"{4482F7E4-EE1C-4A04-BAB9-EB25FD2E6359}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4B0904C2-9D42-4410-A63C-0CE7001EE21B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4CBFD98F-0E32-453C-B103-01039185D2F9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4F63FFDD-9BF0-4070-B620-C48BD2ABAFF4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{51662834-783D-4B21-A680-384E5B278775}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{56194882-3309-42BC-92FB-31048080E913}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{578DFB59-FD20-4835-B852-427457612268}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5BC16F84-B0E7-4B80-BDAD-EA624F7F9B27}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{654AE21B-D765-4F1D-8FE2-E6CF9A9C9F09}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6A71B9D0-2DC9-4872-9EDD-BEC0F7AC9949}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{6DCF9E6F-6B3A-4CBC-9EB5-27F6D2ECB404}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{70B53FD1-81DB-417F-A317-2514BCA17D6D}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{72BC0400-6C6B-4C53-8D5F-6EE905C4EE54}" = protocol=17 | dir=in | app=c:\tiscali\virgin broadband wireless\wireless manager.exe |
"{762DBFA7-9D89-4327-B557-CD55A215D178}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{7AADE30D-218C-4642-B980-12AD32AB33EF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{805071CF-263C-4D77-BE1E-0DFFE68E50EF}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{828DD580-79D1-4A99-BADF-8A5F5895898D}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{83BF9AF7-7699-4CC6-9016-A954F0857E63}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{8DF1E5C7-D859-407F-BAA2-E56EA0061B8F}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{938A7F6B-FD36-44C9-BC31-254CD59E0D23}" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2008\fm.exe |
"{9961D9DD-4D8F-4F39-A7B2-1129F2793680}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{99713386-F8C9-444A-B585-FC964511CB53}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{9F901F8E-7ECB-4EF6-8CAE-677AA10AC1F1}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{A21D8D97-7926-488C-919B-232D190225DB}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{A649569B-1B42-4619-AA45-D0037F2D0749}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AFC0722E-C6B5-4083-900C-890D719C0262}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{B8FC987C-DB30-464E-A3AD-F74B83657A67}" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2008\fm.exe |
"{BCCD7F2C-60A6-4979-BABB-3E934069662D}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{BE00CED2-082B-45B1-B7D6-304FBDCC442B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BF412CFD-58FD-4020-8A58-1E3DE77C1220}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DABC419A-BFF6-4EDE-81FF-519A72146149}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DF991F60-740A-4328-B575-D3077D2D0606}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E4992C7F-6A4C-46F5-B873-1D7B253FD479}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F048C161-8F03-409B-977D-A516F5D58F40}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{F0500155-8A1F-4DC0-B9FB-4D3C1E39B295}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{F5F68F4B-BDF6-495F-88ED-37B054D88F21}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{F99CFD7A-FDAE-4294-BC01-55B454E9F50F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{20B9E3A6-9838-4E3E-B4CE-012D9DB8F629}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{4E085B49-9BDC-4AC4-A950-7D290E76CCF3}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{50DECCC3-EF8A-4DD0-BB71-D5B16604F258}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{9133C3AF-D927-4E92-806F-E330226BD6BD}C:\program files\xchat\xchat.exe" = protocol=6 | dir=in | app=c:\program files\xchat\xchat.exe |
"TCP Query User{99EA6408-E956-445E-B550-92794A55E515}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{BC06C4F4-0834-47E8-9CE2-0C40CDCBA653}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{D596BC5D-962C-430F-9808-5EEF0ECBE9D1}C:\program files\logitech\logitech vid\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"TCP Query User{E0BA7055-43DF-4F69-9923-E74F5D72D08A}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{F37DEEEA-CE07-46B7-96E3-FEE58ABEF998}C:\program files\shareaza applications\shareaza\shareaza.exe" = protocol=6 | dir=in | app=c:\program files\shareaza applications\shareaza\shareaza.exe |
"UDP Query User{0DC63DC1-D971-481F-82AB-220CE520D0A7}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{32CF35C0-6CB9-44FA-9B44-16B4C61DEDFC}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{56B81BCF-B191-4A2B-AC7A-4186B32624E4}C:\program files\shareaza applications\shareaza\shareaza.exe" = protocol=17 | dir=in | app=c:\program files\shareaza applications\shareaza\shareaza.exe |
"UDP Query User{696404AA-EFC1-4017-8001-C7D540B5A40B}C:\program files\xchat\xchat.exe" = protocol=17 | dir=in | app=c:\program files\xchat\xchat.exe |
"UDP Query User{814C37E2-3989-4B6B-BAF8-132D5C8614F7}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{94E70FF7-B6CC-4EDB-8DBF-CAA9F46F44F4}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{9503742C-61BF-4EF6-AB94-AA0AA06845A4}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{C4639BE4-B761-4B30-AF86-AAC412F76E91}C:\program files\logitech\logitech vid\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"UDP Query User{CCA94E54-BB30-4430-8C91-FBC1AE0CF7E1}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 18
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AFCF8B-3C53-49A2-8456-E637021B1033}" = Nero 8 Essentials
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C87BC0B7-2BB8-49D1-8CE0-EB0410EF0938}" = SystemDiagnostics
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.9
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"2B0D8F3C-18AD-4D8E-879A-74A867C5C3CB_is1" = Wireless Manager
"7-Zip" = 7-Zip 4.65
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVG9Uninstall" = AVG Free 9.0
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"LimeWire" = LimeWire 5.2.13
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Rapport_msi" = Rapport
"SONARLE_is1" = SONAR 6 LE
"Spotify" = Spotify
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 08/04/2010 08:37:19 | Computer Name = Shearer-PC | Source = Windows Search Service | ID = 1006
Description =

Error - 08/04/2010 08:37:36 | Computer Name = Shearer-PC | Source = Windows Search Service | ID = 1006
Description =

Error - 08/04/2010 08:48:59 | Computer Name = Shearer-PC | Source = MsiInstaller | ID = 1013
Description =

Error - 08/04/2010 09:36:54 | Computer Name = Shearer-PC | Source = Windows Search Service | ID = 1006
Description =

Error - 08/04/2010 09:40:12 | Computer Name = Shearer-PC | Source = Windows Search Service | ID = 1006
Description =

Error - 08/04/2010 15:16:14 | Computer Name = Shearer-PC | Source = Windows Search Service | ID = 1006
Description =

Error - 08/04/2010 15:16:41 | Computer Name = Shearer-PC | Source = WinMgmt | ID = 10
Description =

Error - 08/04/2010 15:17:16 | Computer Name = Shearer-PC | Source = Windows Search Service | ID = 1006
Description =

Error - 08/04/2010 15:19:51 | Computer Name = Shearer-PC | Source = Windows Search Service | ID = 1006
Description =

Error - 08/04/2010 16:12:32 | Computer Name = Shearer-PC | Source = Windows Search Service | ID = 1006
Description =

[ System Events ]
Error - 19/06/2010 20:24:23 | Computer Name = Shearer-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 19/06/2010 20:24:23 | Computer Name = Shearer-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 19/06/2010 20:24:23 | Computer Name = Shearer-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 19/06/2010 20:24:23 | Computer Name = Shearer-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 19/06/2010 20:26:02 | Computer Name = Shearer-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 19/06/2010 20:26:02 | Computer Name = Shearer-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 19/06/2010 20:31:34 | Computer Name = Shearer-PC | Source = DCOM | ID = 10010
Description =

Error - 20/06/2010 03:54:21 | Computer Name = Shearer-PC | Source = DCOM | ID = 10010
Description =

Error - 20/06/2010 04:03:48 | Computer Name = Shearer-PC | Source = DCOM | ID = 10010
Description =

Error - 20/06/2010 04:48:59 | Computer Name = Shearer-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.4 for the Network Card with network
address 00225F01D646 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >

Dr Strangelove
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-06-20
OS OS : Vista
Points Points : 23658
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AV Security Suite Is Destroying My Very Soul

Post by Dr Strangelove on Sun Jun 20, 2010 10:47 am

so that ^^ is the Extras.Txt file, the OTL.Txt is to big to post, how do i get round that?

Dr Strangelove
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-06-20
OS OS : Vista
Points Points : 23658
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AV Security Suite Is Destroying My Very Soul

Post by Crush on Sun Jun 20, 2010 5:44 pm

Hi Dr. Strangelove,

On a random side note, I love your topic title Cheesy Grin (sparkly

As far as the OTL logs go you could attach them here or just split them up into multiple posts.

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42098
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum