Computer is acting way funky (Antivir Solution Pro)

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Computer is acting way funky (Antivir Solution Pro)

Post by drokness on Fri 06 Aug 2010, 7:31 am

This Antivir Solution Pro popped up in my tray and started "scanning" for viruses, ever since I haven't been able to access any of my antivirus software. An "INFILTRATION ALERT" is popping up saying my computer is being attacked. What should I do? I can't currently access my hijack this either.


Last edited by drokness on Fri 06 Aug 2010, 8:16 am; edited 1 time in total

drokness

Rookie Surfer
Rookie Surfer

Posts : 105
Joined : 2008-12-02
Operating System : Windows XP

View user profile

Back to top Go down

Re: Computer is acting way funky (Antivir Solution Pro)

Post by Belahzur on Fri 06 Aug 2010, 7:40 am

Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Computer is acting way funky (Antivir Solution Pro)

Post by drokness on Fri 06 Aug 2010, 7:44 am

I downloaded it, but it's not allowing me to access it. A Security Warning pops up and says "Application cannot be executed. The file otl.exe is infected. Do you want to activate your antivirus software now? Yes/No

Edit: Was wondering if I should try a System Restore? If so, where is that again? Sorry, I always forget. Also, a bit afraid to restart my computer at this point in case Windows would not re-open.

drokness

Rookie Surfer
Rookie Surfer

Posts : 105
Joined : 2008-12-02
Operating System : Windows XP

View user profile

Back to top Go down

Re: Computer is acting way funky (Antivir Solution Pro)

Post by drokness on Fri 06 Aug 2010, 10:35 am

Hi Belazhur. I know you're incredibly busy, so I may have been lost in the shuffle. If not and you just haven't gotten to me yet, please forgive this bump. But should I possibly try the Rkill program? That seems to be the advice given to those suffering from the same problem as me. I greatly appreciate your help.

drokness

Rookie Surfer
Rookie Surfer

Posts : 105
Joined : 2008-12-02
Operating System : Windows XP

View user profile

Back to top Go down

Re: Computer is acting way funky (Antivir Solution Pro)

Post by Belahzur on Fri 06 Aug 2010, 10:47 am

Hello.

We need to use the RKill Tool by Grinler

Rkill.com <--- Download site

  • Please Download Rkill.com. Save it to your Desktop.
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.

  • NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.

  • Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
  • Please be patient while the program looks for various malware programs and ends them.
  • When it has finished, the black window will automatically close and you can continue with the next step.
NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program, when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

If you continue having problems running rkill.com, you can download:
iExplore.exe or eXplorer.exe
which are renamed copies of rkill.com, and try them instead.

Try OTL now.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Computer is acting way funky (Antivir Solution Pro)

Post by drokness on Fri 06 Aug 2010, 10:57 am

Thanks. I was able to download it, but I'm still getting the same Security Alert indicating that it's infected. I also tried the iExplore.exe and eXplorer.exe files, same result.

Edit: Sorry, disregard. Read your previous post more thoroughly, and was able to run it with the security warning up. Sorry about that. Running OTL now, will post when done.

drokness

Rookie Surfer
Rookie Surfer

Posts : 105
Joined : 2008-12-02
Operating System : Windows XP

View user profile

Back to top Go down

Re: Computer is acting way funky (Antivir Solution Pro)

Post by drokness on Fri 06 Aug 2010, 11:06 am

OTL logfile created on: 8/5/2010 7:00:45 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Daniel Schneider\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 497.00 Mb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 225.88 Gb Total Space | 11.41 Gb Free Space | 5.05% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WHITETUNDRA
Current User Name: Daniel Schneider
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/05 15:42:20 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel Schneider\Desktop\OTL.exe
PRC - [2010/07/26 11:23:50 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/24 13:58:22 | 000,309,760 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/04/20 16:34:18 | 000,816,904 | ---- | M] (Logitech, Inc.) -- c:\Program Files\Logitech\Logitech WebCam Software\LU\LogitechUpdate.exe
PRC - [2009/04/20 16:34:00 | 000,300,296 | ---- | M] (Logitech, Inc.) -- c:\Program Files\Logitech\Logitech WebCam Software\LU\LULnchr.exe
PRC - [2008/10/15 13:31:53 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008/10/15 13:30:02 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2008/09/16 13:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/09/10 14:01:28 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/07/07 10:42:06 | 002,156,368 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/06/12 13:28:45 | 000,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/20 15:42:38 | 000,161,160 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe
PRC - [2007/11/06 18:04:48 | 000,810,632 | ---- | M] (ExtendMedia Inc.) -- C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
PRC - [2007/09/05 17:58:44 | 000,188,416 | ---- | M] (Wavexpress, Inc) -- C:\Program Files\Wavexpress\TVTonic\WXRSS.exe
PRC - [2007/08/15 13:19:44 | 001,564,672 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D7050v5\Belkinwcui.exe
PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2007/06/14 06:12:55 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2005/03/11 19:55:40 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
PRC - [2005/02/09 12:43:52 | 000,167,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2005/02/09 12:43:52 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2005/02/09 12:43:50 | 000,270,336 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2005/01/14 16:43:28 | 000,151,552 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
PRC - [2003/08/13 15:23:00 | 000,106,496 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
PRC - [2003/08/13 15:07:22 | 000,094,208 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe


========== Modules (SafeList) ==========

MOD - [2010/08/05 15:42:20 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel Schneider\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/19 19:31:44 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/12/27 15:03:22 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/10/15 13:31:53 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008/10/15 13:30:02 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2008/09/16 13:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/09/10 14:01:28 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2007/11/06 18:04:48 | 000,810,632 | ---- | M] (ExtendMedia Inc.) [Auto | Running] -- C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe -- (OpenCASE Media Agent)
SRV - [2007/09/05 17:58:44 | 000,188,416 | ---- | M] (Wavexpress, Inc) [Auto | Running] -- C:\Program Files\Wavexpress\TVTonic\WXRSS.exe -- (WXRSS)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2005/03/11 19:55:40 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe -- (SonicStageMonitoring)
SRV - [2005/02/14 23:30:02 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2005/02/09 12:43:52 | 000,167,936 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005/02/09 12:43:52 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/02/09 12:43:52 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/02/09 12:43:50 | 000,270,336 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2005/01/26 18:30:04 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005/01/26 18:25:34 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/01/26 18:20:14 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2005/01/24 20:36:52 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2005/01/14 18:18:48 | 001,839,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2005/01/14 17:26:56 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2005/01/14 17:21:32 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2005/01/14 17:20:14 | 000,188,416 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2003/08/13 15:23:00 | 000,106,496 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe -- (Sony TVTA Manager)
SRV - [2003/08/13 15:10:04 | 000,118,784 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe -- (Sony TV Tuner Controller)
SRV - [2003/08/13 15:07:22 | 000,094,208 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe -- (Sony TV Tuner Manager)


========== Driver Services (SafeList) ==========

DRV - [2009/10/07 03:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 03:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 500(UVC)
DRV - [2009/10/07 03:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/07/15 10:27:05 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/07/15 10:17:51 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009/07/15 10:17:39 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/06/01 00:13:20 | 000,238,848 | R--- | M] (Belkin Corporation. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BLKWGU.sys -- (BELKIN)
DRV - [2007/03/01 09:34:22 | 000,028,352 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2006/02/20 19:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2004/11/29 19:42:54 | 002,319,808 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/09/29 07:22:22 | 000,800,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/12 20:45:52 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/08/05 23:20:34 | 000,788,736 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smrt.sys -- (smrt)
DRV - [2004/06/29 09:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2001/08/17 08:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2000/12/05 19:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:4.0.15.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:7

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/28 17:56:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/26 11:24:12 | 000,000,000 | ---D | M]

[2008/12/06 14:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Schneider\Application Data\Mozilla\Extensions
[2010/08/05 15:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Schneider\Application Data\Mozilla\Firefox\Profiles\5a10nuia.default\extensions
[2010/05/04 22:10:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Daniel Schneider\Application Data\Mozilla\Firefox\Profiles\5a10nuia.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/30 19:15:13 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Daniel Schneider\Application Data\Mozilla\Firefox\Profiles\5a10nuia.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/03/18 15:02:39 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Daniel Schneider\Application Data\Mozilla\Firefox\Profiles\5a10nuia.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/05/06 13:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Schneider\Application Data\Mozilla\Firefox\Profiles\5a10nuia.default\extensions\battlefieldheroespatcher@ea.com
[2010/08/05 13:13:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/12/06 13:40:12 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

O1 HOSTS File: ([2009/02/22 10:12:44 | 000,000,029 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {9E3DCAB2-1B63-44D9-AF91-7751CB9F605B} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CreateCD_Reminder] C:\WINDOWS\SONYSYS\VAIO Recovery\Reminder.exe (Sony Electronics, Inc)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [VAIO Update 2] C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EA Link\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Auto run of VideoCam Suite 1.0.lnk = C:\Program Files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless G USB Adapter Client Utility.lnk = C:\Program Files\Belkin\F5D7050v5\Belkinwcui.exe (Belkin)
O4 - Startup: C:\Documents and Settings\Daniel Schneider\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {4E73C07D-0A23-42DF-9E32-BBBB027D869A} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [You must be registered and logged in to see this link.] (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\opnlICSl: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\VAIO Structure Wallpaper TrueColor 1024x768.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Structure Wallpaper TrueColor 1024x768.bmp
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O29 - HKLM SecurityProviders - (mcenspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/02/23 15:12:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/05 15:42:19 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Daniel Schneider\Desktop\OTL.exe
[2010/08/05 15:21:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Schneider\Local Settings\Application Data\yqrjmxuqi
[2010/07/29 21:00:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Schneider\My Documents\CRACKEDSTUFF
[2010/07/23 23:35:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Schneider\My Documents\Downloads
[2010/07/13 15:47:45 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[8 C:\Documents and Settings\Daniel Schneider\My Documents\*.tmp files -> C:\Documents and Settings\Daniel Schneider\My Documents\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/05 18:54:57 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Daniel Schneider\Desktop\eXplorer.exe
[2010/08/05 18:54:34 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Daniel Schneider\Desktop\iExplore.exe
[2010/08/05 18:50:40 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Daniel Schneider\Desktop\rkill.com
[2010/08/05 18:23:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/05 15:42:20 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel Schneider\Desktop\OTL.exe
[2010/08/05 11:32:00 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\WebReg psc 1600 series.job
[2010/08/04 19:23:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/04 08:22:18 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/04 03:22:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/04 03:22:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/04 03:22:26 | 1072,480,256 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/04 03:22:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/08/04 03:22:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/08/04 03:20:49 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\Daniel Schneider\ntuser.dat
[2010/08/04 03:20:11 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Daniel Schneider\ntuser.ini
[2010/08/02 23:36:13 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/02 18:00:51 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/27 01:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010/07/23 23:35:37 | 000,029,569 | ---- | M] () -- C:\Documents and Settings\Daniel Schneider\My Documents\middle-finger.jpg
[2010/07/15 13:29:10 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Daniel Schneider\My Documents\f***.doc
[2010/07/15 03:00:58 | 000,000,628 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/14 03:13:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[8 C:\Documents and Settings\Daniel Schneider\My Documents\*.tmp files -> C:\Documents and Settings\Daniel Schneider\My Documents\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/05 18:54:56 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Daniel Schneider\Desktop\eXplorer.exe
[2010/08/05 18:54:34 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Daniel Schneider\Desktop\iExplore.exe
[2010/08/05 18:50:39 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Daniel Schneider\Desktop\rkill.com
[2010/07/23 23:35:34 | 000,029,569 | ---- | C] () -- C:\Documents and Settings\Daniel Schneider\My Documents\middle-finger.jpg
[2010/07/15 13:29:09 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Daniel Schneider\My Documents\f***.doc
[2009/11/29 17:53:02 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/10/07 02:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 02:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2008/12/05 22:24:27 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfmonnt.dll
[2008/12/05 22:24:25 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psconv.ini
[2008/09/02 14:57:09 | 000,013,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\string.ini
[2007/09/13 20:24:18 | 000,139,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2005/10/16 23:54:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/08/09 17:13:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/08/09 17:13:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/08/09 17:12:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/05/20 17:51:03 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/05/20 17:48:20 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/05/20 17:48:20 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/05/20 17:48:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/05/20 17:48:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/05/20 17:48:20 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/05/20 17:48:20 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/05/20 17:47:34 | 000,000,598 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/20 17:42:11 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2005/02/23 17:44:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/23 17:18:09 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/02/23 16:35:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2005/02/23 15:17:15 | 000,000,811 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/02/23 13:58:33 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/02/23 13:57:37 | 000,000,762 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/01/18 13:31:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/06/12 15:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2001/10/24 19:00:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
< End of report >

drokness

Rookie Surfer
Rookie Surfer

Posts : 105
Joined : 2008-12-02
Operating System : Windows XP

View user profile

Back to top Go down

Re: Computer is acting way funky (Antivir Solution Pro)

Post by drokness on Fri 06 Aug 2010, 11:07 am

OTL Extras logfile created on: 8/5/2010 7:00:45 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Daniel Schneider\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 497.00 Mb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 225.88 Gb Total Space | 11.41 Gb Free Space | 5.05% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WHITETUNDRA
Current User Name: Daniel Schneider
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Scan with SpySubtract...] -- "C:\Program Files\InterMute\SpySubtract\SpySub.exe" "-sc" "%1" (InterMute, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\TESTOUT\Cmi\Navigator.exe" = C:\Program Files\TESTOUT\Cmi\Navigator.exe:*:Disabled:TestOut Navigator -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe" = C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe" = C:\Program Files\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- (Adobe Systems Incorporated)
"C:\Program Files\GameSpy Arcade\Aphex.exe" = C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade -- (IGN Entertainment, Inc.)
"C:\Documents and Settings\Daniel Schneider\Local Settings\Temp\7zS9.tmp\SymNRT.exe" = C:\Documents and Settings\Daniel Schneider\Local Settings\Temp\7zS9.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- File not found
"C:\Program Files\Electronic Arts\Battlefield Bad Company 2 - BETA\BFBC2BetaUpdater.exe" = C:\Program Files\Electronic Arts\Battlefield Bad Company 2 - BETA\BFBC2BetaUpdater.exe:*:Enabled:Battlefield Bad Company 2 - BETA -- File not found
"C:\Program Files\Logitech\Logitech Vid\Vid.exe" = C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid -- (Logitech Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0FF18B53-CA57-40BB-B562-21A27B662005}" = 1600
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{1771FDC8-D846-4B77-996A-C80DAD42C03F}" = OpenCASE Media Agent
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1EB317D8-8945-4FD6-B37F-DF470317C6AB}" = VAIO Media 4.0
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{2F151B50-B434-4838-B51D-70442EBA093E}" = OpenMG Secure Module 4.1.00
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{40D1BC4F-56CB-458E-BE8C-35A025CC52FB}" = Sony TV Tuner Library 1.0
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 2
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4E993095-28F2-4060-9101-99C1FD1195C0}" = VAIO Control Center
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{51735133-A296-4EB0-BF16-AD93B55BD000}" = VAIO Original Screen Saver VAIO Motion SD Wide Contents
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{542CDB83-3599-48B6-9C84-7F56CEF0D2B0}" = TVTonic
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{5F638781-7754-411F-974C-F20F27292E24}" = VideoCam Suite
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{7128C69B-8F7E-4336-8698-3FD3CDD955EC}" = VAIO Media Redistribution 4.0
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78D62D17-D970-42DA-B8CF-5E5576293B33}" = Final Draft 7
"{7A79D11B-FD82-4A5E-834F-20173515DD14}" = VAIO Media Integrated Server 4.1
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7CDC26F7-D6BF-442A-B599-0075A48310F7}" = SA32xx Device Manager
"{80EE18E6-F16C-11D4-8BE8-006097C9A3ED}" = ISScript
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85AF94EC-55DE-452A-8FD7-C34E598B3F1F}" = Adobe Premiere Elements 7.0 Templates
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{88DA0A52-3372-4803-971A-ADFB961707E8}" = PictureGear Studio 2.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{8D8B167A-ED0F-43F1-AC10-3F4379F7CBBB}" = ArcSoft MediaConverter 2.5
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{9155A84B-A94B-496E-9661-9978EB0CBC7C}" = Image Converter 2
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B953606-000E-491C-B74D-78ECFDD520A0}" = OpenMG Metadata Extractor for Windows Media Player
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data
"{9EDF1A5D-D8E0-413E-9782-75DD4A8C831B}" = VideoCam Suite 1.0
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.0
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 4.0
"{AFBBF30D-ADA9-4313-464E-14458B6BE034}" = PhotoshopdotcomInspirationBrowser
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6ACFF51-248A-4290-B50B-E50C81F25B97}" = iPod for Windows 2005-02-22
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
"{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C91EF330-F152-44ED-A33A-0F4FF3FAF813}" = NBC Direct Beta
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB449D5A-7710-47aa-B9F5-352B877C90E6}" = 1600_Help
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D564B5E2-CCB5-4A5C-B35E-2FC30BBC9336}" = Adobe Premiere Elements 7.0
"{D593C72C-435B-4171-8106-9CA8AA34D716}" = Belkin Wireless G USB Adapter Software
"{D917FD82-6CE5-489A-AAF8-C701AAC85C4D}" = VAIO Entertainment Platform
"{DC6E3CD5-A93D-44EA-85AE-894C1603B7E2}" = VAIO TV Tuner Library 1.4
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB)
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E715FA41-46EB-4D3F-B4D9-A45973E76026}" = VAIO Structure Wallpaper
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.4.02
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4C6CC40-1142-49be-A28C-7BBD36F0B41A}" = 1600Trb
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"AC3Filter" = AC3Filter (remove only)
"ActiveXControlPad" = Microsoft ActiveX Control Pad
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"All ATI Software" = ATI - Software Uninstall Utility
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"ATI Display Driver" = ATI Display Driver
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CONNECT" = CONNECT
"ExpressBurn" = Express Burn Uninstall
"Free PS Convert driver_is1" = Free PS Convert driver 8.15
"GameSpy Arcade" = GameSpy Arcade
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.7
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2F151B50-B434-4838-B51D-70442EBA093E}" = OpenMG Secure Module 4.1.00
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{B6ACFF51-248A-4290-B50B-E50C81F25B97}" = iPod for Windows 2005-02-22
"InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"InstallShield_{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"InstallShield_{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"InterActual Player" = InterActual Player
"IrfanView" = IrfanView (remove only)
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MoodLogic" = MoodLogic
"Movielink eHome_is1" = Movielink eHome version 1.1
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"Netscape Online Setup" = Netscape Internet Service Setup
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenMG HotFix4.1-05-13-31-01" = OpenMG Limited Patch 4.1-05-13-31-01
"PartyPokerNet" = PartyPokerNet
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"PremElem70" = Adobe Premiere Elements 7.0
"PremElem70Templates" = Adobe Premiere Elements 7.0 Templates
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"PunkBusterSvc" = PunkBuster Services
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SpySubtract" = SpySubtract
"SpywareGuard_is1" = SpywareGuard v2.2
"V CAST Music with Rhapsody" = V CAST Music with Rhapsody
"WavePad" = WavePad Uninstall
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"Word to PDF Converter_is1" = Word to PDF Converter 3.00

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/27/2010 4:42:35 AM | Computer Name = WHITETUNDRA | Source = Media Center Guide | ID = 0
Description = Event Info: Unable to initialize connection to the database. Process:
DefaultDomain Object Name: Media Center Guide

Error - 8/3/2010 4:46:04 AM | Computer Name = WHITETUNDRA | Source = Media Center Scheduler | ID = 0
Description =

Error - 8/3/2010 4:46:05 AM | Computer Name = WHITETUNDRA | Source = Media Center Scheduler | ID = 0
Description =

Error - 8/3/2010 4:46:19 AM | Computer Name = WHITETUNDRA | Source = Media Center Guide | ID = 0
Description = Event Info: TitleQuery: DoQuery Error Process: DefaultDomain Object
Name: Microsoft.Ehome.Epg.Query.TitleQuery

Error - 8/3/2010 4:46:20 AM | Computer Name = WHITETUNDRA | Source = Media Center Scheduler | ID = 0
Description =

Error - 8/3/2010 4:46:20 AM | Computer Name = WHITETUNDRA | Source = Media Center Scheduler | ID = 0
Description =

Error - 8/3/2010 4:46:21 AM | Computer Name = WHITETUNDRA | Source = Media Center Guide | ID = 0
Description = Event Info: Unexpected exception in QueryWorker.DoQuery() Process:
DefaultDomain Object Name: Microsoft.Ehome.Epg.Query.TitleQuery

Error - 8/4/2010 9:32:01 AM | Computer Name = WHITETUNDRA | Source = MsiInstaller | ID = 11001
Description =

Error - 8/4/2010 8:21:58 PM | Computer Name = WHITETUNDRA | Source = Application Error | ID = 1000
Description = Faulting application final draft.exe, version 7.1.2.34, faulting module
final draft.exe, version 7.1.2.34, fault address 0x00255aa3.

Error - 8/5/2010 4:22:43 PM | Computer Name = WHITETUNDRA | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.1.3834, faulting module
icucnv36.dll, version 3.6.0.0, fault address 0x000013df.

[ Media Center Events ]
Error - 5/23/2009 4:40:24 AM | Computer Name = WHITETUNDRA | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 5/23/2009 3:40:24 AM. You may need to reschedule your recordings.

Error - 5/26/2009 7:53:07 PM | Computer Name = WHITETUNDRA | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 5/26/2009 6:53:07 PM. You may need to reschedule your recordings.

Error - 9/5/2009 4:40:27 AM | Computer Name = WHITETUNDRA | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 9/5/2009 3:40:26 AM. You may need to reschedule your recordings.

[ System Events ]
Error - 7/14/2010 9:58:27 PM | Computer Name = WHITETUNDRA | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 7/22/2010 8:27:15 PM | Computer Name = WHITETUNDRA | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 7/24/2010 8:38:11 PM | Computer Name = WHITETUNDRA | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 7/24/2010 8:38:11 PM | Computer Name = WHITETUNDRA | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 7/24/2010 8:38:13 PM | Computer Name = WHITETUNDRA | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 7/24/2010 8:38:13 PM | Computer Name = WHITETUNDRA | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 8/4/2010 4:23:05 AM | Computer Name = WHITETUNDRA | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 8/5/2010 4:55:01 PM | Computer Name = WHITETUNDRA | Source = DCOM | ID = 10010
Description = The server {781B925F-0BF8-4C7B-A2A8-A8B11B488A07} did not register
with DCOM within the required timeout.

Error - 8/5/2010 5:09:02 PM | Computer Name = WHITETUNDRA | Source = DCOM | ID = 10010
Description = The server {781B925F-0BF8-4C7B-A2A8-A8B11B488A07} did not register
with DCOM within the required timeout.

Error - 8/5/2010 6:54:06 PM | Computer Name = WHITETUNDRA | Source = DCOM | ID = 10010
Description = The server {781B925F-0BF8-4C7B-A2A8-A8B11B488A07} did not register
with DCOM within the required timeout.


< End of report >

drokness

Rookie Surfer
Rookie Surfer

Posts : 105
Joined : 2008-12-02
Operating System : Windows XP

View user profile

Back to top Go down

Re: Computer is acting way funky (Antivir Solution Pro)

Post by Belahzur on Sat 07 Aug 2010, 6:45 am

Hello.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O2 - BHO: (no name) - {9E3DCAB2-1B63-44D9-AF91-7751CB9F605B} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O20 - Winlogon\Notify\opnlICSl: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    [2010/08/05 15:21:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Schneider\Local Settings\Application Data\yqrjmxuqi



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Computer is acting way funky (Antivir Solution Pro)

Post by drokness on Sat 07 Aug 2010, 6:56 am

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E3DCAB2-1B63-44D9-AF91-7751CB9F605B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E3DCAB2-1B63-44D9-AF91-7751CB9F605B}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnlICSl\ deleted successfully.
C:\Documents and Settings\Daniel Schneider\Local Settings\Application Data\yqrjmxuqi folder moved successfully.

OTL by OldTimer - Version 3.2.9.1 log created on 08062010_145241

drokness

Rookie Surfer
Rookie Surfer

Posts : 105
Joined : 2008-12-02
Operating System : Windows XP

View user profile

Back to top Go down

Re: Computer is acting way funky (Antivir Solution Pro)

Post by Belahzur on Sat 07 Aug 2010, 7:12 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Computer is acting way funky (Antivir Solution Pro)

Post by drokness on Sat 07 Aug 2010, 7:42 am

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4400

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/6/2010 3:41:53 PM
mbam-log-2010-08-06 (15-41-53).txt

Scan type: Quick scan
Objects scanned: 170423
Time elapsed: 18 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CONNECT (Trojan.PornDialer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\CrucialSoft Ltd (Rogue.MSAntiSpyware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SolutionAV (Rogue.AntivirSolutionPro) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Daniel Schneider\Local Settings\Temporary Internet Files\Content.IE5\M1F4B9NB\5fb5ad[1].exe (Rogue.AntivirSolutionPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Schneider\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

drokness

Rookie Surfer
Rookie Surfer

Posts : 105
Joined : 2008-12-02
Operating System : Windows XP

View user profile

Back to top Go down

Re: Computer is acting way funky (Antivir Solution Pro)

Post by drokness on Sun 08 Aug 2010, 4:51 am

So am I in the clear?

drokness

Rookie Surfer
Rookie Surfer

Posts : 105
Joined : 2008-12-02
Operating System : Windows XP

View user profile

Back to top Go down

Re: Computer is acting way funky (Antivir Solution Pro)

Post by Belahzur on Sun 08 Aug 2010, 4:52 am

Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Computer is acting way funky (Antivir Solution Pro)

Post by drokness on Sun 08 Aug 2010, 5:53 am

ComboFix 10-08-06.03 - Daniel Schneider 08/07/2010 13:06:30.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.568 [GMT -5:00]
Running from: c:\documents and settings\Daniel Schneider\Desktop\Combo-Fix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\DANIEL~1\LOCALS~1\Temp\1.wmv
c:\windows\system32\Thumbs.db
c:\windows\system32\UACafihcmsh.log
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2010-07-07 to 2010-08-07 )))))))))))))))))))))))))))))))
.

2010-08-06 20:19 . 2010-08-06 20:19 6153352 ----a-w- C:\mbam-setup-1.46.exe
2010-08-06 19:52 . 2010-08-06 19:52 -------- d-----w- C:\_OTL
2010-07-13 20:47 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-07 18:27 . 2009-11-29 22:53 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-08-07 18:27 . 2009-11-29 22:51 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-08-06 20:20 . 2009-01-31 19:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-04 13:29 . 2005-02-23 20:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-04 13:28 . 2007-01-07 04:19 -------- d-----w- c:\documents and settings\Daniel Schneider\Application Data\Lionhead Studios
2010-08-04 13:26 . 2005-05-20 22:48 -------- d-----w- c:\program files\Quicken
2010-07-28 23:12 . 2005-10-15 01:40 -------- d-----w- c:\program files\EA GAMES
2010-06-11 08:51 . 2008-08-25 04:08 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-23 19:00 . 2010-02-23 19:00 318904 ----a-w- c:\program files\wmpfirefoxplugin.exe
2009-11-29 23:03 . 2009-11-29 23:03 2025768 ----a-w- c:\program files\SkypeSetup.exe
2008-12-28 00:01 . 2006-10-08 18:53 302928 ----a-w- c:\program files\dxwebsetup.exe
2008-12-27 23:56 . 2008-12-27 23:54 27288880 ----a-w- c:\program files\QuickTimeInstaller.exe
2008-10-13 16:18 . 2008-10-13 16:18 12580696 ----a-w- c:\program files\mm20enu.exe
2008-02-10 20:54 . 2008-02-10 20:51 28868320 ----a-w- c:\program files\FileFormatConverters.exe
2007-12-06 18:39 . 2007-12-06 18:38 6820520 ----a-w- c:\program files\FirefoxGoogleToolbarSetup.exe
2007-11-18 07:12 . 2007-11-18 07:12 13532808 ----a-w- c:\program files\NBCDirectInstaller.exe
2007-10-14 21:09 . 2007-10-14 21:06 1473748992 ----a-w- c:\program files\CoD4MWDemoSetup.exe
2007-04-11 20:54 . 2007-04-11 20:54 414637 ----a-w- c:\program files\police-quest-in-pursuit-of-the-death-angel.zip
2007-04-11 20:53 . 2007-04-11 20:53 1049705 ----a-w- c:\program files\DOSBox-0.63-install.exe
2006-08-13 22:51 . 2006-08-13 22:50 432552 ----a-w- c:\program files\wpsetup.exe
2006-07-01 17:55 . 2006-07-01 17:55 905728 ----a-w- c:\program files\iview398.exe
2006-05-17 00:03 . 2006-05-17 00:03 359112 ----a-w- c:\program files\LimeWireWin.exe
2006-04-13 17:53 . 2006-04-13 17:53 2871168 ----a-w- c:\program files\setuppad.exe
2006-04-13 17:38 . 2005-10-17 01:21 36465208 ----a-w- c:\program files\iTunesSetup.exe
2005-10-17 01:31 . 2005-10-17 01:31 7739192 ----a-w- c:\program files\DivXPlay.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856]
"EA Core"="c:\program files\Electronic Arts\EA Link\Core.exe" [2007-07-19 2887680]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\Vid.exe" [2009-07-16 5458704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 344064]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-13 61952]
"CreateCD_Reminder"="c:\windows\Sonysys\VAIO Recovery\reminder.exe" [2004-07-16 53248]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 151552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]

c:\documents and settings\Daniel Schneider\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Auto run of VideoCam Suite 1.0.lnk - c:\program files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe [2008-10-13 161160]
Belkin Wireless G USB Adapter Client Utility.lnk - c:\program files\Belkin\F5D7050v5\Belkinwcui.exe [2008-9-2 1564672]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 19:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 16:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 7.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 1:03 PM 169312]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [9/2/2008 2:57 PM 38144]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe [11/6/2007 6:04 PM 810632]
R2 WXRSS;TVTonic RSS;c:\program files\Wavexpress\TVTonic\WXRSS.exe [9/5/2007 5:58 PM 188416]
R3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\drivers\BLKWGU.sys [9/2/2008 2:58 PM 238848]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 10:03 PM 135664]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-08-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 03:03]

2010-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 03:03]

2010-08-07 c:\windows\Tasks\WebReg psc 1600 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-11-05 22:45]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Daniel Schneider\Application Data\Mozilla\Firefox\Profiles\5a10nuia.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\Daniel Schneider\Application Data\Mozilla\Firefox\Profiles\5a10nuia.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\Daniel Schneider\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\Daniel Schneider\Application Data\Mozilla\Firefox\Profiles\5a10nuia.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Daniel Schneider\Application Data\Mozilla\Firefox\Profiles\5a10nuia.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{9E3DCAB2-1B63-44D9-AF91-7751CB9F605B} - (no file)
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
Notify-opnlICSl - (no file)
AddRemove-HijackThis - c:\documents and settings\Daniel Schneider\Desktop\HijackThis.exe
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9c.exe
AddRemove-V CAST Music with Rhapsody - c:\progra~1\VCASTM~1\Unwise32.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-08-07 13:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(5148)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
c:\program files\Sony\Sony TV Tuner Library\SMceMan.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\dllhost.exe
c:\program files\Sony\Sony TV Tuner Library\RM_SV.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\rundll32.exe
c:\windows\AGRSMMSG.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\SpywareGuard\sgbhp.exe
c:\program files\logitech\logitech webcam software\lu\lulnchr.exe
c:\program files\logitech\logitech webcam software\lu\LogitechUpdate.exe
.
**************************************************************************
.
Completion time: 2010-08-07 13:52:09 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-07 18:52

Pre-Run: 12,385,001,472 bytes free
Post-Run: 12,803,637,248 bytes free

- - End Of File - - FC22BB215522E0236CA38B8B38E3B3FB

drokness

Rookie Surfer
Rookie Surfer

Posts : 105
Joined : 2008-12-02
Operating System : Windows XP

View user profile

Back to top Go down

Re: Computer is acting way funky (Antivir Solution Pro)

Post by drokness on Mon 09 Aug 2010, 6:37 am

Also, a new development: my AntiVir Guard: Attention, Detection has since found (since the posting of the ComboFix log) a TR/Trash.Gen Trojan (C:\WINDOWS\Temp\logishrd\LVPrcInj01.dll) that I am unable to remove, even after trying to delete it. I had turned off my AntiVir when I ran ComboFix, but it reactivated upon reboot.

Edit: ComboFix log is posted on page 1 (Post 15).

drokness

Rookie Surfer
Rookie Surfer

Posts : 105
Joined : 2008-12-02
Operating System : Windows XP

View user profile

Back to top Go down

Re: Computer is acting way funky (Antivir Solution Pro)

Post by Belahzur on Mon 09 Aug 2010, 6:48 am

Hello.
Don't worry about that, false positive, it's just Logitech are bad developers.

Last bit of the infection to fix.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    File::
    c:\program files\LimeWireWin.exe

    DDS::
    uInternet Settings,ProxyOverride =
    uInternet Settings,ProxyServer = http=127.0.0.1:6522
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Computer is acting way funky (Antivir Solution Pro)

Post by drokness on Mon 09 Aug 2010, 7:40 am

Sweet, so should I just "Ignore" that AntiVir alert? ComboFix log follows:



ComboFix 10-08-06.03 - Daniel Schneider 08/08/2010 15:03:48.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.542 [GMT -5:00]
Running from: c:\documents and settings\Daniel Schneider\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Daniel Schneider\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\program files\LimeWireWin.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\LimeWireWin.exe

.
((((((((((((((((((((((((( Files Created from 2010-07-08 to 2010-08-08 )))))))))))))))))))))))))))))))
.

2010-08-06 20:19 . 2010-08-06 20:19 6153352 ----a-w- C:\mbam-setup-1.46.exe
2010-08-06 19:52 . 2010-08-06 19:52 -------- d-----w- C:\_OTL
2010-07-13 20:47 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-08 00:54 . 2009-11-29 22:53 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-08-07 21:01 . 2009-11-29 23:07 -------- d-----w- c:\documents and settings\Daniel Schneider\Application Data\Skype
2010-08-07 21:00 . 2009-11-29 23:10 -------- d-----w- c:\documents and settings\Daniel Schneider\Application Data\skypePM
2010-08-07 18:27 . 2009-11-29 22:51 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-08-06 20:20 . 2009-01-31 19:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-04 13:29 . 2005-02-23 20:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-04 13:28 . 2007-01-07 04:19 -------- d-----w- c:\documents and settings\Daniel Schneider\Application Data\Lionhead Studios
2010-08-04 13:26 . 2005-05-20 22:48 -------- d-----w- c:\program files\Quicken
2010-07-28 23:12 . 2005-10-15 01:40 -------- d-----w- c:\program files\EA GAMES
2010-06-14 14:31 . 2005-02-23 20:09 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-11 08:51 . 2008-08-25 04:08 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-23 19:00 . 2010-02-23 19:00 318904 ----a-w- c:\program files\wmpfirefoxplugin.exe
2009-11-29 23:03 . 2009-11-29 23:03 2025768 ----a-w- c:\program files\SkypeSetup.exe
2008-12-28 00:01 . 2006-10-08 18:53 302928 ----a-w- c:\program files\dxwebsetup.exe
2008-12-27 23:56 . 2008-12-27 23:54 27288880 ----a-w- c:\program files\QuickTimeInstaller.exe
2008-10-13 16:18 . 2008-10-13 16:18 12580696 ----a-w- c:\program files\mm20enu.exe
2008-02-10 20:54 . 2008-02-10 20:51 28868320 ----a-w- c:\program files\FileFormatConverters.exe
2007-12-06 18:39 . 2007-12-06 18:38 6820520 ----a-w- c:\program files\FirefoxGoogleToolbarSetup.exe
2007-11-18 07:12 . 2007-11-18 07:12 13532808 ----a-w- c:\program files\NBCDirectInstaller.exe
2007-10-14 21:09 . 2007-10-14 21:06 1473748992 ----a-w- c:\program files\CoD4MWDemoSetup.exe
2007-04-11 20:54 . 2007-04-11 20:54 414637 ----a-w- c:\program files\police-quest-in-pursuit-of-the-death-angel.zip
2007-04-11 20:53 . 2007-04-11 20:53 1049705 ----a-w- c:\program files\DOSBox-0.63-install.exe
2006-08-13 22:51 . 2006-08-13 22:50 432552 ----a-w- c:\program files\wpsetup.exe
2006-07-01 17:55 . 2006-07-01 17:55 905728 ----a-w- c:\program files\iview398.exe
2006-04-13 17:53 . 2006-04-13 17:53 2871168 ----a-w- c:\program files\setuppad.exe
2006-04-13 17:38 . 2005-10-17 01:21 36465208 ----a-w- c:\program files\iTunesSetup.exe
2005-10-17 01:31 . 2005-10-17 01:31 7739192 ----a-w- c:\program files\DivXPlay.exe
.

------- Sigcheck -------

[-] 2008-11-30 . 63999D0ABD8DABFD76A9C07F6E104868 . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[7] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2004-08-10 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856]
"EA Core"="c:\program files\Electronic Arts\EA Link\Core.exe" [2007-07-19 2887680]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\Vid.exe" [2009-07-16 5458704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 344064]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-13 61952]
"CreateCD_Reminder"="c:\windows\Sonysys\VAIO Recovery\reminder.exe" [2004-07-16 53248]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 151552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]

c:\documents and settings\Daniel Schneider\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Auto run of VideoCam Suite 1.0.lnk - c:\program files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe [2008-10-13 161160]
Belkin Wireless G USB Adapter Client Utility.lnk - c:\program files\Belkin\F5D7050v5\Belkinwcui.exe [2008-9-2 1564672]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 19:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 16:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 7.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 1:03 PM 169312]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [9/2/2008 2:57 PM 38144]
R3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\drivers\BLKWGU.sys [9/2/2008 2:58 PM 238848]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 10:03 PM 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-08-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 03:03]

2010-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 03:03]

2010-08-08 c:\windows\Tasks\WebReg psc 1600 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-11-05 22:45]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Daniel Schneider\Application Data\Mozilla\Firefox\Profiles\5a10nuia.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\Daniel Schneider\Application Data\Mozilla\Firefox\Profiles\5a10nuia.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\Daniel Schneider\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\Daniel Schneider\Application Data\Mozilla\Firefox\Profiles\5a10nuia.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Daniel Schneider\Application Data\Mozilla\Firefox\Profiles\5a10nuia.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-08-08 15:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-08-08 15:33:23
ComboFix-quarantined-files.txt 2010-08-08 20:33
ComboFix2.txt 2010-08-07 18:52

Pre-Run: 12,766,650,368 bytes free
Post-Run: 12,741,279,744 bytes free

- - End Of File - - D1F3A4C9E8EC70B79A154D76C439830E

drokness

Rookie Surfer
Rookie Surfer

Posts : 105
Joined : 2008-12-02
Operating System : Windows XP

View user profile

Back to top Go down

Re: Computer is acting way funky (Antivir Solution Pro)

Post by Belahzur on Mon 09 Aug 2010, 8:41 am

Hello.
Something else just snuck in, we need to fix it.


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    FCopy::
    c:\windows\ServicePackFiles\i386\termsrv.dll | c:\windows\system32\termsrv.dll
    c:\windows\ServicePackFiles\i386\termsrv.dll | c:\windows\$NtServicePackUninstall$\termsrv.dll
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Computer is acting way funky (Antivir Solution Pro)

Post by drokness on Mon 09 Aug 2010, 10:01 am

How should/do I get rid of that AntiVir Guard alert, then? Should I just click on "Ignore"/Ok? New ComboFix log follows:



ComboFix 10-08-06.03 - Daniel Schneider 08/08/2010 17:29:48.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.496 [GMT -5:00]
Running from: c:\documents and settings\Daniel Schneider\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Daniel Schneider\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\termsrv.dll --> c:\windows\system32\termsrv.dll
c:\windows\ServicePackFiles\i386\termsrv.dll --> c:\windows\$NtServicePackUninstall$\termsrv.dll
.
((((((((((((((((((((((((( Files Created from 2010-07-08 to 2010-08-08 )))))))))))))))))))))))))))))))
.

2010-08-06 20:19 . 2010-08-06 20:19 6153352 ----a-w- C:\mbam-setup-1.46.exe
2010-08-06 19:52 . 2010-08-06 19:52 -------- d-----w- C:\_OTL
2010-07-13 20:47 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-08 00:54 . 2009-11-29 22:53 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-08-07 21:01 . 2009-11-29 23:07 -------- d-----w- c:\documents and settings\Daniel Schneider\Application Data\Skype
2010-08-07 21:00 . 2009-11-29 23:10 -------- d-----w- c:\documents and settings\Daniel Schneider\Application Data\skypePM
2010-08-07 18:27 . 2009-11-29 22:51 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-08-06 20:20 . 2009-01-31 19:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-04 13:29 . 2005-02-23 20:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-04 13:28 . 2007-01-07 04:19 -------- d-----w- c:\documents and settings\Daniel Schneider\Application Data\Lionhead Studios
2010-08-04 13:26 . 2005-05-20 22:48 -------- d-----w- c:\program files\Quicken
2010-07-28 23:12 . 2005-10-15 01:40 -------- d-----w- c:\program files\EA GAMES
2010-06-14 14:31 . 2005-02-23 20:09 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-11 08:51 . 2008-08-25 04:08 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-23 19:00 . 2010-02-23 19:00 318904 ----a-w- c:\program files\wmpfirefoxplugin.exe
2009-11-29 23:03 . 2009-11-29 23:03 2025768 ----a-w- c:\program files\SkypeSetup.exe
2008-12-28 00:01 . 2006-10-08 18:53 302928 ----a-w- c:\program files\dxwebsetup.exe
2008-12-27 23:56 . 2008-12-27 23:54 27288880 ----a-w- c:\program files\QuickTimeInstaller.exe
2008-10-13 16:18 . 2008-10-13 16:18 12580696 ----a-w- c:\program files\mm20enu.exe
2008-02-10 20:54 . 2008-02-10 20:51 28868320 ----a-w- c:\program files\FileFormatConverters.exe
2007-12-06 18:39 . 2007-12-06 18:38 6820520 ----a-w- c:\program files\FirefoxGoogleToolbarSetup.exe
2007-11-18 07:12 . 2007-11-18 07:12 13532808 ----a-w- c:\program files\NBCDirectInstaller.exe
2007-10-14 21:09 . 2007-10-14 21:06 1473748992 ----a-w- c:\program files\CoD4MWDemoSetup.exe
2007-04-11 20:54 . 2007-04-11 20:54 414637 ----a-w- c:\program files\police-quest-in-pursuit-of-the-death-angel.zip
2007-04-11 20:53 . 2007-04-11 20:53 1049705 ----a-w- c:\program files\DOSBox-0.63-install.exe
2006-08-13 22:51 . 2006-08-13 22:50 432552 ----a-w- c:\program files\wpsetup.exe
2006-07-01 17:55 . 2006-07-01 17:55 905728 ----a-w- c:\program files\iview398.exe
2006-04-13 17:53 . 2006-04-13 17:53 2871168 ----a-w- c:\program files\setuppad.exe
2006-04-13 17:38 . 2005-10-17 01:21 36465208 ----a-w- c:\program files\iTunesSetup.exe
2005-10-17 01:31 . 2005-10-17 01:31 7739192 ----a-w- c:\program files\DivXPlay.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856]
"EA Core"="c:\program files\Electronic Arts\EA Link\Core.exe" [2007-07-19 2887680]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\Vid.exe" [2009-07-16 5458704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 344064]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-13 61952]
"CreateCD_Reminder"="c:\windows\Sonysys\VAIO Recovery\reminder.exe" [2004-07-16 53248]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 151552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]

c:\documents and settings\Daniel Schneider\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Auto run of VideoCam Suite 1.0.lnk - c:\program files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe [2008-10-13 161160]
Belkin Wireless G USB Adapter Client Utility.lnk - c:\program files\Belkin\F5D7050v5\Belkinwcui.exe [2008-9-2 1564672]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 19:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 16:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 7.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 1:03 PM 169312]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [9/2/2008 2:57 PM 38144]
R3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\drivers\BLKWGU.sys [9/2/2008 2:58 PM 238848]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 10:03 PM 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-08-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 03:03]

2010-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 03:03]

2010-08-08 c:\windows\Tasks\WebReg psc 1600 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-11-05 22:45]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Daniel Schneider\Application Data\Mozilla\Firefox\Profiles\5a10nuia.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\Daniel Schneider\Application Data\Mozilla\Firefox\Profiles\5a10nuia.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\Daniel Schneider\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\Daniel Schneider\Application Data\Mozilla\Firefox\Profiles\5a10nuia.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Daniel Schneider\Application Data\Mozilla\Firefox\Profiles\5a10nuia.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-08-08 17:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(6060)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-08-08 17:58:57
ComboFix-quarantined-files.txt 2010-08-08 22:58
ComboFix2.txt 2010-08-08 20:33
ComboFix3.txt 2010-08-07 18:52

Pre-Run: 12,755,091,456 bytes free
Post-Run: 12,733,329,408 bytes free

- - End Of File - - F7CEE6E8A8A1FE5E70FC09D639EB0DF4

drokness

Rookie Surfer
Rookie Surfer

Posts : 105
Joined : 2008-12-02
Operating System : Windows XP

View user profile

Back to top Go down

Re: Computer is acting way funky (Antivir Solution Pro)

Post by Belahzur on Tue 10 Aug 2010, 11:01 am

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Computer is acting way funky (Antivir Solution Pro)

Post by drokness on Tue 10 Aug 2010, 12:39 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=032f5dea050941468a6a4eecec9ca964
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-10 01:37:01
# local_time=2010-08-09 08:37:01 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777191 100 0 32807370 32807370 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=120484
# found=1
# cleaned=1
# scan_time=4362
C:\_OTL\MovedFiles\08062010_145241\C_Documents and Settings\Daniel Schneider\Local Settings\Application Data\yqrjmxuqi\hawgtertssd.exe a variant of Win32/Kryptik.FWK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

drokness

Rookie Surfer
Rookie Surfer

Posts : 105
Joined : 2008-12-02
Operating System : Windows XP

View user profile

Back to top Go down

Re: Computer is acting way funky (Antivir Solution Pro)

Post by Belahzur on Wed 11 Aug 2010, 10:35 am

How is the machine running now?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Computer is acting way funky (Antivir Solution Pro)

Post by drokness on Wed 11 Aug 2010, 10:44 am

Smooth as a baby's a$$!!! Seriously can't thank you enough, Belahzur. You've saved my butt on numerous occasions. Is there anything else I need to do?

drokness

Rookie Surfer
Rookie Surfer

Posts : 105
Joined : 2008-12-02
Operating System : Windows XP

View user profile

Back to top Go down

Re: Computer is acting way funky (Antivir Solution Pro)

Post by Belahzur on Wed 11 Aug 2010, 11:01 am

Hello.
Yeah, just a few things last things to do now.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Adobe Reader 9.1.2
    Java(TM) 6 Update 11

Updating Java:

  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 21.
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u21-windows-i586.exe that you downloaded to install the newest version.

Then download and install Adobe Reader 9.3.3

Also, your Firefox needs updating.

Please download Firefox 3.6.8 and install it. It will install over version 3.5 you currently have installed, so you won't lose any bookmarked websites.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Computer is acting way funky (Antivir Solution Pro)

Post by Sponsored content Today at 7:45 am


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum