Antivirus IS

View previous topic View next topic Go down

Antivirus IS

Post by SASSY_Nc on Sun 03 Oct 2010, 1:11 am

I have gotten Antivirus IS. I have ran a scan with Malwarebytes in safe mode, but it didn't find anything. I can't connect to the internet even in safe mode. When I got Antivir Pro, at least I could connect under safe mode. I'm on a laptop now. I don't have wireless internet so I'm having to move my DSL connection from one to the other. Of course, it doesn't really matter much since I can't connect to the internet on the infected computer anyway.

Help!

SASSY_Nc

Newbie Surfer
Newbie Surfer

Posts : 49
Joined : 2010-07-25
Operating System : windows 10

View user profile

Back to top Go down

Re: Antivirus IS

Post by Belahzur on Sun 03 Oct 2010, 11:05 am

Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antivirus IS

Post by SASSY_Nc on Sun 03 Oct 2010, 11:32 am

Was finally able to get online under safe mode after unchecking the proxy box. Updated MBAM, ran a quick scan, and it found several files. After removing them, MBAM advised to reset my computer. When it came back up, all seems well. I'm running a full scan now. Do you still want me to download OTL?

SASSY_Nc

Newbie Surfer
Newbie Surfer

Posts : 49
Joined : 2010-07-25
Operating System : windows 10

View user profile

Back to top Go down

Re: Antivirus IS

Post by Belahzur on Mon 04 Oct 2010, 10:06 am

Yes please.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antivirus IS

Post by SASSY_Nc on Tue 05 Oct 2010, 9:42 pm

Please don't close this topic yet. It'll be tomorrow at least before I can get back in here to download the program and post the log.

SASSY_Nc

Newbie Surfer
Newbie Surfer

Posts : 49
Joined : 2010-07-25
Operating System : windows 10

View user profile

Back to top Go down

Re: Antivirus IS

Post by Belahzur on Wed 06 Oct 2010, 7:57 am

I don't close topics, no worries.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antivirus IS

Post by SASSY_Nc on Sun 10 Oct 2010, 12:53 am

OTL Extras logfile created on: 10/9/2010 9:45:27 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Stephan and Melesia\Desktop\Computer Tools
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 150.00 Mb Available Physical Memory | 30.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 53.52 Gb Free Space | 76.66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TULLY
Current User Name: Stephan and Melesia
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{32A3A4F4-B792-11D6-A78A-00B0D0160210}" = Java(TM) SE Development Kit 6 Update 21
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7078C6C2-F5A5-4A5F-86A8-CD1301CA07DF}" = Mobipocket Reader 6.1
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel(R) PROSet for Wired Connections
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-0038-0409-0000-0000000FF1CE}" = Time Zone Data Update Tool for Microsoft Office Outlook
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{AAE10BE5-F398-41C1-9AAF-A59EBF17DFDE}" = Norton Spyware Scan
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B28B351F-1232-46EA-85EF-B8EA91641033}" = Nero 7 Essentials
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1973749-F5E7-40EB-B528-F2B78685B9FF}" = essvcpt
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1E906E7-1120-428D-A124-4938C306427E}" = Palm Desktop
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3" = Polar Bowler
"4 Elements" = 4 Elements (remove only)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"avast5" = avast! Free Antivirus
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"D1A6F3FD-7B40-443F-8767-BADB25A0D222" = Blasterball 2
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ESPNMotion" = ESPNMotion
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSMONEYV60" = Microsoft Money 98
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Norton Spyware Scan provided by Yahoo!" = Norton Spyware Scan provided by Yahoo!
"PROSet" = Intel(R) PRO Network Connections Drivers
"Puzzle Collection" = Microsoft Entertainment Pack: The Puzzle Collection
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent CDA" = WildTangent Web Driver
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works" = Microsoft Works 4.5
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/25/2009 9:58:03 AM | Computer Name = TULLY | Source = avast! | ID = 33554522
Description =

Error - 11/26/2009 9:12:47 AM | Computer Name = TULLY | Source = avast! | ID = 33554522
Description =

Error - 11/26/2009 9:27:47 AM | Computer Name = TULLY | Source = avast! | ID = 33554522
Description =

Error - 11/26/2009 9:42:47 AM | Computer Name = TULLY | Source = avast! | ID = 33554522
Description =

Error - 12/10/2009 8:14:13 PM | Computer Name = TULLY | Source = avast! | ID = 33554522
Description =

Error - 1/12/2010 8:27:31 PM | Computer Name = TULLY | Source = avast! | ID = 33554522
Description =

Error - 1/13/2010 8:25:22 AM | Computer Name = TULLY | Source = avast! | ID = 33554522
Description =

Error - 2/2/2010 8:55:21 PM | Computer Name = TULLY | Source = avast! | ID = 33554522
Description =

Error - 2/2/2010 8:55:36 PM | Computer Name = TULLY | Source = avast! | ID = 33554522
Description =

Error - 2/2/2010 8:55:39 PM | Computer Name = TULLY | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 9/10/2010 7:06:22 AM | Computer Name = TULLY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

Error - 9/10/2010 7:06:25 AM | Computer Name = TULLY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The specified server cannot perform the requested operation.

Error - 9/15/2010 8:28:05 PM | Computer Name = TULLY | Source = Application Error | ID = 1000
Description = Faulting application officelivesignin.exe, version 2.0.2313.0, faulting
module officelivesignin.exe, version 2.0.2313.0, fault address 0x00003ce4.

Error - 9/30/2010 9:04:38 AM | Computer Name = TULLY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/2/2010 7:49:43 AM | Computer Name = TULLY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The server name or address could not be resolved

Error - 10/2/2010 11:36:59 AM | Computer Name = TULLY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The server name or address could not be resolved

Error - 10/2/2010 7:35:07 PM | Computer Name = TULLY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

Error - 10/5/2010 6:51:11 AM | Computer Name = TULLY | Source = Application Error | ID = 1000
Description = Faulting application officelivesignin.exe, version 2.0.2313.0, faulting
module officelivesignin.exe, version 2.0.2313.0, fault address 0x00003ce4.

Error - 10/6/2010 7:24:40 PM | Computer Name = TULLY | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.8325.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/9/2010 9:42:01 AM | Computer Name = TULLY | Source = Application Error | ID = 1000
Description = Faulting application officelivesignin.exe, version 2.0.2313.0, faulting
module officelivesignin.exe, version 2.0.2313.0, fault address 0x00003ce4.

[ System Events ]
Error - 10/5/2010 6:08:49 AM | Computer Name = TULLY | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 10/5/2010 6:09:04 AM | Computer Name = TULLY | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 173.212.4.146,
since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
please
change the scope to include the IP address, or change the IP address to fall within
the scope.

Error - 10/5/2010 8:31:03 AM | Computer Name = TULLY | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 10/5/2010 8:31:15 AM | Computer Name = TULLY | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 173.212.4.146,
since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
please
change the scope to include the IP address, or change the IP address to fall within
the scope.

Error - 10/6/2010 6:30:09 PM | Computer Name = TULLY | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 10/6/2010 6:30:16 PM | Computer Name = TULLY | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 173.212.9.118,
since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
please
change the scope to include the IP address, or change the IP address to fall within
the scope.

Error - 10/8/2010 7:57:09 PM | Computer Name = TULLY | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 10/8/2010 7:57:22 PM | Computer Name = TULLY | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 173.212.9.118,
since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
please
change the scope to include the IP address, or change the IP address to fall within
the scope.

Error - 10/9/2010 8:44:37 AM | Computer Name = TULLY | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 10/9/2010 8:45:03 AM | Computer Name = TULLY | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 173.212.9.118,
since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
please
change the scope to include the IP address, or change the IP address to fall within
the scope.


< End of report >

SASSY_Nc

Newbie Surfer
Newbie Surfer

Posts : 49
Joined : 2010-07-25
Operating System : windows 10

View user profile

Back to top Go down

Re: Antivirus IS

Post by SASSY_Nc on Sun 10 Oct 2010, 12:53 am

OTL logfile created on: 10/9/2010 9:45:27 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Stephan and Melesia\Desktop\Computer Tools
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 150.00 Mb Available Physical Memory | 30.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 53.52 Gb Free Space | 76.66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TULLY
Current User Name: Stephan and Melesia
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/10/06 18:56:26 | 000,864,624 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/10/06 18:56:23 | 001,357,464 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/07/25 11:16:23 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stephan and Melesia\Desktop\Computer Tools\OTL.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/02 07:26:16 | 000,604,776 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/23 18:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/12/23 18:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2003/10/29 02:06:00 | 000,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe


========== Modules (SafeList) ==========

MOD - [2010/07/25 11:16:23 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stephan and Melesia\Desktop\Computer Tools\OTL.exe
MOD - [2008/09/02 07:25:10 | 000,073,728 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/10/06 18:56:23 | 001,357,464 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/11/11 10:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\urvpndrv.sys -- (urvpndrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 10:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 10:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/08/17 20:18:06 | 000,015,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/07/12 04:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/19 22:16:36 | 000,991,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/08/19 22:16:28 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/07/24 17:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/05/30 11:46:12 | 000,534,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/10 18:18:42 | 000,057,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2008/02/04 17:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/05/10 22:27:35 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/11/16 21:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/09/12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/11/17 21:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 21:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 21:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2002/06/21 07:58:00 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC 1E 27 04 87 29 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:27811

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "[You must be registered and logged in to see this link.]
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.28
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.0.685


[2009/03/06 16:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephan and Melesia\Application Data\Mozilla\Extensions
[2009/03/06 16:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephan and Melesia\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2009/02/15 10:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephan and Melesia\Application Data\Mozilla\Firefox\Profiles\8dixzyak.default\extensions
[2009/01/16 12:46:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Stephan and Melesia\Application Data\Mozilla\Firefox\Profiles\8dixzyak.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/11/28 19:38:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stephan and Melesia\Application Data\Mozilla\Firefox\Profiles\8dixzyak.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/01/11 01:09:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Stephan and Melesia\Application Data\Mozilla\Firefox\Profiles\8dixzyak.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008/10/11 10:04:22 | 000,002,371 | ---- | M] () -- C:\Documents and Settings\Stephan and Melesia\Application Data\Mozilla\Firefox\Profiles\8dixzyak.default\searchplugins\truthorfiction.xml

O1 HOSTS File: ([2010/07/25 13:24:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Oracle)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_21.dll (Oracle)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} [You must be registered and logged in to see this link.] (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [You must be registered and logged in to see this link.] (Office Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} [You must be registered and logged in to see this link.] (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} [You must be registered and logged in to see this link.] (Shutterfly Picture Upload Plugin)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} [You must be registered and logged in to see this link.] (MSN Games - Installer)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [You must be registered and logged in to see this link.] (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [You must be registered and logged in to see this link.] (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {E63543CB-2073-4AA5-874C-BC7A28248DE1} [You must be registered and logged in to see this link.] (DataManager.DataControl)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 173.212.47.47 173.212.47.46
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Stephan and Melesia\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Stephan and Melesia\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O29 - HKLM SecurityProviders - (ntoskrnl.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/09 09:17:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/09 09:41:34 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Stephan and Melesia\Desktop\SystemLook.exe
[2010/10/09 09:19:21 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/09 08:53:02 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/10/09 08:52:58 | 000,000,482 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Scan (Friday).job
[2010/10/09 08:52:55 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Scan (sunday).job
[2010/10/09 08:45:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/09 08:44:25 | 000,000,334 | -HS- | M] () -- C:\WINDOWS\tasks\Edyovcbs.job
[2010/10/09 08:44:25 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/09 08:44:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/08 20:55:35 | 005,505,024 | -H-- | M] () -- C:\Documents and Settings\Stephan and Melesia\NTUSER.DAT
[2010/10/08 20:53:56 | 000,507,308 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/10/08 20:53:56 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/08 20:53:56 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/08 20:49:12 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Stephan and Melesia\ntuser.ini
[2010/10/08 20:37:25 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\Stephan and Melesia\default.pls
[2010/10/08 20:36:01 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/09/15 20:06:16 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Stephan and Melesia\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/09/15 18:53:59 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/15 18:51:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/09 09:41:33 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Stephan and Melesia\Desktop\SystemLook.exe
[2010/10/09 09:19:21 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/20 23:02:23 | 000,047,616 | RHS- | C] () -- C:\WINDOWS\System32\rsvpcntsq.dll
[2009/11/01 19:35:38 | 000,000,091 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/08/25 14:44:03 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\A3DE2715B2.sys
[2009/04/26 10:33:34 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/01/26 18:11:48 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Stephan and Melesia.ini
[2008/09/02 07:25:26 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/02/14 22:20:30 | 000,006,022 | ---- | C] () -- C:\WINDOWS\wizards.ini
[2008/01/13 13:33:01 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/05/05 17:55:07 | 000,000,021 | ---- | C] () -- C:\WINDOWS\System32\presets.ini
[2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/03/03 16:14:57 | 000,000,889 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/10/07 13:20:31 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/08/01 23:19:22 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/07/01 22:51:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2006/05/19 18:38:12 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\B21527DEA3.sys
[2006/05/19 18:37:57 | 000,005,018 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/05/18 00:07:41 | 000,000,942 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2006/05/10 22:41:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/10 22:36:09 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/05/10 22:30:12 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/05/10 22:25:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/10 22:00:10 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 08:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/02/17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
< End of report >

SASSY_Nc

Newbie Surfer
Newbie Surfer

Posts : 49
Joined : 2010-07-25
Operating System : windows 10

View user profile

Back to top Go down

Re: Antivirus IS

Post by Belahzur on Sun 10 Oct 2010, 10:58 am

Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antivirus IS

Post by SASSY_Nc on Mon 11 Oct 2010, 1:35 am

ComboFix 10-10-09.04 - Stephan and Melesia 10/10/2010 10:15:44.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.197 [GMT -4:00]
Running from: c:\documents and settings\Stephan and Melesia\Desktop\Combo-Fix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.

((((((((((((((((((((((((( Files Created from 2010-09-10 to 2010-10-10 )))))))))))))))))))))))))))))))
.

2010-09-22 22:10 . 2010-09-22 22:10 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-02-17 5244216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-11 98304]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-10-06 864624]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-10 24576]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/10/2009 1:57 PM 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/28/2009 11:34 AM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/28/2009 11:34 AM 17744]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/12/2010 4:55 AM 1357464]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/17/2010 8:18 PM 15008]
S3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\DRIVERS\urvpndrv.sys --> c:\windows\system32\DRIVERS\urvpndrv.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-10-10 c:\windows\Tasks\Ad-Aware Scan (Friday).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 22:56]

2010-10-10 c:\windows\Tasks\Ad-Aware Scan (sunday).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 22:56]

2010-10-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 22:56]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:27811
uInternet Settings,ProxyOverride =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {E63543CB-2073-4AA5-874C-BC7A28248DE1} - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2708)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-10-10 10:33:29
ComboFix-quarantined-files.txt 2010-10-10 14:33
ComboFix2.txt 2010-07-25 17:45

Pre-Run: 57,282,732,032 bytes free
Post-Run: 57,489,547,264 bytes free

- - End Of File - - 4C9305A3EBA7045DD598F260A24D0D5D

SASSY_Nc

Newbie Surfer
Newbie Surfer

Posts : 49
Joined : 2010-07-25
Operating System : windows 10

View user profile

Back to top Go down

Re: Antivirus IS

Post by Belahzur on Mon 11 Oct 2010, 8:19 am

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    Registry::
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:27811
    uInternet Settings,ProxyOverride =
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antivirus IS

Post by SASSY_Nc on Thu 14 Oct 2010, 10:12 pm

ComboFix 10-10-09.04 - Stephan and Melesia 10/14/2010 6:55.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.222 [GMT -4:00]
Running from: c:\documents and settings\Stephan and Melesia\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Stephan and Melesia\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.

((((((((((((((((((((((((( Files Created from 2010-09-14 to 2010-10-14 )))))))))))))))))))))))))))))))
.

2010-10-13 11:02 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 11:01 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-10 14:11 . 2010-10-10 14:33 -------- d-----w- C:\Combo-Fix
2010-09-22 22:10 . 2010-09-22 22:10 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-02-17 5244216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-11 98304]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-10-06 864624]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-10 24576]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/10/2009 1:57 PM 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/28/2009 11:34 AM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/28/2009 11:34 AM 17744]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/12/2010 4:55 AM 1357464]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/17/2010 8:18 PM 15008]
S3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\DRIVERS\urvpndrv.sys --> c:\windows\system32\DRIVERS\urvpndrv.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-10-14 c:\windows\Tasks\Ad-Aware Scan (Friday).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 22:56]

2010-10-14 c:\windows\Tasks\Ad-Aware Scan (sunday).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 22:56]

2010-10-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 22:56]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {E63543CB-2073-4AA5-874C-BC7A28248DE1} - [You must be registered and logged in to see this link.]
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3536)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-10-14 07:10:40
ComboFix-quarantined-files.txt 2010-10-14 11:10
ComboFix2.txt 2010-10-10 14:33
ComboFix3.txt 2010-07-25 17:45

Pre-Run: 56,658,833,408 bytes free
Post-Run: 56,674,033,664 bytes free

- - End Of File - - 82347B94EDCA98F9BF91A074030C9E2C

SASSY_Nc

Newbie Surfer
Newbie Surfer

Posts : 49
Joined : 2010-07-25
Operating System : windows 10

View user profile

Back to top Go down

Re: Antivirus IS

Post by Belahzur on Fri 15 Oct 2010, 10:28 am

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antivirus IS

Post by SASSY_Nc on Fri 15 Oct 2010, 2:01 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=c1fbb7032ce1e44999265c7bb7fe6fcd
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2010-10-15 02:59:44
# local_time=2010-10-14 10:59:44 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 21613902 21613902 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=81529
# found=0
# cleaned=0
# scan_time=2765

SASSY_Nc

Newbie Surfer
Newbie Surfer

Posts : 49
Joined : 2010-07-25
Operating System : windows 10

View user profile

Back to top Go down

Re: Antivirus IS

Post by SASSY_Nc on Fri 15 Oct 2010, 2:04 pm

Well, I either didn't get rid of it in the first place or I have something else now. I've updated MBAM, ran a full scan, and found nothing. I can't run my virus scanner or Ad-aware. So aggravating!!

SASSY_Nc

Newbie Surfer
Newbie Surfer

Posts : 49
Joined : 2010-07-25
Operating System : windows 10

View user profile

Back to top Go down

Re: Antivirus IS

Post by Belahzur on Sat 16 Oct 2010, 9:51 am

Hello.

Download MBRCheck to your desktop.

  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antivirus IS

Post by SASSY_Nc on Sun 17 Oct 2010, 2:20 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000d

Kernel Drivers (total 141):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF8A75000 \WINDOWS\system32\KDCOM.DLL
0xF8985000 \WINDOWS\system32\BOOTVID.dll
0xF8446000 ACPI.sys
0xF8A77000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF8435000 pci.sys
0xF8575000 isapnp.sys
0xF8B3D000 pciide.sys
0xF87F5000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF8A79000 intelide.sys
0xF8585000 MountMgr.sys
0xF8416000 ftdisk.sys
0xF8A7B000 dmload.sys
0xF83F0000 dmio.sys
0xF87FD000 PartMgr.sys
0xF8595000 VolSnap.sys
0xF83D8000 atapi.sys
0xF85A5000 disk.sys
0xF85B5000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF83B8000 fltmgr.sys
0xF85C5000 Lbd.sys
0xF83A2000 DRVMCDB.SYS
0xF85D5000 PxHelp20.sys
0xF838B000 KSecDD.sys
0xF82FE000 Ntfs.sys
0xF82D1000 NDIS.sys
0xF82B7000 Mup.sys
0xF85F5000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF778B000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF7777000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF774F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF88AD000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF772B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF88B5000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF76F7000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xF76D4000 \SystemRoot\system32\DRIVERS\ks.sys
0xF75D5000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF752E000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF88BD000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7508000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF88C5000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF8605000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8AB7000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xF8615000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF8625000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7417000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xF8AB9000 \SystemRoot\system32\DRIVERS\serscan.sys
0xF8B5A000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF8635000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF8A55000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF7400000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF8645000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF8655000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF88CD000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF73EF000 \SystemRoot\system32\DRIVERS\psched.sys
0xF8665000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF88D5000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF88DD000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF73BF000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF8675000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF88E5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF88ED000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF8ABB000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF7361000 \SystemRoot\system32\DRIVERS\update.sys
0xF8A71000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF88F5000 \SystemRoot\system32\DRIVERS\btport.sys
0xF8685000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8262000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xAA5B2000 \SystemRoot\system32\drivers\sthda.sys
0xAA58E000 \SystemRoot\system32\drivers\portcls.sys
0xF86B5000 \SystemRoot\system32\drivers\drmk.sys
0xF86C5000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8AC5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF88FD000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF7BA6000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF8AC9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8C09000 \SystemRoot\System32\Drivers\Null.SYS
0xF8ACB000 \SystemRoot\System32\Drivers\Beep.SYS
0xF890D000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xF8915000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF891D000 \SystemRoot\System32\drivers\vga.sys
0xF8ACD000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8ACF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF8925000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF892D000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7B96000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA55B000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA502000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF86F5000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xAA4B4000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF8715000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAA48C000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF8A21000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xAA46A000 \SystemRoot\System32\drivers\afd.sys
0xF8725000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAA43F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAA3CF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF8745000 \SystemRoot\System32\Drivers\Fips.SYS
0xF8A25000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF8755000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xAA3A8000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF893D000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF8A29000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF8A31000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF7D51000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAA076000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8AF7000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAA13A000 \SystemRoot\System32\drivers\Dxapi.sys
0xAA19E000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8C52000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF077000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xAA4DA000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xF86E5000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xF8CC8000 \SystemRoot\System32\DLA\DLADResN.SYS
0xAA060000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xF8A2D000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xF8B0D000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xF8945000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xAA048000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xAA032000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xAA136000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9E13000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xA9B7E000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9D93000 \SystemRoot\system32\drivers\sysaudio.sys
0xA991B000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF8AF3000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xF8AF5000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xA9812000 \SystemRoot\System32\Drivers\HTTP.sys
0xA9857000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA9472000 \SystemRoot\system32\DRIVERS\srv.sys
0xAA238000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xA8BFC000 \SystemRoot\system32\drivers\kmixer.sys
0xAA026000 \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 47):
0 System Idle Process
4 System
580 C:\WINDOWS\system32\smss.exe
636 csrss.exe
660 C:\WINDOWS\system32\winlogon.exe
704 C:\WINDOWS\system32\services.exe
724 C:\WINDOWS\system32\lsass.exe
916 C:\WINDOWS\system32\svchost.exe
1004 svchost.exe
1100 C:\WINDOWS\system32\svchost.exe
1192 svchost.exe
1268 svchost.exe
1352 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
1512 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1980 C:\WINDOWS\system32\spoolsv.exe
244 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
252 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
468 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
496 svchost.exe
568 C:\WINDOWS\ehome\ehrecvr.exe
600 C:\WINDOWS\ehome\ehSched.exe
784 C:\Program Files\Java\jre6\bin\jqs.exe
968 C:\WINDOWS\system32\ctfmon.exe
1068 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1176 C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
1188 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1312 svchost.exe
1408 C:\WINDOWS\system32\svchost.exe
1532 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1688 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
2184 mcrdsvc.exe
2500 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
2508 C:\Program Files\Digital Line Detect\DLG.exe
2740 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3140 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
3240 wmiprvse.exe
3408 unsecapp.exe
3524 C:\WINDOWS\system32\dllhost.exe
3532 wmiprvse.exe
3716 C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
3848 alg.exe
4060 C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
4076 C:\WINDOWS\system32\svchost.exe
2324 C:\WINDOWS\explorer.exe
3936 C:\Program Files\Internet Explorer\iexplore.exe
3472 C:\Program Files\Internet Explorer\iexplore.exe
2992 C:\Documents and Settings\Stephan and Melesia\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS)

PhysicalDrive0 Model Number: WDCWD800JD-75MSA2, Rev: 10.01E03

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Dell MBR code detected
SHA1: 57BDF501CE769EF2720C705B6C71C893DA31574E


Done!

SASSY_Nc

Newbie Surfer
Newbie Surfer

Posts : 49
Joined : 2010-07-25
Operating System : windows 10

View user profile

Back to top Go down

Re: Antivirus IS

Post by SASSY_Nc on Sun 17 Oct 2010, 5:03 am

I have been running all of these scans in safe mode, and I was finally able to get online in normal mode. I ran the ESET online scan again. It found some things this time. Here's the log.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=c1fbb7032ce1e44999265c7bb7fe6fcd
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2010-10-15 02:59:44
# local_time=2010-10-14 10:59:44 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 21613902 21613902 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=81529
# found=0
# cleaned=0
# scan_time=2765
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=c1fbb7032ce1e44999265c7bb7fe6fcd
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-10-16 06:00:19
# local_time=2010-10-16 02:00:19 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 21753116 21753116 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=82662
# found=4
# cleaned=4
# scan_time=3984
C:\Documents and Settings\Stephan and Melesia\Application Data\Sun\Java\Deployment\cache\6.0\37\45ff07a5-5f9f52cf multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Stephan and Melesia\Local Settings\temp\pteaxoaym\qxavicsyhsn.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Stephan and Melesia\Local Settings\Temporary Internet Files\Content.IE5\NVORPXTD\video[1].exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Stephan and Melesia\Local Settings\Temporary Internet Files\Content.IE5\OT3M88QR\video[1].exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

SASSY_Nc

Newbie Surfer
Newbie Surfer

Posts : 49
Joined : 2010-07-25
Operating System : windows 10

View user profile

Back to top Go down

Re: Antivirus IS

Post by Belahzur on Sun 17 Oct 2010, 11:04 am

Hello.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.


Can you update adaware now?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antivirus IS

Post by SASSY_Nc on Mon 18 Oct 2010, 1:09 am

Yes. Adaware has been updated. I ran it and found and removed several items. One of the IT guys at work also recommended SuperAntiSpyware. When I downloaded and ran it, I was amazed at the amount of items it removed. I have now restarted my computer 3 times, and the virus hasn't come back up. I'm assuming this means that I have gotten rid of it? Or is this one of those things that can lay dormant and come back and bite you later?

SASSY_Nc

Newbie Surfer
Newbie Surfer

Posts : 49
Joined : 2010-07-25
Operating System : windows 10

View user profile

Back to top Go down

Re: Antivirus IS

Post by Belahzur on Mon 18 Oct 2010, 10:07 am

Heh, guess the proxy slipped back in, but that fixed it.

This should be fine now aslong as you keep your antivirus upto date and surf the net safely.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Antivirus IS

Post by SASSY_Nc on Mon 18 Oct 2010, 9:56 pm

Thanks for your help!

SASSY_Nc

Newbie Surfer
Newbie Surfer

Posts : 49
Joined : 2010-07-25
Operating System : windows 10

View user profile

Back to top Go down

Re: Antivirus IS

Post by Sponsored content Today at 1:11 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum