WiredWX Hobby Weather ToolsLog in

 


Computer is acting way funky (Antivir Solution Pro)

2 posters

descriptionComputer is acting way funky (Antivir Solution Pro) - Page 2 EmptyRe: Computer is acting way funky (Antivir Solution Pro)

more_horiz
Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

descriptionComputer is acting way funky (Antivir Solution Pro) - Page 2 EmptyRe: Computer is acting way funky (Antivir Solution Pro)

more_horiz
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=032f5dea050941468a6a4eecec9ca964
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-10 01:37:01
# local_time=2010-08-09 08:37:01 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777191 100 0 32807370 32807370 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=120484
# found=1
# cleaned=1
# scan_time=4362
C:\_OTL\MovedFiles\08062010_145241\C_Documents and Settings\Daniel Schneider\Local Settings\Application Data\yqrjmxuqi\hawgtertssd.exe a variant of Win32/Kryptik.FWK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

descriptionComputer is acting way funky (Antivir Solution Pro) - Page 2 EmptyRe: Computer is acting way funky (Antivir Solution Pro)

more_horiz
How is the machine running now?

descriptionComputer is acting way funky (Antivir Solution Pro) - Page 2 EmptyRe: Computer is acting way funky (Antivir Solution Pro)

more_horiz
Smooth as a baby's a$$!!! Seriously can't thank you enough, Belahzur. You've saved my butt on numerous occasions. Is there anything else I need to do?

descriptionComputer is acting way funky (Antivir Solution Pro) - Page 2 EmptyRe: Computer is acting way funky (Antivir Solution Pro)

more_horiz
Hello.
Yeah, just a few things last things to do now.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Adobe Reader 9.1.2
    Java(TM) 6 Update 11

Updating Java:

  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 21.
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u21-windows-i586.exe that you downloaded to install the newest version.

Then download and install Adobe Reader 9.3.3

Also, your Firefox needs updating.

Please download Firefox 3.6.8 and install it. It will install over version 3.5 you currently have installed, so you won't lose any bookmarked websites.

descriptionComputer is acting way funky (Antivir Solution Pro) - Page 2 EmptyRe: Computer is acting way funky (Antivir Solution Pro)

more_horiz
Done and done! Anything else? Should I delete the rKill program and OTL logs from my desktop?

descriptionComputer is acting way funky (Antivir Solution Pro) - Page 2 EmptyRe: Computer is acting way funky (Antivir Solution Pro)

more_horiz
Here's my AntiVir scan log, just for good measure:





Avira AntiVir Personal
Report file date: Tuesday, August 10, 2010 20:14

Scanning for 2701388 virus strains and unwanted programs.

Licensed to: Avira AntiVir Personal - FREE Antivirus
Serial number: 0000149996-ADJIE-0000001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: WHITETUNDRA

Version information:
BUILD.DAT : 8.2.0.354 17048 Bytes 10/23/2009 13:15:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 14:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 13:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 18:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 13:58:52
ANTIVIR0.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 16:27:30
ANTIVIR1.VDF : 7.10.9.170 16733040 Bytes 7/23/2010 05:10:13
ANTIVIR2.VDF : 7.10.10.119 1761696 Bytes 8/9/2010 05:09:10
ANTIVIR3.VDF : 7.10.10.126 94720 Bytes 8/9/2010 05:09:12
Engineversion : 8.2.4.34
AEVDF.DLL : 8.1.2.1 106868 Bytes 7/30/2010 05:08:41
AESCRIPT.DLL : 8.1.3.42 1364347 Bytes 7/30/2010 05:08:39
AESCN.DLL : 8.1.6.1 127347 Bytes 5/13/2010 05:01:28
AESBX.DLL : 8.1.3.1 254324 Bytes 4/23/2010 15:40:03
AERDL.DLL : 8.1.8.2 614772 Bytes 7/21/2010 05:08:00
AEPACK.DLL : 8.2.3.5 471412 Bytes 8/7/2010 05:09:16
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 7/22/2010 05:07:52
AEHEUR.DLL : 8.1.2.11 2834805 Bytes 8/7/2010 05:09:13
AEHELP.DLL : 8.1.13.2 242039 Bytes 7/21/2010 05:07:40
AEGEN.DLL : 8.1.3.19 393587 Bytes 8/7/2010 05:09:01
AEEMU.DLL : 8.1.2.0 393588 Bytes 4/23/2010 15:40:02
AECORE.DLL : 8.1.16.2 192887 Bytes 7/21/2010 05:07:36
AEBB.DLL : 8.1.1.0 53618 Bytes 4/23/2010 15:40:00
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 14:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 15:28:01
AVREP.DLL : 8.0.0.7 159784 Bytes 2/17/2010 15:36:00
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 17:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 14:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 18:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 23:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 18:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 18:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 19:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 19:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Tuesday, August 10, 2010 20:14

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'sgbhp.exe' - '1' Module(s) have been scanned
Scan process 'sgmain.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'COCIManager.exe' - '1' Module(s) have been scanned
Scan process 'Belkinwcui.exe' - '1' Module(s) have been scanned
Scan process 'VideoCamSuiteAutoStart.exe' - '1' Module(s) have been scanned
Scan process 'ArcCon.ac' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'LWS.exe' - '1' Module(s) have been scanned
Scan process 'ACDaemon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'VAIOUpdt.exe' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'RM_SV.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'VzFw.exe' - '1' Module(s) have been scanned
Scan process 'VzCdbSvc.exe' - '1' Module(s) have been scanned
Scan process 'WXRSS.exe' - '1' Module(s) have been scanned
Scan process 'VCSW.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'SMceMan.exe' - '1' Module(s) have been scanned
Scan process 'SonicStageMonitoring.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'MediaAgent.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehRecvr.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'bgsvcgen.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'PhotoshopElementsFileAgent.exe' - '1' Module(s) have been scanned
Scan process 'ACService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
57 processes with 57 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD5
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.

Start scanning boot sectors:
Boot sector 'C:'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '66' files ).


Starting the file scan:

Begin scan in 'C:'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Daniel Schneider\Application Data\Sun\Java\Deployment\cache\6.0\13\7c6ad54d-574624c9
[0] Archive type: ZIP
--> Keyworq.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.a Java virus
--> Uutecwv.class
[DETECTION] Contains recognition pattern of the JAVA/ClassLoad.IC.1 Java virus
[NOTE] The file was deleted!
C:\Documents and Settings\Daniel Schneider\Application Data\Sun\Java\Deployment\cache\6.0\17\2d949ad1-49a56414
[0] Archive type: ZIP
--> sklif/Hieeyfc.class
[DETECTION] Contains recognition pattern of the JAVA/ClassLoade.I.1 Java virus
--> sklif/Hirwfee.class
[DETECTION] Contains recognition pattern of the JAVA/ClassLoad.IB.2 Java virus
--> sklif/Hiydcxed.class
[DETECTION] Contains recognition pattern of the JAVA/Djewers.CP Java virus
[NOTE] The file was deleted!
C:\Documents and Settings\Daniel Schneider\Application Data\Sun\Java\Deployment\cache\6.0\45\4521ff2d-7fc08d4e
[0] Archive type: ZIP
--> dev/s/DyesyasZ.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.M.2 Java virus
--> dev/s/LoaderX.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.M.1 Java virus
[NOTE] The file was deleted!


End of the scan: Tuesday, August 10, 2010 21:57
Used time: 1:42:17 Hour(s)

The scan has been done completely.

25449 Scanning directories
362187 Files were scanned
7 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
3 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
362178 Files not concerned
8377 Archives were scanned
7 Warnings
3 Notes

descriptionComputer is acting way funky (Antivir Solution Pro) - Page 2 EmptyRe: Computer is acting way funky (Antivir Solution Pro)

more_horiz
Hello.
Just your Java cache. See here for instructions on how to delete the cache.

http://www.java.com/en/download/help/plugin_cache.xml

If everything is good, then you should be free to go.

descriptionComputer is acting way funky (Antivir Solution Pro) - Page 2 EmptyRe: Computer is acting way funky (Antivir Solution Pro)

more_horiz
Thanks a million, Belahzur!

descriptionComputer is acting way funky (Antivir Solution Pro) - Page 2 EmptyRe: Computer is acting way funky (Antivir Solution Pro)

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum