Sign in with
Sign up | Sign in
Your question

Strange Letters C:/Annoying Windows Message

Last response: in Windows Vista
Share
July 6, 2010 6:19:13 AM

I have two issues:

1) On my C: drive, it now says fvrfvrv (C:) . What is this ''fvrfvrv'' and how can I get rid of it.

2) I get an annoying Windows popup message on startup and during operation it pops on when I remove it. It says: ''Windows has blocked some startup programs. Windows blocks programs that require permission to run when Windows starts. Click to view blocked programs.'' When I click it, up comes up Windows Defender. However, on everything's ''classification'' it says ''permitted''. I would like to know why I am getting this message and how to stop it.

Thank you.
July 6, 2010 6:20:36 AM

LOL-Ignore the smiley face I inadvertently created. It is simply C: in parentheses.
m
0
l
July 9, 2010 6:28:46 AM

I wanted to add the following information that I just found out that may help solve my problem(s):

I ran my Avira anti-virus and did a scan. While I did not pick up any viruses, etc., it DID pick up a whopping 138 "hidden objects". I did not know what "hidden objects" meant so I did some checking around and it seems 'hidden objects' are system files and that some malware is in my system to have caused this result. I do regular maintenance for malware with several good pieces of software, and haven't come up with anything lately. Please reply as to what this 138 'hidden objects' results may indicate, if you have any ideas. Thanks.
m
0
l
Related resources
July 16, 2010 2:31:09 AM

Here is the log from Combofix. Let me know what you want me to do, or what this report reveals. By the way, Malwarebytes found NO infections.


ComboFix 10-07-15.01 - John 07/15/2010 22:10:17.1.1 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.1215.644 [GMT -7:00]
Running from: c:\users\John\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\John\WinAmp.exe
c:\users\John\WMP.exe

.
((((((((((((((((((((((((( Files Created from 2010-06-16 to 2010-07-16 )))))))))))))))))))))))))))))))
.

2010-07-16 05:20 . 2010-07-16 05:20 -------- d-----w- c:\users\John\AppData\Local\temp
2010-07-11 10:44 . 2010-07-11 10:59 -------- d-----w- c:\program files\RTEQ
2010-07-11 09:37 . 2010-07-11 09:37 -------- d-----w- c:\program files\Realtek AC97
2010-07-11 09:25 . 2010-07-11 09:36 319488 ----a-w- c:\windows\HideWin.exe
2010-07-09 08:49 . 2009-06-17 01:28 46592 ----a-w- c:\windows\system32\drivers\fetnd5bv.sys
2010-06-17 21:42 . 2010-06-17 21:42 -------- d-----w- c:\users\John\AppData\Roaming\JGoodies
2010-06-17 21:42 . 2010-06-17 21:42 -------- d-----w- c:\program files\JGoodies
2010-06-16 17:59 . 2010-06-16 17:59 -------- d-----w- c:\program files\Common Files\xing shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-16 04:42 . 2010-05-10 02:39 680 ----a-w- c:\users\John\AppData\Local\d3d9caps.dat
2010-07-16 04:33 . 2010-05-11 05:03 1536 ----a-w- c:\windows\system32\TrueSoft.dat
2010-07-15 06:28 . 2010-05-10 02:39 50320 ----a-w- c:\users\John\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-15 06:17 . 2010-06-05 08:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-11 09:26 . 2010-06-06 14:17 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-07-11 09:26 . 2010-06-06 14:17 -------- d-----w- c:\program files\Realtek
2010-07-10 06:08 . 2010-06-04 07:53 63488 ----a-w- c:\users\John\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-10 06:08 . 2010-06-04 07:52 117760 ----a-w- c:\users\John\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-07 03:39 . 2010-05-11 05:23 -------- d-----w- c:\users\John\AppData\Roaming\Deepnet Explorer
2010-07-06 00:16 . 2010-05-23 07:30 -------- d-----w- c:\users\John\AppData\Roaming\uTorrent
2010-07-04 07:28 . 2010-06-04 07:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-03 06:23 . 2010-05-23 08:10 439816 ----a-w- c:\users\John\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-06-30 08:39 . 2010-05-15 11:12 -------- d-----w- c:\program files\Defraggler
2010-06-24 23:38 . 2010-05-10 02:34 50320 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-19 01:23 . 2010-05-24 05:52 -------- d-----w- c:\program files\VideoLAN
2010-06-19 01:12 . 2010-05-24 01:58 -------- d-----w- c:\program files\Common Files\MAGIX Services
2010-06-17 22:18 . 2010-06-08 14:24 -------- d-----w- c:\program files\MP3 Player Setup
2010-06-16 22:04 . 2010-05-24 05:52 -------- d-----w- c:\users\John\AppData\Roaming\vlc
2010-06-16 18:00 . 2010-05-23 07:43 -------- d-----w- c:\program files\Common Files\Real
2010-06-16 17:29 . 2010-05-11 04:19 -------- d-----w- c:\program files\Yahoo!
2010-06-16 16:44 . 2010-05-23 06:19 -------- d-----w- c:\programdata\Yahoo!
2010-06-16 16:23 . 2010-05-11 05:41 228 ----a-w- c:\windows\system32\edacded0.dat
2010-06-11 01:22 . 2010-06-11 01:22 262144 ----a-w- c:\programdata\ntuser.dat
2010-06-10 08:29 . 2010-06-09 22:45 -------- d-----w- c:\program files\Audacity
2010-06-09 23:07 . 2010-05-24 01:59 -------- d-----w- c:\program files\MAGIX
2010-06-08 15:43 . 2010-06-08 14:53 -------- d-----w- c:\programdata\OPAL Network
2010-06-08 15:42 . 2010-06-08 14:53 -------- d-----w- c:\program files\Access 97 Runtime
2010-06-08 15:21 . 2010-05-21 06:43 -------- d-----w- c:\programdata\CBL-Electronics
2010-06-08 14:53 . 2010-06-08 14:53 -------- d-----w- c:\program files\Common Files\Sagekey Software
2010-06-08 13:40 . 2010-06-08 13:40 1260032 ----a-w- c:\windows\system32\msxml3.dll
2010-06-08 13:40 . 2010-06-08 13:40 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-06-08 13:40 . 2010-06-08 13:40 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-06-08 13:40 . 2010-06-08 13:40 1406464 ----a-w- c:\windows\system32\msxml6.dll
2010-06-08 13:38 . 2010-06-08 13:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-08 13:38 . 2010-06-08 13:38 2560 ----a-w- c:\windows\AppPatch\AcRes.dll
2010-06-08 13:38 . 2010-06-08 13:38 449024 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-06-08 13:38 . 2010-06-08 13:38 2143744 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-06-08 13:38 . 2010-06-08 13:38 537600 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-06-08 13:38 . 2010-06-08 13:38 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-06-08 13:38 . 2010-06-08 13:38 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-08 13:38 . 2010-06-08 13:38 1686528 ----a-w- c:\windows\system32\gameux.dll
2010-06-08 05:07 . 2010-06-08 05:07 -------- d-----w- c:\users\John\AppData\Roaming\COWON
2010-06-08 05:05 . 2010-06-08 05:05 -------- d-----w- c:\program files\JetAudio
2010-06-08 05:05 . 2010-06-08 05:05 -------- d-----w- c:\program files\Common Files\COWON
2010-06-08 05:05 . 2010-05-10 03:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-08 05:04 . 2010-06-08 05:04 -------- d-----w- c:\users\John\AppData\Roaming\InstallShield
2010-06-08 04:48 . 2010-06-08 04:47 -------- d-----w- c:\program files\MediaMonkey
2010-06-06 15:08 . 2010-06-06 15:07 -------- d--h--w- c:\program files\Temp
2010-06-06 12:35 . 2010-06-06 12:18 -------- d-----w- c:\programdata\DFX
2010-06-06 12:18 . 2010-06-06 12:18 -------- d-----w- c:\users\Guest\AppData\Roaming\Winamp
2010-06-06 12:18 . 2010-06-06 12:18 -------- d-----w- c:\users\Administrator\AppData\Roaming\Winamp
2010-06-06 12:18 . 2010-06-06 12:18 -------- d-----w- c:\program files\Common Files\DFX
2010-06-06 08:47 . 2010-05-14 14:33 -------- d-----w- c:\program files\Freecorder
2010-06-06 08:47 . 2010-05-13 10:05 -------- d-----w- c:\program files\AtomixMP3
2010-06-06 08:38 . 2010-06-06 08:38 -------- d-----w- c:\users\John\AppData\Roaming\IObit
2010-06-06 08:38 . 2010-06-04 07:43 -------- d-----w- c:\program files\IObit
2010-06-06 08:35 . 2010-06-04 07:43 -------- d-----w- c:\programdata\IObit
2010-06-05 08:38 . 2010-06-05 08:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-04 07:53 . 2010-06-04 07:53 52224 ----a-w- c:\users\John\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-04 07:52 . 2010-06-04 07:52 -------- d-----w- c:\users\John\AppData\Roaming\SUPERAntiSpyware.com
2010-06-04 07:52 . 2010-06-04 07:52 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-06-04 07:20 . 2010-06-04 07:20 -------- d-----w- c:\users\John\AppData\Roaming\Malwarebytes
2010-06-04 07:20 . 2010-06-04 07:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-04 07:20 . 2010-06-04 07:20 -------- d-----w- c:\programdata\Malwarebytes
2010-06-04 06:49 . 2010-06-04 06:49 -------- d-----w- c:\program files\Opera
2010-06-04 06:47 . 2010-06-04 06:47 -------- d-----w- c:\users\John\AppData\Roaming\Apple Computer
2010-06-01 09:01 . 2010-06-01 09:01 -------- d-----w- c:\program files\WinASO
2010-06-01 05:31 . 2010-05-10 02:42 -------- d-----w- c:\users\John\AppData\Roaming\FrostWire
2010-05-31 05:57 . 2010-05-31 05:57 -------- d-----w- c:\programdata\Soulseek
2010-05-31 05:56 . 2010-05-31 05:56 -------- d-----w- c:\program files\SoulseekNS
2010-05-30 10:04 . 2010-05-11 05:27 -------- d-----w- c:\users\John\AppData\Roaming\DAPE
2010-05-27 11:48 . 2010-05-27 11:48 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-05-27 05:57 . 2010-05-27 05:57 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-24 05:31 . 2010-05-24 05:31 5 ----a-w- c:\program files\thumbsfiles55.dat
2010-05-24 05:30 . 2010-05-24 05:30 -------- d-----w- c:\program files\Windows Media Components
2010-05-24 05:23 . 2010-05-24 02:03 -------- d-----w- c:\users\John\AppData\Roaming\MAGIX
2010-05-24 05:23 . 2010-05-24 01:59 -------- d-----w- c:\programdata\MAGIX
2010-05-24 05:19 . 2010-05-24 05:19 -------- d-----w- c:\program files\DSH Jukebox
2010-05-24 03:42 . 2010-05-24 02:00 -------- d-----w- c:\program files\Common Files\xara
2010-05-24 02:00 . 2010-05-24 02:00 -------- d-----w- c:\program files\Common Files\MAGIX Shared
2010-05-24 01:48 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-05-24 01:27 . 2010-05-24 01:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-05-24 01:27 . 2010-05-24 01:27 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-05-24 01:27 . 2010-05-24 01:27 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-24 01:27 . 2010-05-24 01:27 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-24 01:27 . 2010-05-24 01:27 24064 ----a-w- c:\windows\system32\lpk.dll
2010-05-24 01:27 . 2010-05-24 01:27 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-05-24 01:27 . 2010-05-24 01:27 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-05-24 01:27 . 2010-05-24 01:27 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2010-05-24 01:27 . 2010-05-24 01:27 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2010-05-24 01:27 . 2010-05-24 01:27 272896 ----a-w- c:\windows\system32\polstore.dll
2010-05-24 01:26 . 2010-05-24 01:26 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-05-24 01:26 . 2010-05-24 01:26 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2010-05-24 01:23 . 2010-05-24 01:23 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-05-24 01:23 . 2010-05-24 01:23 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-05-24 01:23 . 2010-05-24 01:23 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-05-24 01:23 . 2010-05-24 01:23 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-05-24 01:23 . 2010-05-24 01:23 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-05-24 01:23 . 2010-05-24 01:23 15360 ----a-w- c:\windows\system32\netevent.dll
2010-05-24 01:23 . 2010-05-24 01:23 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2006-11-22 14:58 . 2006-11-22 14:58 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFre1.dll" [2010-05-14 2515552]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2010-05-14 14:36 2515552 ----a-w- c:\program files\Freecorder\tbFre1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFre1.dll" [2010-05-14 2515552]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\tbFre1.dll" [2010-05-14 2515552]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-04 2403568]
"Google Update"="c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-05-10 136176]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VModes"="VModes AttachToDesktop" [X]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"VTTimer"="VTTimer.exe" [2006-09-15 53248]
"PCTVOICE"="pctspk.exe" [2003-01-07 176128]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-16 198160]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-12 1280344]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
backup=c:\windows\pss\FrostWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-05-10 04:33 136176 ----atw- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 18:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-02 12:32 1004136 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe

R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\system32\DRIVERS\fetnd6v.sys [2010-05-11 43520]
R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2008-10-21 548864]
S0 ViBus;ViBus;c:\windows\system32\DRIVERS\ViBus.sys [2007-03-26 16896]
S0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\DRIVERS\ViPrt.sys [2007-03-26 52224]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2010-06-12 312152]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-07-16 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-06-06 00:33]

2010-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3679291122-1366626434-4108810152-1000Core.job
- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-10 04:33]

2010-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3679291122-1366626434-4108810152-1000UA.job
- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-10 04:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
mStart Page = hxxp://www.yahoo.com
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-15 22:20
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-07-15 22:24:36
ComboFix-quarantined-files.txt 2010-07-16 05:24

Pre-Run: 298,228,224,000 bytes free
Post-Run: 298,196,508,672 bytes free

- - End Of File - - EA08E5504F0037F8D24AFC152189C815
m
0
l
July 23, 2010 2:31:14 AM

Will some kind soul PLEASE interpret my Combofiix log to give me insight into my problem or what I should do now. Thanks!
m
0
l
!