A "Combofix" log
Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: A "Combofix" log

  1. #1
    Junior Member
    Join Date
    Oct 2009
    Posts
    8

    A "Combofix" log

    Hey, I am still having having issues with the TerNA.exe virus I ran combofix and here is my log. Im hoping you can help! I am able to connect to the internet but, unable to install any programs at all once they are downloaded. Also there is certain programs on my computer that no longer run. AVG anti virus for example. Thanks!

    ComboFix 09-10-11.01 - Tyler 10/11/2009 17:21.3.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.585 [GMT -5:00]
    Running from: c:\documents and settings\Tyler\Desktop\svchost.exe.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\win32k.sys
    .
    ---- Previous Run -------
    .
    c:\windows\win32k.sys

    -- Previous Run --

    c:\windows\system32\eventlog.dll . . . is infected!!

    -- Previous Run --

    c:\windows\system32\eventlog.dll . . . is infected!!

    --------

    c:\windows\system32\eventlog.dll . . . is infected!!

    --------

    Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
    Restored copy from - c:\windows\system32\logevent.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_6TO4
    -------\Legacy_ISASDK
    -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
    -------\Service_6to4
    -------\Service_isasdk
    -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
    -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}


    ((((((((((((((((((((((((( Files Created from 2009-09-11 to 2009-10-11 )))))))))))))))))))))))))))))))
    .

    2009-10-11 22:07 . 2009-10-11 22:19 -------- d-----w- C:\svchost.exe13156s
    2009-10-11 22:00 . 2009-10-11 22:07 -------- d-----w- C:\svchost.exe
    2009-10-11 20:42 . 2009-10-11 20:51 -------- d-----w- c:\windows\BDOSCAN8
    2009-10-11 20:38 . 2009-10-11 20:38 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2009-10-11 20:38 . 2009-10-11 20:39 -------- d-----w- c:\documents and settings\Tyler\.housecall6.6
    2009-10-11 20:37 . 2009-10-11 20:37 -------- d-----w- c:\windows\Sun
    2009-10-11 20:00 . 2009-10-11 20:00 -------- d-----w- c:\program files\Microsoft
    2009-10-11 20:00 . 2009-10-11 20:00 -------- d-----w- c:\program files\Windows Live SkyDrive
    2009-10-11 19:59 . 2009-10-11 20:00 -------- d-----w- c:\program files\Windows Live
    2009-10-10 19:56 . 2009-10-10 19:56 93136 --sh--w- c:\windows\system32\TerNb.exe
    2009-10-10 00:10 . 2008-04-14 05:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
    2009-10-10 00:10 . 2009-10-10 00:10 -------- d-----w- c:\program files\Common Files\logishrd
    2009-10-07 00:46 . 1999-12-17 15:13 86016 ----a-w- c:\windows\unvise32.exe
    2009-10-07 00:46 . 2009-10-08 00:39 -------- d-----w- c:\program files\The Rosetta Stone
    2009-10-07 00:37 . 2009-10-07 00:48 -------- d-----w- C:\New Folder (2)
    2009-10-07 00:34 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
    2009-10-07 00:34 . 2008-04-14 05:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
    2009-10-07 00:04 . 2009-02-24 23:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
    2009-10-07 00:04 . 2009-10-07 00:04 -------- d-----w- c:\program files\MagicDisc
    2009-10-07 00:01 . 2009-10-07 00:01 -------- d-----w- c:\program files\MagicISO
    2009-10-06 23:57 . 2009-10-06 23:57 -------- d-----w- c:\documents and settings\Tyler\Application Data\BitZipper
    2009-10-06 23:57 . 2009-10-06 23:57 -------- d-----w- c:\program files\BitZipper
    2009-10-04 23:29 . 2009-10-10 19:41 -------- d-----w- c:\documents and settings\Tyler\Application Data\BitTorrent
    2009-10-04 23:29 . 2009-10-04 23:29 -------- d-----w- c:\program files\BitTorrent
    2009-10-03 05:18 . 2009-10-03 05:18 56 ---ha-w- c:\windows\system32\ezsidmv.dat
    2009-10-03 05:18 . 2009-10-03 05:18 -------- d-----w- c:\documents and settings\Tyler\Application Data\skypePM
    2009-10-03 02:40 . 2009-10-11 19:54 -------- d-----w- C:\$AVG8.VAULT$
    2009-10-02 02:03 . 2009-09-24 23:23 15688 ----a-w- c:\windows\system32\lsdelete.exe
    2009-10-01 04:12 . 2009-10-01 04:12 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Shareaza
    2009-09-24 20:59 . 2009-09-24 20:59 -------- d-----w- c:\program files\iPod
    2009-09-24 20:59 . 2009-09-24 20:59 -------- d-----w- c:\program files\iTunes
    2009-09-23 21:46 . 2009-09-23 21:46 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Google
    2009-09-18 03:34 . 2009-09-18 03:34 -------- d-----w- c:\program files\Common Files\Skype
    2009-09-17 22:29 . 2009-09-17 22:29 -------- d-----w- c:\documents and settings\Tyler\Application Data\GARMIN
    2009-09-17 22:29 . 2009-09-17 22:29 -------- d-----w- c:\program files\Garmin GPS Plugin
    2009-09-17 22:26 . 2009-09-17 22:26 -------- d-----w- c:\program files\DIFX
    2009-09-17 22:26 . 2009-09-17 22:26 -------- d-----w- c:\program files\Garmin
    2009-09-17 04:08 . 2009-09-17 04:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
    2009-09-16 21:57 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
    2009-09-16 02:48 . 2009-09-16 02:48 0 ----a-w- c:\windows\nsreg.dat
    2009-09-16 02:47 . 2009-09-16 02:47 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Mozilla
    2009-09-16 02:43 . 2009-08-07 00:24 209632 ----a-w- c:\windows\system32\wuweb.dll
    2009-09-16 02:43 . 2009-08-07 00:24 327896 ----a-w- c:\windows\system32\wucltui.dll
    2009-09-16 02:43 . 2009-08-07 00:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
    2009-09-16 02:43 . 2009-08-07 00:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
    2009-09-16 02:43 . 2009-08-07 00:23 575704 ----a-w- c:\windows\system32\wuapi.dll
    2009-09-16 02:43 . 2009-08-07 00:24 96480 ----a-w- c:\windows\system32\cdm.dll
    2009-09-16 02:34 . 2009-10-09 21:29 58200 ----a-w- c:\documents and settings\Tyler\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-09-16 02:34 . 2008-04-15 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
    2009-09-16 02:32 . 2008-01-23 16:50 111680 ----a-w- c:\windows\system32\BootSect.exe
    2009-09-16 02:30 . 2009-05-06 23:52 -------- d-----w- c:\windows\system32\config\systemprofile\.migoDesktop
    2009-09-16 02:30 . 2009-05-06 23:52 -------- d-----w- c:\documents and settings\Default User\.migoDesktop
    2009-09-16 02:28 . 2008-04-15 04:00 185344 ----a-w- c:\windows\system32\Thawbrkr.dll
    2009-09-16 02:28 . 2008-04-15 04:00 10752 ----a-w- c:\windows\system32\c_iscii.dll
    2009-09-16 02:28 . 2008-04-15 04:00 5632 ----a-w- c:\windows\system32\kbdusa.dll
    2009-09-16 02:28 . 2008-04-15 04:00 6144 ----a-w- c:\windows\system32\ftlx041e.dll
    2009-09-15 23:41 . 2009-10-03 05:19 -------- d-----w- c:\documents and settings\Tyler\Application Data\Skype
    2009-09-15 23:41 . 2009-09-18 03:35 -------- d-----r- c:\program files\Skype
    2009-09-15 23:40 . 2009-09-15 23:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
    2009-09-15 22:31 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2009-09-15 22:28 . 2009-09-15 22:28 -------- d-----w- c:\program files\Lavasoft
    2009-09-15 22:28 . 2009-09-15 22:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2009-09-15 22:11 . 2009-09-15 22:11 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Yahoo
    2009-09-15 22:08 . 2009-09-15 22:08 -------- d-----w- c:\windows\system32\XPSViewer
    2009-09-15 22:08 . 2009-09-15 22:08 -------- d-----w- c:\program files\MSBuild
    2009-09-15 22:08 . 2009-09-15 22:08 -------- d-----w- c:\program files\Reference Assemblies
    2009-09-15 22:07 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2009-09-15 22:07 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
    2009-09-15 22:07 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
    2009-09-15 22:07 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
    2009-09-15 22:07 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
    2009-09-15 22:07 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
    2009-09-15 22:07 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2009-09-15 22:06 . 2009-09-15 22:06 -------- d-----w- c:\windows\system32\Adobe
    2009-09-15 21:50 . 2009-09-15 21:50 -------- d-----w- c:\documents and settings\Tyler\Application Data\OpenOffice.org
    2009-09-15 21:48 . 2009-09-15 21:48 -------- d-----w- c:\program files\JRE
    2009-09-15 21:48 . 2009-09-15 21:48 -------- d-----w- c:\program files\OpenOffice.org 3
    2009-09-15 21:09 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
    2009-09-15 21:07 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
    2009-09-15 20:58 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys
    2009-09-15 20:57 . 2008-10-03 10:02 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
    2009-09-15 20:57 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
    2009-09-15 20:57 . 2008-09-04 17:15 1106944 ------w- c:\windows\system32\dllcache\msxml3.dll
    2009-09-15 20:57 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
    2009-09-15 20:56 . 2008-05-01 14:33 331776 ------w- c:\windows\system32\dllcache\msadce.dll
    2009-09-15 20:56 . 2008-04-11 19:04 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
    2009-09-15 20:55 . 2008-05-27 17:23 765952 ------w- c:\windows\system32\dllcache\vgx.dll
    2009-09-15 20:55 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
    2009-09-15 20:55 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys
    2009-09-15 20:55 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
    2009-09-15 20:53 . 2009-09-15 20:53 -------- d-----w- c:\program files\CCleaner
    2009-09-15 20:45 . 2009-09-15 22:16 -------- d-----w- c:\documents and settings\Tyler\Application Data\Apple Computer
    2009-09-15 20:44 . 2008-04-17 18:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2009-09-15 20:44 . 2009-05-18 19:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2009-09-15 20:43 . 2009-09-15 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    2009-09-15 20:43 . 2009-09-15 20:43 -------- d-----w- c:\program files\Bonjour
    2009-09-15 20:42 . 2009-10-07 00:42 -------- d-----w- c:\program files\QuickTime
    2009-09-15 20:42 . 2009-09-15 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    2009-09-15 20:42 . 2009-09-15 22:29 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
    2009-09-15 20:42 . 2009-09-15 20:42 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Apple
    2009-09-15 20:42 . 2009-09-15 20:42 -------- d-----w- c:\program files\Apple Software Update
    2009-09-15 20:41 . 2009-09-24 20:59 -------- d-----w- c:\program files\Common Files\Apple
    2009-09-15 20:41 . 2009-09-15 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
    2009-09-15 20:38 . 2009-10-11 20:03 -------- d-----w- c:\documents and settings\Tyler\Tracing
    2009-09-15 20:36 . 2009-09-15 22:16 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Apple Computer
    2009-09-15 20:34 . 2009-10-11 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-09-15 20:34 . 2009-09-15 20:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-09-15 20:30 . 2009-09-15 20:31 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Adobe
    2009-09-15 20:30 . 2009-09-15 20:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll
    2009-09-15 20:30 . 2009-09-15 20:30 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2009-09-15 20:30 . 2009-09-15 20:30 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2009-09-15 20:30 . 2009-10-11 19:19 -------- d-----w- c:\windows\system32\drivers\Avg
    2009-09-15 20:30 . 2009-09-15 20:30 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2009-09-15 20:30 . 2009-09-15 20:30 -------- d-----w- c:\program files\AVG
    2009-09-15 20:30 . 2009-09-15 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
    2009-09-15 20:29 . 2009-09-15 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
    2009-09-15 20:29 . 2009-09-15 20:29 -------- d-----w- c:\program files\Yahoo!
    2009-09-15 20:29 . 2009-09-15 20:29 -------- d-----w- c:\program files\Common Files\Windows Live
    2009-09-15 20:20 . 2009-09-15 20:20 -------- d-----w- c:\program files\Trend Micro
    2009-09-15 20:20 . 2009-09-15 20:20 -------- d-----w- c:\documents and settings\Tyler\Application Data\AVG8
    2009-09-15 18:49 . 2009-09-15 18:50 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-09-16 02:34 . 2009-09-16 02:34 1720 --sha-r- c:\windows\system32\drivers\103C_HP_NTBK_HP Mini 110-1000_YN_0U_QCNU92663L4_E518238002_46_I308F_SHP_VKBC Version 02.0B_B308F0 Ver. F.07_T090618_WXH3_L409_M1016_J160_7Intel_8Atom N270_91.6_#090915_N14E44315_()_XMOBILE_CN10_Z.MRK
    2009-09-16 02:27 . 2009-05-06 23:39 -------- d-----w- c:\program files\HPQ
    2009-09-15 21:53 . 2009-05-06 23:35 -------- d-----w- c:\program files\Common Files\Adobe
    2009-09-15 21:43 . 2009-05-06 23:34 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-09-15 19:11 . 2009-05-06 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
    2009-09-15 19:08 . 2009-05-06 23:22 -------- d-----w- c:\program files\Common Files\InstallShield
    2009-09-15 19:02 . 2009-05-06 23:29 -------- d-----w- c:\program files\Microsoft Works
    2009-09-15 18:57 . 2009-05-06 23:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-08-07 00:24 . 2008-04-15 12:00 35552 ----a-w- c:\windows\system32\wups.dll
    2009-08-07 00:24 . 2007-07-31 18:19 44768 ----a-w- c:\windows\system32\wups2.dll
    2009-08-07 00:23 . 2008-10-16 19:07 215920 ----a-w- c:\windows\system32\muweb.dll
    2009-08-05 09:01 . 2008-04-15 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
    2009-07-29 04:37 . 2008-04-15 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
    2009-07-29 04:37 . 2008-04-15 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
    2009-07-26 21:44 . 2009-07-26 21:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
    2009-07-21 06:52 . 2009-07-21 06:52 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2009-07-21 06:52 . 2009-07-21 06:52 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2009-07-17 19:01 . 2008-04-15 12:00 58880 ----a-w- c:\windows\system32\atl.dll
    2009-07-14 04:43 . 2006-10-19 20:47 286208 ----a-w- c:\windows\system32\wmpdxm.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-09-15 20:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^Documents and Settings^Tyler^Start Menu^Programs^Startup^MagicDisc.lnk]
    path=c:\documents and settings\Tyler\Start Menu\Programs\Startup\MagicDisc.lnk
    backup=c:\windows\pss\MagicDisc.lnkStartup

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/15/2009 5:31 PM 64160]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/15/2009 3:30 PM 335240]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/15/2009 3:30 PM 108552]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/15/2009 3:30 PM 297752]
    R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [5/6/2009 6:23 PM 113664]
    S0 SahdIa32;HDD Filter Driver;c:\windows\system32\Drivers\SahdIa32.sys --> c:\windows\system32\Drivers\SahdIa32.sys [?]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 9:49 AM 1028432]
    S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/2/2009 4:03 PM 38912]
    S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [5/6/2009 6:23 PM 160256]
    S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
    S4 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-10-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 23:23]

    2009-10-01 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    FF - ProfilePath - c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\ocewgxd1.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - component: c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\ocewgxd1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
    FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true.
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-10-11 17:26
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Norton Internet Security]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(3888)
    c:\windows\system32\WININET.dll
    c:\program files\iTunes\iTunesMiniPlayer.dll
    c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
    c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\IDT\WDM\stacsv.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\progra~1\AVG\AVG8\avgrsx.exe
    c:\progra~1\AVG\AVG8\avgnsx.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2009-10-11 17:30 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-10-11 22:29

    Pre-Run: 142,379,425,792 bytes free
    Post-Run: 142,343,421,952 bytes free

    287 --- E O F --- 2009-09-15 22:15

  2. #2
    Junior Member
    Join Date
    Oct 2009
    Posts
    8
    Did I place this in the wrong part of the forum????

  3. #3
    Junior Member
    Join Date
    Oct 2009
    Posts
    8
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:22:16 PM, on 10/11/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\idt\wdm\STacSV.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Documents and Settings\Tyler\My Documents\Downloads\HijackThis(3).exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1253047724703
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\wdm\STacSV.exe

    --
    End of file - 4525 bytes

  4. #4
    Senior Member t34b4g5's Avatar
    Join Date
    Sep 2003
    Location
    Australia.
    Posts
    2,391
    Moved from [ General Chit Chat ]

  5. #5
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Hi there,

    Could you run an online scan for me?

    www.activescan.com
    Run the full scan and post the results.
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  6. #6
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,188
    Some malware blocks executables based on filename. You might try changing the filename, and try to run it again.
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  7. #7
    Junior Member
    Join Date
    Oct 2009
    Posts
    8
    When I get home today, I will run that scan and post the results thanks alot for your interest.

  8. #8
    Junior Member
    Join Date
    Oct 2009
    Posts
    8
    here is the scan log ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2009-10-12 20:01:46
    PROTECTIONS: 1
    MALWARE: 3
    SUSPECTS: 0
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    AVG Anti-Virus Free 8.5 Yes Yes
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler\Cookies\tyler@atdmt[2].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler\Cookies\tyler@ad.yieldmanager[1].txt
    02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{E0F24961-02F2-45C4-9A86-797FFEC8BF9E}\RP1\A0000338.sys
    02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{E0F24961-02F2-45C4-9A86-797FFEC8BF9E}\RP1\A0000443.sys
    02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{E0F24961-02F2-45C4-9A86-797FFEC8BF9E}\RP1\A0000238.sys
    ;===================================================================================================================================================================================
    SUSPECTS
    Sent Location
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
    VULNERABILITIES
    Id Severity Description
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================

  9. #9
    Junior Member
    Join Date
    Oct 2009
    Posts
    8
    Panda claims I have the Booto.C virus?

  10. #10
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    OK , they are all sitting in your System Restore folder.

    Can you turn off system restore , restart the computer and then turn it back on the clean that folder.

    the others are just cookies.

    My suggestions would be to get a decent AV, im not a FAN of avg and possibly put on some anti spyware such as spybot search and destroy ...

    Keep windows updated.

    Let us know if you need more help.
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

Similar Threads

  1. A Detailed Malware Removal Guide
    By CyberB0b in forum The Security Tutorials Forum
    Replies: 20
    Last Post: August 15th, 2008, 11:07 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •