|
-
October 11th, 2009, 11:51 PM
#1
Junior Member
A "Combofix" log
Hey, I am still having having issues with the TerNA.exe virus I ran combofix and here is my log. Im hoping you can help! I am able to connect to the internet but, unable to install any programs at all once they are downloaded. Also there is certain programs on my computer that no longer run. AVG anti virus for example. Thanks!
ComboFix 09-10-11.01 - Tyler 10/11/2009 17:21.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.585 [GMT -5:00]
Running from: c:\documents and settings\Tyler\Desktop\svchost.exe.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\win32k.sys
.
---- Previous Run -------
.
c:\windows\win32k.sys
-- Previous Run --
c:\windows\system32\eventlog.dll . . . is infected!!
-- Previous Run --
c:\windows\system32\eventlog.dll . . . is infected!!
--------
c:\windows\system32\eventlog.dll . . . is infected!!
--------
Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\system32\logevent.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_6TO4
-------\Legacy_ISASDK
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Service_6to4
-------\Service_isasdk
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
((((((((((((((((((((((((( Files Created from 2009-09-11 to 2009-10-11 )))))))))))))))))))))))))))))))
.
2009-10-11 22:07 . 2009-10-11 22:19 -------- d-----w- C:\svchost.exe13156s
2009-10-11 22:00 . 2009-10-11 22:07 -------- d-----w- C:\svchost.exe
2009-10-11 20:42 . 2009-10-11 20:51 -------- d-----w- c:\windows\BDOSCAN8
2009-10-11 20:38 . 2009-10-11 20:38 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-10-11 20:38 . 2009-10-11 20:39 -------- d-----w- c:\documents and settings\Tyler\.housecall6.6
2009-10-11 20:37 . 2009-10-11 20:37 -------- d-----w- c:\windows\Sun
2009-10-11 20:00 . 2009-10-11 20:00 -------- d-----w- c:\program files\Microsoft
2009-10-11 20:00 . 2009-10-11 20:00 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-11 19:59 . 2009-10-11 20:00 -------- d-----w- c:\program files\Windows Live
2009-10-10 19:56 . 2009-10-10 19:56 93136 --sh--w- c:\windows\system32\TerNb.exe
2009-10-10 00:10 . 2008-04-14 05:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-10-10 00:10 . 2009-10-10 00:10 -------- d-----w- c:\program files\Common Files\logishrd
2009-10-07 00:46 . 1999-12-17 15:13 86016 ----a-w- c:\windows\unvise32.exe
2009-10-07 00:46 . 2009-10-08 00:39 -------- d-----w- c:\program files\The Rosetta Stone
2009-10-07 00:37 . 2009-10-07 00:48 -------- d-----w- C:\New Folder (2)
2009-10-07 00:34 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-10-07 00:34 . 2008-04-14 05:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-10-07 00:04 . 2009-02-24 23:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2009-10-07 00:04 . 2009-10-07 00:04 -------- d-----w- c:\program files\MagicDisc
2009-10-07 00:01 . 2009-10-07 00:01 -------- d-----w- c:\program files\MagicISO
2009-10-06 23:57 . 2009-10-06 23:57 -------- d-----w- c:\documents and settings\Tyler\Application Data\BitZipper
2009-10-06 23:57 . 2009-10-06 23:57 -------- d-----w- c:\program files\BitZipper
2009-10-04 23:29 . 2009-10-10 19:41 -------- d-----w- c:\documents and settings\Tyler\Application Data\BitTorrent
2009-10-04 23:29 . 2009-10-04 23:29 -------- d-----w- c:\program files\BitTorrent
2009-10-03 05:18 . 2009-10-03 05:18 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-03 05:18 . 2009-10-03 05:18 -------- d-----w- c:\documents and settings\Tyler\Application Data\skypePM
2009-10-03 02:40 . 2009-10-11 19:54 -------- d-----w- C:\$AVG8.VAULT$
2009-10-02 02:03 . 2009-09-24 23:23 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-01 04:12 . 2009-10-01 04:12 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Shareaza
2009-09-24 20:59 . 2009-09-24 20:59 -------- d-----w- c:\program files\iPod
2009-09-24 20:59 . 2009-09-24 20:59 -------- d-----w- c:\program files\iTunes
2009-09-23 21:46 . 2009-09-23 21:46 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Google
2009-09-18 03:34 . 2009-09-18 03:34 -------- d-----w- c:\program files\Common Files\Skype
2009-09-17 22:29 . 2009-09-17 22:29 -------- d-----w- c:\documents and settings\Tyler\Application Data\GARMIN
2009-09-17 22:29 . 2009-09-17 22:29 -------- d-----w- c:\program files\Garmin GPS Plugin
2009-09-17 22:26 . 2009-09-17 22:26 -------- d-----w- c:\program files\DIFX
2009-09-17 22:26 . 2009-09-17 22:26 -------- d-----w- c:\program files\Garmin
2009-09-17 04:08 . 2009-09-17 04:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-09-16 21:57 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-09-16 02:48 . 2009-09-16 02:48 0 ----a-w- c:\windows\nsreg.dat
2009-09-16 02:47 . 2009-09-16 02:47 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Mozilla
2009-09-16 02:43 . 2009-08-07 00:24 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-09-16 02:43 . 2009-08-07 00:24 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-09-16 02:43 . 2009-08-07 00:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-09-16 02:43 . 2009-08-07 00:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-09-16 02:43 . 2009-08-07 00:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-09-16 02:43 . 2009-08-07 00:24 96480 ----a-w- c:\windows\system32\cdm.dll
2009-09-16 02:34 . 2009-10-09 21:29 58200 ----a-w- c:\documents and settings\Tyler\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-16 02:34 . 2008-04-15 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-09-16 02:32 . 2008-01-23 16:50 111680 ----a-w- c:\windows\system32\BootSect.exe
2009-09-16 02:30 . 2009-05-06 23:52 -------- d-----w- c:\windows\system32\config\systemprofile\.migoDesktop
2009-09-16 02:30 . 2009-05-06 23:52 -------- d-----w- c:\documents and settings\Default User\.migoDesktop
2009-09-16 02:28 . 2008-04-15 04:00 185344 ----a-w- c:\windows\system32\Thawbrkr.dll
2009-09-16 02:28 . 2008-04-15 04:00 10752 ----a-w- c:\windows\system32\c_iscii.dll
2009-09-16 02:28 . 2008-04-15 04:00 5632 ----a-w- c:\windows\system32\kbdusa.dll
2009-09-16 02:28 . 2008-04-15 04:00 6144 ----a-w- c:\windows\system32\ftlx041e.dll
2009-09-15 23:41 . 2009-10-03 05:19 -------- d-----w- c:\documents and settings\Tyler\Application Data\Skype
2009-09-15 23:41 . 2009-09-18 03:35 -------- d-----r- c:\program files\Skype
2009-09-15 23:40 . 2009-09-15 23:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-15 22:31 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-15 22:28 . 2009-09-15 22:28 -------- d-----w- c:\program files\Lavasoft
2009-09-15 22:28 . 2009-09-15 22:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-15 22:11 . 2009-09-15 22:11 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Yahoo
2009-09-15 22:08 . 2009-09-15 22:08 -------- d-----w- c:\windows\system32\XPSViewer
2009-09-15 22:08 . 2009-09-15 22:08 -------- d-----w- c:\program files\MSBuild
2009-09-15 22:08 . 2009-09-15 22:08 -------- d-----w- c:\program files\Reference Assemblies
2009-09-15 22:07 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-09-15 22:07 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-09-15 22:07 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-09-15 22:07 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-09-15 22:07 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-09-15 22:07 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-09-15 22:07 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-09-15 22:06 . 2009-09-15 22:06 -------- d-----w- c:\windows\system32\Adobe
2009-09-15 21:50 . 2009-09-15 21:50 -------- d-----w- c:\documents and settings\Tyler\Application Data\OpenOffice.org
2009-09-15 21:48 . 2009-09-15 21:48 -------- d-----w- c:\program files\JRE
2009-09-15 21:48 . 2009-09-15 21:48 -------- d-----w- c:\program files\OpenOffice.org 3
2009-09-15 21:09 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-15 21:07 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-09-15 20:58 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys
2009-09-15 20:57 . 2008-10-03 10:02 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2009-09-15 20:57 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-09-15 20:57 . 2008-09-04 17:15 1106944 ------w- c:\windows\system32\dllcache\msxml3.dll
2009-09-15 20:57 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-09-15 20:56 . 2008-05-01 14:33 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2009-09-15 20:56 . 2008-04-11 19:04 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-09-15 20:55 . 2008-05-27 17:23 765952 ------w- c:\windows\system32\dllcache\vgx.dll
2009-09-15 20:55 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-09-15 20:55 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2009-09-15 20:55 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2009-09-15 20:53 . 2009-09-15 20:53 -------- d-----w- c:\program files\CCleaner
2009-09-15 20:45 . 2009-09-15 22:16 -------- d-----w- c:\documents and settings\Tyler\Application Data\Apple Computer
2009-09-15 20:44 . 2008-04-17 18:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-09-15 20:44 . 2009-05-18 19:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-15 20:43 . 2009-09-15 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-15 20:43 . 2009-09-15 20:43 -------- d-----w- c:\program files\Bonjour
2009-09-15 20:42 . 2009-10-07 00:42 -------- d-----w- c:\program files\QuickTime
2009-09-15 20:42 . 2009-09-15 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-15 20:42 . 2009-09-15 22:29 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-15 20:42 . 2009-09-15 20:42 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Apple
2009-09-15 20:42 . 2009-09-15 20:42 -------- d-----w- c:\program files\Apple Software Update
2009-09-15 20:41 . 2009-09-24 20:59 -------- d-----w- c:\program files\Common Files\Apple
2009-09-15 20:41 . 2009-09-15 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-09-15 20:38 . 2009-10-11 20:03 -------- d-----w- c:\documents and settings\Tyler\Tracing
2009-09-15 20:36 . 2009-09-15 22:16 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Apple Computer
2009-09-15 20:34 . 2009-10-11 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-15 20:34 . 2009-09-15 20:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-15 20:30 . 2009-09-15 20:31 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Adobe
2009-09-15 20:30 . 2009-09-15 20:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-15 20:30 . 2009-09-15 20:30 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-15 20:30 . 2009-09-15 20:30 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-15 20:30 . 2009-10-11 19:19 -------- d-----w- c:\windows\system32\drivers\Avg
2009-09-15 20:30 . 2009-09-15 20:30 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-15 20:30 . 2009-09-15 20:30 -------- d-----w- c:\program files\AVG
2009-09-15 20:30 . 2009-09-15 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-15 20:29 . 2009-09-15 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-09-15 20:29 . 2009-09-15 20:29 -------- d-----w- c:\program files\Yahoo!
2009-09-15 20:29 . 2009-09-15 20:29 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-15 20:20 . 2009-09-15 20:20 -------- d-----w- c:\program files\Trend Micro
2009-09-15 20:20 . 2009-09-15 20:20 -------- d-----w- c:\documents and settings\Tyler\Application Data\AVG8
2009-09-15 18:49 . 2009-09-15 18:50 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-16 02:34 . 2009-09-16 02:34 1720 --sha-r- c:\windows\system32\drivers\103C_HP_NTBK_HP Mini 110-1000_YN_0U_QCNU92663L4_E518238002_46_I308F_SHP_VKBC Version 02.0B_B308F0 Ver. F.07_T090618_WXH3_L409_M1016_J160_7Intel_8Atom N270_91.6_#090915_N14E44315_()_XMOBILE_CN10_Z.MRK
2009-09-16 02:27 . 2009-05-06 23:39 -------- d-----w- c:\program files\HPQ
2009-09-15 21:53 . 2009-05-06 23:35 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-15 21:43 . 2009-05-06 23:34 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-15 19:11 . 2009-05-06 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-09-15 19:08 . 2009-05-06 23:22 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-15 19:02 . 2009-05-06 23:29 -------- d-----w- c:\program files\Microsoft Works
2009-09-15 18:57 . 2009-05-06 23:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-07 00:24 . 2008-04-15 12:00 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2007-07-31 18:19 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:23 . 2008-10-16 19:07 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:01 . 2008-04-15 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2008-04-15 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2008-04-15 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-26 21:44 . 2009-07-26 21:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-21 06:52 . 2009-07-21 06:52 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-21 06:52 . 2009-07-21 06:52 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-17 19:01 . 2008-04-15 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 04:43 . 2006-10-19 20:47 286208 ----a-w- c:\windows\system32\wmpdxm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-15 20:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^Tyler^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Tyler\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/15/2009 5:31 PM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/15/2009 3:30 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/15/2009 3:30 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/15/2009 3:30 PM 297752]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [5/6/2009 6:23 PM 113664]
S0 SahdIa32;HDD Filter Driver;c:\windows\system32\Drivers\SahdIa32.sys --> c:\windows\system32\Drivers\SahdIa32.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 9:49 AM 1028432]
S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/2/2009 4:03 PM 38912]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [5/6/2009 6:23 PM 160256]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S4 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
.
Contents of the 'Scheduled Tasks' folder
2009-10-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 23:23]
2009-10-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
FF - ProfilePath - c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\ocewgxd1.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\ocewgxd1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-11 17:26
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3888)
c:\windows\system32\WININET.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\IDT\WDM\stacsv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-10-11 17:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-11 22:29
Pre-Run: 142,379,425,792 bytes free
Post-Run: 142,343,421,952 bytes free
287 --- E O F --- 2009-09-15 22:15
Similar Threads
-
By CyberB0b in forum The Security Tutorials Forum
Replies: 20
Last Post: August 15th, 2008, 11:07 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote