-
October 11th, 2009, 11:51 PM
#1
Junior Member
A "Combofix" log
Hey, I am still having having issues with the TerNA.exe virus I ran combofix and here is my log. Im hoping you can help! I am able to connect to the internet but, unable to install any programs at all once they are downloaded. Also there is certain programs on my computer that no longer run. AVG anti virus for example. Thanks!
ComboFix 09-10-11.01 - Tyler 10/11/2009 17:21.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.585 [GMT -5:00]
Running from: c:\documents and settings\Tyler\Desktop\svchost.exe.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\win32k.sys
.
---- Previous Run -------
.
c:\windows\win32k.sys
-- Previous Run --
c:\windows\system32\eventlog.dll . . . is infected!!
-- Previous Run --
c:\windows\system32\eventlog.dll . . . is infected!!
--------
c:\windows\system32\eventlog.dll . . . is infected!!
--------
Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\system32\logevent.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_6TO4
-------\Legacy_ISASDK
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Service_6to4
-------\Service_isasdk
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
((((((((((((((((((((((((( Files Created from 2009-09-11 to 2009-10-11 )))))))))))))))))))))))))))))))
.
2009-10-11 22:07 . 2009-10-11 22:19 -------- d-----w- C:\svchost.exe13156s
2009-10-11 22:00 . 2009-10-11 22:07 -------- d-----w- C:\svchost.exe
2009-10-11 20:42 . 2009-10-11 20:51 -------- d-----w- c:\windows\BDOSCAN8
2009-10-11 20:38 . 2009-10-11 20:38 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-10-11 20:38 . 2009-10-11 20:39 -------- d-----w- c:\documents and settings\Tyler\.housecall6.6
2009-10-11 20:37 . 2009-10-11 20:37 -------- d-----w- c:\windows\Sun
2009-10-11 20:00 . 2009-10-11 20:00 -------- d-----w- c:\program files\Microsoft
2009-10-11 20:00 . 2009-10-11 20:00 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-11 19:59 . 2009-10-11 20:00 -------- d-----w- c:\program files\Windows Live
2009-10-10 19:56 . 2009-10-10 19:56 93136 --sh--w- c:\windows\system32\TerNb.exe
2009-10-10 00:10 . 2008-04-14 05:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-10-10 00:10 . 2009-10-10 00:10 -------- d-----w- c:\program files\Common Files\logishrd
2009-10-07 00:46 . 1999-12-17 15:13 86016 ----a-w- c:\windows\unvise32.exe
2009-10-07 00:46 . 2009-10-08 00:39 -------- d-----w- c:\program files\The Rosetta Stone
2009-10-07 00:37 . 2009-10-07 00:48 -------- d-----w- C:\New Folder (2)
2009-10-07 00:34 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-10-07 00:34 . 2008-04-14 05:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-10-07 00:04 . 2009-02-24 23:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2009-10-07 00:04 . 2009-10-07 00:04 -------- d-----w- c:\program files\MagicDisc
2009-10-07 00:01 . 2009-10-07 00:01 -------- d-----w- c:\program files\MagicISO
2009-10-06 23:57 . 2009-10-06 23:57 -------- d-----w- c:\documents and settings\Tyler\Application Data\BitZipper
2009-10-06 23:57 . 2009-10-06 23:57 -------- d-----w- c:\program files\BitZipper
2009-10-04 23:29 . 2009-10-10 19:41 -------- d-----w- c:\documents and settings\Tyler\Application Data\BitTorrent
2009-10-04 23:29 . 2009-10-04 23:29 -------- d-----w- c:\program files\BitTorrent
2009-10-03 05:18 . 2009-10-03 05:18 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-03 05:18 . 2009-10-03 05:18 -------- d-----w- c:\documents and settings\Tyler\Application Data\skypePM
2009-10-03 02:40 . 2009-10-11 19:54 -------- d-----w- C:\$AVG8.VAULT$
2009-10-02 02:03 . 2009-09-24 23:23 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-01 04:12 . 2009-10-01 04:12 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Shareaza
2009-09-24 20:59 . 2009-09-24 20:59 -------- d-----w- c:\program files\iPod
2009-09-24 20:59 . 2009-09-24 20:59 -------- d-----w- c:\program files\iTunes
2009-09-23 21:46 . 2009-09-23 21:46 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Google
2009-09-18 03:34 . 2009-09-18 03:34 -------- d-----w- c:\program files\Common Files\Skype
2009-09-17 22:29 . 2009-09-17 22:29 -------- d-----w- c:\documents and settings\Tyler\Application Data\GARMIN
2009-09-17 22:29 . 2009-09-17 22:29 -------- d-----w- c:\program files\Garmin GPS Plugin
2009-09-17 22:26 . 2009-09-17 22:26 -------- d-----w- c:\program files\DIFX
2009-09-17 22:26 . 2009-09-17 22:26 -------- d-----w- c:\program files\Garmin
2009-09-17 04:08 . 2009-09-17 04:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-09-16 21:57 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-09-16 02:48 . 2009-09-16 02:48 0 ----a-w- c:\windows\nsreg.dat
2009-09-16 02:47 . 2009-09-16 02:47 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Mozilla
2009-09-16 02:43 . 2009-08-07 00:24 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-09-16 02:43 . 2009-08-07 00:24 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-09-16 02:43 . 2009-08-07 00:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-09-16 02:43 . 2009-08-07 00:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-09-16 02:43 . 2009-08-07 00:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-09-16 02:43 . 2009-08-07 00:24 96480 ----a-w- c:\windows\system32\cdm.dll
2009-09-16 02:34 . 2009-10-09 21:29 58200 ----a-w- c:\documents and settings\Tyler\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-16 02:34 . 2008-04-15 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-09-16 02:32 . 2008-01-23 16:50 111680 ----a-w- c:\windows\system32\BootSect.exe
2009-09-16 02:30 . 2009-05-06 23:52 -------- d-----w- c:\windows\system32\config\systemprofile\.migoDesktop
2009-09-16 02:30 . 2009-05-06 23:52 -------- d-----w- c:\documents and settings\Default User\.migoDesktop
2009-09-16 02:28 . 2008-04-15 04:00 185344 ----a-w- c:\windows\system32\Thawbrkr.dll
2009-09-16 02:28 . 2008-04-15 04:00 10752 ----a-w- c:\windows\system32\c_iscii.dll
2009-09-16 02:28 . 2008-04-15 04:00 5632 ----a-w- c:\windows\system32\kbdusa.dll
2009-09-16 02:28 . 2008-04-15 04:00 6144 ----a-w- c:\windows\system32\ftlx041e.dll
2009-09-15 23:41 . 2009-10-03 05:19 -------- d-----w- c:\documents and settings\Tyler\Application Data\Skype
2009-09-15 23:41 . 2009-09-18 03:35 -------- d-----r- c:\program files\Skype
2009-09-15 23:40 . 2009-09-15 23:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-15 22:31 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-15 22:28 . 2009-09-15 22:28 -------- d-----w- c:\program files\Lavasoft
2009-09-15 22:28 . 2009-09-15 22:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-15 22:11 . 2009-09-15 22:11 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Yahoo
2009-09-15 22:08 . 2009-09-15 22:08 -------- d-----w- c:\windows\system32\XPSViewer
2009-09-15 22:08 . 2009-09-15 22:08 -------- d-----w- c:\program files\MSBuild
2009-09-15 22:08 . 2009-09-15 22:08 -------- d-----w- c:\program files\Reference Assemblies
2009-09-15 22:07 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-09-15 22:07 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-09-15 22:07 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-09-15 22:07 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-09-15 22:07 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-09-15 22:07 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-09-15 22:07 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-09-15 22:06 . 2009-09-15 22:06 -------- d-----w- c:\windows\system32\Adobe
2009-09-15 21:50 . 2009-09-15 21:50 -------- d-----w- c:\documents and settings\Tyler\Application Data\OpenOffice.org
2009-09-15 21:48 . 2009-09-15 21:48 -------- d-----w- c:\program files\JRE
2009-09-15 21:48 . 2009-09-15 21:48 -------- d-----w- c:\program files\OpenOffice.org 3
2009-09-15 21:09 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-15 21:07 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-09-15 20:58 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys
2009-09-15 20:57 . 2008-10-03 10:02 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2009-09-15 20:57 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-09-15 20:57 . 2008-09-04 17:15 1106944 ------w- c:\windows\system32\dllcache\msxml3.dll
2009-09-15 20:57 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-09-15 20:56 . 2008-05-01 14:33 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2009-09-15 20:56 . 2008-04-11 19:04 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-09-15 20:55 . 2008-05-27 17:23 765952 ------w- c:\windows\system32\dllcache\vgx.dll
2009-09-15 20:55 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-09-15 20:55 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2009-09-15 20:55 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2009-09-15 20:53 . 2009-09-15 20:53 -------- d-----w- c:\program files\CCleaner
2009-09-15 20:45 . 2009-09-15 22:16 -------- d-----w- c:\documents and settings\Tyler\Application Data\Apple Computer
2009-09-15 20:44 . 2008-04-17 18:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-09-15 20:44 . 2009-05-18 19:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-15 20:43 . 2009-09-15 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-15 20:43 . 2009-09-15 20:43 -------- d-----w- c:\program files\Bonjour
2009-09-15 20:42 . 2009-10-07 00:42 -------- d-----w- c:\program files\QuickTime
2009-09-15 20:42 . 2009-09-15 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-15 20:42 . 2009-09-15 22:29 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-15 20:42 . 2009-09-15 20:42 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Apple
2009-09-15 20:42 . 2009-09-15 20:42 -------- d-----w- c:\program files\Apple Software Update
2009-09-15 20:41 . 2009-09-24 20:59 -------- d-----w- c:\program files\Common Files\Apple
2009-09-15 20:41 . 2009-09-15 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-09-15 20:38 . 2009-10-11 20:03 -------- d-----w- c:\documents and settings\Tyler\Tracing
2009-09-15 20:36 . 2009-09-15 22:16 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Apple Computer
2009-09-15 20:34 . 2009-10-11 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-15 20:34 . 2009-09-15 20:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-15 20:30 . 2009-09-15 20:31 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Adobe
2009-09-15 20:30 . 2009-09-15 20:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-15 20:30 . 2009-09-15 20:30 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-15 20:30 . 2009-09-15 20:30 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-15 20:30 . 2009-10-11 19:19 -------- d-----w- c:\windows\system32\drivers\Avg
2009-09-15 20:30 . 2009-09-15 20:30 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-15 20:30 . 2009-09-15 20:30 -------- d-----w- c:\program files\AVG
2009-09-15 20:30 . 2009-09-15 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-15 20:29 . 2009-09-15 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-09-15 20:29 . 2009-09-15 20:29 -------- d-----w- c:\program files\Yahoo!
2009-09-15 20:29 . 2009-09-15 20:29 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-15 20:20 . 2009-09-15 20:20 -------- d-----w- c:\program files\Trend Micro
2009-09-15 20:20 . 2009-09-15 20:20 -------- d-----w- c:\documents and settings\Tyler\Application Data\AVG8
2009-09-15 18:49 . 2009-09-15 18:50 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-16 02:34 . 2009-09-16 02:34 1720 --sha-r- c:\windows\system32\drivers\103C_HP_NTBK_HP Mini 110-1000_YN_0U_QCNU92663L4_E518238002_46_I308F_SHP_VKBC Version 02.0B_B308F0 Ver. F.07_T090618_WXH3_L409_M1016_J160_7Intel_8Atom N270_91.6_#090915_N14E44315_()_XMOBILE_CN10_Z.MRK
2009-09-16 02:27 . 2009-05-06 23:39 -------- d-----w- c:\program files\HPQ
2009-09-15 21:53 . 2009-05-06 23:35 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-15 21:43 . 2009-05-06 23:34 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-15 19:11 . 2009-05-06 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-09-15 19:08 . 2009-05-06 23:22 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-15 19:02 . 2009-05-06 23:29 -------- d-----w- c:\program files\Microsoft Works
2009-09-15 18:57 . 2009-05-06 23:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-07 00:24 . 2008-04-15 12:00 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2007-07-31 18:19 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:23 . 2008-10-16 19:07 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:01 . 2008-04-15 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2008-04-15 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2008-04-15 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-26 21:44 . 2009-07-26 21:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-21 06:52 . 2009-07-21 06:52 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-21 06:52 . 2009-07-21 06:52 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-17 19:01 . 2008-04-15 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 04:43 . 2006-10-19 20:47 286208 ----a-w- c:\windows\system32\wmpdxm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-15 20:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^Tyler^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Tyler\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/15/2009 5:31 PM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/15/2009 3:30 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/15/2009 3:30 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/15/2009 3:30 PM 297752]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [5/6/2009 6:23 PM 113664]
S0 SahdIa32;HDD Filter Driver;c:\windows\system32\Drivers\SahdIa32.sys --> c:\windows\system32\Drivers\SahdIa32.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 9:49 AM 1028432]
S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/2/2009 4:03 PM 38912]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [5/6/2009 6:23 PM 160256]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S4 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
.
Contents of the 'Scheduled Tasks' folder
2009-10-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 23:23]
2009-10-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
FF - ProfilePath - c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\ocewgxd1.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\ocewgxd1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-11 17:26
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3888)
c:\windows\system32\WININET.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\IDT\WDM\stacsv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-10-11 17:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-11 22:29
Pre-Run: 142,379,425,792 bytes free
Post-Run: 142,343,421,952 bytes free
287 --- E O F --- 2009-09-15 22:15
-
October 12th, 2009, 04:52 AM
#2
Junior Member
Did I place this in the wrong part of the forum????
-
October 12th, 2009, 05:24 AM
#3
Junior Member
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:22:16 PM, on 10/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\wdm\STacSV.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Tyler\My Documents\Downloads\HijackThis(3).exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1253047724703
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\wdm\STacSV.exe
--
End of file - 4525 bytes
-
October 12th, 2009, 06:17 AM
#4
Moved from [ General Chit Chat ]
-
October 12th, 2009, 03:26 PM
#5
Hi there,
Could you run an online scan for me?
www.activescan.com
Run the full scan and post the results.
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
Albert Einstein
-
October 12th, 2009, 04:34 PM
#6
Some malware blocks executables based on filename. You might try changing the filename, and try to run it again.
\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"
-HST
-
October 12th, 2009, 06:42 PM
#7
Junior Member
When I get home today, I will run that scan and post the results thanks alot for your interest.
-
October 13th, 2009, 02:10 AM
#8
Junior Member
here is the scan log ;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-10-12 20:01:46
PROTECTIONS: 1
MALWARE: 3
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Anti-Virus Free 8.5 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler\Cookies\tyler@atdmt[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler\Cookies\tyler@ad.yieldmanager[1].txt
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{E0F24961-02F2-45C4-9A86-797FFEC8BF9E}\RP1\A0000338.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{E0F24961-02F2-45C4-9A86-797FFEC8BF9E}\RP1\A0000443.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{E0F24961-02F2-45C4-9A86-797FFEC8BF9E}\RP1\A0000238.sys
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================
-
October 13th, 2009, 02:11 AM
#9
Junior Member
Panda claims I have the Booto.C virus?
-
October 13th, 2009, 10:07 AM
#10
OK , they are all sitting in your System Restore folder.
Can you turn off system restore , restart the computer and then turn it back on the clean that folder.
the others are just cookies.
My suggestions would be to get a decent AV, im not a FAN of avg and possibly put on some anti spyware such as spybot search and destroy ...
Keep windows updated.
Let us know if you need more help.
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
Albert Einstein
Similar Threads
-
By CyberB0b in forum The Security Tutorials Forum
Replies: 20
Last Post: August 15th, 2008, 11:07 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|