Page 3 of 11 FirstFirst 1234567 ... LastLast
Results 21 to 30 of 109

Thread: Browser Hijack and Virus

  1. #21
    Member
    Join Date
    Sep 2009
    Posts
    59

    Default Some errors

    I wrote some of them down, just in case.

    When combofix launched, I received a window saying "PEV.cfxxe encountered a problem and needs to close."

    Within the Combofix screen, appeared the message "The system cannot find the file temp04," and rebooted my PC.

    Thereafter, various window pop-ups appeared, some of which said the following:

    "Nircmd.cfxxe - Corrupt file. The file or directory \recycled\dc4.exe is corrupt and unreadable. Please run the chkdsk utility."

    "PEV.exe - Corrupt file. The file or directory \pagefile.sys is corrupt and unreadable. Please run the chkdsk utility."

    "PEV.exe - Corrupt file. The file or directory \hiberfil.sys is corrupt and unreadable. Please run the chkdsk utility."

    "PEV.exe - Corrupt file. The file or directory \documents and settings\ allusers\ appdata\ microsoft\ Dr. Watson\ user.dmp is corrupt and unreadable. Please run the chkdsk utility."

    DEU.cfxxe - Corrupt file. The file or directory \documents and settings\ allusers\ appdata\ microsoft\ Dr. Watson\ user.dmp is corrupt and unreadable. Please run the chkdsk utility."

    CF11269.exe - Corrupt file. The file or directory \recycled\dc4.exe is corrupt and unreadable. Please run the chkdsk utility.

    There were others near the end of Combifix running, I believe most were also CF11269.exe, but with different files or directories identified as corrupt and unreadable.

    Hope this makes sense to you.

  2. #22
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    OK those were mainly chkdsk errors.

    Please go to start - run

    Type cmd and click ok.

    Type chkdsk /f and press enter.

    If it asks to reboot, please do so.

    Rerun combofix and let me know if it still gives some errors.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  3. #23
    Member
    Join Date
    Sep 2009
    Posts
    59

    Default ChkDsk issues

    Shaba:

    Thanks again for your continued help.

    I ran chkdsk as requested, and got the following message:

    "C:\Documents and Settings\default>chkdsk /f
    The type of the file system is FAT32.
    Cannot lock current drive.

    Chkdsk cannot run because the volume is in use by another
    process. Would you like to schedule this volume to be
    checked the next time the system restarts? (Y/N) "

    I said yes, rebooted, and then reran chkdsk. I got the same message, and then tried chkdsk without the "/f" Here is part of the log.

    =====

    Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\default>chkdsk /f
    The type of the file system is FAT32.
    Cannot lock current drive.

    Chkdsk cannot run because the volume is in use by another
    process. Would you like to schedule this volume to be
    checked the next time the system restarts? (Y/N) n

    C:\Documents and Settings\default>chkdsk
    The type of the file system is FAT32.

    Windows is verifying files and folders...
    Windows found errors on the disk, but will not fix them
    because disk checking was run without the /F (fix) parameter.
    The \pagefile.sys entry contains a nonvalid link.
    The size of the \pagefile.sys entry is not valid.
    The size of the \hiberfil.sys entry is not valid.
    The \Recycled\Dc4.exe entry contains a nonvalid link.
    The size of the \Recycled\Dc4.exe entry is not valid.

    and then the log went on to say various RestorePointSize enties were not valid. I have not tried combofix again yet.

  4. #24
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Did chkdsk run upon reboot?
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  5. #25
    Member
    Join Date
    Sep 2009
    Posts
    59

    Default

    Not as far as I could tell. I saw no windows or other indications chkdsk ran.

  6. #26
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Please then try again chkdsk /f and answer yes if it wants to boot.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  7. #27
    Member
    Join Date
    Sep 2009
    Posts
    59

    Default

    When attempting to run chkdsk again, I got the same message below:

    =====
    C:\Documents and Settings\default>chkdsk /f
    The type of the file system is FAT32.
    Cannot lock current drive.

    Chkdsk cannot run because the volume is in use by another
    process. Would you like to schedule this volume to be
    checked the next time the system restarts? (Y/N) "
    =====

    I said Yes, and then I rebooted. The PC reboots normally (into Windows XP, not the restore version), but I do not see any indication that chkdsk runs automatically during or after the reboot. If I run "chkdsk /f" again , I get the same messages.


  8. #28
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    That is then weird.

    Download beep.sys from here and save it to c:\windows\system32\drivers and c:\windows\SYSTEM32\dllcache.

    Rerun combofix and post back a fresh combofix log, please.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  9. #29
    Member
    Join Date
    Sep 2009
    Posts
    59

    Default Similar results

    Shaba:

    I downloaded the file mentioned to two places, and reran combofix. Bottom line, I saw the same error messages in all the same places, as mentioned the last time we ran it.

    ====

    Here is the Combofix Log:

    ComboFix 09-09-16.05 - default 09/17/2009 12:43.3.1 - FAT32x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.132 [GMT -6:00]
    Running from: c:\documents and settings\default\Desktop\Combo-Fix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    ((((((((((((((((((((((((( Files Created from 2009-08-17 to 2009-09-17 )))))))))))))))))))))))))))))))
    .

    2009-09-17 18:31 . 2009-09-17 18:31 4224 ----a-w- c:\windows\system32\dllcache\beep.sys
    2009-09-17 18:31 . 2009-09-17 18:30 4224 ----a-w- c:\windows\system32\drivers\beep.sys
    2009-09-15 18:29 . 2009-09-15 18:29 -------- d-----w- C:\Combo-Fix
    2009-09-15 17:57 . 2009-09-15 17:57 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
    2009-09-15 17:54 . 2009-09-15 17:54 12379 ----a-w- c:\documents and settings\default\Application Data\bifupexa.dat
    2009-09-15 13:02 . 2009-09-15 13:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG8
    2009-09-15 01:05 . 2009-09-15 01:05 14268 ----a-w- c:\windows\system32\pepo.dat
    2009-09-15 01:05 . 2009-09-15 01:05 10574 ----a-w- c:\documents and settings\default\Application Data\mykade.dat
    2009-09-15 00:01 . 2009-09-15 00:01 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
    2009-09-10 06:09 . 2009-09-10 06:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
    2009-09-10 06:04 . 2009-09-10 06:04 -------- d-----w- c:\documents and settings\default\Application Data\AVG8
    2009-09-10 06:04 . 2009-09-10 06:04 -------- d-----w- c:\documents and settings\default\Application Data\AVG8
    2009-09-08 19:28 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
    2009-09-08 05:45 . 2009-09-08 06:01 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-09-07 04:28 . 2009-09-07 04:28 -------- d-sh--w- c:\documents and settings\default\IECompatCache
    2009-09-07 02:42 . 2009-09-07 02:42 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2009-09-07 02:31 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
    2009-09-07 01:52 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2009-09-07 01:51 . 2009-09-07 01:51 -------- d--h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
    2009-09-07 01:50 . 2009-09-07 01:50 -------- d-----w- c:\program files\Lavasoft
    2009-09-06 22:51 . 2009-09-06 22:51 -------- d-----w- c:\program files\Trend Micro
    2009-09-06 20:23 . 2009-09-06 20:23 16342 ----a-w- c:\documents and settings\default\Application Data\cixadura.dat
    2009-09-06 19:57 . 2009-09-06 19:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2009-09-06 19:35 . 2009-09-06 19:35 -------- d-----w- c:\windows\system32\scripting
    2009-09-06 19:35 . 2009-09-06 19:35 -------- d-----w- c:\windows\l2schemas
    2009-09-06 19:35 . 2009-09-06 19:35 -------- d-----w- c:\windows\system32\en
    2009-09-06 19:35 . 2009-09-06 19:35 -------- d-----w- c:\windows\system32\bits
    2009-09-06 19:26 . 2009-09-06 19:27 -------- d-----w- c:\windows\EHome
    2009-09-06 18:31 . 2009-09-06 18:31 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    2009-09-06 18:22 . 2009-09-06 18:22 -------- d-sh--w- c:\documents and settings\default\PrivacIE
    2009-09-06 18:22 . 2009-09-06 18:22 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2009-09-06 18:21 . 2009-09-06 18:21 -------- d-sh--w- c:\documents and settings\default\IETldCache
    2009-09-06 18:19 . 2009-09-06 18:19 -------- d-----w- c:\windows\ie8updates
    2009-09-06 18:18 . 2009-09-06 18:18 -------- d--h--w- c:\windows\ie8
    2009-09-06 18:17 . 2009-08-07 08:48 100352 ------w- c:\windows\system32\dllcache\iecompat.dll
    2009-09-06 18:17 . 2009-07-03 17:09 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
    2009-09-06 18:17 . 2009-07-03 17:09 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
    2009-09-06 18:17 . 2009-07-03 17:09 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
    2009-09-06 18:17 . 2009-07-03 17:09 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
    2009-09-06 18:17 . 2009-07-03 17:09 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
    2009-09-06 18:03 . 2008-10-16 20:06 268648 ----a-w- c:\windows\system32\mucltui.dll
    2009-09-06 01:11 . 2009-09-17 18:40 268435456 --sha-w- c:\windows\system32\temppf.sys
    2009-09-03 23:16 . 2009-09-03 23:17 45 ----a-w- c:\documents and settings\default\jagex_runescape_preferences2.dat

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-09-15 18:03 . 2009-09-15 18:03 19763 ----a-w- c:\program files\Common Files\ejujuraryj.lib
    2009-09-06 20:23 . 2009-09-06 20:23 14766 ----a-w- c:\documents and settings\All Users\Application Data\vahu.dat
    2009-09-04 00:28 . 2008-07-01 21:59 37 ----a-w- c:\documents and settings\default\jagex_runescape_preferences.dat
    2009-08-18 02:53 . 2009-08-18 02:53 -------- d-----w- c:\program files\iPod
    2009-08-18 02:53 . 2009-08-18 02:53 -------- d-----w- c:\program files\iTunes
    2009-08-18 02:53 . 2009-08-18 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-08-18 02:51 . 2009-08-18 02:51 -------- d-----w- c:\program files\Bonjour
    2009-08-18 02:50 . 2009-08-18 02:50 -------- d-----w- c:\program files\QuickTime
    2009-08-16 19:04 . 2009-05-23 14:43 11952 ----a-w- c:\windows\system32\avgrsstx.dll
    2009-08-16 19:04 . 2008-01-27 03:36 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2009-08-16 19:04 . 2009-05-23 14:43 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2009-08-08 05:48 . 2009-08-08 05:48 -------- d-----w- c:\program files\MSBuild
    2009-08-08 05:48 . 2009-08-08 05:48 -------- d-----w- c:\program files\Reference Assemblies
    2009-08-08 05:44 . 2009-08-08 05:43 -------- d-----w- c:\program files\MSXML 6.0
    2009-08-05 09:01 . 2008-01-23 03:28 204800 ----a-w- c:\windows\system32\mswebdvd.dll
    2009-08-03 19:36 . 2008-08-29 04:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-08-03 19:36 . 2008-08-29 04:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-07-17 19:01 . 2008-01-23 03:25 58880 ----a-w- c:\windows\system32\atl.dll
    2009-07-12 18:21 . 2008-01-23 03:34 233472 ----a-w- c:\windows\system32\wmpdxm.dll
    2009-07-09 18:16 . 2009-08-18 02:47 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
    2009-07-09 18:16 . 2008-01-29 04:22 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2009-07-03 17:09 . 2008-01-23 03:31 915456 ------w- c:\windows\system32\wininet.dll
    2009-06-25 08:25 . 2008-01-23 03:30 54272 ----a-w- c:\windows\system32\wdigest.dll
    2009-06-25 08:25 . 2008-01-23 03:29 56832 ----a-w- c:\windows\system32\secur32.dll
    2009-06-25 08:25 . 2008-01-23 03:29 147456 ----a-w- c:\windows\system32\schannel.dll
    2009-06-25 08:25 . 2008-01-23 03:28 136192 ----a-w- c:\windows\system32\msv1_0.dll
    2009-06-25 08:25 . 2008-01-23 03:27 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2009-06-25 08:25 . 2008-01-23 03:27 301568 ----a-w- c:\windows\system32\kerberos.dll
    2009-06-24 11:18 . 2008-01-23 03:27 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2000-10-13 22:56 . 2000-10-13 22:56 23357 ----a-w- c:\program files\folder.htt
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-09-15_19.04.36 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-01-23 04:22 . 2009-09-17 18:40 49152 c:\windows\SYSTEM32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2008-01-23 04:22 . 2009-09-15 18:38 49152 c:\windows\SYSTEM32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2009-09-06 18:31 . 2009-09-15 18:38 16384 c:\windows\SYSTEM32\config\systemprofile\IETldCache\index.dat
    + 2009-09-06 18:31 . 2009-09-17 18:18 16384 c:\windows\SYSTEM32\config\systemprofile\IETldCache\index.dat
    + 2008-01-23 04:22 . 2009-09-17 18:40 49152 c:\windows\SYSTEM32\config\systemprofile\Cookies\index.dat
    - 2008-01-23 04:22 . 2009-09-15 18:38 49152 c:\windows\SYSTEM32\config\systemprofile\Cookies\index.dat
    + 2008-01-23 04:22 . 2009-09-17 18:40 360448 c:\windows\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2008-01-23 04:22 . 2009-09-15 18:38 360448 c:\windows\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

    [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-08-10 28739]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-16 2007832]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-08 149280]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-08-10 28739]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "Printing Migration"="c:\windows\system32\spool\migrate.dll" [2004-08-04 30208]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Filseclab Messenger.lnk - c:\program files\Common Files\Filseclab\FilMsg.exe [2007-7-30 315652]
    Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-7-7 282624]
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-08-16 19:04 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /p \??\c:\0autocheck autochk *\0lsdelete

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "MSMSGS"=c:\progra~1\MESSEN~1\msmsgs.exe /background
    "MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe"
    "Microsoft Works Update Detection"=c:\program files\Microsoft Works\WkDetect.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="c:\windows\SYSTEM32\QTTASK.EXE" -atboottime
    "CreateCD50"="c:\program files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
    "AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    "RealTray"=c:\program files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    "TaskMonitor"=c:\windows\taskmon.exe
    "PCHealth"=c:\windows\PCHealth\Support\PCHSchd.exe -s
    "WorksFUD"=c:\program files\Microsoft Works\wkfud.exe
    "Microsoft Works Portfolio"=c:\program files\Microsoft Works\WksSb.exe /AllUsers
    "Microsoft Works Update Detection"=c:\program files\Microsoft Works\WkDetect.exe
    "MULTIMEDIA KEYBOARD"=c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe
    "LoadQM"=loadqm.exe
    "HPAIO_PrintFolderMgr"=c:\windows\SYSTEM\hpoopm07.exe
    "DownloadWare"="c:\program files\DownloadWare\dw.exe" /H
    "SearchEnhancement"="c:\program files\SCBAR\V1\SCBAR.EXE" /U
    "KodakCCS"=c:\program files\Common Files\KODAK\KODAK_DR\KodakCCS.exe --pdr: "c:\program files\Common Files\KODAK\KODAK_DR\dcmnter.pdr"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
    "LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    "NAV Agent"=c:\progra~1\NORTON~1\NAVAPW32.EXE
    "RecoverFromReboot"=c:\windows\TEMP\RECOVE~1.EXE
    "BJCFD"=c:\program files\BroadJump\Client Foundation\CFD.exe
    "QuickTime Task"="c:\windows\SYSTEM32\QTTASK.EXE" -atboottime
    "xfilter"="c:\program files\Filseclab\xfilter\xfilter.exe" -a

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
    "SchedulingAgent"=mstask.exe
    "StillImageMonitor"=c:\windows\SYSTEM32\STIMON.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [9/6/2009 7:52 PM 64160]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [5/23/2009 8:43 AM 335240]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [5/23/2009 8:43 AM 108552]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [5/23/2009 8:42 AM 908056]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/23/2009 8:42 AM 297752]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 8:49 AM 1029456]
    R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\SYSTEM32\DRIVERS\lne100v5.sys [5/25/2009 7:49 PM 36224]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\^RNA]
    rundll rnasetup.dll,installoptionalcomponent rna
    .
    Contents of the 'Scheduled Tasks' folder

    2009-08-31 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

    2009-09-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    DPF: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso4.cab
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-09-17 12:55
    Windows 5.1.2600 Service Pack 3 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(368)
    c:\windows\system32\vct3216.acm
    c:\windows\system32\vct3216.dll
    c:\windows\system32\MVOICE.VWP

    - - - - - - - > 'lsass.exe'(424)
    c:\windows\system32\WININET.dll
    .
    Completion time: 2009-09-17 13:00
    ComboFix-quarantined-files.txt 2009-09-17 19:00
    ComboFix2.txt 2009-09-16 05:43
    ComboFix3.txt 2009-09-15 19:16

    Pre-Run: 3,614,883,840 bytes free
    Post-Run: 3,632,545,792 bytes free

    230 --- E O F --- 2009-09-08 20:07

  10. #30
    Member
    Join Date
    Sep 2009
    Posts
    59

    Default AV results

    Shaba:

    I reviewed AVG automatic scan results for the last couple of days, and found a few things AVG found but could not heal. AVG says the following are "virus identified Packed.Hidden"

    \\?\globalroot\systemroot\system32\vsfocetkopabwq.dll

    and

    c:\Window\Explorer.exe (1960)

    Other viruses were automatically removed.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •