Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need help with Advanced Virus Remover Combofix log


  • Please log in to reply

#1
CompUserXP2009

CompUserXP2009

    New Member

  • Member
  • Pip
  • 2 posts
Hi,

I am trying to fix my friends computer. She has the Advanced Virus Remover on the computer. There are pop up warnings about trojans and the search engines redirect to sites like SEARCHCLICK. I ran the latest version of Combofix. I ended the process of AVR.EXE in the taskmanager so I don't know if that will affect the log. Thanks very much for the help!

Dan

Here's the log generated today...

ComboFix 09-11-18.09 - HP_Administrator 11/19/2009 10:39.7.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.583 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\Combo-Fix.exe
AV: Norton Internet Security 2006 *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk
c:\documents and settings\HP_Administrator\Desktop\Advanced Virus Remover.lnk
c:\documents and settings\HP_Administrator\Start Menu\Advanced Virus Remover.lnk
c:\program files\AdvancedVirusRemover
c:\program files\AdvancedVirusRemover\AVR.exe
c:\windows\system32\18467.exe
c:\windows\system32\41.exe
c:\windows\system32\6334.exe

.
((((((((((((((((((((((((( Files Created from 2009-10-19 to 2009-11-19 )))))))))))))))))))))))))))))))
.

2009-11-19 15:28 . 2009-11-19 15:35 -------- d-----w- C:\Combo-Fix
2009-11-18 23:11 . 2009-11-18 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\RegAce
2009-11-18 23:11 . 2009-11-18 23:22 -------- d-----w- c:\program files\RegAce
2009-11-18 19:35 . 2009-11-18 20:13 22528 ----a-w- c:\windows\system32\winhelper86.dll
2009-11-18 01:45 . 2009-11-18 19:33 10752 ----a-w- c:\windows\DCEBoot.exe
2009-11-17 16:49 . 2009-11-17 16:49 24336 ----a-w- c:\windows\system32\winupdate86.exe
2009-11-01 23:51 . 2001-08-17 18:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2009-11-01 23:51 . 2001-08-17 18:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-19 15:50 . 2009-11-19 15:50 32786 ----a-w- c:\windows\system32\41.exe
2009-11-19 15:50 . 2009-11-19 15:50 791312 ----a-w- c:\windows\system32\AVR10.exe
2009-11-18 22:03 . 2009-06-22 21:05 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-18 01:31 . 2009-08-15 13:58 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\StumbleUpon
2009-11-17 16:51 . 2009-06-22 22:53 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-09-11 14:18 . 2008-11-26 21:10 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2008-11-26 21:10 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2008-11-26 21:10 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2008-11-26 21:10 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2008-11-26 21:10 17408 ------w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2008-11-26 21:10 247326 ------w- c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-26 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-26 137752]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-09-24 210216]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-23 52840]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-11 722256]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"winupdate86.exe"="c:\windows\system32\winupdate86.exe" [2009-11-17 24336]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-10-26 17021440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/27/2009 11:15 AM 102448]
R3 HSFHWBS3;HSFHWBS3;c:\windows\system32\drivers\HSFHWBS3.sys [11/26/2008 5:34 PM 207872]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-11-14 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - HP_Administrator.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-09-24 16:13]

2009-11-19 c:\windows\Tasks\User_Feed_Synchronization-{296F67B8-5D49-4A92-B63E-58DAD4FDA838}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 22:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = <local>
LSP: c:\windows\system32\winhelper86.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-19 10:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3260)
c:\windows\system32\WININET.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\mshtml.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
.
**************************************************************************
.
Completion time: 2009-11-19 10:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-19 15:52
ComboFix2.txt 2009-11-18 23:47
ComboFix3.txt 2009-11-18 22:39
ComboFix4.txt 2009-11-18 21:56
ComboFix5.txt 2009-11-19 15:38

Pre-Run: 133,345,456,128 bytes free
Post-Run: 133,315,264,512 bytes free

- - End Of File - - E7FFC0D4B6914CD0C8E97F9B2861589F

Edited by CompUserXP2009, 19 November 2009 - 11:22 AM.

  • 0

Advertisements


#2
CompUserXP2009

CompUserXP2009

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
I should have mentioned that the computer has pop up warnings and the search engines on Internet Explorer redirect to sites like SEARCHCLICK

Thanks,

Dan
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP