Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with Advanced Virus Remover Combofix log


  • This topic is locked This topic is locked
1 reply to this topic

#1 CompUserXP2009

CompUserXP2009

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 19 November 2009 - 11:05 AM

Hi,

I am trying to fix my friends computer. She has the Advanced Virus Remover on the computer. I ran the latest version of Combofix. I ended the process of AVR.EXE in the taskmanager so I don't know if that will affect the log. Thanks very much for the help!

Dan

Here's the log generated today...

ComboFix 09-11-18.09 - HP_Administrator 11/19/2009 10:39.7.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.583 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\Combo-Fix.exe
AV: Norton Internet Security 2006 *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk
c:\documents and settings\HP_Administrator\Desktop\Advanced Virus Remover.lnk
c:\documents and settings\HP_Administrator\Start Menu\Advanced Virus Remover.lnk
c:\program files\AdvancedVirusRemover
c:\program files\AdvancedVirusRemover\AVR.exe
c:\windows\system32\18467.exe
c:\windows\system32\41.exe
c:\windows\system32\6334.exe

.
((((((((((((((((((((((((( Files Created from 2009-10-19 to 2009-11-19 )))))))))))))))))))))))))))))))
.

2009-11-19 15:28 . 2009-11-19 15:35 -------- d-----w- C:\Combo-Fix
2009-11-18 23:11 . 2009-11-18 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\RegAce
2009-11-18 23:11 . 2009-11-18 23:22 -------- d-----w- c:\program files\RegAce
2009-11-18 19:35 . 2009-11-18 20:13 22528 ----a-w- c:\windows\system32\winhelper86.dll
2009-11-18 01:45 . 2009-11-18 19:33 10752 ----a-w- c:\windows\DCEBoot.exe
2009-11-17 16:49 . 2009-11-17 16:49 24336 ----a-w- c:\windows\system32\winupdate86.exe
2009-11-01 23:51 . 2001-08-17 18:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2009-11-01 23:51 . 2001-08-17 18:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-19 15:50 . 2009-11-19 15:50 32786 ----a-w- c:\windows\system32\41.exe
2009-11-19 15:50 . 2009-11-19 15:50 791312 ----a-w- c:\windows\system32\AVR10.exe
2009-11-18 22:03 . 2009-06-22 21:05 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-18 01:31 . 2009-08-15 13:58 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\StumbleUpon
2009-11-17 16:51 . 2009-06-22 22:53 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-09-11 14:18 . 2008-11-26 21:10 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2008-11-26 21:10 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2008-11-26 21:10 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2008-11-26 21:10 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2008-11-26 21:10 17408 ------w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2008-11-26 21:10 247326 ------w- c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-26 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-26 137752]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-09-24 210216]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-23 52840]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-11 722256]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"winupdate86.exe"="c:\windows\system32\winupdate86.exe" [2009-11-17 24336]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-10-26 17021440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/27/2009 11:15 AM 102448]
R3 HSFHWBS3;HSFHWBS3;c:\windows\system32\drivers\HSFHWBS3.sys [11/26/2008 5:34 PM 207872]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-11-14 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - HP_Administrator.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-09-24 16:13]

2009-11-19 c:\windows\Tasks\User_Feed_Synchronization-{296F67B8-5D49-4A92-B63E-58DAD4FDA838}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 22:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = <local>
LSP: c:\windows\system32\winhelper86.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-19 10:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3260)
c:\windows\system32\WININET.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\mshtml.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
.
**************************************************************************
.
Completion time: 2009-11-19 10:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-19 15:52
ComboFix2.txt 2009-11-18 23:47
ComboFix3.txt 2009-11-18 22:39
ComboFix4.txt 2009-11-18 21:56
ComboFix5.txt 2009-11-19 15:38

Pre-Run: 133,345,456,128 bytes free
Post-Run: 133,315,264,512 bytes free

- - End Of File - - E7FFC0D4B6914CD0C8E97F9B2861589F

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:06:48 AM

Posted 19 November 2009 - 12:06 PM

Please note the message text in blue at the top of the Am I infected? What do I do? forum.

ComboFix logs should not to be posted outside the HijackThis forums and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for general public or personal use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed. If you have any questions, please PM me or another Moderator.
The BC Staff
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users