beemanbone

Members
  • Content Count

    31
  • Joined

  • Last visited

Everything posted by beemanbone

  1. Thank you so much for your assistance and patience. Michael Brandon M.
  2. I believe it is outbound, but I'm not sure. It says destination IP is 192.168.1.102. It happens even when I'm not connected to internet. Here are the scan results... Scan taken on 05 Jan 2008 11:45:25 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Ikarus Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found
  3. My computer is running better than ever. There is one thing I noticed, though. I've installed a firewall, and it is constantly blocking the same intrusion. The application is C:\WINDOWS\system32\svchost.exe. Do you think it's a virus or trojan?
  4. and finally, Section #4........... I:\RECYCLED\FOLDER.HTT Infected with: VBS.Redlof.A (HTT) I:\RECYCLED\FOLDER.HTT Disinfected I:\audio\soundforge\FOLDER.HTT Infected with: VBS.Redlof.A (HTT) I:\audio\soundforge\FOLDER.HTT Disinfected I:\audio\ACID\songs\FOLDER.HTT Infected with: VBS.Redlof.A (HTT) I:\audio\ACID\songs\FOLDER.HTT Disinfected I:\audio\ACID\FOLDER.HTT Infected with: VBS.Redlof.A (HTT) I:\audio\ACID\FOLDER.HTT Disinfected I:\audio\rebirth2\Default Songs\FOLDER.HTT Infected with: VBS.Redlof.A (HTT) I:\audio\rebirth2\Default Songs\FOLDER.HTT Disinfected I:\audio\rebirth2\D
  5. Section #3........ I:\Program Files\FruityLoops\Plugins\VST\FOLDER.HTT Infected with: VBS.Redlof.A (HTT) I:\Program Files\FruityLoops\Plugins\VST\FOLDER.HTT Disinfected I:\Program Files\FruityLoops\Plugins\Generators\Wasp\Artwork\FOLDER.HTT Infected with: VBS.Redlof.A (HTT) I:\Program Files\FruityLoops\Plugins\Generators\Wasp\Artwork\FOLDER.HTT Disinfected I:\Program Files\FruityLoops\Plugins\Generators\Wasp\FOLDER.HTT Infected with: VBS.Redlof.A (HTT) I:\Program Files\FruityLoops\Plugins\Generators\Wasp\FOLDER.HTT Disinfected I:\Program Files\FruityLoops\Plugins\Generators\3x Osc\Artwor
  6. Section#2.... I:\Program Files\Trident Microsystems, Inc\Display Driver\FOLDER.HTT Infected with: VBS.Redlof.A (HTT) I:\Program Files\Trident Microsystems, Inc\Display Driver\FOLDER.HTT Disinfected I:\Program Files\Trident Microsystems, Inc\trident\FOLDER.HTT Infected with: VBS.Redlof.A (HTT) I:\Program Files\Trident Microsystems, Inc\trident\FOLDER.HTT Disinfected I:\Program Files\Trident Microsystems, Inc\trident\lessons\FOLDER.HTT Infected with: VBS.Redlof.A (HTT) I:\Program Files\Trident Microsystems, Inc\trident\lessons\FOLDER.HTT Disinfected I:\Program Files\Trident Microsystems, I
  7. I have to split up the log because I think it's too big to post. Here is section #1..... BitDefender Online Scanner Scan report generated at: Fri, Jan 04, 2008 - 15:36:36 Scan path: A:\;C:\;D:\;E:\;F:\;G:\;I:\;J:\; Statistics Time 02:33:47 Files 918957 Folders 12491 Boot Sectors 6 Archives 19116 Packed Files 42240 Results Identified Viruses 7 Infected Files 892 Suspect Files 0 Warnings 0 Disinfected 635 Deleted Files 257 Engines Info Virus Definitions 885451 Engine build AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36) Scan plugins 14 Archive plugins 38 Unpack plugins
  8. I'm sorry. Avast says: Pandahttp://acs.pandasoftware.com/activescan/as5free/motor.cab\pskavs.DLL Win32:CTX Virus/Worm
  9. Avast says it's trying to download a virus
  10. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:30:23 PM, on 1/4/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Avast4\aswUpdSv.exe C:\Program Files\Avast4\ashServ.exe C:\WINDOWS\system32\ps2.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\Sys
  11. ComboFix 07-12-31.4 - Owner 2008-01-04 12:26:14.6 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.311 [GMT -6:00] Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe . The following files were disabled during the run: C:\WINDOWS\system32\guard32.dll ((((((((((((((((((((((((( Files Created from 2007-12-04 to 2008-01-04 ))))))))))))))))))))))))))))))) . 2008-01-04 08:16 . 2008-01-04 08:16 <DIR> d-------- C:\Program Files\SiteAdvisor 2008-01-04 08:16 . 2008-01-04 08:16 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Site
  12. Here it is. Ran on Fri 01/04/2008 - 12:15:01.40 Entries: 0 (0) Directories: 0 Files: 0 Bytes: 0 Blocks: 0
  13. Here's the log. Ran on Fri 01/04/2008 - 7:25:52.65 ------w 84,640 2008-01-02 07:53:49 C:\Program Files\Common Files\Symantec Shared\ccApp .exe Entries: 1 (1) Directories: 0 Files: 1 Bytes: 84,640 Blocks: 166
  14. I: and J: are an external hard drive that I made using my old CPU's hard drive. It also did not run antivirus software. Here is the new ComboFix log: ComboFix 07-12-31.4 - Owner 2008-01-03 7:17:33.5 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.206 [GMT -6:00] Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-12-03 to 2008-01-03 ))))))))))))))))))))))))))))))) . 2008-01-02 20:40 . 2008-01-02 20:40 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-01-02 20:40 . 2008-01-02 20:40 <DIR&g
  15. Here is the new hijackthis log. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:58:00 PM, on 1/2/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Avast4\aswUpdSv.exe C:\Program Files\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program
  16. Here is the log from the virus scan I completed. ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Wednesday, January 02, 2008 11:56:47 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 3/01/2008 Kaspersky Anti-Virus database records: 501803 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: tru
  17. I believe I have Norton uninstalled. I have downloaded Avast.
  18. 2006, I think. I believe it's expired. When I go to open Norton, it says it can't find file ccApp.exe.
  19. Here's a new HijackThis Log... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:54:55 PM, on 1/2/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawserv
  20. I can't run Kaspersky Online Scanner. When I go to install the ActiveX component, it says it needs to configure ccCommon and to insert the disc that has ccCommon. The 1st two steps I did. Here is the RenV log.... Ran on Wed 01/02/2008 - 12:57:10.15 ------w 84,640 2008-01-02 07:53:49 C:\Program Files\Common Files\Symantec Shared\ccApp .exe Entries: 1 (1) Directories: 0 Files: 1 Bytes: 84,640 Blocks: 166 Here is the Combofix log............. ComboFix 07-12-31.4 - Owner 2008-01-02 13:03:13.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.331 [GMT
  21. And here's the other one. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:03:39 AM, on 1/2/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.e
  22. OK. Here's one. ComboFix 07-12-31.4 - Owner 2008-01-02 8:45:18.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.387 [GMT -6:00] Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe C:\Documents and Settings\Owner\Start Menu\Program
  23. OK. Thanks for your patience. Here's the new log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:59:35 AM, on 1/2/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\Lavasoft\Ad
  24. I am now away from my home for the holidays. I will return to my computer in a week. When I get back, I will follow these steps. Don't forget about me, OK! P.S. what's a "tick"?