Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Weird Virus


  • This topic is locked This topic is locked
1 reply to this topic

#1 pkrash

pkrash

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 26 March 2008 - 09:02 PM

My computer is suffering from a serious virus attack.
I cant even run my Avira antivirus.
I have also tried to install Kaspersky,AVG and panda antivirus but my firefox browser shut down as soon as the download begins.
When I tried to run HijackThis,it also freezes.
But i manages to get the logs by using ComboFix.So what should I do next


ComboFix 08-03-25.4 - user 2008-03-27 9:04:23.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.299 [GMT 8:00]
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\037589.log
C:\Autorun.inf
C:\Documents and Settings\user\Application Data\RACLE~1
C:\lsass.exe.19906.exe
C:\lsass.exe.19921.exe
C:\lsass.exe.19968.exe
C:\lsass.exe.20015.exe
C:\lsass.exe.51328.exe
C:\lsass.exe.51625.exe
C:\lsass.exe.54093.exe
C:\lsass.exe.54500.exe
C:\lsass.exe.54640.exe
C:\lsass.exe.54953.exe
C:\lsass.exe.55296.exe
C:\lsass.exe.59750.exe
C:\lsass.exe.60265.exe
C:\lsass.exe.60406.exe
C:\lsass.exe.60968.exe
C:\pagefile.pif
C:\Program Files\Common Files\Yazzle1796OinUninstaller.exe
C:\WINDOWS\system32\_000003_.tmp.dll
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\_000010_.tmp.dll
C:\WINDOWS\system32\_000011_.tmp.dll
C:\WINDOWS\system32\_000012_.tmp.dll
C:\WINDOWS\system32\_000020_.tmp.dll
C:\WINDOWS\system32\19719.log
C:\WINDOWS\system32\20813.log
C:\WINDOWS\system32\27344.log
C:\WINDOWS\system32\27594.log
C:\WINDOWS\system32\28391.log
C:\WINDOWS\system32\28766.log
C:\WINDOWS\system32\29485.log
C:\WINDOWS\system32\30219.log
C:\WINDOWS\system32\30751.log
C:\WINDOWS\system32\33422.log
C:\WINDOWS\system32\34985.log
C:\WINDOWS\system32\35766.log
C:\WINDOWS\system32\36813.log
C:\WINDOWS\system32\36907.log
C:\WINDOWS\system32\37110.log
C:\WINDOWS\system32\38047.log
C:\WINDOWS\system32\38282.log
C:\WINDOWS\system32\38501.log
C:\WINDOWS\system32\40344.log
C:\WINDOWS\system32\46282.log
C:\WINDOWS\system32\56516.log
C:\WINDOWS\system32\56626.log
C:\WINDOWS\system32\58313.log
C:\WINDOWS\system32\58391.log
C:\WINDOWS\system32\58547.log
C:\WINDOWS\system32\60204.log
C:\WINDOWS\system32\63297.log
C:\WINDOWS\system32\64688.log
C:\WINDOWS\system32\65844.log
C:\WINDOWS\system32\81110.log
C:\WINDOWS\system32\com\lsass.exe
C:\WINDOWS\system32\com\netcfg.000
C:\WINDOWS\system32\com\netcfg.dll
C:\WINDOWS\system32\com\smss.exe
C:\WINDOWS\system32\dnsq.dll
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wpcap.dll
.
---- Previous Run -------
.
C:\_uninsep.bat

.
((((((((((((((((((((((((( Files Created from 2008-02-27 to 2008-03-27 )))))))))))))))))))))))))))))))
.

2008-03-26 09:57 . 2008-03-26 10:01 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-03-26 09:47 . 2008-03-26 09:52 1,606 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2008-03-26 08:30 . 2008-03-26 08:31 <DIR> d-------- C:\Documents and Settings\user\Application Data\OfficeUpdate12
2008-03-25 16:46 . 2008-03-25 16:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-23 22:19 . 2008-03-23 22:27 <DIR> d-------- C:\Program Files\Easy SpyRemover
2008-03-23 20:50 . 2008-03-23 20:50 <DIR> d-------- C:\kav
2008-03-20 11:16 . 2008-03-21 20:15 94,208 --a------ C:\WINDOWS\system32\000.cfg0
2008-03-19 23:11 . 2008-03-19 23:11 <DIR> d-------- C:\Program Files\Uniblue
2008-03-19 23:11 . 2008-03-19 23:11 <DIR> d-------- C:\Documents and Settings\user\Application Data\Uniblue
2008-03-19 23:11 . 2008-03-19 23:11 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Uniblue
2008-03-19 22:23 . 2008-03-19 22:36 25,773 --a------ C:\WINDOWS\system32\drivers\regguard.sys
2008-03-19 22:23 . C:\WINDOWS\(2) C:\ComboFix\winstart.bat
2008-03-19 22:22 . 2008-03-19 22:22 <DIR> d-------- C:\Program Files\Greatis
2008-03-19 08:51 . 2008-03-22 16:36 <DIR> d-------- C:\Program Files\WinClamAVShield
2008-03-19 08:47 . 2008-03-23 08:16 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-03-19 08:47 . 2008-03-25 20:25 <DIR> d-------- C:\Documents and Settings\user\Application Data\Spyware Terminator
2008-03-19 08:47 . 2008-03-23 08:10 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spyware Terminator
2008-03-19 08:47 . 2008-03-19 08:47 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-03-19 08:21 . 2008-03-19 08:42 <DIR> d-------- C:\Program Files\AntiSpywareApp
2008-03-19 08:21 . 2008-03-19 08:21 <DIR> d-------- C:\Documents and Settings\user\Application Data\Antispyware
2008-03-18 22:42 . 2008-03-18 22:59 <DIR> d-------- C:\Program Files\NoAdware5.0
2008-03-18 21:24 . 2008-03-18 21:24 <DIR> d-------- C:\csscod
2008-03-18 20:58 . 2008-03-18 21:00 <DIR> d-------- C:\Program Files\PCPitstop
2008-03-18 20:58 . 2008-03-18 21:36 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-03-18 18:38 . 2008-03-20 11:54 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-03-18 13:37 . 2008-03-18 13:37 <DIR> d-------- C:\fsaua.data
2008-03-18 13:23 . 2008-03-26 09:28 32,256 --a------ C:\WINDOWS\system32\dnsq(5).dll
2008-03-18 13:23 . 2008-03-25 09:03 32,256 --a------ C:\WINDOWS\system32\dnsq(4).dll
2008-03-18 13:23 . 2008-03-24 20:53 32,256 --a------ C:\WINDOWS\system32\dnsq(3).dll
2008-03-18 13:16 . 2008-03-21 20:15 18,829 --a------ C:\WINDOWS\system32\drivers\alg.exe
2008-03-18 12:14 . 2008-03-18 22:35 <DIR> d-------- C:\Program Files\Panda Security
2008-03-18 12:05 . 2008-03-18 12:05 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonIJPLM
2008-03-18 11:53 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-03-18 11:53 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-03-18 11:38 . 2008-03-18 11:38 <DIR> d--h----- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonBJ
2008-03-18 11:37 . 2008-03-18 11:37 <DIR> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2008-03-18 11:37 . 2008-03-18 11:37 <DIR> d--h----- C:\Program Files\CanonBJ
2008-03-18 11:37 . 2006-11-06 13:00 198,656 --a------ C:\WINDOWS\system32\CNMLM8O.DLL
2008-03-18 11:35 . 2008-03-18 12:05 <DIR> d-------- C:\Program Files\Canon
2008-03-17 22:10 . 2007-11-27 22:56 116,416 --a------ C:\WINDOWS\system32\drivers\msfwhlpr.sys
2008-03-17 22:10 . 2007-11-27 22:56 91,328 --a------ C:\WINDOWS\system32\drivers\msfwdrv.sys
2008-03-17 22:09 . 2008-03-17 22:09 <DIR> d-------- C:\WINDOWS\system32\bits
2008-03-17 22:09 . 2007-07-06 15:09 70,928 --a------ C:\WINDOWS\system32\drivers\MpFilter.sys
2008-03-17 22:08 . 2007-03-29 20:56 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-03-17 22:08 . 2007-03-29 20:56 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-03-17 21:45 . 2008-03-18 18:01 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-03-17 21:11 . 2008-03-18 08:02 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-17 21:11 . 2008-03-18 08:02 <DIR> d-------- C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
2008-03-17 21:11 . 2008-03-17 21:11 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-03-17 14:49 . 2008-03-17 14:49 524,288 --a------ C:\WINDOWS\opuc.dll
2008-03-17 13:54 . 2008-03-17 15:33 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-03-17 13:51 . 2008-03-18 12:24 <DIR> d-------- C:\Documents and Settings\user\.housecall6.6
2008-03-17 13:48 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-17 13:13 . 2008-03-24 09:23 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-03-17 11:40 . 2008-03-25 09:02 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-03-17 11:40 . 2008-03-18 12:19 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-03-17 11:40 . 2008-03-18 12:19 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-17 11:40 . 2008-03-18 12:19 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-17 08:05 . 2008-03-17 13:07 26 --a------ C:\WINDOWS\DGcounter.ini
2008-03-17 08:04 . 2007-07-12 13:49 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys
2008-03-17 08:04 . 2007-05-23 15:40 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys
2008-03-17 07:57 . 2008-03-17 07:57 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2008-03-17 07:42 . 2008-03-19 13:09 4,358 --a------ C:\WINDOWS\mozver.dat
2008-03-16 22:47 . 2008-03-21 20:15 154,112 ---hs---- C:\WINDOWS\system32\AntiTool.exe
2008-03-16 21:31 . 2008-03-17 11:54 <DIR> d-------- C:\Program Files\Ace Utilities
2008-03-16 18:21 . 2008-03-16 18:21 <DIR> d-------- C:\Program Files\CleanMyPC
2008-03-16 17:27 . 2008-03-16 17:27 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-16 13:01 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-16 11:22 . 2008-03-17 11:54 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007
2008-03-16 11:22 . 2008-03-16 11:22 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneUp Software
2008-03-16 11:22 . 2007-05-16 09:41 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-03-16 08:56 . 2008-03-17 22:11 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-03-16 07:52 . 2008-03-16 07:52 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ConeXware
2008-03-16 07:39 . 2008-03-16 07:39 <DIR> d-------- C:\Documents and Settings\user\Application Data\TuneUp Software
2008-03-14 07:14 . 2008-03-14 07:15 <DIR> d-------- C:\Documents and Settings\user\Application Data\TVU networks
2008-03-14 07:14 . 2008-03-14 07:14 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\TVU networks
2008-03-13 22:12 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-03-13 12:22 . 2008-03-13 12:22 <DIR> d-------- C:\Documents and Settings\user\Application Data\AdobeUM
2008-03-12 04:04 . 2008-03-12 04:04 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2008-03-08 08:18 . 2008-03-26 09:27 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-03-08 06:09 . 2008-03-08 06:09 <DIR> d---s---- C:\Documents and Settings\user\UserData
2008-03-07 06:27 . 2006-11-09 08:00 989,696 --a------ C:\WINDOWS\system32\drivers\HSF_DPV.sys
2008-03-07 06:27 . 2006-11-09 07:59 730,112 --a------ C:\WINDOWS\system32\drivers\HSF_CNXT.sys
2008-03-07 06:27 . 2006-11-09 07:59 257,408 --a------ C:\WINDOWS\system32\drivers\HSFHWBS2.sys
2008-03-07 06:27 . 2006-11-08 01:54 172,032 --a------ C:\WINDOWS\system32\Uci32114.dll
2008-03-07 06:27 . 2006-11-09 10:10 144,201 --a------ C:\WINDOWS\system32\drivers\HSFProf.cty
2008-03-07 06:27 . 2006-06-20 05:26 94,208 --a------ C:\WINDOWS\system32\mdmxsdk.dll
2008-03-07 06:27 . 2006-06-20 05:26 12,672 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys
2008-03-07 06:17 . 2008-03-08 07:58 <DIR> d-------- C:\Program Files\Google
2008-03-07 06:17 . 2008-03-07 06:17 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
2008-03-07 06:17 . 2004-08-03 23:14 359,040 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.flg
2008-03-07 06:17 . 2005-08-26 10:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-03-07 06:15 . 2004-08-04 15:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-03-07 06:15 . 2001-08-18 05:57 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2008-03-07 06:15 . 2001-08-18 05:57 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys
2008-03-07 06:14 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-03-07 06:14 . 2008-03-07 06:14 376 --a------ C:\WINDOWS\ODBC.INI
2008-03-07 05:58 . 2008-03-07 05:58 <DIR> d-------- C:\Documents and Settings\user\WINDOWS
2008-03-07 05:58 . 2005-04-14 07:54 331,184 --------- C:\WINDOWS\system32\difxapi.dll
2008-03-07 05:56 . 2008-03-07 05:56 <DIR> d-------- C:\Program Files\ASUS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-18 03:18 --------- d-----w C:\Program Files\Java
2008-03-17 15:25 --------- d-----w C:\Program Files\Yahoo!
2008-03-16 03:17 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-03-15 23:52 --------- d-----w C:\Program Files\PowerArchiver
2008-03-06 21:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-25 00:13 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Yahoo!
2008-02-19 08:52 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-02-10 12:59 --------- d-----w C:\Documents and Settings\Administrator\Application Data\TVU networks
2008-02-07 04:53 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-07 00:25 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-09 07:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2004-06-06 06:13 106,496 --sha-r C:\WINDOWS\system32\msxaxd.dll
2004-06-06 06:13 141,312 --sha-r C:\WINDOWS\system32\msxaxd.exe
2004-06-06 06:13 221,184 --sha-r C:\WINDOWS\system32\msxaxdc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\run_CF]
"VTTimer"="VTTimer.exe"
"VTTrayp"="VTtrayp.exe"
"SoundMan"="SOUNDMAN.EXE"
"Smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"avgnt"="\"C:\\Program Files\\Avira\\AntiVir PersonalEdition Premium\\avgnt.exe\" /min"

[HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\run\OptionalComponents_CF]
@=""

[HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL_CF]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\run\OptionalComponents\MAPI_CF]
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\run\OptionalComponents\MSFS_CF]
"Installed"="1"
@=""

[HKEY_USERS\s-1-5-21-2052111302-1580818891-839522115-1003\software\microsoft\windows\currentversion\run_CF]

C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\
~.exe.16250.exe [2008-03-18 13:46:35 94208]
~.exe.16265.exe [2008-03-18 18:00:00 94208]
~.exe.16312.exe [2008-03-18 13:58:56 94208]
~.exe.16500.exe [2008-03-18 10:03:07 94208]
~.exe.16546.exe [2008-03-18 13:46:32 94208]
~.exe.16609.exe [2008-03-18 18:00:02 94208]
~.exe.16718.exe [2008-03-18 13:58:56 94208]
~.exe.16843.exe [2008-03-18 18:00:02 94208]
~.exe.16890.exe [2008-03-18 13:58:56 94208]
~.exe.17062.exe [2008-03-18 10:03:05 94208]
~.exe.17296.exe [2008-03-18 10:11:21 94208]
~.exe.17375.exe [2008-03-18 10:03:05 94208]
~.exe.17468.exe [2008-03-18 10:03:06 94208]
~.exe.17703.exe [2008-03-18 10:11:18 94208]
~.exe.17843.exe [2008-03-18 10:06:32 94208]
~.exe.18046.exe [2008-03-18 10:11:19 94208]
~.exe.18125.exe [2008-03-18 10:11:18 94208]
~.exe.18140.exe [2008-03-18 10:03:06 94208]
~.exe.18171.exe [2008-03-18 10:06:33 94208]
~.exe.18203.exe [2008-03-18 10:04:44 94208]
~.exe.18296.exe [2008-03-18 18:00:00 94208]
~.exe.18328.exe [2008-03-18 17:59:59 94208]
~.exe.18343.exe [2008-03-18 18:00:04 94208]
~.exe.18390.exe [2008-03-18 18:00:00 94208]
~.exe.18406.exe [2008-03-18 18:00:00 94208]
~.exe.18484.exe [2008-03-18 10:03:07 0]
~.exe.18546.exe [2008-03-18 13:59:00 94208]
~.exe.18671.exe [2008-03-18 18:00:02 94208]
~.exe.18843.exe [2008-03-18 10:11:21 94208]
~.exe.18937.exe [2008-03-18 13:46:35 94208]
~.exe.18968.exe [2008-03-18 13:46:35 94208]
~.exe.19031.exe [2008-03-18 13:46:35 94208]
~.exe.19046.exe [2008-03-18 13:46:35 94208]
~.exe.19171.exe [2008-03-18 17:59:59 94208]
~.exe.19328.exe [2008-03-18 10:11:20 94208]
~.exe.19625.exe [2008-03-18 13:46:34 94208]
~.exe.19718.exe [2008-03-18 13:59:00 94208]
~.exe.19812.exe [2008-03-18 18:00:03 94208]
~.exe.20109.exe [2008-03-18 13:58:56 94208]
~.exe.20140.exe [2008-03-18 18:00:03 94208]
~.exe.20156.exe [2008-03-18 18:00:02 94208]
~.exe.20171.exe [2008-03-18 18:00:01 94208]
~.exe.20187.exe [2008-03-18 13:46:35 94208]
~.exe.20203.exe [2008-03-18 13:46:35 94208]
~.exe.20406.exe [2008-03-18 13:58:59 94208]
~.exe.20421.exe [2008-03-18 13:59:00 94208]
~.exe.20468.exe [2008-03-18 13:59:00 94208]
~.exe.20484.exe [2008-03-18 13:58:59 94208]
~.exe.20500.exe [2008-03-18 13:59:00 94208]
~.exe.26390.exe [2008-03-18 13:58:52 94208]
~.exe.27156.exe [2008-03-18 13:46:33 94208]
~.exe.30343.exe [2008-03-18 18:00:00 94208]
~.exe.33437.exe [2008-03-18 18:00:01 94208]
~.exe.456062.exe [2008-03-18 17:58:07 94208]
~.exe.511750.exe [2008-03-18 17:59:57 94208]
~.exe.543015.exe [2008-03-18 18:00:01 94208]
~.exe.543437.exe [2008-03-18 18:00:03 94208]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R2 iesecu;iesecu;C:\WINDOWS\system32\drivers\iesecu.sys [2004-06-06 14:13]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-03-21 09:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-03-19 00:21:13 C:\WINDOWS\Tasks\Antispyware Scheduled Scan.job"
- C:\Program Files\AntiSpywareApp\AntiSpyware.ex
- C:\Program Files\AntiSpywareApp
"2008-03-19 23:59:55 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-03-19 15:13:22 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-27 09:06:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

? [1696]
? [436]
scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\Mssedc.exe 64512 bytes executable
C:\WINDOWS\system32\Mssedcx.exe 131072 bytes executable
C:\WINDOWS\system32\drivers\iesecu.sys 16384 bytes executable

scan completed successfully
hidden files: 3

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msxfaxx]
"ImagePath"="C:\WINDOWS\system32\Mssedc.exe"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-03-27 9:09:48 - machine was rebooted [user]
ComboFix-quarantined-files.txt 2008-03-27 01:09:45



BC AdBot (Login to Remove)

 


m

#2 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:07:35 PM

Posted 26 March 2008 - 09:05 PM

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed.
The BC Staff

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users