Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus And Malware


  • This topic is locked This topic is locked
1 reply to this topic

#1 psusanafreitas

psusanafreitas

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 21 September 2008 - 11:30 AM

Hello,

Because of a torrent download I managed to put a virus in my computer.. The computer starts beeping when it is starting, and when I open the Mozilla Firefox or any kind of program, it automatically opens help windows ... maybe 50 or more windows at the time...

I have run the ComboFix in my computer and this is what it showed after:

ComboFix 08-09-20.05 - Paula Freitas 2008-09-21 17:06:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.508 [GMT 1:00]
Running from: C:\Documents and Settings\Paula Freitas\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-08-21 to 2008-09-21 )))))))))))))))))))))))))))))))
.

2008-09-21 16:05 . 2008-09-21 16:07 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-21 16:05 . 2008-09-21 16:05 <DIR> d-------- C:\Documents and Settings\Paula Freitas\Application Data\Malwarebytes
2008-09-21 16:05 . 2008-09-21 16:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-21 16:05 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-21 16:05 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-19 01:37 . 2008-09-19 01:37 <DIR> d-------- C:\Program Files\Red Kawa
2008-09-19 01:37 . 2008-09-19 01:37 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-09-19 01:23 . 2008-09-19 01:23 <DIR> d-------- C:\Documents and Settings\Paula Freitas\Application Data\AVS4YOU
2008-09-19 01:23 . 2008-09-19 01:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-09-19 01:19 . 2008-09-20 13:08 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-09-19 01:18 . 2008-09-20 13:08 <DIR> d-------- C:\Program Files\AVS4YOU
2008-09-19 01:18 . 2007-02-27 19:36 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll
2008-09-19 01:18 . 2007-02-27 19:36 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2008-09-19 01:18 . 2007-02-27 19:36 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2008-09-19 01:18 . 2007-02-27 19:36 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-09-18 00:03 . 2008-04-17 13:12 107,368 --a------ C:\WINDOWS\system32\GEARAspi.dll
2008-09-18 00:03 . 2008-04-17 13:12 15,464 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2008-09-18 00:02 . 2008-09-18 00:03 <DIR> d-------- C:\Program Files\iTunes
2008-09-18 00:02 . 2008-09-18 00:02 <DIR> d-------- C:\Program Files\iPod
2008-09-18 00:02 . 2008-09-18 00:02 <DIR> d-------- C:\Program Files\Bonjour
2008-09-18 00:02 . 2008-09-18 00:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-18 00:01 . 2008-09-10 16:45 32,000 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-09-16 08:23 . 2008-09-16 21:32 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-11 21:54 . 2008-09-18 03:04 <DIR> d-------- C:\Documents and Settings\Paula Freitas\Application Data\Apple Computer
2008-09-11 21:51 . 2008-09-11 21:51 <DIR> d-------- C:\Program Files\QuickTime
2008-09-11 21:51 . 2008-09-18 00:01 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-09-11 21:51 . 2008-09-18 00:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-11 21:50 . 2008-09-11 21:50 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-11 21:50 . 2008-09-11 21:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-09-08 00:45 . 2008-09-08 00:45 <DIR> d-------- C:\Documents and Settings\Paula Freitas\Application Data\Windows Search
2008-09-08 00:45 . 2008-09-08 00:45 <DIR> d-------- C:\Documents and Settings\Paula Freitas\Application Data\Windows Desktop Search
2008-09-07 17:50 . 2008-09-07 17:50 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-09-07 17:50 . 2008-09-07 17:50 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-09-07 17:49 . 2008-03-07 17:56 192,000 --------- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-09-07 17:49 . 2008-03-07 17:56 98,304 --------- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-09-07 17:49 . 2008-03-07 17:56 29,696 --------- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\WINDOWS\system32\dns-sd.exe
2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\WINDOWS\system32\dnssd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-21 16:05 1,204 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck
2008-09-21 16:05 1,204 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG
2008-09-21 16:04 281,744 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck
2008-09-21 16:04 281,744 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT
2008-09-21 16:01 13,880 ----a-w C:\WINDOWS\system32\drivers\COMFiltr.sys
2008-09-20 17:27 --------- d-----w C:\Documents and Settings\Paula Freitas\Application Data\Azureus
2008-09-11 00:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-07 16:38 --------- d-----w C:\Program Files\DivX
2008-09-07 11:45 --------- d-----w C:\Program Files\Windows Live
2008-08-25 19:43 264 ----a-w C:\WINDOWS\system32\drivers\wnmsav.dat
2008-07-25 00:08 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 21:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 21:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 588,288 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 20:06 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:06 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 17:12 295,936 ----a-w C:\WINDOWS\system32\wmpeffects.dll
2008-06-24 16:28 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:28 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 09:57 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:20 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:20 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-08 14:39 208 ----a-w C:\Documents and Settings\Paula Freitas\windws.exe
.

------- Sigcheck -------

2007-11-13 22:00 577536 7a540726ca75e1e988d56ab69925ba79 C:\WINDOWS\system32\user32.dll

2007-11-13 22:00 2223616 95e8b55443bd91dab5632924d2616a1e C:\WINDOWS\system32\ntkrnlpa.exe

2007-11-13 22:00 2346752 24fcd8fb0c6bd0e5f3b1203769948336 C:\WINDOWS\system32\ntoskrnl.exe

2007-11-13 22:00 1647616 3d8a3ba32663082a2256f0eb986c3025 C:\WINDOWS\explorer.exe

2007-11-13 22:00 40448 e00dfa816fa5521eb44c5d63109de2a9 C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2007-11-13 40448]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-19 65536]
"APVXDWIN"="C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" [2007-07-23 406832]
"SCANINICIO"="C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe" [2007-07-11 27952]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-09 6746112]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"FineReader7NewsReaderPro"="C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe" [2003-12-10 278528]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2007-11-13 C:\WINDOWS\system32\HDAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-04 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-11-13 40448]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-06-23 C:\WINDOWS\system32\advpack.dll]
"RunNarrator"="Narrator.exe" [2007-11-13 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\Paula Freitas\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-0000003D0002}\SC_Acrobat.exe [2008-03-16 25214]
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2007-02-15 21:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=acaptuser32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveSpace]
--a------ 2007-11-10 12:44 247949 C:\Program Files\Drive Space Indicator\DrvSpace.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 APPFLT;App Filter Plugin;C:\WINDOWS\system32\Drivers\APPFLT.SYS [2007-05-11 71736]
R1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\system32\Drivers\DSAFLT.SYS [2007-05-11 51256]
R1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\system32\Drivers\fnetmon.SYS [2007-05-11 22072]
R1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\system32\Drivers\IDSFLT.SYS [2007-07-11 191672]
R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\system32\Drivers\NETFLTDI.SYS [2007-05-11 10:33 132920]
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 38968]
R1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\system32\Drivers\SMSFLT.SYS [2007-05-11 37304]
R1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\system32\Drivers\WNMFLT.SYS [2007-05-11 30648]
R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys [2007-06-08 24760]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 178872]
R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys [ ]
R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\netimflt.sys [2007-04-24 142128]
R3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys [ ]
R3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WudfServiceGroup REG_SZ hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,00

*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Media Codec Update Service - C:\Program Files\Essentials Codec Pack\update.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Paula Freitas\Application Data\Mozilla\Firefox\Profiles\t7x7yzo6.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/ig
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\browser\nppdf32.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-21 17:10:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
"ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
"ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00"
.
Completion time: 2008-09-21 17:11:27
ComboFix-quarantined-files.txt 2008-09-21 16:11:22

Pre-Run: 23.511.076.864 bytes free
Post-Run: 24,336,736,256 bytes free

219 --- E O F --- 2008-09-11 00:33:50



I have no idea what to do next... can you help me?

Thanks

Susana

BC AdBot (Login to Remove)

 


#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:12:31 AM

Posted 21 September 2008 - 11:50 AM

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed.
The BC Staff
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users