Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Venting


  • Please log in to reply
1 reply to this topic

#1 Jove

Jove

  • Members
  • 2,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Very South Jersey
  • Local time:02:20 AM

Posted 03 October 2008 - 06:09 AM

Since I haven't ever posted an mbam log, I thought it may be a good idea, in the case, someone has advice I may be able to use.




Malwarebytes' Anti-Malware 1.27
Database version: 1127
Windows 5.1.2600 Service Pack 2

10/3/2008 6:52:07 AM
mbam-log-2008-10-03 (06-52-07).txt

Scan type: Quick Scan
Objects scanned: 38592
Time elapsed: 8 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 57
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 20

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{3d886211-c49a-11d5-a009-00805f930f29} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3d88621d-c49a-11d5-a009-00805f930f29} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3d88621e-c49a-11d5-a009-00805f930f29} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{38977f88-528e-4d6e-974b-d597b7b0f7bc} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5ca0531b-ec9c-488e-ba0b-78b261d9ccc5} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{382aab6f-20e5-4f2f-86b0-ae9154085de5} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f7d5370d-7e5e-4d5c-9937-9ae4b87cd915} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{6afb74a3-45d2-11d4-a1fc-00508b9d6305} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6afb74b1-45d2-11d4-a1fc-00508b9d6305} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{109f3bd2-5094-4c73-a322-876134784501} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8b525343-0e23-4ea8-9922-a25a5378dc62} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d55ba4f7-57de-4774-9db5-fb95bd9a25a0} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{de4d1c4f-cefb-4f6d-9983-27043a9af772} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{77e43d23-e54f-11d3-abfa-0008c7414d4e} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{77e43d2f-e54f-11d3-abfa-0008c7414d4e} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{77e43d30-e54f-11d3-abfa-0008c7414d4e} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{dcb5ce1d-bd7c-4c46-bf08-b3437f2bbe08} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{27e6c6b2-365c-408e-b7c9-c341b79cf0bd} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ad1f5ee-f01f-431d-8cab-ecb08704d338} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{4eed8325-24c6-11d4-8ce0-000897eda31f} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4eed8331-24c6-11d4-8ce0-000897eda31f} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4eed8332-24c6-11d4-8ce0-000897eda31f} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{b689de97-b981-4d5a-8569-7505a6d53b2f} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{460c6a04-6cbc-45cd-b86f-95a29678970b} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6d7df52a-9910-46d2-8a2e-839ef3b8a289} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e24976dc-5047-4bf4-98f8-872761c877a3} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e647baaa-5b04-4793-80fa-ecf0baf4e5cf} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d796619-aedc-40ff-b225-2824230b9ccb} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c6a96e83-f5af-4bd4-9bdd-7b18444f814f} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{2f5bcd63-dd3f-11d3-9ab2-00805f1a0adb} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{af562e0f-8b25-45a5-ac08-08dd7f37b230} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2f5bcd64-dd3f-11d3-9ab2-00805f1a0adb} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bb122ba4-ee7b-4aa1-a4cd-1422efaf31ed} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{9af6e7a1-d248-11d2-bfaa-00805f2392c0} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9af6e7ae-d248-11d2-bfaa-00805f2392c0} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{627d89ae-3487-11d3-abf9-00805f31a9f8} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{627d8976-3487-11d3-abf9-00805f31a9f8} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{050c9cc6-d858-11d2-abf8-00805f31a9f8} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{050c9cd4-d858-11d2-abf8-00805f31a9f8} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e8e6d23-85f4-4a7c-a2c0-7b33599bd2c6} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3669336d-51b1-43d9-961d-d2d17ff3b567} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{6ad8e434-e1f2-11d2-abf8-00805f31a9f8} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6ad8e441-e1f2-11d2-abf8-00805f31a9f8} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{18b19b61-24f4-11d4-abfc-0008c7414d4e} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{59ab1a8a-45e5-11d4-b0e1-0040d001c245} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{59ab1a8a-45e5-11d4-b0e1-0040d3840245} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{59ab1a8d-45e5-11d4-b0e1-0040d001c245} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{59ab1a90-45e5-11d4-b0e1-0040d001c245} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9af6e7ad-d248-11d2-bfaa-00805f2392c0} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{18b19b6e-24f4-11d4-abfc-0008c7414d4e} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{59ab1a8b-45e5-11d4-b0e1-0040d001c245} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{59ab1a8e-45e5-11d4-b0e1-0040d001c245} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{59ab1a91-45e5-11d4-b0e1-0040d001c245} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\secdrv (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\secdrv (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\secdrv (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\secdrv (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\srmclean (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\cpqs\scom (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

Files Infected:
C:\cpqs\scom\CpqCva.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\cpqs\scom\CpqStartMenu.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\cpqs\scom\CustomerRegInfo.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\cpqs\scom\EDID.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\cpqs\scom\Help.ico (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\cpqs\scom\Mailer.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\cpqs\scom\MemUsage.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\cpqs\scom\Migrate.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\cpqs\scom\ModemCheck.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\cpqs\scom\ModemQuery.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\cpqs\scom\ModemUtil.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\cpqs\scom\PCTSCOM.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\cpqs\scom\ScDmi.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\cpqs\scom\SCDrivers.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\cpqs\scom\SCInfoBom.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\cpqs\scom\Scom.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\cpqs\scom\SCOS.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\cpqs\scom\SCPartNumber.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\cpqs\scom\srmclean.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\secdrv.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

When you don't have to worry about your computer anymore, you can start
living again !

vrwqzc.gif
Success is a result, not a goal. . . . Flaubert


BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:02:20 AM

Posted 03 October 2008 - 09:37 AM

C:\WINDOWS\system32\drivers\secdrv.sys (Rootkit.Agent)


Update MBAM and scan again
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users