Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware


  • This topic is locked This topic is locked
1 reply to this topic

#1 somayajula

somayajula

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 08 October 2008 - 07:48 AM

ComboFix 08-10-07.06 - Mouli Somayajula 2008-10-08 6:32:45.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1331 [GMT -5:00]
Running from: C:\Downloads\ComboFix.exe
Command switches used :: C:\Downloads\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\INSTALL.LOG
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\cmd.com
K:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_R_SERVER
-------\Service_r_server


((((((((((((((((((((((((( Files Created from 2008-09-08 to 2008-10-08 )))))))))))))))))))))))))))))))
.

2008-10-08 06:32 . 2008-10-08 06:32 <DIR> d-------- C:\quarantine
2008-10-07 22:27 . 2008-10-07 22:27 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-07 22:27 . 2008-10-07 22:27 <DIR> d-------- C:\Documents and Settings\Mouli Somayajula\Application Data\Malwarebytes
2008-10-07 22:27 . 2008-10-07 22:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-07 22:27 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-07 22:27 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-07 22:24 . 2008-10-07 22:24 <DIR> d-------- C:\Documents and Settings\Mouli Somayajula\Application Data\COMCASTTOOLBAR
2008-10-07 22:23 . 2008-10-07 22:23 <DIR> d-------- C:\Documents and Settings\Mouli Somayajula\Application Data\Teleca
2008-10-07 22:20 . 2008-10-07 22:20 <DIR> d-------- C:\Documents and Settings\Mouli Somayajula
2008-10-07 09:10 . 2008-10-07 09:10 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-07 04:33 . 2000-07-10 20:06 90,112 -rahs---- C:\WINDOWS\system32\drivers\admdll.dll
2008-10-07 04:33 . 2006-07-28 11:20 65,024 --a------ C:\WINDOWS\system32\drivers\sc.exe
2008-10-07 04:33 . 2000-07-08 14:29 29,408 -rahs---- C:\WINDOWS\system32\drivers\raddrv.dll
2008-10-07 03:43 . 2008-10-07 03:43 641,024 ---hs---- C:\WINDOWS\system32\_sysprotect.sos
2008-10-07 00:17 . 2008-10-07 00:17 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-07 00:17 . 2008-10-07 00:17 1,409 --a------ C:\WINDOWS\QTFont.for
2008-10-04 21:18 . 2008-02-22 18:10 10,752 --a------ C:\WINDOWS\system32\drivers\urfltw2k.sys
2008-10-04 21:16 . 2008-10-04 21:16 <DIR> d-------- C:\Program Files\F5
2008-10-04 21:14 . 2008-10-04 21:14 <DIR> d-------- C:\sslvpn
2008-10-03 20:44 . 2008-10-03 20:44 81 --a------ C:\WINDOWS\system32\sywdds.bat
2008-10-03 20:44 . 2008-10-03 20:44 62 --a------ C:\WINDOWS\system32\fddes.sys
2008-10-01 12:24 . 2008-10-06 19:46 101 --a------ C:\WINDOWS\system32\system1.bat
2008-10-01 12:24 . 2008-10-06 19:46 79 --a------ C:\WINDOWS\system32\dboy.bat
2008-10-01 12:24 . 2008-10-06 19:46 78 --a------ C:\WINDOWS\system32\dboy1.sys
2008-10-01 12:24 . 2008-10-06 19:46 78 --a------ C:\WINDOWS\system32\dboy.sys
2008-09-25 10:59 . 2008-09-25 10:59 1 --a------ C:\WINDOWS\system32\000530d2.ini
2008-09-23 15:02 . 2008-10-06 08:27 <DIR> d-------- C:\WINDOWS\system32\Brand
2008-09-23 15:01 . 2008-10-06 08:27 <DIR> d-------- C:\WINDOWS\system32\Jay
2008-09-23 03:10 . 2008-10-06 21:09 81 --a------ C:\WINDOWS\system32\sysme.bat
2008-09-23 03:10 . 2008-10-06 21:09 61 --a------ C:\WINDOWS\system32\tencent.sys
2008-09-22 19:43 . 2008-09-22 19:43 <DIR> d-------- C:\Program Files\Any Video Converter
2008-09-22 09:08 . 2008-09-28 21:57 937 --a------ C:\WINDOWS\Active Setup Log.BAK
2008-09-21 23:57 . 2008-09-21 23:57 <DIR> d-------- C:\Program Files\mozilla.org
2008-09-21 23:57 . 2008-09-21 23:57 118,784 --a------ C:\WINDOWS\SeaMonkeyUninstall.exe
2008-09-21 23:57 . 2008-09-21 23:57 118,784 --a------ C:\WINDOWS\GREUninstall.exe
2008-09-21 23:57 . 2008-09-21 23:57 335 --a------ C:\WINDOWS\nsreg.dat
2008-09-21 12:39 . 2004-08-04 07:00 81,920 --a------ C:\WINDOWS\system32\ieencode.dll
2008-09-21 12:39 . 2004-08-04 07:00 81,920 --a------ C:\WINDOWS\system32\dllcache\ieencode.dll
2008-09-21 12:13 . 2008-09-21 12:13 <DIR> d-------- C:\Program Files\Zealot Software
2008-09-21 11:56 . 2008-09-21 11:56 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-09-16 23:37 . 2008-09-16 23:37 <DIR> d-------- C:\Program Files\ActiveState Komodo Edit 4
2008-09-16 19:51 . 2008-09-16 19:51 <DIR> d-------- C:\WINDOWS\system32\Visual Studio 2005Templates
2008-09-16 19:51 . 2008-09-16 19:51 <DIR> d-------- C:\WINDOWS\system32\Visual Studio 2005Projects
2008-09-16 19:51 . 2008-09-16 19:51 <DIR> d-------- C:\WINDOWS\system32\Visual Studio 2005
2008-09-16 02:57 . 2008-09-16 02:57 <DIR> d---s---- C:\Documents and Settings\LocalService\UserData
2008-09-14 13:47 . 2008-09-14 13:47 <DIR> d-------- C:\Program Files\Common Files\Quest Shared
2008-09-09 22:53 . 2008-09-09 22:53 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-09-08 23:31 . 2008-09-08 23:31 138 --a------ C:\WINDOWS\system32\3de38566-3880-457b-ade1-1bc9af390eb1.4.lrf
2008-09-08 22:55 . 2008-09-08 22:55 58 --a------ C:\WINDOWS\my.ini
2008-09-08 22:33 . 2008-10-08 06:30 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\COMCASTTOOLBAR
2008-09-08 18:44 . 2008-09-08 18:44 <DIR> d-------- C:\WINDOWS\system32\Sammi
2008-09-08 18:44 . 2008-09-08 18:44 <DIR> d-------- C:\WINDOWS\system32\City

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-08 05:00 --------- d-----w C:\Program Files\LogMeIn
2008-10-08 03:20 2,634 ----a-w C:\WINDOWS\system32\drivers\CCProxy.ini
2008-10-07 13:43 --------- d-----w C:\Program Files\Google
2008-10-07 04:08 --------- d-----w C:\Program Files\Oracle
2008-10-07 04:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-07 04:04 --------- d-----w C:\Program Files\DivX
2008-09-29 03:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-29 03:10 --------- d-----w C:\Program Files\Polycom
2008-09-29 03:10 --------- d-----w C:\Program Files\CyberLink
2008-09-29 03:07 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-09-29 03:02 --------- d-----w C:\Program Files\Acro Software
2008-09-29 03:01 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-09-29 02:57 --------- d-----w C:\Documents and Settings\rsomayajula\Application Data\OpenOffice.org2
2008-09-24 00:59 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-09-22 04:06 --------- d-----w C:\Program Files\Yahoo!
2008-09-21 17:06 --------- d-----w C:\Program Files\Trillian
2008-09-21 17:05 --------- d-----w C:\Program Files\Photobie
2008-09-21 04:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-09-14 18:47 --------- d-----w C:\Program Files\Quest Software
2008-09-09 03:12 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\COMCASTTOOLBAR
2008-09-06 16:53 673,925 ----a-w C:\WINDOWS\system32\drivers\cc.exe
2008-08-16 19:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Comcast
2008-08-16 14:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-08-16 14:58 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-08-16 14:58 --------- d-----w C:\Program Files\Comcast
2000-07-11 01:06 90,112 --sha-r C:\WINDOWS\system32\drivers\admdll.dll
2000-07-08 19:29 29,408 --sha-r C:\WINDOWS\system32\drivers\raddrv.dll
.

------- Sigcheck -------

2004-08-04 07:00 14336 8420eb856f8500899b4ad7fad74e4be2 C:\WINDOWS\system32\svchost.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-16 7323648]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" [2004-08-18 94208]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-07 180269]
"PP8 SE Reminder"="C:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" [2002-10-28 57344]
"SetDefPrt"="C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe" [2003-07-03 45056]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-12 282624]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"Samsung PanelMgr"="C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe" [2006-02-14 507904]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-09-12 63048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-12-05 114688]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 C:\WINDOWS\stsystra.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Program Neighborhood Agent.lnk - C:\Program Files\Citrix\ICA Client\pnagent.exe [2005-04-04 233744]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2007-04-07 69632]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"StartMenuLogOff"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2007-10-18 21:47 75064 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll
"msacm.PLCMg722"= PLCMg722.acm
"msacm.PLCMg728"= PLCMg728.acm
"msacm.PLCMg729A"= PLCMg729A.acm
"msacm.PLCMsiren"= PLCMsiren.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartUI.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SmartUI.lnk
backup=C:\WINDOWS\pss\SmartUI.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2002-08-12 10:07 36864 C:\Program Files\Scansoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2002-08-12 09:33 45108 C:\Program Files\Scansoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-05-30 18:34 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BlazeFtp\\BlazeFtp.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\JAlbum7.2\\JAlbumWin.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\xampp\\apache\\bin\\apache.exe"=
"C:\\xampp\\mysql\\bin\\mysqld.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 sonypvl3;sonypvl3;C:\WINDOWS\system32\drivers\sonypvl3.sys [2004-09-22 18110]
R1 sonypvf3;sonypvf3;C:\WINDOWS\system32\drivers\sonypvf3.sys [2004-11-15 619390]
R1 sonypvt3;sonypvt3;C:\WINDOWS\system32\drivers\sonypvt3.sys [2004-12-06 423454]
R2 Apache2.2;Apache2.2;C:\xampp\apache\bin\apache.exe [2008-06-14 17408]
R2 cpextender;Check Point SSL Network Extender;C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe [2005-08-31 270432]
R2 IPv6Up;TCP/IP v6 Updates;c:\windows\system32\dllcache\1024\101\sams.exe [2008-09-05 889344]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-09-12 12992]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-09-12 46112]
R3 urvpndrv;F5 Networks VPN Adapter;C:\WINDOWS\system32\DRIVERS\urvpndrv.sys [2008-02-22 27008]
R3 VNA;Check Point Virtual Network Adapter;C:\WINDOWS\system32\DRIVERS\vna.sys [2005-08-31 108400]
S1 sonypvd3;Sony DVD Handycam;C:\WINDOWS\system32\DRIVERS\sonypvd3.sys [2004-12-07 64964]
S2 Connection Wizard;Connection Wizard;C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 DRservice;Windows Management Instrumentation Drivers;C:\WINDOWS\system32\drivers\svchost.exe [ ]
S2 Internet Angent;IIS Angent;C:\WINDOWS\system32\drivers\winlogon.exe [ ]
S2 SQLAgentService;MSSQLAgent Service;C:\WINDOWS\system32\MSSQLAgent.exe [2008-09-06 492544]
S2 windows system protection;windows system protection;C:\Program Files\Common Files\Microsoft Shared\MSINFO\sysprotect.sos [2008-10-07 641024]
S3 brfilt;Brother MFC Filter Driver;C:\WINDOWS\system32\Drivers\Brfilt.sys [2001-08-17 2944]
S3 BrSerWDM;Brother WDM Serial driver;C:\WINDOWS\system32\Drivers\BrSerWdm.sys [2003-03-14 61952]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\WINDOWS\system32\Drivers\BrUsbMdm.sys [2001-08-17 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;C:\WINDOWS\system32\Drivers\BrUsbScn.sys [2001-08-17 10368]
S3 ColdFusion 8 .NET Service;ColdFusion 8 .NET Service;C:\ColdFusion8\jnbridge\CF8DotNetsvc.exe [2007-10-11 77824]
S3 ColdFusion 8 Application Server;ColdFusion 8 Application Server;C:\ColdFusion8\runtime\bin\jrunsvc.exe [2007-07-11 65536]
S3 ColdFusion 8 ODBC Agent;ColdFusion 8 ODBC Agent;C:\ColdFusion8\db\slserver54\bin\swagent.exe ColdFusion 8 ODBC Agent [ ]
S3 ColdFusion 8 ODBC Server;ColdFusion 8 ODBC Server;C:\ColdFusion8\db\slserver54\bin\swstrtr.exe ColdFusion 8 ODBC Server [ ]
S3 ColdFusion 8 Search Server;ColdFusion 8 Search Server;C:\ColdFusion8\verity\k2\_nti40\bin\k2admin.exe -cfg C:\ColdFusion8\verity\k2\common\verity.cfg [ ]
S3 ColdFusion MX 7 Application Server;ColdFusion MX 7 Application Server;C:\CFusionMX7\runtime\bin\jrunsvc.exe [2005-01-24 61440]
S3 ColdFusion MX 7 ODBC Agent;ColdFusion MX 7 ODBC Agent;C:\CFusionMX7\db\slserver54\bin\swagent.exe ColdFusion MX 7 ODBC Agent [ ]
S3 ColdFusion MX 7 ODBC Server;ColdFusion MX 7 ODBC Server;C:\CFusionMX7\db\slserver54\bin\swstrtr.exe ColdFusion MX 7 ODBC Server [ ]
S3 ColdFusion MX 7 Search Server;ColdFusion MX 7 Search Server;C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe -cfg C:\CFusionMX7\verity\k2\common\verity.cfg [ ]
S3 f5ipfw;F5 Networks StoneWall Filter;C:\WINDOWS\system32\drivers\urfltw2k.sys [2008-02-22 10752]
S3 SM_sugo3_FUService;sugo3 Status Monitor Service;C:\Program Files\Samsung\Samsung ML-2510 Series\SPanel\ssmsrvc /Service [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
fyesaq REG_MULTI_SZ fyesaq

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Connection Wizard

*Newly Created Service* - ENTDRV51
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-googletalk - C:\Program Files\Google\Google Talk\googletalk.exe


.
------- Supplementary Scan -------
.
R0 -: HKLM-Main,Window Title = Windows Internet Explorer provided by Comcast

O16 -: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
C:\WINDOWS\Downloaded Program Files\OSD7C4D.OSD
C:\WINDOWS\Downloaded Program Files\WBEtoolsAX.dll

O16 -: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} - hxxps://webvpn.usps.gov/+CSCOL+/relayp.cab
C:\WINDOWS\Downloaded Program Files\RelayP.inf
C:\WINDOWS\Downloaded Program Files\Relay.dll
C:\WINDOWS\Downloaded Program Files\RelayP.ocx

O16 -: {705EC6D4-B138-4079-A307-EF13E4889A82} - hxxps://webvpn.usps.gov/CACHE/sdesktop/install/binaries/instweb.cab
C:\WINDOWS\Downloaded Program Files\CSDWebInstaller.inf
C:\WINDOWS\Downloaded Program Files\CSDWebInstaller.ocx

O16 -: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxps://communikatun.mpl.katun.com/sre/ICSScanner.cab
C:\WINDOWS\Downloaded Program Files\ICSScanner.inf
C:\WINDOWS\system32\atl.dll
C:\WINDOWS\Downloaded Program Files\ICSScan.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-08 06:48:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SM_sugo3_FUService]
"ImagePath"="\"C:\Program Files\Samsung\Samsung ML-2510 Series\SPanel\ssmsrvc /Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\windows system protection]
"ImagePath"="C:\Program Files\Common Files\Microsoft Shared\MSINFO\sysprotect.sos"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\Crypserv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\LogMeIn\x86\ramaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\MICROS~4\MSSQL\Binn\sqlservr.exe
C:\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~4\MSSQL\Binn\sqlagent.exe
C:\WINDOWS\system32\calc.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Completion time: 2008-10-08 6:52:34 - machine was rebooted [Mouli Somayajula]
ComboFix-quarantined-files.txt 2008-10-08 11:52:30

Pre-Run: 50,936,582,144 bytes free
Post-Run: 51,652,214,784 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

286 --- E O F --- 2008-08-15 08:01:05

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:01:11 PM

Posted 08 October 2008 - 08:19 AM

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results. Post these in our Am I Infected forum:
http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed.
The BC Staff

Edited by garmanma, 08 October 2008 - 08:22 AM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users