Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

COMPUTER RUNNING VERY SLOW WITH MALWARE (COMBOFIX LOG ATTACHED)


  • This topic is locked This topic is locked
2 replies to this topic

#1 Michael SBA

Michael SBA

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 23 June 2010 - 06:50 PM

Good day to all. My computer has been running very slow and internet pages are loading slow as well. I have some .exe programs running that cant be removed or stopped. Example Isass.exe,csrss.exe. I ran a combofix and the results are below. I would appreciate any help you can lend. recently my password was stolen and my email account was compromised and my sent folder was wiped out completely. All my contacts were send a link for a viagra ad. Also my computer says it has AVG running - but its not even installed on my computer, not in programs or in the task manager window as running as well.

Thank you for your help.

ComboFix 10-06-23.01 - Michael Lara 06/23/2010 18:23:27.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.442 [GMT -4:00]
Running from: c:\documents and settings\Michael Lara\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Michael Lara\g2mdlhlpx.exe
c:\documents and settings\Michael Lara\GoToAssistDownloadHelper.exe
c:\documents and settings\Michael Lara\Recent\Thumbs.db
c:\documents and settings\Michael Lara\x.exe
c:\windows\Fonts\usps4cb.ttf
c:\windows\system\msvbvm60.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\kill.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\xpsp1hfm.log

.
((((((((((((((((((((((((( Files Created from 2010-05-23 to 2010-06-23 )))))))))))))))))))))))))))))))
.

2010-06-23 21:52 . 2010-06-23 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Sprint
2010-06-23 21:47 . 2010-06-23 21:47 -------- d-----w- c:\windows\LastGood
2010-06-23 21:12 . 2010-06-23 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-06-23 19:56 . 2010-06-23 19:56 -------- d-----w- c:\documents and settings\Michael Lara\Local Settings\Application Data\PCHealth
2010-06-22 23:38 . 2010-06-22 23:42 -------- d-----w- c:\documents and settings\Michael Lara\Local Settings\Application Data\Adobe
2010-06-22 23:06 . 2010-06-22 23:06 104600 ----a-w- c:\documents and settings\Michael Lara\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-22 21:58 . 2010-06-22 21:58 -------- d-----w- c:\documents and settings\Michael Lara\Local Settings\Application Data\Intuit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-23 21:50 . 2010-01-23 17:35 -------- d-----w- c:\program files\Sierra Wireless
2010-06-23 21:50 . 2010-01-23 03:05 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-06-23 21:50 . 2008-03-18 22:43 -------- d-----w- c:\program files\Common Files\Motorola Shared
2010-06-23 21:41 . 2006-05-23 15:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-23 21:37 . 2008-05-14 16:07 -------- d-----w- c:\program files\FedEx
2010-06-23 21:36 . 2007-08-29 21:34 -------- d-----w- c:\documents and settings\Michael Lara\Application Data\InstallShield
2010-06-23 21:36 . 2006-11-13 16:08 -------- d-----w- c:\program files\ESPOnline
2010-06-23 21:35 . 2007-11-22 18:33 -------- d-----w- c:\program files\eMusic Download Manager
2010-06-23 21:02 . 2008-04-28 21:52 -------- d-----w- c:\program files\AVG
2010-06-23 20:55 . 2008-04-28 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-06-23 19:54 . 2006-10-14 11:42 -------- d-----w- c:\documents and settings\Michael Lara\Application Data\Wave Systems Corp
2010-06-22 23:50 . 2009-04-07 03:21 9473 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\qbbackup.sys
2010-06-22 23:35 . 2009-04-12 21:41 211720 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManagerPatch.exe
2010-06-22 23:35 . 2009-04-12 21:41 1352968 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManager.exe
2010-06-22 21:51 . 2010-01-23 03:29 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-06-22 21:50 . 2006-05-23 15:58 -------- d-----w- c:\program files\Roxio
2010-06-22 21:49 . 2006-05-23 15:58 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-06-22 21:04 . 2010-01-23 03:54 256 ----a-w- c:\windows\system32\pool.bin
2010-04-13 21:06 . 2010-04-13 21:06 284432 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2007-08-10 03:52 . 2007-08-10 03:52 202153977 -c--a-w- c:\program files\MS_FrontPage_2003.exe
2006-06-24 12:11 . 2006-06-24 12:11 52288 -c--a-w- c:\program files\MC
2007-04-25 02:25 . 2007-11-04 17:24 61475 -c--a-w- c:\program files\mozilla firefox\plugins\NCScnet.dll
2007-04-25 02:32 . 2007-11-04 17:24 1384482 -c--a-w- c:\program files\mozilla firefox\plugins\NCSEcw.dll
2007-04-25 02:24 . 2007-11-04 17:24 147491 -c--a-w- c:\program files\mozilla firefox\plugins\NCSUtil.dll
2007-07-04 19:40 . 2007-06-20 04:50 80 --sh--r- c:\windows\system32\257E13E0AD.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 18:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@BackupScheduler"="c:\program files\Online Backup\OnlineBackup.exe" [2007-08-16 611768]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-11-22 960528]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-11-22 165144]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2007-08-30 205480]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-12-22 1092872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-23 24576]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-23 19:36 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks US Plugin.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks US Plugin.lnk
backup=c:\windows\pss\QuickBooks US Plugin.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Michael Lara^Start Menu^Programs^Startup^Memeo AutoBackup Launcher.lnk]
path=c:\documents and settings\Michael Lara\Start Menu\Programs\Startup\Memeo AutoBackup Launcher.lnk
backup=c:\windows\pss\Memeo AutoBackup Launcher.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoToMeeting

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-09-11 04:43 67488 ----a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 07:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLPSP]
2005-10-06 04:00 126976 ----a-w- c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Document Manager]
2006-03-09 17:26 98304 ----a-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-10 01:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2008-11-04 06:44 435096 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2009-12-22 13:47 1092872 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-29 01:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
2007-08-31 19:13 988584 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-01-11 23:15 101136 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 05:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-11-04 21:50 185896 -c--a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2008-11-22 02:20 4352832 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [04/28/2008 5:53 PM 335240]
R3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\drivers\nwdelmdm.sys [05/23/2006 11:28 AM 77056]
R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\drivers\nwdelser.sys [05/23/2006 11:28 AM 77056]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [06/03/2006 3:52 PM 135168]
S2 QuickBooksDB18;QuickBooksDB18;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB18 --> c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB18 [?]
S3 CallerIP;Visualware CallerIP;c:\program files\CallerIP\cip-nt.exe --> c:\program files\CallerIP\cip-nt.exe [?]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [05/04/2009 1:13 PM 28672]
S3 MSSQL$WASPDB;MSSQL$WASPDB;c:\program files\Microsoft SQL Server\MSSQL$WASPDB\Binn\sqlservr.exe -sWASPDB --> c:\program files\Microsoft SQL Server\MSSQL$WASPDB\Binn\sqlservr.exe -sWASPDB [?]
S3 SQLAgent$WASPDB;SQLAgent$WASPDB;c:\program files\Microsoft SQL Server\MSSQL$WASPDB\Binn\sqlagent.EXE -i WASPDB --> c:\program files\Microsoft SQL Server\MSSQL$WASPDB\Binn\sqlagent.EXE -i WASPDB [?]
S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [06/27/2007 10:41 AM 101248]
S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [06/27/2007 10:42 AM 73856]
S4 QuickBooksDB17;QuickBooksDB17;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 --> c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 [?]
.
Contents of the 'Scheduled Tasks' folder

2010-01-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]

2010-06-23 c:\windows\Tasks\SDMsgUpdate (SD).job
- c:\program files\SmartDraw 2007\Messages\SDNotify.exe [2006-10-12 12:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = https://quickaccess.verizonwireless.com/qui...ZwSfOLXkst1Ug==
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Trusted Zone: mybrandango.com\mail
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2007\HelpAsyncPluggableProtocol.dll
DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - hxxp://www.networksolutionsemailpopwizard.com/TrueSwitchEC.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
HKLM-Run-AT&T Communication Manager - c:\program files\AT&T\Communication Manager\ATTCM.exe
HKLM-Run-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1012)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2010-06-23 18:39:17
ComboFix-quarantined-files.txt 2010-06-23 22:39

Pre-Run: 17,713,811,456 bytes free
Post-Run: 20,313,956,352 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - F5737DC7635594C71D8B6DEF3A4A57A7

Edited by Michael SBA, 23 June 2010 - 06:56 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:47 PM

Posted 28 June 2010 - 06:47 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:47 PM

Posted 04 July 2010 - 06:57 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users