Thread: Spam emails being automatically sent
View Single Post
Old 12-06-2007, 06:39 PM   #6 (permalink)
dcards
Registered User
 
Join Date: Dec 2007
Posts: 15
OS: Windows XP


Re: Spam emails being automatically sent
Hi,

Here's the log from SUPERAntiSpyware and the ComboFix report is attached

SUPERAntiSpyware Scan Log
Generated 11/30/2007 at 10:18 PM

Application Version : 3.6.1000

Core Rules Database Version : 3190
Trace Rules Database Version: 1200

Scan type : Complete Scan
Total Scan Time : 01:36:00

Memory items scanned : 466
Memory threats detected : 0
Registry items scanned : 5655
Registry threats detected : 30
File items scanned : 91855
File threats detected : 261

Trojan.WinFixer
HKLM\Software\Classes\CLSID\{21CF5CE6-5893-4736-A676-03F471E513DC}
HKCR\CLSID\{21CF5CE6-5893-4736-A676-03F471E513DC}
HKCR\CLSID\{21CF5CE6-5893-4736-A676-03F471E513DC}\InprocServer32
HKCR\CLSID\{21CF5CE6-5893-4736-A676-03F471E513DC}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\DDCCY.DLL
HKLM\Software\Classes\CLSID\{87B3BE7D-0390-4C1F-A97F-03298AA74A8B}
HKCR\CLSID\{87B3BE7D-0390-4C1F-A97F-03298AA74A8B}
HKCR\CLSID\{87B3BE7D-0390-4C1F-A97F-03298AA74A8B}\InprocServer32
HKCR\CLSID\{87B3BE7D-0390-4C1F-A97F-03298AA74A8B}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{A302B865-326D-4BD2-A55A-1BC46CFEDA3B}
HKCR\CLSID\{A302B865-326D-4BD2-A55A-1BC46CFEDA3B}
HKCR\CLSID\{A302B865-326D-4BD2-A55A-1BC46CFEDA3B}\InprocServer32
HKCR\CLSID\{A302B865-326D-4BD2-A55A-1BC46CFEDA3B}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\SSQRQ.DLL

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{42452F52-EB5F-47CB-B6C7-07056A3C2A42}
HKCR\CLSID\{42452F52-EB5F-47CB-B6C7-07056A3C2A42}
HKCR\CLSID\{42452F52-EB5F-47CB-B6C7-07056A3C2A42}\InprocServer32
HKCR\CLSID\{42452F52-EB5F-47CB-B6C7-07056A3C2A42}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\PMNLM.DLL
HKLM\Software\Classes\CLSID\{9F96950C-C305-4B36-8F37-D15C339F4415}
HKCR\CLSID\{9F96950C-C305-4B36-8F37-D15C339F4415}
HKCR\CLSID\{9F96950C-C305-4B36-8F37-D15C339F4415}\InprocServer32
HKCR\CLSID\{9F96950C-C305-4B36-8F37-D15C339F4415}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\JKKJH.DLL
HKLM\Software\Classes\CLSID\{AEFC8277-09EE-43A9-BEC9-F737BAE20BFF}
HKCR\CLSID\{AEFC8277-09EE-43A9-BEC9-F737BAE20BFF}
HKCR\CLSID\{AEFC8277-09EE-43A9-BEC9-F737BAE20BFF}\InprocServer32
HKCR\CLSID\{AEFC8277-09EE-43A9-BEC9-F737BAE20BFF}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\GEEBB.DLL

Registry Cleaner Trial
HKCR\Install.Install
HKCR\Install.Install\CLSID
HKCR\Install.Install\CurVer
HKCR\Install.Install.1
HKCR\Install.Install.1\CLSID

Trojan.Unknown Origin
HKLM\SOFTWARE\Microsoft\MSSMGR

Trojan.Spam-RUCrzy
C:\CD1007.NLS
C:\CD1009.NLS
C:\CD1021.NLS
C:\CD1031.NLS
C:\CD1037.NLS
C:\CD1038.NLS
C:\CD1052.NLS
C:\CD1053.NLS
C:\CD1055.NLS
C:\CD1082.NLS
C:\CD1084.NLS
C:\CD1106.NLS
C:\CD1118.NLS
C:\CD1127.NLS
C:\CD1142.NLS
C:\CD1145.NLS
C:\CD1153.NLS
C:\CD1179.NLS
C:\CD1190.NLS
C:\CD1191.NLS
C:\CD1202.NLS
C:\CD1209.NLS
C:\CD1221.NLS
C:\CD1224.NLS
C:\CD1253.NLS
C:\CD1270.NLS
C:\CD1272.NLS
C:\CD1281.NLS
C:\CD1287.NLS
C:\CD1288.NLS
C:\CD1291.NLS
C:\CD1292.NLS
C:\CD1299.NLS
C:\CD1303.NLS
C:\CD1306.NLS
C:\CD1308.NLS
C:\CD1309.NLS
C:\CD1310.NLS
C:\CD1316.NLS
C:\CD1322.NLS
C:\CD1328.NLS
C:\CD1333.NLS
C:\CD1343.NLS
C:\CD1350.NLS
C:\CD1355.NLS
C:\CD1359.NLS
C:\CD1362.NLS
C:\CD1370.NLS
C:\CD1382.NLS
C:\CD1383.NLS
C:\CD1386.NLS
C:\CD1389.NLS
C:\CD1391.NLS
C:\CD1393.NLS
C:\CD1413.NLS
C:\CD1418.NLS
C:\CD1421.NLS
C:\CD1422.NLS
C:\CD1433.NLS
C:\CD1439.NLS
C:\CD1464.NLS
C:\CD1472.NLS
C:\CD1476.NLS
C:\CD1483.NLS
C:\CD1484.NLS
C:\CD1485.NLS
C:\CD1491.NLS
C:\CD1510.NLS
C:\CD1512.NLS
C:\CD1519.NLS
C:\CD1523.NLS
C:\CD1537.NLS
C:\CD1538.NLS
C:\CD1541.NLS
C:\CD1580.NLS
C:\CD1588.NLS
C:\CD1591.NLS
C:\CD1596.NLS
C:\CD1600.NLS
C:\CD1604.NLS
C:\CD1609.NLS
C:\CD1617.NLS
C:\CD1618.NLS
C:\CD1623.NLS
C:\CD1626.NLS
C:\CD1634.NLS
C:\CD1636.NLS
C:\CD1639.NLS
C:\CD1646.NLS
C:\CD1648.NLS
C:\CD1651.NLS
C:\CD1662.NLS
C:\CD1664.NLS
C:\CD1688.NLS
C:\CD1702.NLS
C:\CD1703.NLS
C:\CD1704.NLS
C:\CD1712.NLS
C:\CD1716.NLS
C:\CD1723.NLS
C:\CD1729.NLS
C:\CD1734.NLS
C:\CD1745.NLS
C:\CD1756.NLS
C:\CD1757.NLS
C:\CD1762.NLS
C:\CD1767.NLS
C:\CD1771.NLS
C:\CD1777.NLS
C:\CD1778.NLS
C:\CD1798.NLS
C:\CD1813.NLS
C:\CD1827.NLS
C:\CD1833.NLS
C:\CD1836.NLS
C:\CD1859.NLS
C:\CD1868.NLS
C:\CD1869.NLS
C:\CD1875.NLS
C:\CD1886.NLS
C:\CD1888.NLS
C:\CD1893.NLS
C:\CD1900.NLS
C:\CD1909.NLS
C:\CD1924.NLS
C:\CD1929.NLS
C:\CD1935.NLS
C:\CD1941.NLS
C:\CD1942.NLS
C:\CD1944.NLS
C:\CD1945.NLS
C:\CD1946.NLS
C:\CD1962.NLS
C:\CD1966.NLS
C:\CD1989.NLS
C:\CD1995.NLS
C:\CD2003.NLS
C:\CD2006.NLS
C:\CD2008.NLS
C:\CD2020.NLS
C:\CD2021.NLS
C:\CD2030.NLS
C:\CD2035.NLS
C:\CD2040.NLS
C:\CD2072.NLS
C:\CD2075.NLS
C:\CD2093.NLS
C:\CD2097.NLS
C:\CD2101.NLS
C:\CD2107.NLS
C:\CD2115.NLS
C:\CD2141.NLS
C:\CD2150.NLS
C:\CD2156.NLS
C:\CD2157.NLS
C:\CD2161.NLS
C:\CD2168.NLS
C:\CD2195.NLS
C:\CD2199.NLS
C:\CD2200.NLS
C:\CD2249.NLS
C:\CD2264.NLS
C:\CD2281.NLS
C:\CD2290.NLS
C:\CD2314.NLS
C:\CD2322.NLS
C:\CD2323.NLS
C:\CD2337.NLS
C:\CD2348.NLS
C:\CD2350.NLS
C:\CD2358.NLS
C:\CD2374.NLS
C:\CD2376.NLS
C:\CD2401.NLS
C:\CD2410.NLS
C:\CD2416.NLS
C:\CD2421.NLS
C:\CD2430.NLS
C:\CD2436.NLS
C:\CD2446.NLS
C:\CD2447.NLS
C:\CD2448.NLS
C:\CD2451.NLS
C:\CD2457.NLS
C:\CD2458.NLS
C:\CD2478.NLS
C:\CD2503.NLS
C:\CD2506.NLS
C:\CD2511.NLS
C:\CD2514.NLS
C:\CD2529.NLS
C:\CD2537.NLS
C:\CD2538.NLS
C:\CD2547.NLS
C:\CD2548.NLS
C:\CD2556.NLS
C:\CD2557.NLS
C:\CD2573.NLS
C:\CD2574.NLS
C:\CD2587.NLS
C:\CD2589.NLS
C:\CD2595.NLS
C:\CD2602.NLS
C:\CD2616.NLS
C:\CD2622.NLS
C:\CD2624.NLS
C:\CD2629.NLS
C:\CD2644.NLS
C:\CD2655.NLS
C:\CD2657.NLS
C:\CD2658.NLS
C:\CD2667.NLS
C:\CD2668.NLS
C:\CD2673.NLS
C:\CD2699.NLS
C:\CD2705.NLS
C:\CD2711.NLS
C:\CD2718.NLS
C:\CD2726.NLS
C:\CD2728.NLS
C:\CD2741.NLS
C:\CD2753.NLS
C:\CD2758.NLS
C:\CD2788.NLS
C:\CD2796.NLS
C:\CD2805.NLS
C:\CD2807.NLS
C:\CD2811.NLS
C:\CD2815.NLS
C:\CD2829.NLS
C:\CD2840.NLS
C:\CD2842.NLS
C:\CD2844.NLS
C:\CD2861.NLS
C:\CD2869.NLS
C:\CD2881.NLS
C:\CD2890.NLS
C:\CD2892.NLS
C:\CD2894.NLS
C:\CD2895.NLS
C:\CD2902.NLS
C:\CD2912.NLS
C:\CD2930.NLS
C:\CD2931.NLS
C:\CD2938.NLS
C:\CD2942.NLS
C:\CD2954.NLS
C:\CD2958.NLS
C:\CD2961.NLS
C:\CD2966.NLS
C:\CD2977.NLS
C:\CD2986.NLS
C:\CD2998.NLS
C:\CD2999.NLS

Trojan.Downloader-CounterMeasures
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\G1LONXSQ\MUN1_26_11_070[1].EXE

Unclassified.Unknown Origin/System
C:\WINDOWS\SYSTEM32\PMKJK.DLL
Attached Files
File Type: txt ComboFix.txt (8.9 KB, 2 views)
dcards is offline