Tech Support Forum banner
Status
Not open for further replies.
1 - 1 of 1 Posts

·
Registered
Joined
·
2 Posts
Discussion Starter · #1 ·
I have this problem With CsrssC

i have finish using Combofix and here is the log file:

ComboFix 08-12-20.05 - Administrator 2008-12-21 13:39:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.255 [GMT -5:00]
Running from: c:\docume~1\ADMINI~1\LOCALS~1\Temp\WPDNSE\TCNAND0\132342.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\gadcom
c:\documents and settings\Administrator\Application Data\gadcom\gadcom.exe
c:\documents and settings\Administrator\Application Data\gadcom\gadcom.exe3p1
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\INSTALL.LOG
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\befNonmp.ini
c:\windows\system32\befNonmp.ini2
c:\windows\system32\bnincyqt.ini
c:\windows\system32\drivers\TDSSmhoe.sys
c:\windows\system32\dwafisea.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\pmnoNfeb.dll
c:\windows\system32\prunnet.exe
c:\windows\system32\qfiyrd.dll
c:\windows\system32\TDSScrxx.dll
c:\windows\system32\TDSSehys.log
c:\windows\system32\TDSSitpe.dat
c:\windows\system32\TDSSncur.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSoitu.dll
c:\windows\system32\TDSSqxgx.dll
c:\windows\system32\TDSSsahc.dll
c:\windows\system32\TDSSwkod.log
c:\windows\system32\TDSSyavu.dll
c:\windows\system32\tqycninb.dll
c:\windows\system32\tyshb36rfjdf.dll

----- BITS: Possible infected sites -----

hxxp://childhe.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((( Files Created from 2008-11-21 to 2008-12-21 )))))))))))))))))))))))))))))))
.

2008-12-20 23:24 . 2008-12-20 23:24 95 --a------ c:\windows\wininit.ini
2008-12-20 22:57 . 2008-12-20 22:57 57,856 --a------ c:\windows\system32\nnnnLccA.dll
2008-12-20 22:50 . 2008-12-20 22:50 57,856 --a------ c:\windows\system32\iifddbyY.dll
2008-12-20 22:42 . 2008-12-20 22:42 45,056 --a------ c:\windows\system32\awtsTJAT.dll
2008-12-18 07:39 . 2008-12-21 13:45 13,030 --a------ C:\PDOXUSRS.NET
2008-12-16 18:20 . 2008-12-16 18:20 <DIR> d-------- c:\program files\Borland
2008-12-16 18:19 . 1997-07-16 23:54 133,904 --a------ c:\windows\system32\mfcans32.dll
2008-12-16 18:19 . 1997-07-16 23:54 108,032 --a------ c:\windows\system32\mfcuia32.dll
2008-12-16 18:18 . 2008-12-16 18:21 <DIR> d-------- c:\windows\COREL
2008-12-16 18:18 . 2008-12-16 18:18 <DIR> d-------- c:\program files\Corel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-21 17:19 --------- d-----w c:\documents and settings\Administrator\Application Data\AVG7
2008-12-17 17:52 --------- d-----w c:\documents and settings\Administrator\Application Data\Canon
2008-12-02 19:36 --------- d-----w c:\program files\Java
2008-12-02 18:05 --------- d-----w c:\documents and settings\All Users\Application Data\avg7
2008-11-08 20:32 --------- d-----w c:\program files\WiFiConnector
2008-11-06 12:20 --------- d-----w c:\documents and settings\Administrator\Application Data\LimeWire
2008-11-01 23:31 30 ----a-w c:\documents and settings\Administrator\jagex_runescape_preferences.dat
2008-10-27 11:00 --------- d-----w c:\program files\Common Files\INCA Shared
2008-10-26 12:08 --------- d-----w c:\program files\Canon
2008-10-26 12:07 --------- d-----w c:\documents and settings\All Users\Application Data\ZoomBrowser
2008-10-26 12:05 --------- d-----w c:\program files\Common Files\Canon
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2007-10-26 05:47 66,408 -c--a-w c:\program files\mozilla firefox\components\jar50.dll
2007-10-26 05:47 54,112 -c--a-w c:\program files\mozilla firefox\components\jsd3250.dll
2007-10-26 05:47 34,688 -c--a-w c:\program files\mozilla firefox\components\myspell.dll
2007-10-26 05:47 46,456 -c--a-w c:\program files\mozilla firefox\components\spellchk.dll
2007-10-26 05:47 171,880 -c--a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-22 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-17 590848]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
"Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-04-24 219136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Corel Family & Friends Reminders.LNK - c:\program files\Corel\Print House Magic Deluxe\cffrem.exe [2008-12-16 666112]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-11 73728]
Run Registration Tool.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2008-11-08 1175552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=qfiyrd.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=

.
Contents of the 'Scheduled Tasks' folder

2008-12-21 c:\windows\Tasks\booffmny.job
- c:\windows\system32\rundll32.exe [2008-04-13 19:12]
.
- - - - ORPHANS REMOVED - - - -

BHO-{1D348002-250B-4640-95B3-ECC72DD1E05C} - c:\windows\system32\pmnoNfeb.dll
BHO-{D5BF49A2-94F1-42BD-F434-3604812C807D} - c:\windows\system32\tyshb36rfjdf.dll
HKCU-Run-prunnet - c:\windows\system32\prunnet.exe
HKLM-Run-prunnet - c:\windows\system32\prunnet.exe
SharedTaskScheduler-{D5BF49A2-94F1-42BD-F434-3604812C807D} - c:\windows\system32\tyshb36rfjdf.dll
ShellExecuteHooks-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\mlJAropQ.dll
Notify-mlJAropQ - mlJAropQ.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-21 13:45:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WudfHost.exe
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\progra~1\Grisoft\AVG7\avgemc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\ntvdm.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\system32\HPZipm12.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Completion time: 2008-12-21 13:49:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-21 18:49:30

Pre-Run: 19,364,675,584 bytes free
Post-Run: 20,082,892,800 bytes free

182 --- E O F --- 2008-12-18 08:00:50

so what should i do now?:pray:
 
1 - 1 of 1 Posts
Status
Not open for further replies.
Top