Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

c://windows/explorer.exe Virus BDS/Small.iuj

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

c://windows/explorer.exe Virus BDS/Small.iuj

Unread postby puskaa » February 27th, 2010, 4:10 am

Platform: Windows XP SP2
Boot mode: Normal

ComboFix 10-02-26.02 - 27.02.2010 9:50.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.758 [GMT 2:00]
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\desktop.ini

.
((((((((((((((((((((((((( Files Created from 2010-01-27 to 2010-02-27 )))))))))))))))))))))))))))))))
.

2010-02-26 20:58 . 2010-02-26 20:58 -------- d-----w- c:\documents and settings\Pufix\Local Settings\Application Data\ACDSee
2010-02-26 20:58 . 2010-02-26 20:58 -------- d-----w- c:\documents and settings\Pufix\Application Data\ACD Systems
2010-02-26 20:53 . 2010-02-26 20:53 -------- d-----w- c:\documents and settings\Pufix\Local Settings\Application Data\Yahoo
2010-02-26 20:53 . 2010-02-26 20:53 -------- d-----w- c:\documents and settings\Pufix\Application Data\Yahoo!
2010-02-26 20:47 . 2010-02-26 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-02-26 20:47 . 2009-11-10 12:39 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2010-02-26 20:29 . 2010-02-27 06:52 -------- d-----w- c:\documents and settings\Pufix\Application Data\skypePM
2010-02-26 20:29 . 2010-02-26 20:29 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-02-26 20:26 . 2010-02-27 06:52 -------- d-----w- c:\documents and settings\Pufix\Application Data\Skype
2010-02-26 20:26 . 2010-02-26 20:26 -------- d-----w- c:\program files\Common Files\Skype
2010-02-26 20:26 . 2010-02-26 20:26 -------- d-----r- c:\program files\Skype
2010-02-26 20:26 . 2010-02-26 20:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-02-26 17:39 . 2008-03-21 11:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-02-26 17:39 . 2008-03-21 11:57 23856 ----a-w- c:\windows\system32\spupdsvc.exe
2010-02-26 17:38 . 2010-02-26 17:40 -------- d-----w- c:\documents and settings\Pufix\Application Data\Nokia
2010-02-26 17:38 . 2010-02-26 17:40 -------- d-----w- c:\documents and settings\Pufix\Application Data\PC Suite
2010-02-26 17:38 . 2010-02-26 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2010-02-26 17:37 . 2010-02-26 17:37 -------- d-----w- c:\program files\DIFX
2010-02-26 17:37 . 2008-08-26 07:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-02-26 17:37 . 2010-02-26 17:37 -------- d-----w- c:\program files\PC Connectivity Solution
2010-02-26 17:37 . 2010-02-26 20:29 -------- dc----w- c:\windows\system32\DRVSTORE
2010-02-26 17:37 . 2008-09-15 05:56 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-02-26 17:37 . 2010-02-26 20:30 -------- d-----w- c:\program files\Nokia
2010-02-26 15:33 . 2010-02-26 15:33 -------- d-----w- c:\documents and settings\Pufix\Local Settings\Application Data\Apple Computer
2010-02-26 15:15 . 2010-02-26 15:15 -------- d-----w- c:\documents and settings\Pufix\Local Settings\Application Data\Ahead
2010-02-26 15:13 . 2010-02-26 15:13 -------- d-----w- c:\documents and settings\Pufix\Application Data\Ahead
2010-02-26 15:10 . 2010-02-26 15:13 -------- d-----w- c:\program files\Common Files\Ahead
2010-02-26 15:10 . 2010-02-26 15:10 -------- d-----w- c:\program files\Nero
2010-02-26 15:05 . 2002-11-04 03:50 545 ----a-w- c:\windows\UC.PIF
2010-02-26 15:05 . 2002-11-04 03:50 545 ----a-w- c:\windows\RAR.PIF
2010-02-26 15:05 . 2002-11-04 03:50 545 ----a-w- c:\windows\PKZIP.PIF
2010-02-26 15:05 . 2002-11-04 03:50 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-02-26 15:05 . 2002-11-04 03:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-02-26 15:05 . 2002-11-04 03:50 545 ----a-w- c:\windows\LHA.PIF
2010-02-26 15:05 . 2002-11-04 03:50 545 ----a-w- c:\windows\ARJ.PIF
2010-02-26 15:05 . 2010-02-26 15:06 -------- d-----w- C:\totalcmd
2010-02-26 15:04 . 2010-02-26 15:05 -------- d-----w- c:\documents and settings\Pufix\Application Data\BSplayer Pro
2010-02-26 15:04 . 2010-02-26 15:04 -------- d-----w- c:\program files\Webteh
2010-02-26 15:03 . 2010-02-26 15:03 -------- d-----w- c:\program files\AC3Filter
2010-02-26 15:03 . 2010-02-26 15:03 -------- d-----w- c:\program files\Crystal Player
2010-02-26 15:03 . 2010-02-26 15:03 -------- d-----w- c:\program files\DivX
2010-02-26 15:02 . 2010-02-26 15:02 -------- d-----w- c:\program files\Xvid
2010-02-26 15:02 . 2010-02-26 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems
2010-02-26 15:02 . 2010-02-26 15:02 -------- d-----w- c:\program files\Common Files\ACD Systems
2010-02-26 15:02 . 2010-02-26 15:02 -------- d-----w- c:\program files\ACD Systems
2010-02-26 15:02 . 2009-05-01 18:52 33642704 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia PC Suit Nou.exe
2010-02-26 15:01 . 2010-02-26 15:01 -------- d-----w- c:\windows\Downloaded Installations
2010-02-26 15:01 . 2010-02-26 15:01 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstCCD.exe
2010-02-26 15:01 . 2010-02-26 15:01 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-02-26 15:01 . 2010-02-26 15:01 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCS.exe
2010-02-26 15:01 . 2010-02-26 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2010-02-26 15:01 . 2010-02-26 15:01 -------- d-----w- c:\program files\Alex's Software
2010-02-26 15:00 . 2010-02-26 15:00 -------- d-----w- c:\program files\oDC
2010-02-26 14:45 . 2010-02-26 17:21 404737 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.exe
2010-02-26 14:45 . 2009-04-09 08:20 79105 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updaterc.dll
2010-02-26 14:45 . 2009-02-27 09:59 8961 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updguirc.dll
2010-02-26 14:45 . 2009-02-24 11:16 117505 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updgui.dll
2010-02-26 14:45 . 2009-02-13 14:01 79105 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updext.dll
2010-02-26 14:45 . 2010-02-26 17:21 345345 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.dll
2010-02-26 14:45 . 2008-12-05 09:32 126721 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\scewxmlw.dll
2010-02-26 14:29 . 2010-02-26 17:23 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-26 14:29 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-26 14:29 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-02-26 14:29 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-02-26 14:29 . 2010-02-26 14:29 -------- d-----w- c:\program files\Avira
2010-02-26 14:29 . 2010-02-26 14:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-02-26 14:21 . 2010-02-26 20:47 -------- d-----w- c:\program files\Yahoo!
2010-02-26 14:09 . 2010-02-26 14:09 -------- d-----w- c:\windows\Sun
2010-02-26 14:08 . 2010-02-26 14:08 -------- d-----w- c:\program files\Common Files\Java
2010-02-26 14:05 . 2010-02-26 14:05 348160 ----a-w- c:\documents and settings\Pufix\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-17efd9f8-n\msvcr71.dll
2010-02-26 14:05 . 2010-02-26 14:05 503808 ----a-w- c:\documents and settings\Pufix\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-17efd9f8-n\msvcp71.dll
2010-02-26 14:05 . 2010-02-26 14:05 61440 ----a-w- c:\documents and settings\Pufix\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6d25dd9d-n\decora-sse.dll
2010-02-26 14:05 . 2010-02-26 14:05 499712 ----a-w- c:\documents and settings\Pufix\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-17efd9f8-n\jmc.dll
2010-02-26 14:05 . 2010-02-26 14:05 12800 ----a-w- c:\documents and settings\Pufix\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6d25dd9d-n\decora-d3d.dll
2010-02-26 14:03 . 2010-02-26 13:58 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-26 13:58 . 2010-02-26 13:58 -------- d-----w- c:\program files\Java
2010-02-26 12:41 . 2010-02-26 14:09 -------- d-----w- c:\documents and settings\Pufix\Application Data\foobar2000
2010-02-26 12:40 . 2010-02-26 12:41 -------- d-----w- c:\program files\foobar2000
2010-02-25 21:26 . 2010-02-25 21:26 -------- d-----w- c:\program files\Realtek Sound Manager
2010-02-25 21:26 . 2010-02-25 21:26 -------- d-----w- c:\program files\AvRack
2010-02-25 21:26 . 2002-11-21 07:07 765952 ----a-w- c:\windows\system\crlds3d.dll
2010-02-25 21:26 . 2002-08-27 08:23 720896 ----a-w- c:\windows\system32\Audio3D.dll
2010-02-25 21:26 . 2002-08-27 08:23 720896 ----a-w- c:\windows\system32\a3d.dll
2010-02-25 21:26 . 2003-08-14 15:16 404736 ----a-w- c:\windows\system32\drivers\ALCXSENS.SYS
2010-02-25 21:26 . 2003-08-15 07:53 462684 ----a-w- c:\windows\system32\drivers\ALCXWDM.SYS
2010-02-25 21:26 . 2003-08-15 07:34 57344 ----a-w- c:\windows\SOUNDMAN.EXE
2010-02-25 21:26 . 2003-07-03 04:54 208896 ------w- c:\windows\alcupd.exe
2010-02-25 21:26 . 2003-07-17 07:09 139264 ------w- c:\windows\alcrmv.exe
2010-02-25 21:25 . 2001-08-23 19:03 25434 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2010-02-25 21:25 . 2010-02-25 21:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-25 21:25 . 2010-02-25 21:25 -------- d-----w- c:\windows\OPTIONS
2010-02-25 21:25 . 2010-02-25 21:25 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-25 21:25 . 2010-02-25 21:25 -------- d-----w- c:\program files\Gigabyte
2010-02-25 21:24 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-02-25 21:23 . 2010-02-25 21:23 -------- d-----w- c:\documents and settings\Pufix\WINDOWS
2010-02-25 20:30 . 2010-02-25 20:31 -------- d-----w- c:\documents and settings\Pufix\Local Settings\Application Data\Adobe
2010-02-25 19:28 . 2010-02-26 14:25 -------- d-----w- c:\windows\system32\CatRoot_bak

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-26 17:39 . 2010-02-26 17:39 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-02-26 17:39 . 2010-02-26 17:39 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-02-26 16:53 . 2010-02-25 18:44 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-26 14:25 . 2010-02-25 17:14 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2010-02-26 14:25 . 2010-02-25 17:13 -------- d-----w- c:\program files\Common Files\BitDefender
2010-02-25 18:57 . 2010-02-25 18:57 0 ----a-w- c:\windows\nsreg.dat
2010-02-25 18:55 . 2010-02-25 18:55 15544 ----a-w- c:\documents and settings\Pufix\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-25 18:51 . 2010-02-25 18:51 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-02-25 18:47 . 2010-02-25 18:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-02-25 18:46 . 2010-02-25 18:46 -------- d-----w- c:\program files\QuickTime Alternative
2010-02-25 18:46 . 2010-02-25 18:46 107132 ----a-w- c:\windows\UninstallFirefox.exe
2010-02-25 18:46 . 2010-02-25 18:46 2293 ----a-w- c:\windows\mozver.dat
2010-02-25 18:46 . 2010-02-25 18:46 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-25 18:41 . 2010-02-25 18:41 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-25 18:40 . 2010-02-25 18:40 -------- d-----w- c:\program files\Unlocker
2010-02-25 18:36 . 2010-02-25 18:36 -------- d-----w- c:\program files\MSN Messenger
2010-02-25 17:14 . 2010-02-25 17:14 -------- d-----w- c:\program files\BitDefender
2010-02-25 17:12 . 2010-02-25 17:12 118375 ----a-w- c:\windows\system32\aaQj_-6n09kJ.exe
2010-02-25 17:09 . 2010-02-25 17:00 -------- d-----w- c:\documents and settings\Pufix\Application Data\uTorrent
2010-02-25 17:00 . 2010-02-25 17:00 -------- d-----w- c:\program files\uTorrent
2010-02-18 08:44 . 2010-02-18 08:44 1286144 ----a-w- c:\windows\system32\-M2T_P_8.dll
.

------- Sigcheck -------

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3qfe\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3gdr\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp2gdr\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp2qfe\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tcpip.sys
[-] 2006-01-13 . 2A4818AEA80ACD2C95D7D92D2F3155F8 . 360448 . . [5.1.2600.2688] . . c:\windows\system32\drivers\tcpip.sys

[-] 2009-08-04 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP3GDR\ntoskrnl.exe
[-] 2009-08-04 . D6B537A639D623ED85B73AF3E3BE4B94 . 2180352 . . [5.1.2600.3610] . . c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP2GDR\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP3QFE\ntoskrnl.exe
[-] 2009-08-04 . 8DF112C341425F29DB4566B8D2A96A7F . 2185984 . . [5.1.2600.3610] . . c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP2QFE\ntoskrnl.exe
[-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntoskrnl.exe
[-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntoskrnl.exe
[-] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntoskrnl.exe
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntoskrnl.exe
[-] 2006-01-13 . C3B84871DECE94E335B96FAFD756316C . 2187904 . . [5.1.2600.2765] . . c:\windows\system32\ntoskrnl.exe

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[-] 2006-01-13 . 2DEACA71A7FD77205F59D48D76B2F565 . 1075200 . . [6.00.2900.2649] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16341361-9a18-1e87-1078-b8797fa4aa16}]
2010-02-18 08:44 1286144 ----a-w- c:\windows\system32\-M2T_P_8.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-11 7311360]
"nwiz"="nwiz.exe" [2005-11-11 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-11-11 86016]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 57344]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnsc"="c:\windows\system32\msnsc.exe" [2006-01-13 62054]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-01-13 44544]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [26.02.2010 16:29 108289]
S3 EP320XR;SURECOM EP-320X-R 100/10M PCI Adapter NT Driver;c:\windows\system32\drivers\EP320XR.sys [25.02.2010 20:25 25434]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www3.iamwired.net/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: {80838ACB-BC30-4D47-AFBD-4EC44B6E999D} = 213.154.124.1 193.231.252.1
FF - ProfilePath - c:\documents and settings\Pufix\Application Data\Mozilla\Firefox\Profiles\42s1xl18.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff2.dll
FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff3.6.dll
FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff3.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{20bdcdcd-6a15-277e-4d2e-3851772714f7}\components\S-OfEEhbjq1.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-27 09:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-02-27 09:55:30
ComboFix-quarantined-files.txt 2010-02-27 07:55

Pre-Run: 11.438.690.304 bytes free
Post-Run: 11.995.836.416 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 8195015E36AE0FE6A48FAF08B492F04E

Is there a virus or a malicious content in this log file?

please help me
thx!
puskaa
Active Member
 
Posts: 1
Joined: February 27th, 2010, 3:45 am
Top
Advertisement
Register to Remove

Re: c://windows/explorer.exe Virus BDS/Small.iuj

Unread postby Gary R » February 27th, 2010, 11:41 am

May I draw your attention to THIS topic, which you should have read, and which tells you what we need you to post so that we can help you.

This thread will now be closed.

If you still need help, please start a new thread with:-
  • A HijackThis log.
  • An Uninstall list.
  • Details of the problems you're experiencing.

If for any reason you can't run HijackThis, please let us know in your post.

User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Top
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 533 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index