Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix.exe Log Please Have A Look


  • This topic is locked This topic is locked
5 replies to this topic

#1 eleftheria

eleftheria

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 24 July 2008 - 05:10 PM

ComboFix 08-07-24.1 - Administrator 2008-07-25 0:37:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1253.1.1033.18.375 [GMT 3:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\brftlwxp.dll
C:\WINDOWS\system32\efcCtqro.dll
C:\WINDOWS\system32\efuugd.dll
C:\WINDOWS\system32\ercxqv.dll
C:\WINDOWS\system32\ftgialje.dll
C:\WINDOWS\system32\ghxxkymm.dll
C:\WINDOWS\system32\hsamswcu.dll
C:\WINDOWS\system32\jewwtooy.ini
C:\WINDOWS\system32\jkkICvWO.dll
C:\WINDOWS\system32\jtlmefos.ini
C:\WINDOWS\system32\kddaho.dll
C:\WINDOWS\system32\khngvabm.ini
C:\WINDOWS\system32\ldpackage.dll
C:\WINDOWS\system32\lencyuum.ini
C:\WINDOWS\system32\lxmpdjyj.ini
C:\WINDOWS\system32\lyiptmin.ini
C:\WINDOWS\system32\mbdnnbai.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\model.dat
C:\WINDOWS\system32\opnklkkk.dll
C:\WINDOWS\system32\OWvCIkkj.ini
C:\WINDOWS\system32\OWvCIkkj.ini2
C:\WINDOWS\system32\plppslrv.dll
C:\WINDOWS\system32\silc_dll.dll
C:\WINDOWS\system32\sjlxst.dll
C:\WINDOWS\system32\ssqPhGww.dll
C:\WINDOWS\sy stem32\uljgnuad.ini
C:\WINDOWS\system32\ullcig.dll
C:\WINDOWS\system32\wvUlihiG.dll
C:\WINDOWS\system32\wylmqv.dll
C:\WINDOWS\system32\xmqykpkp.dll
C:\WINDOWS\system32\yxntdb.dll
.
((((((((((((((((((((((((( Files Created from 2008-06-24 to 2008-07-24 )))))))))))))))))))))))))))))))
.
2008-07-25 00:46 . 2008-07-25 00:46 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-07-25 00:46 . 2008-07-25 00:46 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-07-23 21:18 . 2008-07-23 21:18 94,848 --a------ C:\WINDOWS\system32\muuycnel.dll
2008-07-10 15:05 . 2008-07-10 15:05 268 --ah----- C:\sqmdata15.sqm
2008-07-10 15:05 . 2008-07-10 15:05 244 --ah----- C:\sqmnoopt15.sqm
2008-07-08 16:15 . 2008-07-08 16:15 268 --ah----- C:\sqmdata14.sqm
2008-07-08 16:15 . 2008-07-08 16:15 244 --ah----- C:\sqmnoopt14.sqm
2008-07-07 19:07 . 2008-07-07 19:07 268 --ah----- C:\sqmdata13.sqm
2008-07-07 19:07 . 2008-07-07 19:07 244 --ah----- C:\sqmnoopt13.sqm
2008-07-07 01:45 . 2008-07-07 01:45 268 --ah----- C:\sqmdata12.sqm
2008-07-07 01:45 . 2008-07-07 01:45 244 --ah----- C:\sqmnoopt12.sqm
2008-07-06 18:17 . 2008-07-06 18:17 268 --ah----- C:\sqmdata11.sqm
2008-07-06 18:17 . 2008-07-06 18:17 244 --ah----- C:\sqmnoopt11.sqm
2008-07-06 01:39 . 2008-07-06 01:39 268 --ah----- C:\sqmdata10.sqm
2008-07-06 01:39 . 2008-07-06 01:39 244 --ah----- C:\sqmnoopt10.sqm
2008-07-04 18:47 . 2008-07-04 18:47 268 --ah----- C:\sqmdata09.sqm
2008-07-04 18:47 . 2008-07-04 18:47 244 --ah----- C:\sqmnoopt09.sqm
2008-07-04 01:28 . 2008-07-04 01:28 268 --ah----- C:\sqmdata08.sqm
2008-07-04 01:28 . 2008-07-04 01:28 244 --ah----- C:\sqmnoopt08.sqm
2008-07-03 00:08 . 2008-07-03 00:08 268 --ah----- C:\sqmdata07.sqm
2008-07-03 00:08 . 2008-07-03 00:08 244 --ah----- C:\sqmnoopt07.sqm
2008-07-02 02:37 . 2008-07-02 02:37 268 --ah----- C:\sqmdata06.sqm
2008-07-02 02:37 . 2008-07-02 02:37 244 --ah----- C:\sqmnoopt06.sqm
2008-07-01 00:22 . 2008-07-01 00:22 268 --ah----- C:\sqmdata05.sqm
2008-07-01 00:22 . 2008-07-01 00:22 244 --ah----- C:\sqmnoopt05.sqm
2008-06-29 10:10 . 2008-06-29 10:10 268 --ah----- C:\sqmdata04.sqm
2008-06-29 10:10 . 2008-06-29 10:10 244 --ah----- C:\sqmnoopt04.sqm
2008-06-29 01:34 . 2008-06-29 01:34 268 --ah----- C:\sqmdata03.sqm
2008-06-29 01:34 . 2008-06-29 01:34 244 --ah----- C:\sqmnoopt03.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-23 18:23 --------- d-----w C:\Program Files\Monarch The Butterfly King
2008-07-22 19:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\e-Safekey
2008-07-21 22:41 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-07-19 21:41 --------- d-----w C:\Program Files\DivX
2008-07-19 08:09 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-07-18 20:09 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM
2008-07-18 10:25 --------- d-----w C:\Program Files\MagicISO
2008-07-15 00:51 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-15 00:51 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-07-05 10:34 --------- d-----w C:\Program Files\Trillian Pro
2008-06-18 17:52 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 00:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-06-11 00:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-06-11 00:04 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-06-11 00:04 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-31 16:59 --------- d-----w C:\Program Files\QuickTime Alternative
2008-05-31 16:40 --------- d-----w C:\Program Files\AVG
2008-05-31 16:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-05-29 06:00 --------- d-----w C:\Program Files\uTorrent
2008-05-25 21:00 --------- d-----w C:\Program Files\FeedReader30
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-10 21:49 0 ----a-w C:\Program Files\temp01
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-19 18:52 19,552 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2007-11-22 18:22 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-07 18:46 13,624 ----a-w C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
2008-02-07 18:46 87,360 ----a-w C:\Program Files\mozilla firefox\plugins\CgpCore.dll
2008-02-07 18:46 91,448 ----a-w C:\Program Files\mozilla firefox\plugins\confmgr.dll
2008-02-07 18:46 21,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
2008-02-07 18:46 206,136 ----a-w C:\Program Files\mozilla firefox\plugins\ctxmui.dll
2008-02-07 18:46 31,544 ----a-w C:\Program Files\mozilla firefox\plugins\icafile.dll
2008-02-07 18:46 40,248 ----a-w C:\Program Files\mozilla firefox\plugins\icalogon.dll
2007-03-16 14:27 479,232 ----a-w C:\Program Files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 14:27 548,864 ----a-w C:\Program Files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 14:27 626,688 ----a-w C:\Program Files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 09:47 981,170 ----a-w C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-07 18:46 24,384 ----a-w C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
.
------- Sigcheck -------
2002-12-31 15:00 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe
2002-12-31 15:00 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2007-03-08 18:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\system32\user32.dll
2007-03-08 18:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\system32\dllcache\user32.dll
2002-12-31 15:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll
2002-12-31 15:00 502784 b66dbc40d428fe1293041d621d836ac8 C:\WINDOWS\system32\winlogon.exe
2002-12-31 15:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2002-12-31 15:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
2002-12-31 15:00 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 12:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 12:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 12:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2002-12-31 15:00 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 12:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 12:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 12:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-06-13 14:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\explorer.exe
2002-12-31 15:00 1032192 98d45efddd1a67f90353be8d28ed72db C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 14:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\system32\dllcache\explorer.exe
2002-12-31 15:00 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\system32\services.exe
2002-12-31 15:00 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\lsass.exe
2002-12-31 15:00 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\ctfmon.exe
2005-06-11 03:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2002-12-31 15:00 57856 7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2005-06-11 02:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\spoolsv.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 15:00 15360]
"XarkaToday"="C:\Program Files\Today Calendar\Today.exe" [2008-01-04 13:25 3385824]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-10-08 08:31 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-10-08 08:27 126976]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2006-03-31 17:03 86106]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 17:01 761946]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-11-08 11:28 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-11-08 11:22 696320]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 14:24 290816]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-05-25 10:33 1253376]
"V0470Mon.exe"="C:\WINDOWS\V0470Mon.exe" [2007-04-11 20:00 32768]
"3442d452"="C:\WINDOWS\system32\muuycnel.dll" [2008-07-23 21:18 94848]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PremierOpinion]
2008-04-08 21:14 368640 C:\WINDOWS\system32\pmls.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Program Neighborhood Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Program Neighborhood Agent.lnk
backup=C:\WINDOWS\pss\Program Neighborhood Agent.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Live! Cam Manager]
--------- 2007-05-02 10:30 151552 C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 18:22 21898024 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-04-01 18:35 3587120 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBusterPro]
--a------ 2008-01-02 16:56 8820024 C:\Program Files\VoipBusterPro.com\VoipBusterPro\VoipBusterPro.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Trillian Pro\\trillian.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\VoipBusterPro.com\\VoipBusterPro\\VoipBusterPro.exe"=
"C:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"46763:TCP"= 46763:TCP:a
"46763:UDP"= 46763:UDP:v
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-15 03:51]
R1 cdfdrv;Cdfdrv;C:\WINDOWS\system32\DRIVERS\cdfdrv.sys [2007-05-24 15:40]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-15 03:51]
R2 ctxpidmn;ctxpidmn;C:\WINDOWS\system32\DRIVERS\ctxpidmn.sys [2007-07-05 15:45]
R2 CtxSbx;CtxSbx;C:\WINDOWS\system32\DRIVERS\CtxSbx.sys [2007-07-05 16:50]
R2 RadeSvc;Citrix Streaming Service;C:\Program Files\Citrix\Streaming Client\RadeSvc.exe [2007-07-05 15:56]
S3 UnlockerDriver4;UnlockerDriver4 Driver;C:\WINDOWS\system32\UnlockerDriver4.sys [2005-04-24 06:08]
S3 VF0470Vid;Live! Cam Notebook (VF0470);C:\WINDOWS\system32\DRIVERS\V0470Vid.sys [2007-04-20 20:00]
.
Contents of the 'Scheduled Tasks' folder
"2008-07-18 15:04:36 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-Run-PremierOpinion - c:\windows\system32\pmropn.exe
HKLM-Run-AVG7_CC - C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
HKLM-Run-QuickTime Task - C:\Program Files\QuickTime Alternative\qttask.exe
Notify-WgaLogon - (no file)
MSConfigStartUp-feedreader - C:\Program Files\FeedReader30\feedreader.exe
MSConfigStartUp-QuickTime Task - C:\Program Files\QuickTime Alternative\qttask.exe
MSConfigStartUp-SweetIM - C:\Program Files\SweetIM\Messenger\SweetIM.exe

.
------- Supplementary Scan -------
.
O8 -: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNfox000
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
O16 -: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://ebanking.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
C:\WINDOWS\Downloaded Program Files\e-Safekey.inf
C:\WINDOWS\Downloaded Program Files\e-Safekey.dll

**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-25 00:47:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\muuycnel.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2008-07-25 0:52:40 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2008-07-24 21:52:35
Pre-Run: 6,187,847,680 bytes free
Post-Run: 7,416,025,088 bytes free
270 --- E O F --- 2008-07-17 17:06:29

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,963 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:30 PM

Posted 07 August 2008 - 11:48 PM

Hello eleftheria,

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Upon completing the steps below, a staff member will review and take the steps necessary with you to get your machine back in working order, clean and free of malware.

Thanks and again sorry for the delay.

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.


If you already preformed the steps above, we still need to see the current state of the machine. A fresh scan and logs are still necessary

Click on Start then Run
Copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
Click on Check All
Click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt



Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 eleftheria

eleftheria
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 19 August 2008 - 03:09 PM

Hello and thank you for your answer,

Unfortunately I haven t done an improvement with my pc. I have try to download the program that you have suggested me but in one on of the pages is written
"Deckard's System Scanner interacts with a specific rootkit (tdssserv) in a way that may make your system unusable (altering the svchost netsvcs registry entry). This download link has been removed until a fix is released by Deckard. For your own protection, please do not attempt to download this tool from other sites."
the other one is not found. Do you have to suggest me sth else?
Furthermore, I have two new problems, I don t know if are relevant. When I start my pc an error window appears with that message "error loading c:\windows\system32\muuycnel.dll". The second problem is that all the time I have notifications for Local area connection cable is unplugged and recently my connection is restored just if I will restart my pc. Please help me as soon as possible because I have started thinking to format my pc. I really want to avoid this.

#4 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:30 PM

Posted 13 September 2008 - 08:44 AM

Hello eleftheria :thumbsup: Welcome to the BC HijackThis Log and Analysis forum. I apologize for the extended delay. However if you still need help I will be glad to assist you.

I ask that you refrain from running tools other than those we will ask you to while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.


Please perform the following:



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.



  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)





When completed please both both logs fromRSIT as well as the one from Kaspersky.





Thanks,



thewall
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#5 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:30 PM

Posted 17 September 2008 - 08:41 AM

Hi eleftheria :thumbsup:


Haven't heard from you. Do you still require assistance with your log?
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#6 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:30 AM

Posted 19 September 2008 - 10:55 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users