Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Opnnnoli.dll awttqooo.dll


  • This topic is locked This topic is locked
2 replies to this topic

#1 Makavedie

Makavedie

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 24 October 2008 - 03:50 PM

ComboFix 08-10-24.02 - Eddie 2008-10-24 13:19:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1312 [GMT -7:00]
Running from: C:\Documents and Settings\Eddie\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\epxa.exe
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\awttqooo.dll
C:\WINDOWS\system32\grgbpvqv.dll
C:\WINDOWS\system32\iugigc.dll
C:\WINDOWS\system32\jnsrhlru.ini
C:\WINDOWS\system32\jSDNUvut.ini
C:\WINDOWS\system32\jSDNUvut.ini2
C:\WINDOWS\system32\klhkyfwt.ini
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oooqttwa.ini
C:\WINDOWS\system32\oooqttwa.ini2
C:\WINDOWS\system32\opnnnolI.dll
C:\WINDOWS\system32\rqRIxxuv.dll
C:\WINDOWS\system32\tuvUNDSj.dll
C:\WINDOWS\system32\twfykhlk.dll
C:\WINDOWS\system32\urlhrsnj.dll
C:\WINDOWS\system32\vafjwa.dll
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://megauplinkbindinstaller.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_TDSSserv.sys)


((((((((((((((((((((((((( Files Created from 2008-09-24 to 2008-10-24 )))))))))))))))))))))))))))))))
.

2008-10-24 11:24 . 2008-10-24 13:03 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-10-24 11:24 . 2008-10-24 13:03 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-10-24 11:09 . 2008-10-24 11:09 <DIR> d-------- C:\Documents and Settings\asdfw\Application Data\Apple Computer
2008-10-24 11:08 . 2008-10-24 11:08 <DIR> d-------- C:\Documents and Settings\asdfw\Application Data\WinPatrol
2008-10-24 11:08 . 2008-10-24 11:47 <DIR> d-------- C:\Documents and Settings\asdfw
2008-10-24 08:57 . 2008-10-24 08:57 2,142 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-24 08:56 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-10-24 08:56 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-10-24 08:56 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-10-24 08:56 . 2008-10-01 15:51 87,552 --a------ C:\WINDOWS\system32\VACFix.exe
2008-10-24 08:56 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-10-24 08:56 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-10-24 08:56 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-10-24 08:55 . 2008-10-24 08:55 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-24 08:42 . 2008-10-24 08:42 <DIR> d-------- C:\Program Files\AVG
2008-10-24 08:42 . 2008-10-24 11:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-23 22:22 . 2008-10-23 22:22 <DIR> d-------- C:\Program Files\Lavasoft
2008-10-23 22:22 . 2008-10-23 22:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-23 22:19 . 2008-10-23 22:19 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-23 21:16 . 2008-10-23 21:16 <DIR> d--h----- C:\WINDOWS\PIF
2008-10-23 20:20 . 2008-10-24 11:37 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-10-23 20:19 . 2008-10-24 13:03 <DIR> d-------- C:\Program Files\Symantec
2008-10-23 20:19 . 2008-10-24 13:03 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-10-23 20:19 . 2008-10-24 13:03 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-10-23 20:04 . 2008-10-23 20:04 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\HPAppData
2008-10-23 20:03 . 2008-10-23 14:35 217,088 --a------ C:\WINDOWS\bkqxdons.dll
2008-10-23 20:03 . 2008-10-23 20:03 2,760 --a------ C:\WINDOWS\system32\TDSSixgp.dll
2008-10-23 20:03 . 2008-10-23 20:03 164 --a------ C:\WINDOWS\system32\TDSSmtpe.dat
2008-10-23 19:21 . 2008-10-23 19:21 <DIR> d-------- C:\Documents and Settings\Eddie\WINDOWS
2008-10-14 18:00 . 2008-09-08 03:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-14 17:59 . 2008-08-14 03:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-14 17:59 . 2008-08-14 03:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-14 17:59 . 2008-08-14 02:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-14 17:59 . 2008-08-14 02:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-14 17:59 . 2008-09-15 05:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-13 09:51 . 2008-10-24 08:42 <DIR> d-------- C:\Documents and Settings\sfwe
2008-10-07 15:35 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-10-03 14:34 . 2008-10-03 14:34 625,032 --a------ C:\WINDOWS\system32\SymNeti.dll
2008-10-03 14:34 . 2008-10-03 14:34 242,056 --a------ C:\WINDOWS\system32\SymRedir.dll
2008-10-03 14:14 . 2008-10-03 14:14 187,952 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2008-10-03 14:14 . 2008-10-03 14:14 146,096 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2008-10-03 14:14 . 2008-10-03 14:14 39,984 --a------ C:\WINDOWS\system32\drivers\symids.sys
2008-10-03 14:14 . 2008-10-03 14:14 37,936 --a------ C:\WINDOWS\system32\drivers\symndisv.sys
2008-10-03 14:14 . 2008-10-03 14:14 35,120 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2008-10-03 14:14 . 2008-10-03 14:14 27,696 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2008-10-03 14:14 . 2008-10-03 14:14 12,848 --a------ C:\WINDOWS\system32\drivers\symdns.sys
2008-10-03 14:14 . 2008-10-03 14:14 10,804 --a------ C:\WINDOWS\system32\drivers\SymRedir.cat
2008-10-03 14:14 . 2008-10-03 14:14 1,358 --a------ C:\WINDOWS\system32\drivers\SymRedir.inf
2008-10-03 10:42 . 2008-10-24 08:42 <DIR> d-------- C:\Documents and Settings\asdf.MAKAVELI
2008-09-29 20:24 . 2008-05-16 06:10 25,272 --a------ C:\WINDOWS\system32\drivers\purendis.sys
2008-09-29 20:24 . 2008-05-16 06:10 23,992 --a------ C:\WINDOWS\system32\drivers\pnarp.sys
2008-09-24 17:54 . 2008-09-24 17:54 0 --ah----- C:\WINDOWS\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-24 20:16 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-24 20:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-23 15:06 --------- d-----w C:\Documents and Settings\Eddie\Application Data\LimeWire
2008-10-23 10:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-23 00:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-22 00:03 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-09-30 03:24 --------- d-----w C:\Program Files\Common Files\Pure Networks Shared
2008-09-25 02:16 --------- d-----w C:\Program Files\LimeWire
2008-09-23 00:03 --------- d-----w C:\Documents and Settings\Eddie\Application Data\Apple Computer
2008-09-19 00:39 --------- d-----w C:\Program Files\Zune
2008-09-18 05:28 --------- d-----w C:\Program Files\DIFX
2008-09-18 05:28 --------- d-----w C:\Program Files\Common Files\ComponentOne
2008-09-18 05:07 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-09-18 05:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-17 03:03 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
2008-09-17 03:03 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2008-09-17 03:02 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_user_01_07_00.Wdf
2008-09-17 00:13 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-16 03:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Innova Electronics Corp
2008-09-13 01:32 40,832 ----a-w C:\WINDOWS\system32\drivers\zumbus.sys
2008-09-10 04:07 --------- d-----w C:\Documents and Settings\Eddie\Application Data\Ahead
2008-09-10 03:49 --------- d-----w C:\Program Files\Common Files\Ahead
2008-09-10 03:38 --------- d-----w C:\Program Files\Nero
2008-09-10 03:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-09-09 05:03 --------- d-----w C:\Program Files\Common Files\iPIX
2008-09-09 05:02 47,616 ----a-w C:\WINDOWS\system32\drivers\Haspnt.sys
2008-09-09 05:02 --------- d-----w C:\Program Files\iPIX
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-06 20:12 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\DivX
2008-09-05 01:39 23,712 ----a-w C:\Documents and Settings\Eddie\Application Data\GDIPFONTCACHEV1.DAT
2008-09-04 00:49 --------- d-----w C:\Documents and Settings\Eddie\Application Data\DivX
2008-09-04 00:48 --------- d-----w C:\Program Files\DivX
2008-08-30 00:29 --------- d-----w C:\Program Files\BillP Studios
2008-08-30 00:29 --------- d-----w C:\Documents and Settings\Eddie\Application Data\WinPatrol
2008-08-29 03:33 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-08-29 03:33 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motport_01005.Wdf
2008-08-29 03:33 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-08-29 03:33 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2008-08-29 03:33 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2008-08-29 03:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-08-29 00:56 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-08-29 00:55 --------- d-----w C:\Program Files\Common Files\Motorola Shared
2008-08-29 00:50 --------- d-----w C:\Program Files\Avanquest update
2008-08-29 00:50 --------- d-----w C:\Documents and Settings\Eddie\Application Data\InstallShield
2008-08-28 02:02 92,064 ----a-w C:\Documents and Settings\Eddie\mqdmmdm.sys
2008-08-28 02:02 9,232 ----a-w C:\Documents and Settings\Eddie\mqdmmdfl.sys
2008-08-28 02:02 79,328 ----a-w C:\Documents and Settings\Eddie\mqdmserd.sys
2008-08-28 02:02 66,656 ----a-w C:\Documents and Settings\Eddie\mqdmbus.sys
2008-08-28 02:02 6,208 ----a-w C:\Documents and Settings\Eddie\mqdmcmnt.sys
2008-08-28 02:02 5,936 ----a-w C:\Documents and Settings\Eddie\mqdmwhnt.sys
2008-08-28 02:02 4,048 ----a-w C:\Documents and Settings\Eddie\mqdmcr.sys
2008-08-28 02:02 25,600 ----a-w C:\Documents and Settings\Eddie\usbsermptxp.sys
2008-08-28 02:02 22,768 ----a-w C:\Documents and Settings\Eddie\usbsermpt.sys
2005-07-12 00:52 32,768 ----a-w C:\Program Files\mozilla firefox\plugins\AppSub32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WallpaperChanger"="C:\Program Files\Wallpaper Master\Wallpaper.exe" [2005-11-08 321536]
"WinReminders 2005"="C:\Program Files\HES\WinReminders\WinReminders.exe" [2007-11-09 212992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-31 7561216]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-31 86016]
"AcronisTimounterMonitor"="C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-04-19 1945688]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-19 149024]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2006-10-01 255552]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-02 84640]
"nwiz"="nwiz.exe" [2006-03-31 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\Eddie\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-07-22 3450608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=iugigc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\ABC\\abc.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R1 BS_I2cIo;BS_I2cIo;C:\WINDOWS\system32\drivers\BS_I2cIo.sys [2006-12-11 16768]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-09-12 40832]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-09-12 61856]
S3 BS_Flash;BS_Flash;C:\Program Files\Tseries BIOS Update\Award\BS_Flash.sys [2007-08-16 3604]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-02-27 17792]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
S3 motport;Motorola USB Diagnostic Port;C:\WINDOWS\system32\DRIVERS\motport.sys [2007-02-27 21504]
S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2005-08-16 18432]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-09-12 245664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Autorun.exe /run
\Shell\Shell00\Command - D:\Autorun.exe /run
\Shell\Shell01\Command - D:\Autorun.exe /action
\Shell\Shell02\Command - D:\Autorun.exe /uninstall
.
Contents of the 'Scheduled Tasks' folder

2008-10-24 C:\WINDOWS\Tasks\WinReminders Reminder Schedule for Eddie.job
- C:\Program Files\HES\WinReminders\WinReminders.exe [2007-11-09 15:58]
.
- - - - ORPHANS REMOVED - - - -

BHO-{BA50743B-6106-4445-96C6-401B307A2727} - C:\WINDOWS\system32\opnnnolI.dll
BHO-{E10C4608-0C74-4107-8F36-72BD7B49E265} - C:\WINDOWS\system32\awttqooo.dll
ShellExecuteHooks-{BA50743B-6106-4445-96C6-401B307A2727} - C:\WINDOWS\system32\opnnnolI.dll
SafeBoot-TDSSmxft.sys


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Eddie\Application Data\Mozilla\Firefox\Profiles\mig4128l.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.yahoo.com
FF -: plugin - C:\Program Files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NpIpx32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPipxLicenseRetriever.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-24 13:23:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Zune\ZuneNss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
.
**************************************************************************
.
Completion time: 2008-10-24 13:28:44 - machine was rebooted [Eddie]
ComboFix-quarantined-files.txt 2008-10-24 20:28:40

Pre-Run: 280,604,278,784 bytes free
Post-Run: 282,421,125,120 bytes free

262 --- E O F --- 2008-10-24 20:28:18

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:40 PM

Posted 25 October 2008 - 12:43 AM

Hi,

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
C:\WINDOWS\bkqxdons.dll
C:\WINDOWS\system32\TDSSixgp.dll
C:\WINDOWS\system32\TDSSmtpe.dat
Dirlook::
C:\Documents and Settings\sfwe
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:40 PM

Posted 05 November 2008 - 10:54 AM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users