Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT Log


  • This topic is locked This topic is locked
52 replies to this topic

#1 Kernly

Kernly

  • Banned
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 14 October 2009 - 08:40 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:36:38, on 14-10-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programas\ficheiros comuns\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Programas\Mozilla Firefox\firefox.exe
C:\Programas\Trend Micro\Internet Security\SfCtlCom.exe
C:\Programas\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Programas\Trend Micro\Internet Security\TmProxy.exe
C:\Programas\Trend Micro\BM\TMBMSRV.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe
C:\Programas\Windows Live\Messenger\msnmsgr.exe
C:\Programas\Windows Live\Contacts\wlcomm.exe
C:\Programas\Windows Media Player\wmplayer.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Programas\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [calc] rundll32.exe C:\WINDOWS\system32\calc.dll,_IWMPEvents@0
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programas\TuneUp Utilities 2009\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [calc] rundll32.exe C:\DOCUME~1\NETWOR~1\ntuser.dll,_IWMPEvents@0
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHEI~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [calc] rundll32.exe C:\DOCUME~1\LOCALS~1\ntuser.dll,_IWMPEvents@0 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHEI~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programas\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programas\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programas\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {428088E0-96DB-4960-99D5-3C809C5A7D74} - http://www.wcgzone.com/WCGZone/GamOnUpdate.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1253291462062
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1253291449703
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {8EEB54D5-CC70-40E4-B015-AC478C02ECC8} (SLViewer Control) - http://playple.com/liveviewer/cab/SLViewer.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{61003D0B-BC76-48B2-8158-1A7A3979B90D}: NameServer = 212.113.164.59,212.113.164.58
O17 - HKLM\System\CS1\Services\Tcpip\..\{61003D0B-BC76-48B2-8158-1A7A3979B90D}: NameServer = 212.113.164.59,212.113.164.58
O17 - HKLM\System\CS2\Services\Tcpip\..\{61003D0B-BC76-48B2-8158-1A7A3979B90D}: NameServer = 212.113.164.59,212.113.164.58
O17 - HKLM\System\CS3\Services\Tcpip\..\{61003D0B-BC76-48B2-8158-1A7A3979B90D}: NameServer = 212.113.164.59,212.113.164.58
O17 - HKLM\System\CS4\Services\Tcpip\..\{61003D0B-BC76-48B2-8158-1A7A3979B90D}: NameServer = 212.113.164.59,212.113.164.58
O17 - HKLM\System\CS5\Services\Tcpip\..\{61003D0B-BC76-48B2-8158-1A7A3979B90D}: NameServer = 212.113.164.59,212.113.164.58
O17 - HKLM\System\CS6\Services\Tcpip\..\{61003D0B-BC76-48B2-8158-1A7A3979B90D}: NameServer = 212.113.164.59,212.113.164.58
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: dns cache reader (DNSCacheReader) - Unknown owner - C:\WINDOWS\system32\j7261938.exe (file missing)
O23 - Service: Serviço Google Update (gupdate1c9b4829a8ccffc) (gupdate1c9b4829a8ccffc) - Google Inc. - C:\Programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Programas\iPod\bin\iPodService.exe (file missing)
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programas\ficheiros comuns\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programas\Ficheiros comuns\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Programas\Ficheiros comuns\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programas\WinPcap\rpcapd.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Programas\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Programas\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Programas\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Print Spooler Service (yiioawqmnesryue) - Unknown owner - C:\WINDOWS\system32\jrxm.exe (file missing)

--
End of file - 12031 bytes


My computer is rather slow and at startup, some problems appear, also when browsing the internet when clicking to get to other page links, it redirects me to the feedyard.com.
Also have a nasty file that refuses to get deleted at my TEMP folder.

Edited by Kernly, 14 October 2009 - 08:43 AM.


BC AdBot (Login to Remove)

 


#2 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:10:14 PM

Posted 14 October 2009 - 08:44 AM

Greetings kernly and welcome to the forums,

Read This, do what it says, then post back the requested logs. Thanks!

Edited by 1972vet, 14 October 2009 - 08:54 AM.

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#3 Kernly

Kernly
  • Topic Starter

  • Banned
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 14 October 2009 - 09:12 AM

My computer is in general really slow, and ive tried everything:
-Trend house micro call scan = nothing
- Malware bytes = removes almost everything except one file : nsrbgxod.bak and refuses to remove it, also cant rename it or quarantine it manually.
-disc defragmentation, cleaning registry errors, cleaning cache, cleaning all types of files and etc etc.

information:
- On startup the computer is really slow, and it comes with some windows saying some files dont exist or something, cant name them now can name them later if needed.
- While browsing the internet, when clicking on any hyperlink sometimes yes sometimes not i get redirected to thefeedyard.com, also sometimes some publicity appears, or it says my computer is infected and start doing a fake scan.

Both DDS logs attached
Root Repeal log attached

Attached Files



#4 Kernly

Kernly
  • Topic Starter

  • Banned
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 14 October 2009 - 09:13 AM

http://www.bleepingcomputer.com/forums/topic264307.html

done.

#5 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:10:14 PM

Posted 14 October 2009 - 09:20 AM

May I see the logs please?

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#6 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:10:14 PM

Posted 14 October 2009 - 09:22 AM

Oh I see now what you did...instead of posting the requested logs here, you created yet another thread. I'll be right back after I merge the two threads.

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#7 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:10:14 PM

Posted 14 October 2009 - 09:42 AM

Please uninstall these:
Adobe Reader 8.1.1<--out of date and exploited. Download the latest version Here
BitTorrent
<--file sharing software...read This
Java™ 6 Update 2
<--These next two are also out dated and exploited...we will install the latest version when you are cleaned up
Java™ SE Runtime Environment 6 Update 1

On your next reply, please explain why you ran combofix. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#8 Kernly

Kernly
  • Topic Starter

  • Banned
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 14 October 2009 - 10:12 AM

uninstalled everything you said.

I created a new topic because it said in the steps and you told me to follow them. im sry.

So i ran combofix in my attempt to see if i could resolve anything on my own. read it somewhere else

#9 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:10:14 PM

Posted 14 October 2009 - 10:43 AM

I created a new topic because it said in the steps and you told me to follow them. im sry.

So i ran combofix in my attempt to see if i could resolve anything on my own. read it somewhere else

I assumed that it would be clear enough and easily understood, that the thread I pointed to contained instructions for you to follow BEFORE you post your log...and, since you already posted your log without having done any reading first, you would have understood what it was you needed to do in the thread that you already created.

I apologize for that assumption. Let's hope however, that if you were to visit some resort where a sign may be posted which reads "Swim at your own risk when Lifeguard not on duty", that you either read the sign, or risk drowning alone if indeed you cannot swim.

Having downloaded and run combofix on your own from having read "somewhere" about it also implies that you didn't read the instructions on the combofix download page. The second paragraph there, indicated in glaring bold text warns against doing the very thing you did. I also apologize in advance if any of the above sounds like a rant, but it is absolutely critical for any novice user to only use combofix if instructed by some trained assistant. I hope you understand the importance of following instructions.

Creating a new thread just got us off the track for a bit...so far, no harm.

Please post back the log that was generated when you ran combofix. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#10 Kernly

Kernly
  • Topic Starter

  • Banned
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 14 October 2009 - 10:59 AM

Well, I'm sorry for the inconvenience. Thought it was like running HJT.
Anyway I regreted in the middle of using it, and closed it, also Im pretty sure I didnt save any log.
Should I run it again?

edit: ye i remember, i scanned and it found nothing.

Edited by Kernly, 14 October 2009 - 11:04 AM.


#11 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:10:14 PM

Posted 14 October 2009 - 05:03 PM

Copy and paste the following text in Bold into a blank Notepad:

@echo off
dir C:\ >> look.txt
notepad look.txt
exit

Save this as showme.bat. Change the "save as type" to all files and save it to your Desktop.
Next, please double-click the showme.bat.

Please copy and paste the contents of look.txt in your reply.
Thanks,

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#12 Kernly

Kernly
  • Topic Starter

  • Banned
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 14 October 2009 - 05:06 PM

Hey again

O volume na unidade C não tem nome
O número de série do volume é B047-1F65

Directório de C:\

19-09-2009 03:21 <DIR> 17d5b4eae15020a60d49c942eca5905f
02-08-2009 22:17 <DIR> Arquivos de Programa
18-05-2008 22:39 <DIR> ASTROLOG
14-10-2009 12:33 <DIR> Avenger
14-10-2009 12:33 1.906 avenger.txt
03-10-2009 20:29 <DIR> BlueByte
11-10-2009 19:33 <DIR> Bridge Base Online
18-09-2009 02:28 568 caca
14-08-2009 01:29 <DIR> CFLog
28-08-2007 01:50 <DIR> chess
18-05-2008 22:39 <DIR> Conf
02-10-2009 09:49 <DIR> DEADLOCK
15-08-2008 19:25 <DIR> Documents and Settings
27-02-2008 09:56 <DIR> Downloads
26-06-2009 00:44 <DIR> GameRival
11-06-2008 19:39 <DIR> GamOn
31-05-2009 02:00 <DIR> gems
30-08-2007 04:00 <DIR> HOCUS
30-04-2007 16:42 <DIR> IDE
19-07-2009 18:00 11.710 LIST.5
27-06-2008 22:40 <DIR> Margarida
18-09-2007 09:09 <DIR> mp3
18-02-2009 12:36 <DIR> Mp3 Output
06-10-2009 12:11 <DIR> MPS
15-08-2008 21:35 <DIR> My Download Files
15-08-2008 21:35 <DIR> My Games
07-10-2009 13:46 <DIR> My Music
18-09-2009 14:51 1.628 ndnj.txt
17-08-2009 00:41 <DIR> NVIDIA
23-10-2008 12:47 13.030 PDOXUSRS.NET
21-10-2008 22:10 <DIR> PegW80
17-09-2009 22:56 <DIR> PegW81
14-08-2009 01:27 <DIR> Program Files
14-10-2009 16:13 <DIR> Programas
14-10-2009 13:48 <DIR> Qoobox
28-08-2007 21:11 <DIR> rollerball
14-10-2009 15:11 91.656 RootRepeal report 10-14-09 (15-11-28).txt
11-10-2009 12:59 <DIR> serfcity
17-08-2008 17:42 <DIR> SOCCER
17-09-2009 17:10 <DIR> spoolerlogs
18-09-2009 15:41 <DIR> TrendMicro_Downloader
18-09-2009 15:40 1.997.856 TrendMicro_Downloader.exe
07-10-2009 19:43 <DIR> UFO
06-05-2009 02:00 <DIR> videooutput
23-07-2009 19:04 <DIR> WARCRAFT
14-10-2009 13:48 <DIR> WINDOWS
21-10-2008 22:18 150 YServer.txt
8 ficheiro(s) 2.118.504 bytes
39 Dir(s) 173.928.636.416 bytes livres

#13 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:10:14 PM

Posted 14 October 2009 - 05:36 PM

Thanks! Now, navigate to this folder and open it:
c:qoobox
...look for the file labeled ComboFix-quarantined-files.txt. Post back the content of that log file. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#14 Kernly

Kernly
  • Topic Starter

  • Banned
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 14 October 2009 - 06:03 PM

There I only have folders:
BackEnv
LastRun
Quarantine
Test
TestC

and on quarentine there is no such file

#15 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:10:14 PM

Posted 14 October 2009 - 08:40 PM

OK, since the contents of the log produced from running the .bat file indicates that you just downloaded combofix today, at least we know you have an up to date version. Make certain you thoroughly read through These Usage Instructions, then Run it again by double-clicking on it. Post back the log it produces. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users