3 replies to this topic

[B-boy/StyLe/]

ComboFix-quarantined-files.txt

Quote

2009-12-07 01:52:18 . 2009-12-07 01:52:18 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
2009-12-07 01:27:03 . 2009-12-07 01:27:03 2,464 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}.reg.dat
2009-12-07 01:27:03 . 2009-12-07 01:27:03 1,550 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-NVIDIA Drivers.reg.dat
2009-12-07 01:26:57 . 2009-12-07 01:26:57 146 ----a-w- C:\Qoobox\Quarantine\Registry_backups\ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}.reg.dat
2009-12-07 01:23:35 . 2009-12-07 01:23:35 774 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_kungsfoyltoiyy.reg.dat
2009-12-07 01:23:29 . 2009-12-07 02:30:09 8,274 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-12-07 01:21:57 . 2009-12-07 01:23:36 2,226 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_kungsfoyltoiyy.reg.dat
2009-12-07 01:21:11 . 2009-12-07 02:27:51 153 ----a-w- C:\Qoobox\Quarantine\catchme.log
2009-11-10 01:06:48 . 2006-08-15 07:24:52 6,234,624 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\logonui .exe.vir
2009-10-18 22:08:17 . 2009-10-18 22:20:57 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\WIN.INI.vir
2009-05-24 18:34:20 . 2009-05-24 20:44:00 18,032 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\kungsfkjymoygv.dat.vir
2007-05-23 15:11:16 . 2007-05-23 15:11:16 169,984 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\msconfig.exe.vir
2007-05-23 15:10:23 . 2009-03-21 14:06:58 1,286,144 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\avexexp.dll.vir
2007-05-23 15:10:23 . 2009-03-21 14:06:58 1,056,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\resosms.dll.vir
2007-01-16 14:07:52 . 2007-01-16 14:07:52 23,040 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\kb913800.exe.vir

Not hit by MBAM:

Quote

Malwarebytes' Anti-Malware 1.42
Database version: 3307
Windows 6.1.7127
Internet Explorer 8.0.7127.0

7.12.2009 г. 05:37:35
mbam-log-2009-12-07 (05-37-35).txt

Scan type: Quick Scan
Objects scanned: 86154
Time elapsed: 1 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

resosms.dll

http://virscan.org/report/7a5cce5bd9c5e199...0f8e4e161b.html

avexexp.dll

http://virscan.org/report/4f7e88199e1720f5...32a57aa029.html

Gmer log for avexexp.dll

Quote

---- Processes - GMER 1.0.15 ----

Library C:\WINDOWS\system32\avexexp.dll (*** hidden *** ) @ C:\Program Files\SAGEM\OTEnet-SAGEM Fast 800\dslmon.exe [452] 0x00E70000
Library C:\WINDOWS\system32\avexexp.dll (*** hidden *** ) @ C:\Program Files\Mozilla Firefox\firefox.exe [532] 0x01310000
Library C:\WINDOWS\system32\resosms.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1072] 0x3E000000
Library C:\WINDOWS\system32\avexexp.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1072] 0x10000000
Library C:\WINDOWS\system32\avexexp.dll (*** hidden *** ) @ C:\Program Files\Analog Devices\Core\smax4pnp.exe [1380] 0x012F0000
Library C:\WINDOWS\system32\avexexp.dll (*** hidden *** ) @ C:\WINDOWS\system32\RUNDLL32.EXE [1396] 0x00DB0000
Library C:\WINDOWS\system32\avexexp.dll (*** hidden *** ) @ C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [1400] 0x10000000
Library C:\WINDOWS\system32\avexexp.dll (*** hidden *** ) @ C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [1460] 0x011B0000
Library C:\WINDOWS\system32\avexexp.dll (*** hidden *** ) @ C:\WINDOWS\system32\ctfmon.exe [1480] 0x10000000
Library C:\WINDOWS\system32\avexexp.dll (*** hidden *** ) @ C:\Program Files\DAEMON Tools Lite\DTLite.exe [1616] 0x01370000
Library C:\WINDOWS\system32\avexexp.dll (*** hidden *** ) @ C:\Documents and Settings\john\Desktop\v3ectn23.exe [3348] 0x10000000

Btw, can't find => datodras.dll in the folder.

The full topic is here =>
http://forum.avira.com/wbb/index.php?page=...17&pageNo=1

Regards,
G.

Attached Files

•  Qoobox.rar   1.84MB   32 downloads

[Jaxryley]

And a very nice bit of work in getting that computer cleaned up over there B-boy!

[B-boy/StyLe/]

Jaxryley, on Dec 7 2009, 04:39 AM, said:

And a very nice bit of work in getting that computer cleaned up over there B-boy!

Thank you my friend.
I really appreciate it !

Btw, i'll attach the full Gmer log.

Regards,
G.

Attached Files

•  Gmer.txt   225.89K   3 downloads

[Fatdcuk]

Many thanks B-boy/StyLe/,

I will take a look at the files shortly