Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Outerinfo [CLOSED]

Started by Elena Meyer , Apr 21 2008 03:14 PM

  • This topic is locked This topic is locked

#1
Elena Meyer
Posted 21 April 2008 - 03:14 PM

Elena Meyer

    New Member

  • Member
  • Pip
  • 1 posts
This is the result!!! thank you to Geeks to Go!!!!

ComboFix 08-04-20.5 - Ells 2008-04-22 1:14:54.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.207 [GMT 4.5:30]
Eseguito da: C:\Documents and Settings\Ells\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ells\Desktop\WinXP_EN_HOM_BF.EXE
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Ells\Dati applicazioni\WinTouch
C:\Documents and Settings\Ells\Dati applicazioni\WinTouch\wintouch.cfg
C:\Documents and Settings\Ells\Impostazioni locali\Temporary Internet Files\bestwiner.stt
C:\Documents and Settings\Ells\Impostazioni locali\Temporary Internet Files\CPV.stt
C:\Documents and Settings\LocalService\Dati applicazioni\NetMon
C:\Documents and Settings\LocalService\Dati applicazioni\NetMon\domains.txt
C:\Documents and Settings\LocalService\Dati applicazioni\NetMon\log.txt
C:\Programmi\CPV
C:\Programmi\CPV\CPV8.dll
C:\Programmi\JavaCore
C:\Programmi\Temporary
C:\WINDOWS\b155.exe
C:\WINDOWS\ystem~1
C:\WINDOWS\ystem~1\?ttrib.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NwSapAgent


((((((((((((((((((((((((( Files Creati Da 2008-03-21 al 2008-04-21 )))))))))))))))))))))))))))))))))))
.

2008-04-21 21:11 . 2008-04-21 21:11 <DIR> d-------- C:\Programmi\Alwil Software
2008-04-21 09:54 . 2008-04-22 00:03 <DIR> d-------- C:\Programmi\XoftSpySE
2008-04-21 08:53 . 2008-04-21 09:17 103,776 --a------ C:\Documents and Settings\Ells\System_Restore.exe
2008-04-21 08:52 . 2008-04-21 08:52 357,768 --a------ C:\Documents and Settings\Ells\SymXPep2.dll
2008-04-21 08:52 . 2008-04-21 08:53 251,216 --a------ C:\Documents and Settings\Ells\IView.exe
2008-04-21 08:50 . 2008-04-21 08:50 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-04-21 08:32 . 2008-04-21 08:32 <DIR> d-------- C:\Documents and Settings\Ells\Dati applicazioni\Uniblue
2008-04-21 08:26 . 2008-04-21 10:19 <DIR> d-------- C:\Programmi\Uniblue
2008-04-21 03:07 . 2008-04-21 03:07 <DIR> d-------- C:\Programmi\Windows Sidebar
2008-04-21 03:07 . 2008-04-21 04:57 <DIR> d-------- C:\Programmi\Norton AntiVirus
2008-04-21 03:06 . 2008-04-21 04:49 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-04-21 03:06 . 2008-04-21 04:49 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-04-21 03:06 . 2008-04-21 04:49 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-04-21 03:06 . 2008-04-21 04:49 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-04-21 03:05 . 2008-04-21 04:49 <DIR> d-------- C:\Programmi\Symantec
2008-04-21 03:05 . 2008-04-21 09:15 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Symantec
2008-04-21 02:55 . 2008-04-21 09:15 <DIR> d-------- C:\Programmi\File comuni\Symantec Shared
2008-04-21 02:52 . 2008-04-21 02:53 54,693,344 --a------ C:\Programmi\NAV2008_15.0_Build_58_OEM90_MS.exe
2008-04-21 00:46 . 2008-04-21 00:46 <DIR> d-------- C:\WINDOWS\qifw
2008-04-21 00:46 . 2008-04-21 05:35 <DIR> d-------- C:\Programmi\File comuni\qifw
2008-04-21 00:30 . 2008-04-21 00:33 <DIR> d-------- C:\Programmi\Inet_Get_2
2008-04-18 23:50 . 2008-04-18 23:50 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-10 04:45 . 2008-04-10 04:45 <DIR> d-------- C:\Programmi\Windows Media Connect 2
2008-04-10 04:43 . 2008-04-10 04:44 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-07 02:08 . 2008-04-07 02:08 <DIR> d-------- C:\Programmi\MumboJumbo
2008-04-07 02:08 . 2008-04-07 02:08 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\7Wonders2
2008-04-05 06:08 . 2008-04-22 01:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-05 06:08 . 2008-04-05 06:08 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-05 06:06 . 2008-04-05 06:07 <DIR> d-------- C:\Programmi\iTunes
2008-04-05 06:06 . 2008-04-05 06:06 <DIR> d-------- C:\Programmi\iPod
2008-04-05 06:02 . 2008-04-18 23:55 <DIR> d-------- C:\Programmi\QuickTime
2008-04-01 09:43 . 2008-04-10 04:43 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-01 03:32 . 2008-04-01 03:33 <DIR> d-------- C:\Documents and Settings\Ells\Dati applicazioni\Avant Browser
2008-04-01 03:23 . 2001-08-30 20:41 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-04-01 03:23 . 2001-08-30 20:41 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-04-01 03:23 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-04-01 03:23 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-03-30 03:21 . 2004-08-19 15:39 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-03-30 03:21 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-30 03:21 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-03-30 03:21 . 2001-08-30 23:07 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-22 18:38 . 2008-03-22 18:38 244 --ah----- C:\sqmnoopt00.sqm
2008-03-22 18:38 . 2008-03-22 18:38 232 --ah----- C:\sqmdata00.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-21 20:12 --------- d-----w C:\Documents and Settings\Ells\Dati applicazioni\Skype
2008-04-21 19:33 --------- d-----w C:\Documents and Settings\Ells\Dati applicazioni\skypePM
2008-04-19 02:17 --------- d-----w C:\Documents and Settings\Ells\Dati applicazioni\OpenOffice.org2
2008-04-18 20:41 --------- d-----w C:\Programmi\File comuni\Adobe
2008-04-18 19:24 --------- d-----w C:\Programmi\OpenOffice.org 2.3
2008-04-16 00:32 --------- d-----w C:\Documents and Settings\Ells\Dati applicazioni\Sonic
2008-04-13 15:48 --------- d-----w C:\Documents and Settings\Ells\Dati applicazioni\U3
2008-04-11 18:36 --------- d-----w C:\Documents and Settings\Ells\Dati applicazioni\AdobeUM
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-12 06:10 --------- d-----w C:\Programmi\Java
2008-03-12 04:02 --------- d-----w C:\Documents and Settings\Ells\Dati applicazioni\Move Networks
2008-03-12 04:01 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-03-12 03:49 --------- d-----w C:\Programmi\Windows Live
2008-03-12 03:48 --------- dcsh--w C:\Programmi\File comuni\WindowsLiveInstaller
2008-03-12 03:47 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-03-06 17:02 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-06 17:02 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-06 17:02 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-03-05 15:16 --------- d-----w C:\Programmi\EPSON
2008-03-05 15:16 --------- d-----w C:\Documents and Settings\Ells\Dati applicazioni\Leadertech
2008-03-01 15:00 --------- d-----w C:\Documents and Settings\Ells\Dati applicazioni\InterVideo
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-21 19:23 --------- d-----w C:\Programmi\Google
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-13 15:31 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2008-02-13 13:09 108,544 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-02-13 13:09 104,960 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-01-31 22:51 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
2008-01-29 07:32 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-04-21 04:51 116088 --a------ C:\PROGRA~1\FILECO~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:30 15360]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Aim6"="C:\Programmi\AIM6\aim6.exe" [2008-01-03 20:45 50528]
"Skype"="C:\Programmi\Skype\Phone\Skype.exe" [2008-02-06 22:07 21898024]
"ShutterflyStudio"="C:\Programmi\Shutterfly\Studio\BIN\SFlyStudio.exe" [2008-01-12 05:36 2500096]
"Yahoo! Pager"="C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" [2007-12-17 20:43 3810544]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-10 04:08 68856]
"\\NJSDESKTOP\EPSON Stylus Photo R380 Series (Copy 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.exe" [2006-05-29 14:30 139264]
"Automatico EPSON Stylus Photo R380 Series su NJSLAPTOP"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.exe" [2006-05-29 14:30 139264]
"qifw"="C:\PROGRA~1\FILECO~1\qifw\qifwm.exe" [ ]
"Uniblue RegistryBooster 2"="C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-19 16:30 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-19 16:30 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-19 16:30 455168]
"SoundMAXPnP"="C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 17:18 1388544]
"SoundMAX"="C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 11:57 860160]
"AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 15:50 88363 C:\WINDOWS\AGRSMMSG.exe]
"Apoint"="C:\Programmi\Apoint2K\Apoint.exe" [2004-11-24 00:22 163840]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-02 13:33 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 13:29 126976]
"Cpqset"="C:\Programmi\HPQ\Default Settings\cpqset.exe" [2004-09-07 19:58 213054]
"WatchDog"="C:\Programmi\InterVideo\DVD Check\DVDCheck.exe" [2004-12-08 22:14 184320]
"eabconfg.cpl"="C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe" [2004-11-01 13:41 290816]
"UpdateManager"="C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" [2003-08-19 04:31 110592]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"hpWirelessAssistant"="C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-12-08 13:06 790528]
"CamWizard"="C:\Programmi\File comuni\Logitech\QCDRV\BIN\CamWizrd.exe" [ ]
"LogitechCommunicationsManager"="C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 20:03 563984]
"LogitechQuickCamRibbon"="C:\Programmi\Logitech\QuickCam\Quickcam.exe" [2007-10-25 20:07 2178832]
"EPSON Stylus Photo R320 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.exe" [2004-04-26 03:00 98304]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]
"osCheck"="C:\Programmi\Norton AntiVirus\osCheck.exe" [2007-08-25 09:23 714608]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2004-11-29 23:25:44 569405]
DVD Check.lnk - C:\Programmi\InterVideo\DVD Check\DVDCheck.exe [2008-02-13 17:35:10 184320]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office\OSA9.EXE [1999-02-18 08:35:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Programmi\\File comuni\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\AIM6\\aim6.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 23:01]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 23:05]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Programmi\Viewpoint\Common\ViewpointService.exe" [2007-01-05 02:08]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05507305-fcc5-11dc-b257-000000000000}]
\Shell\AutoRun\command - E:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c654b23-da4e-11dc-b24a-0012f02bbe89}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
Contenuto della cartella 'Scheduled Tasks'
"2008-04-19 09:29:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-04-21 20:46:05 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
"2008-04-20 22:53:34 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Ells.job"
- C:\Programmi\Norton AntiVirus\Navw32.exei/TASK:
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 01:21:56
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Programmi\HPQ\Default Settings\cpqset.exe????????????0?5?3?6??????? ???B???????????????B????????

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 120

**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\\\NJSDESKTOP\\EPSON Stylus Photo R380 Series (Copy 1)"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIBOA.EXE /FU \"C:\\DOCUME~1\\Ells\\IMPOST~1\\Temp\\E_S7A.tmp\" /EF \"HKCU\""
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmi\Apoint2K\ApntEx.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\File comuni\AOL\Loader\aolload.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\HPQ\shared\hpqwmi.exe
C:\PROGRA~1\FILECO~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Programmi\File comuni\LogiShrd\LQCVFX\COCIManager.exe
C:\Programmi\Alwil Software\Avast4\Setup\avast.setup
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Ora fine scansione: 2008-04-22 1:33:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-21 21:03:26

9 Directory 51,212,664,832 byte disponibili
12 Directory 51,484,622,848 byte disponibili

WinXP_EN_HOM_BF.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

244 --- E O F --- 2008-04-13 22:31:19
  • 0

Advertisements

#2
greyknight17
Posted 21 April 2008 - 04:08 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

I see you have Avast Antivirus and Norton Antivirus there. Decide which one you want to keep and uninstall the other one.

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy and paste the text into the quotebox below:

File::
C:\Documents and Settings\Ells\System_Restore.exe
C:\Documents and Settings\Ells\SymXPep2.dll
C:\Documents and Settings\Ells\IView.exe
C:\WINDOWS\system32\ZoneAlarmIconUS.ico
Folder::
C:\WINDOWS\qifw
C:\Programmi\File comuni\qifw
C:\Programmi\Inet_Get_2
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"qifw"=-

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.
  • 0

#3
greyknight17
Posted 27 April 2008 - 07:44 AM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP