Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

malware/spyware log [CLOSED]

Started by rdhanna03 , Jun 29 2008 08:53 PM

  • This topic is locked This topic is locked

#1
rdhanna03
Posted 29 June 2008 - 08:53 PM

rdhanna03

    New Member

  • Member
  • Pip
  • 1 posts
I got a virus/spyware....I am not sure what from downloading off limewire....I know-my own fault. I have been bombarded with pop-ups and my wallpaper was changed to a blue screen with yellow writing saying a bunch of crap about 'your computer is infected with spyware' Whatever it was disabled my task manager, made my system run really slow, and frustrated the [bleep] out of me. Every antivirus program I ran showed a trojan. We will see if I am all fixed up now. Anyway, after unsuccessfully running a million and one spyware/anti virus programs I stumbled upon this site and ran combo fix. This is the log of what it did....





ComboFix 08-06-20.4 - ANNA 2008-06-29 21:29:46.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.202 [GMT -5:00]
Running from: C:\Documents and Settings\ANNA\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\ANNA\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\ANNA\Application Data\SpeedRunner
C:\Documents and Settings\ANNA\Application Data\SpeedRunner\SRUninstall.exe
C:\Documents and Settings\ANNA\Local Settings\Temporary Internet Files\bestwiner.stt
C:\Program Files\Common Files\Yazzle1560OinAdmin.exe
C:\Program Files\Common Files\Yazzle1560OinUninstaller.exe
C:\Program Files\inetget2
C:\Program Files\inetget2\ISMSetup Venora2 (aid=28 gab10).exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\Temporary
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\accesss.exe
C:\WINDOWS\astctl32.ocx
C:\WINDOWS\avpcc.dll
C:\WINDOWS\clrssn.exe
C:\WINDOWS\cpan.dll
C:\WINDOWS\crosof~1
C:\WINDOWS\ctfmon32.exe
C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\default.htm
C:\WINDOWS\directx32.exe
C:\WINDOWS\dnsrelay.dll
C:\WINDOWS\editpad.exe
C:\WINDOWS\explore.exe
C:\WINDOWS\explorer32.exe
C:\WINDOWS\Fonts\'
C:\WINDOWS\funniest.exe
C:\WINDOWS\funny.exe
C:\WINDOWS\gfmnaaa.dll
C:\WINDOWS\helpcvs.exe
C:\WINDOWS\iedll.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\inetinf.exe
C:\WINDOWS\internet.exe
C:\WINDOWS\loader.exe
C:\WINDOWS\msconfd.dll
C:\WINDOWS\msspi.dll
C:\WINDOWS\mssys.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\mswsc10.dll
C:\WINDOWS\mswsc20.dll
C:\WINDOWS\mtwirl32.dll
C:\WINDOWS\notepad32.exe
C:\WINDOWS\olehelp.exe
C:\WINDOWS\qttasks.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundll32.vbe
C:\WINDOWS\searchword.dll
C:\WINDOWS\sistem.exe
C:\WINDOWS\svchost32.exe
C:\WINDOWS\svcinit.exe
C:\WINDOWS\systeem.exe
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\f10
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\jSAayyxx.ini
C:\WINDOWS\system32\jSAayyxx.ini2
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\xormfhss.ini
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\systemcritical.exe
C:\WINDOWS\time.exe
C:\WINDOWS\users32.exe
C:\WINDOWS\waol.exe
C:\WINDOWS\win32e.exe
C:\WINDOWS\win64.exe
C:\WINDOWS\winajbm.dll
C:\WINDOWS\window.exe
C:\WINDOWS\winmgnt.exe
C:\WINDOWS\wnsxs~1
C:\WINDOWS\wnsxs~1\W?nSxS\
C:\WINDOWS\x.exe
C:\WINDOWS\xplugin.dll
C:\WINDOWS\xxxvideo.hta
C:\WINDOWS\y.exe
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NETWORK_MONITOR


((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-30 )))))))))))))))))))))))))))))))
.

2008-06-29 21:35 . 2008-06-29 21:35 <DIR> d-------- C:\temp\tn3
2008-06-28 23:11 . 2008-06-28 23:11 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-28 23:08 . 2008-06-28 23:08 <DIR> d-------- C:\Program Files\SuperslotsCasino
2008-06-28 23:08 . 2008-06-29 17:08 <DIR> d-------- C:\Program Files\Sakora
2008-06-28 23:08 . 2008-06-28 23:12 <DIR> d-------- C:\Program Files\ProSiteFinder
2008-06-28 23:08 . 2008-06-28 23:08 <DIR> d-------- C:\Program Files\muvee Technologies
2008-06-28 16:05 . 2008-06-28 22:56 <DIR> d-------- C:\$AVG8.VAULT$
2008-06-28 16:03 . 2008-06-28 20:55 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg(2)
2008-06-28 16:02 . 2008-06-28 23:08 <DIR> d-------- C:\Program Files\AVG(2)
2008-06-28 16:02 . 2008-06-28 23:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8(2)
2008-06-28 15:47 . 2008-06-28 15:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-27 23:13 . 2008-06-27 23:13 4,286 --a------ C:\WINDOWS\system32\Jamster.ico
2008-06-27 22:53 . 2007-11-27 22:56 116,416 --a------ C:\WINDOWS\system32\drivers\msfwhlpr.sys
2008-06-27 22:53 . 2007-11-27 22:56 91,328 --a------ C:\WINDOWS\system32\drivers\msfwdrv.sys
2008-06-27 22:48 . 2007-07-06 15:09 70,928 --a------ C:\WINDOWS\system32\drivers\MpFilter.sys
2008-06-27 22:47 . 2007-03-29 07:56 409,600 --a------ C:\WINDOWS\system32\dllcache\qmgr.dll
2008-06-27 22:47 . 2007-03-29 07:56 18,944 --a------ C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-06-27 22:47 . 2007-03-29 07:56 7,168 --a------ C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-06-27 22:47 . 2007-03-29 07:56 7,168 --a------ C:\WINDOWS\system32\bitsprx4.dll
2008-06-27 22:32 . 2008-06-27 22:32 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-06-27 22:27 . 2008-06-29 17:03 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-06-27 22:26 . 2008-06-27 22:26 <DIR> d-------- C:\ae008b8bc78cad735e591f8230b0ba
2008-06-27 22:17 . 2005-01-25 10:11 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-06-27 22:17 . 2005-01-25 09:58 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-06-27 22:17 . 2008-01-31 10:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Gtek
2008-06-27 22:17 . 2005-01-25 10:09 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-06-27 22:17 . 2008-06-28 23:13 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-27 22:02 . 2008-06-27 22:02 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-06-27 21:59 . 2008-06-28 23:12 <DIR> d--hs---- C:\WINDOWS\amlt
2008-06-27 21:58 . 2008-06-28 23:12 <DIR> d-------- C:\WINDOWS\system32\xsir
2008-06-27 21:58 . 2008-06-28 23:12 <DIR> d-------- C:\WINDOWS\system32\vec3
2008-06-27 21:58 . 2008-06-28 23:12 <DIR> d-------- C:\WINDOWS\system32\modtrux18
2008-06-27 21:58 . 2008-06-28 23:12 <DIR> d-------- C:\WINDOWS\system32\bam
2008-06-27 21:58 . 2008-06-27 21:58 <DIR> d-------- C:\temp\syschk3
2008-06-27 21:58 . 2008-06-29 21:35 167,976 --------- C:\WINDOWS\system32\drivers\core.cache.dsk
2008-06-27 21:58 . 2008-06-27 21:58 86,144 --a------ C:\WINDOWS\system32\drivers\fsrrecc.sys
2008-06-10 18:34 . 2008-06-13 08:10 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 18:34 . 2008-06-13 08:10 272,128 --a------ C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-25 20:44 . 2008-05-25 20:44 <DIR> d-------- C:\Program Files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 04:12 --------- d-----w C:\Program Files\Lavasoft
2008-06-29 04:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-06-24 00:04 7,802 ----a-w C:\Documents and Settings\ANNA\Application Data\wklnhst.dat
2008-05-31 13:31 --------- d-----w C:\Program Files\iTunes
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-06 23:50 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-24 03:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2007-07-30 04:21 87,608 ----a-w C:\Documents and Settings\ANNA\Application Data\ezpinst.exe
2007-07-30 04:21 47,360 ----a-w C:\Documents and Settings\ANNA\Application Data\pcouffin.sys
2003-08-27 19:19 36,963 -c--a-r C:\Program Files\Common Files\SM1updtr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1B2AF78C-CD99-4F0C-9C92-607FB54833F1}]
C:\WINDOWS\system32\xxyyaASj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BA2A2046-75A4-47C0-A09C-F0DCC706D39B}]
C:\WINDOWS\system32\hgGwVNdD.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2005-12-08 14:55 3096576]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00 15360]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 19:16 454784]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-20 19:15 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-02 04:03 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 03:59 126976]
"AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 06:20 88363 C:\WINDOWS\AGRSMMSG.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 16:48 1388544]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-11-23 14:52 163840]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [ ]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-09-07 19:28 213054]
"hpWirelessAssistant"="C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-12-08 12:36 790528]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [2003-08-27 14:20 94208]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-10-10 11:59 155648]
"SCANINICIO"="C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe" [ ]
"APVXDWIN"="C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" [ ]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 22:34 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2008-05-28 12:35 67112]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 22:26:24 210520]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{BA2A2046-75A4-47C0-A09C-F0DCC706D39B}"= C:\WINDOWS\system32\hgGwVNdD.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGwVNdD]
hgGwVNdD.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\WINDOWS\\system32\\java.exe"=

R1 fsrrecc;fsrrecc;C:\WINDOWS\system32\drivers\fsrrecc.sys [2008-06-27 21:58]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
S2 PAVFIRES;Panda Firewall Service;C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe []
S3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys []
S3 PortlUSB;PortlUSB;C:\WINDOWS\system32\DRIVERS\yepp920.sys [2004-06-24 13:52]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.
Contents of the 'Scheduled Tasks' folder
"2008-06-21 01:00:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (PC233762962032-jim).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2005-01-25 15:13:18 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 21:37:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????4?1?3?-??p???? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\symwsc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\HPQ\Shared\hpqwmi.exe
.
**************************************************************************
.
Completion time: 2008-06-29 21:41:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-30 02:40:58

Pre-Run: 41,541,246,976 bytes free
Post-Run: 41,695,928,320 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

283 --- E O F --- 2008-06-20 08:03:08
  • 0

Advertisements

#2
greyknight17
Posted 30 June 2008 - 06:59 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

Are you still using Symantec and McAfee now?

Uninstall Viewpoint via the Add/Remove Programs panel.

1. Try to delete the below file manually:

C:\WINDOWS\system32\drivers\core.cache.dsk

Boot into Safe Mode to delete it if it's giving you any problems.

2. Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:

DirLook::
C:\WINDOWS\system32\bits
C:\Program Files\SuperslotsCasino
C:\Program Files\Sakora
C:\Program Files\ProSiteFinder
Driver::
fsrrecc
Viewpoint Manager Service
File::
C:\WINDOWS\system32\Jamster.ico
C:\WINDOWS\system32\ZoneAlarmIconUS.ico
C:\WINDOWS\system32\drivers\fsrrecc.sys
C:\WINDOWS\system32\hgGwVNdD.dll
C:\WINDOWS\system32\xxyyaASj.dll
Folder::
C:\temp\tn3
C:\WINDOWS\amlt
C:\WINDOWS\system32\xsir
C:\WINDOWS\system32\vec3
C:\WINDOWS\system32\modtrux18
C:\WINDOWS\system32\bam
C:\temp\syschk3
C:\Program Files\Viewpoint\
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1B2AF78C-CD99-4F0C-9C92-607FB54833F1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BA2A2046-75A4-47C0-A09C-F0DCC706D39B}]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{BA2A2046-75A4-47C0-A09C-F0DCC706D39B}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGwVNdD]

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

3. I want you to upload this file (C:\WINDOWS\system32\bitsprx4.dll) to http://virusscan.jotti.org and report back what it found.
  • 0

#3
greyknight17
Posted 04 July 2008 - 01:29 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP