My Anti Spyware
News, Free Programs, Online Scanners, Tutorials
Post your problems with Spyware, Hijackers, Trojans...
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister     ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Combofix Virus [W32.Scrapkut worm]

 
Post new topic   Reply to topic    My Anti Spyware Forum Index -> Spyware Removal
View previous topic :: View next topic  
Author Message
kinsella



Joined: 18 Jul 2008
Posts: 2
PostPosted: Fri Jul 18, 2008 1:34 pm    Post subject: Combofix Virus [W32.Scrapkut worm] Reply with quote
I have the file ComboFix and have found virus's on my computer which i cant clean of using my antivirus programs

What way can i go about using this file to delete the virus,

c:\windows\system32\awtstjay.dll
This is one virus under a trojan.Win32.Monderc.gen

There are eight altogther
Can somebody help me on this as it has hyjacked my internet browser

Thank You
Stefan
Back to top
View user's profile Send private message
patrik
Site Admin


Joined: 08 Jan 2006
Posts: 1227
PostPosted: Fri Jul 18, 2008 2:08 pm    Post subject: Reply with quote
Hello Stefan, welcome to the Myantispyware forum!

Close any open browsers. Double click on combofix.exe and follow the prompts.

Post back with a combofix log.
_________________
Antispyware: HijackThis, SmitfraudFix, ComboFix, CounterSpy Antispyware, Super Antispyware
Instructions: Show hidden files, Reboot in Safe Mode
Back to top
View user's profile Send private message Send e-mail
kinsella



Joined: 18 Jul 2008
Posts: 2
PostPosted: Fri Jul 18, 2008 3:05 pm    Post subject: Reply with quote
ComboFix 08-07-17.4 - HP_Owner 2008-07-18 15:55:23.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.851 [GMT 1:00]
Running from: C:\Documents and Settings\All Users\Documents\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\awtsTJay.dll
C:\WINDOWS\system32\jcmhpckq.ini
C:\WINDOWS\system32\qkcphmcj.dll
C:\WINDOWS\system32\urqQkkLe.dll
C:\WINDOWS\system32\xcraqwim.ini
C:\WINDOWS\system32\yaJTstwa.ini
C:\WINDOWS\system32\yaJTstwa.ini2
C:\WINDOWS\system32\yrywncyc.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-18 to 2008-07-18 )))))))))))))))))))))))))))))))
.

2008-07-17 22:03 . 2008-07-17 22:03 0 --a------ C:\WINDOWS\BM6bc518d4.xml
2008-07-17 13:35 . 2008-07-17 13:35 <DIR> d-------- C:\Program Files\MSECache
2008-07-01 19:37 . 2008-07-01 19:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-07-01 18:39 . 2008-07-01 18:39 <DIR> d-------- C:\I386
2008-07-01 18:22 . 2008-07-01 18:22 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-01 18:22 . 2008-07-01 18:22 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-01 18:22 . 2008-07-01 18:22 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-01 18:20 . 2008-07-01 18:20 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-01 18:11 . 2008-07-01 18:11 <DIR> d-------- C:\WINDOWS\EHome
2008-07-01 18:03 . 2008-04-14 01:11 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-07-01 15:18 . 2008-07-01 15:19 3,015,680 --a------ C:\WINDOWS\system32\mshtml.tmp
2008-07-01 15:18 . 2008-07-01 15:19 2,450,944 --a------ C:\WINDOWS\system32\SET1659.tmp
2008-07-01 15:18 . 2008-07-01 15:19 276,992 --a------ C:\WINDOWS\system32\SET1666.tmp
2008-07-01 15:18 . 2008-07-01 15:19 222,208 --a------ C:\WINDOWS\system32\SET164D.tmp
2008-07-01 15:18 . 2008-07-01 15:19 4,096 --a------ C:\WINDOWS\system32\SET165B.tmp
2008-07-01 15:18 . 2008-07-01 15:19 2,577 --a------ C:\WINDOWS\system32\CONFIG.TMP
2008-06-30 13:31 . 2008-07-15 17:47 <DIR> d-------- C:\Program Files\NoAdware5.0
2008-06-27 12:40 . 2008-06-27 12:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-26 22:09 . 2008-05-08 15:02 203,136 --a------ C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-24 18:54 . 2008-07-18 14:39 3,562 --a------ C:\rollback.ini
2008-06-24 18:52 . 2008-07-18 16:00 19,907,360 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-24 18:52 . 2008-07-18 16:00 423,968 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-24 18:52 . 2008-07-18 15:59 270,800 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-24 18:52 . 2008-07-18 15:59 41,816 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-24 18:50 . 2008-06-24 18:50 <DIR> d-------- C:\Program Files\ParetoLogic
2008-06-24 18:50 . 2008-06-24 18:50 <DIR> d-------- C:\Program Files\Common Files\ParetoLogic
2008-06-24 18:50 . 2008-06-24 18:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
2008-06-24 18:50 . 2008-06-24 18:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic
2008-06-24 18:48 . 2008-06-24 18:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-06-20 18:46 . 2008-06-20 18:46 245,248 --a------ C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 18:46 . 2008-06-20 18:46 147,968 --a------ C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 12:51 . 2008-06-20 12:51 361,600 --a------ C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 12:40 . 2008-06-20 12:40 138,496 --a------ C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 12:08 . 2008-06-20 12:08 225,856 --a------ C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-19 17:16 . 2008-06-19 17:16 78 --a------ C:\WINDOWS\lsoon.ini
2008-06-19 17:02 . 2008-06-19 17:02 (2) -rahs-ot- C:\WINDOWS\winstart.bat
2008-06-19 17:01 . 2008-06-19 17:01 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Regrun
2008-06-19 17:01 . 2008-06-19 17:16 <DIR> d-------- C:\backreg
2008-06-19 17:01 . 2003-09-06 15:55 57,556 --a------ C:\WINDOWS\guard.bmp
2008-06-19 16:53 . 2008-06-19 16:53 <DIR> d-------- C:\Program Files\Greatis
2008-06-19 07:29 . 2008-06-19 07:29 243,024 --a------ C:\WINDOWS\system32\LSPInstall.dll
2008-06-19 07:28 . 2008-06-19 07:28 111,960 --a------ C:\WINDOWS\system32\INetHTTPFilter.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-17 21:38 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\BitTorrent
2008-07-17 21:35 --------- d-----w C:\Program Files\XoftSpySE
2008-07-17 21:34 --------- d-----w C:\Program Files\Privacy Guardian
2008-07-05 13:09 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\VMNTOOLBAR
2008-07-01 18:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-07-01 14:48 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\U3
2008-06-30 17:16 --------- d-----w C:\Program Files\ESET
2008-06-30 17:12 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\DNA
2008-06-30 15:50 --------- d-----w C:\Program Files\Lavasoft
2008-06-30 14:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-30 13:43 --------- d-----w C:\Program Files\Spyware Doctor
2008-06-27 11:41 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Lavasoft
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-01 15:54 --------- d-----w C:\Program Files\PDF Editor 2
2008-01-09 16:34 289,552 ----a-w C:\Documents and Settings\HP_Owner\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-07-04_10.24.28.90 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-17 12:35:35 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2008-07-18 08:01:28 3,056 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{5329D7E8-ED32-479D-861F-259AFF909733}.bin
- 2008-04-14 00:12:15 139,264 ----a-w C:\WINDOWS\system32\cscript.exe
+ 2008-05-07 09:07:23 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
+ 2008-05-07 09:07:23 135,168 ----a-w C:\WINDOWS\system32\dllcache\cscript.exe
+ 2008-05-09 10:53:39 512,000 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2008-05-09 10:53:39 180,224 ----a-w C:\WINDOWS\system32\dllcache\scrobj.dll
+ 2008-05-09 10:53:40 172,032 ----a-w C:\WINDOWS\system32\dllcache\scrrun.dll
+ 2008-05-09 10:53:40 430,080 ----a-w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2008-05-08 11:24:44 155,648 ----a-w C:\WINDOWS\system32\dllcache\wscript.exe
+ 2008-05-09 10:53:40 90,112 ----a-w C:\WINDOWS\system32\dllcache\wshext.dll
- 2008-04-14 00:11:52 147,968 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:46:57 147,968 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2008-07-01 17:30:14 1,037,944 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-07-18 07:53:13 1,057,048 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-04-14 00:11:56 512,000 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2008-05-09 10:53:39 512,000 ----a-w C:\WINDOWS\system32\jscript.dll
- 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-06-25 16:15:46 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-04-14 00:12:01 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
+ 2008-06-20 17:46:57 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
- 2008-04-14 00:12:05 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
+ 2008-05-09 10:53:39 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
- 2008-04-14 00:12:05 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
+ 2008-05-09 10:53:40 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
- 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\system32\spmsg.dll
- 2008-04-14 00:12:08 434,176 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2008-05-09 10:53:40 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2008-04-14 00:12:41 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
+ 2008-05-08 11:24:44 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
- 2008-04-14 00:12:10 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
+ 2008-05-09 10:53:40 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
+ 2005-09-22 22:48:08 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2005-09-22 22:48:08 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2005-09-22 22:48:06 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pareto_Update"="C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe" [2008-02-22 12:25 189808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 21:43 233472]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-02 06:28 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-01-02 06:23 180269]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 19:53 49152]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-02-20 20:01 49152]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 15:32 5537792]
"SoundMan"="SOUNDMAN.EXE" [2005-04-07 02:57 90112 C:\WINDOWS\SOUNDMAN.EXE]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-18 00:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 01:12 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Command WorkStation 4.lnk - C:\Program Files\Fiery\Command WorkStation 4\CWS 4.exe [2006-03-10 17:00:07 2396160]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 03:28:24 258048]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
RaConfig2500USB.lnk - C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500USB.exe [2006-06-28 15:25:38 655450]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-04-11 11:10:00 394856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PayTime
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows installer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 01:12 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
--a------ 2004-06-07 19:42 659456 C:\WINDOWS\system32\hphmon06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-28 00:50 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-28 00:50 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2004-10-14 00:04 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 01:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-02-24 15:32 5537792 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
--a------ 2004-10-25 22:17 90112 C:\WINDOWS\system32\ps2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-01-02 06:28 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2004-12-14 02:23 663552 C:\WINDOWS\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-01-02 06:01 36972 C:\Program Files\Java\jre1.5.0\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-01-02 06:23 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2004-06-29 18:06 88363 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-04-12 09:10 65536 C:\WINDOWS\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
--a------ 2005-04-07 02:53 2805248 C:\WINDOWS\ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-02-24 15:32 1495040 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=

R2 Canon NetSpot Console Server;Canon NetSpot Console;C:\Program Files\Canon\nsc\wnappsrv.exe [2002-07-31 02:30]
R2 Canon NetSpot Web Service;Canon NetSpot Console Web Service;C:\Program Files\Canon\nsc\wnwebsrv.exe [2002-07-31 02:30]
R2 ZeppelinService;plasservice;C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe [2008-06-19 07:26]
S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys []
S3 rt2571;Wireless 802.11g USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\rt2571.sys [2004-06-21 11:39]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e17b26e6-3f11-11db-8ded-0013d4853448}]
\Shell\AutoRun\command - K:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-06-24 17:51:29 C:\WINDOWS\Tasks\ParetoLogic Anti-Virus PLUS.job"
- C:\Program Files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.exe
"2008-07-17 17:03:06 C:\WINDOWS\Tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job"
- C:\Program Files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.exe
"2008-07-17 17:00:00 C:\WINDOWS\Tasks\ParetoLogic Registration.job"
- C:\WINDOWS\system32\rundll32.exe@
"2008-07-02 17:02:47 C:\WINDOWS\Tasks\ParetoLogic Update Version2.job"
- C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
"2008-07-18 15:03:31 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-06-12 02:03:53 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-07-18 15:03:31 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2007-10-19 17:44:11 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-BM6bc518d4 - C:\WINDOWS\system32\yrywncyc.dll
HKLM-Run-68f62b48 - C:\WINDOWS\system32\qkcphmcj.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-18 16:00:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
.
**************************************************************************
.
Completion time: 2008-07-18 16:03:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-18 15:03:46
ComboFix2.txt 2008-07-04 09:24:50

Pre-Run: 216,012,054,528 bytes free
Post-Run: 216,097,939,456 bytes free

253 --- E O F --- 2008-07-16 07:22:30
Back to top
View user's profile Send private message
patrik
Site Admin


Joined: 08 Jan 2006
Posts: 1227
PostPosted: Sat Jul 19, 2008 5:02 am    Post subject: Reply with quote
Open notepad, copy/paste the text in the code box below into notepad:
Code:
File::
C:\WINDOWS\system32\drivers\Partizan.sys

Driver::
Partizan

Name the Notepad file CFScript and Save it to your desktop. Then drag the CFScript into ComboFix.exe as you see in the screenshot below.


How is your PC working now ?
Post a combofix log with your reply.
_________________
Antispyware: HijackThis, SmitfraudFix, ComboFix, CounterSpy Antispyware, Super Antispyware
Instructions: Show hidden files, Reboot in Safe Mode
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   
Post new topic   Reply to topic    My Anti Spyware Forum Index -> Spyware Removal All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
phpBB SEO