Thread: Computer infected, please help!
View Single Post
Old 12-31-2007, 07:21 PM   #22 (permalink)
carynm
Registered User
 
Join Date: Dec 2007
Posts: 88
OS: Windows XP


Re: Computer infected, please help!
Quote:
Originally Posted by Katana View Post
Happy New Year

Kaspersky is an excellent choice , I would get it as soon as possible and let it remove anything it can.

The second file I asked you to scan is in a different location, that is why I needed it analyzing


Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code:
    DirLook::
C:\WINDOWS\system32\wbem
File::
C:\Program Files\Evrsoft First Page 2006\Iscripts\Page Details\crazy-window.izs	
C:\Program Files\Internet Explorer\PLUGINS\NvSys_55.Sys 	
C:\WINDOWS\273100L.exe 	
C:\WINDOWS\273100M.exe 	
C:\WINDOWS\273100MM.DLL 	
C:\WINDOWS\273100WL.DLL 	
C:\WINDOWS\AVPSrv.exE 	
C:\WINDOWS\Kvsc3.exE 	
C:\WINDOWS\MsIMMs32.exE 	
C:\WINDOWS\PTSShell.exe 	
C:\WINDOWS\system32\AVPSrv.dll 	
C:\WINDOWS\system32\avwghst.exe 	
C:\WINDOWS\system32\avwlgst.exe 	
C:\WINDOWS\system32\avzxlmn.dll 	
C:\WINDOWS\system32\avzxlst.exe 	
C:\WINDOWS\system32\cmdbcs.dll 	
C:\WINDOWS\system32\DbgHlp32.dll 	
C:\WINDOWS\system32\drivers\scvhost.exe 	
C:\WINDOWS\system32\Kvsc3.dll 	
C:\WINDOWS\system32\MsIMMs32.dll 	
C:\WINDOWS\system32\MsPrint32D.dll 	
C:\WINDOWS\system32\PTSShell.dll 	
C:\WINDOWS\system32\rsmyjsp.exe 	
C:\WINDOWS\system32\SSLDyn.dll 	
C:\WINDOWS\system32\upxdnd.dll 		
C:\WINDOWS\system32\wbem\jytrjbvnb.dll 	
C:\WINDOWS\system32\wbem\xcywtfvnb.dll 	
C:\WINDOWS\system32\WinForm.dll 	
C:\WINDOWS\upxdnd.exe 	
C:\WINDOWS\WinForm.exE 	
C:\10.tmp 	
C:\12.tmp 	
C:\15.tmp 	
C:\2B.tmp 	
C:\2D.tmp 	
C:\2E.tmp 	
C:\2F.tmp
C:\WINDOWS\system32\dllcache\svchost.exe
Folder::
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\3DCBZ9GR	
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JRSRT0Y3	
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OZWROI1X	
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Z0L13MY4
C:\WINDOWS\system32\wbem\0222
C:\WINDOWS\system32\wbem\6174
Driver::
Registry::
[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\control\\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00 
ADS::
  • Save this as CFScript.txt and place it on your desktop.




  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


Do you think it will be safe for me purchase the kaspersky anti-virus using my computer? I don't want my credit card info getting into the wrong hands!

I can use my mom's computer but then I would have to login to kaspersky from my computer to download. What would you recommend I do?
carynm is offline