Open
notepad and copy/paste the text in the quotebox below into it:
Code:
http://www.techsupportforum.com/security-center/hijackthis-log-help/308288-horrible-infection.html#post1783978
Collect::
C:\WINDOWS\system32\TDSSqein.dll
File::
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\pcntttdl.exe
C:\WINDOWS\system32\rkwnw64l.exe
C:\WINDOWS\ndxq3074.exe
C:\WINDOWS\j414.exe
C:\WINDOWS\.security
C:\.security
C:\WINDOWS\lomxeqsn.exe
C:\sqmdata02.sqm
C:\sqmnoopt02.sqm
C:\sqmdata01.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt00.sqm
C:\sqmdata00.sqm
C:\WINDOWS\h288.exe
C:\WINDOWS\tj85.exe
C:\WINDOWS\lik02.exe
C:\WINDOWS\eo4.exe
C:\WINDOWS\ee3362.exe
C:\WINDOWS\cor704836.exe
C:\WINDOWS\tjyvb346054.exe
C:\WINDOWS\qggu58826.exe
C:\WINDOWS\nohh06760.exe
C:\WINDOWS\nc605007.exe
C:\WINDOWS\system32\dwwnw64r.exe
C:\WINDOWS\system32\g79.exe
C:\WINDOWS\mondrv411.exe
C:\Documents and Settings\Shirly\Start Menu\Programs\Startup\DW_Start.lnk
Folder::
C:\Program Files\PC-Antispy
C:\DOCUME~1\ALLUSE~1\Applic~1\pozgnihc
C:\Documents and Settings\Shirly\Application Data\Gool
C:\Program Files\Webtools
C:\Program Files\Mjcore
C:\WINDOWS\system32\wi
C:\WINDOWS\system32\PX
C:\WINDOWS\system32\m3v
C:\WINDOWS\system32\fs3
C:\WINDOWS\system32\EV02
C:\WINDOWS\system32\ec2
REGISTRY::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gool"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{85-5E-EA-A3-DW}"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"D5P1Ak1SB2"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"="avgrsstx.dll"
Save this as "
CFScript"
Referring to the picture above, drag CFScript.txt into ComboFix.exe
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
Additonally, ComboFix will generate a zipped file on your Desktop, called [4]Submit@Date_Time.zip
Before proceeding to the next step, please submit this file to
http://www.bleepingcomputer.com/subm....php?channel=4
---------------
Using Internet Explorer, visit
http://www.kaspersky.com/kos/eng/par...avwebscan.html
Answer Yes, when prompted to install an ActiveX component.
- The program will then begin downloading the latest definition files.
- Once the files have been downloaded click on NEXT
- Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
- Scan Options:
- Scan Archives
- Scan Mail Bases
- Click OK & have it scan My Computer
- Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
- Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan
---------------
In your next post, please include fresh logs from:
- Online scan
- ComboFix's log
Please provide details of any problems you encountered whilst performing the above steps &
update us on how the computer behaves now