also @ TechSpot: Microsoft wants Xbox to be the entertainment hub for all your devices

TechSpot
Collaborate in the cloud with Office, Exchange, SharePoint, and Lync.
Microsoft Office 365. Pay-as-you-go starting at $8/user/month. Begin your free trial now.

[Active] Strange file name of letters and numbers comprising of ZZZZZ's

Discussion in 'Virus and Malware Removal' started by buffy, Jan 26, 2011.

Thread Status:
Not open for further replies.

  1. buffy Newcomer, in training

    Sorry if this is vague but I started to follow the instructions on another persons thread to try and sort it out myself.
    These are the steps I've followed so far from this website but after I re-started the computer I wasn't sure if I've finished of if there is something else to do?

    ComboFix 11-01-25.05 - Fay 26/01/2011 19:52:44.1.4 - x86
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3327.2291 [GMT 0:00]
    Running from: c:\users\Fay\Downloads\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((( Files Created from 2010-12-26 to 2011-01-26 )))))))))))))))))))))))))))))))
    .

    2011-01-26 19:55 . 2011-01-26 19:55 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-01-26 19:15 . 2011-01-26 19:15 -------- d-----w- c:\program files\CCleaner
    2011-01-26 19:07 . 2006-10-26 19:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
    2011-01-26 19:07 . 2006-10-26 19:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
    2011-01-26 19:05 . 2011-01-26 19:05 -------- d-----w- c:\program files\Microsoft Works
    2011-01-25 08:09 . 2011-01-25 08:09 -------- d-----w- c:\programdata\HP
    2011-01-25 08:07 . 2011-01-25 08:07 -------- d-----w- c:\programdata\NVIDIA
    2011-01-25 07:12 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
    2011-01-25 07:11 . 2009-11-25 12:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2011-01-25 07:11 . 2009-11-25 12:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
    2011-01-25 07:11 . 2009-11-25 12:47 297808 ----a-w- c:\windows\system32\mscoree.dll
    2011-01-25 07:11 . 2009-11-25 12:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
    2011-01-25 07:11 . 2009-11-25 12:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
    2011-01-25 07:04 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
    2011-01-25 07:04 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
    2011-01-25 07:04 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
    2011-01-25 07:02 . 2011-01-25 07:02 -------- d-----w- c:\programdata\NVIDIA Corporation
    2011-01-25 07:02 . 2011-01-25 07:03 -------- d-----w- c:\program files\NVIDIA Corporation
    2011-01-25 06:57 . 2010-12-13 08:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-01-25 06:57 . 2010-12-13 08:40 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-01-25 06:57 . 2011-01-25 06:57 -------- d-----w- c:\programdata\Avira
    2011-01-25 06:57 . 2011-01-25 06:57 -------- d-----w- c:\program files\Avira
    2011-01-25 06:55 . 2009-10-02 04:06 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2011-01-25 06:54 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
    2011-01-25 06:53 . 2011-01-25 06:53 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
    2011-01-25 06:53 . 2011-01-26 19:32 -------- d-----w- c:\program files\Spyware Terminator
    2011-01-25 06:53 . 2011-01-26 11:08 -------- d-----w- c:\programdata\Spyware Terminator
    2011-01-25 06:50 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-01-25 06:41 . 2010-10-20 03:00 2327552 ----a-w- c:\windows\system32\win32k.sys
    2011-01-25 06:41 . 2011-01-25 06:41 -------- d-----w- c:\programdata\InstallShield
    2011-01-25 06:40 . 2007-04-28 00:12 78784 ----a-w- c:\windows\system32\ISUSPM.cpl
    2011-01-25 06:40 . 2011-01-25 06:40 -------- d--h--w- c:\program files\InstallShield Installation Information
    2011-01-25 06:40 . 2011-01-25 06:40 -------- d-----w- c:\program files\Common Files\InstallShield
    2011-01-25 06:33 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
    2011-01-25 06:33 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
    2011-01-25 06:33 . 2011-01-26 18:04 -------- d-----w- c:\windows\system32\wbem\Performance
    2011-01-25 06:29 . 2011-01-25 06:39 -------- d-----w- c:\users\Fay
    2011-01-25 06:28 . 2011-01-25 06:28 -------- d-----w- C:\Recovery

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-01-25 3318784]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
    "SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2011-01-25 2216960]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-25 1343400]
    S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2011-01-25 142592]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336]

    .
    .
    ------- Supplementary Scan -------
    .
    IE: Crawler Search - tbr:iemenu
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
    FF - ProfilePath - c:\users\Fay\AppData\Roaming\Mozilla\Firefox\Profiles\ix4sv3rd.default\
    FF - prefs.js: browser.search.selectedEngine -
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
    FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60049&qkw=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Crawler Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - c:\program files\Crawler\Toolbar\firefox
    FF - Ext: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-01-26 19:56:51
    ComboFix-quarantined-files.txt 2011-01-26 19:56

    Pre-Run: 204,083,269,632 bytes free
    Post-Run: 204,000,849,920 bytes free

    - - End Of File - - 72E96F26727CE3B266E0F223D151E802
    buffy, Jan 26, 2011
    #1

  2. Bobbye Helper on the Fringe

    ==============================================
    Let restart, which will be better for you:

    Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [IMG]

    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Important!
    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
    Bobbye, Jan 26, 2011
    #2

  3. buffy Newcomer, in training

    Thank you

    I just wanted to say thank you for your quick response, I will take your advice about other peoples threads. I have now started the process and removed the programme.

    thanks again
    buffy, Jan 26, 2011
    #3

  4. buffy Newcomer, in training

    Hi

    My computer had been blue screening, then cutting off the internet to my computer. It would also loose 2GB of space on the hard drive every time.
    (as in it would be fuller)
    I would do regular disk checks and defrag but my C-drive is always fragmented.

    Yesterday I wiped my computer using system restore and recovery disks.
    I kept seeing a strange file in the C-Drvie: 3590F75ABA9E485486C100C1A9D4FF06Z.ZZZZ..Z..ZZ.ZZ

    I assumed it was a virus. I had it before and after the system restore.

    I've now downloaded: Avira anti virus/ Spyware terminator/ Ccleaner/ malwarebytes
    I have windows firewall and Defender running.

    I am hoping I've done the right things

    thanks
    buffy, Jan 26, 2011
    #4

  5. Bobbye Helper on the Fringe

    You should follow the steps in the thread link I left. Then paste the logs in for review.

    There is a specific note asking you not to run any other scans while I am helping you.
    Bobbye, Jan 26, 2011
    #5

  6. buffy Newcomer, in training

    Hi

    I followed the first steps you left but then I felt a bit stupid asking what a log was and where you find them, as I have no idea.

    Thanks again
    buffy, Jan 27, 2011
    #6

  7. buffy Newcomer, in training

    ah yes sorry I see the note in red, shall I disable them all?
    buffy, Jan 27, 2011
    #7

  8. Bobbye Helper on the Fringe

    The logs list what has been found in the scan. I need to see each one.

    Yes, please disable or uninstall any other scanning or cleaning program while I am helping you.
    Bobbye, Jan 27, 2011
    #8

  9. buffy Newcomer, in training

    ah the only thing I could find was that thing I posted earlier, I've tried looking for log files on the C-drive but they don't seem to be there.
    buffy, Jan 27, 2011
    #9

  10. buffy Newcomer, in training

    also I've un-installed the Combofix
    buffy, Jan 27, 2011
    #10

  11. Bobbye Helper on the Fringe

    Please use the Edit feature instead of a new post for a 1 line reply. I get email feedback for every one of those replies. They add up.

    Run the scans, then leave the logs. Run only what's in the link I left. Do not do any system restores while I'm helping you. Unless you give me something to work with, I can't help you.
    Bobbye, Jan 27, 2011
    #11
Thread Status:
Not open for further replies.