Hi traejaqun,
You shouldn't use ComboFix without the supervision of an expert who has been trained to use this powerful tool.
Sorry for the delay in looking into your log, as we are extremely busy as you may have noticed. If you still require assistance and are not seeking help elsewhere, then please carry out my instructions.
Please subscribe to this thread so that you are notified when you receive a reply. To do this click
Thread Tools, then click
Subscribe to this Thread. Make sure it is set to
Instant Notification, then click
Add Subscription.
--------------------------------------------------------------
Go to Microsoft's website =>
http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System
Download the file & save it as its originally named, next to ComboFix.exe.
Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.
Please do not reboot your machine until we have reviewed the log.
--------------------------------------------------------------
Open
notepad and copy/paste the text in the quotebox below into it:
Quote:
KILLALL::
File::
C:\WINDOWS\system32\di1.gif
C:\WINDOWS\system32\fadgsd.exe
C:\WINDOWS\hfdgrhjkgh.exe
C:\WINDOWS\17PHolmes572.exe.tmp
C:\WINDOWS\system32\fwehg.exe
C:\WINDOWS\gsdfr5yhgjng.exe
C:\WINDOWS\system32\Jamster.ico
C:\WINDOWS\system32\antiwpa.dll
C:\WINDOWS\system32\A0A3A3A8ADAEAEA.exe
C:\WINDOWS\mrofinu572.exe.tmp
C:\WINDOWS\quit.exe
Folder::
C:\WINDOWS\system32\9DA0A0A5AAABABA
C:\WINDOWS\system32\tip4
C:\WINDOWS\system32\lis6
C:\WINDOWS\system32\kps5
C:\WINDOWS\system32\hs9
C:\Temp
C:\Program Files\MapEDC
C:\Program Files\NoDNS
C:\Program Files\JavaCore
C:\Program Files\Dot1XCfg
C:\Documents and Settings\Owner\Application Data\WinTouch
C:\Program Files\Data\WinTouch
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{221BBF54-3327-4548-9006-84385B1A5840}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JavaCore"=-
"Aiuh"=-
"Eecu"=-
"NoDNS"=-
"MapEDC"=-
"78bc0c10"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"E4E7E7ECF1F2F2F0F"=-
"78bc0c10"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\78bc0c10]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aiuh]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dot1XCfg]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E4E7E7ECF1F2F2F0F]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eozcqadz]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IESet]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iikw]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Insider]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tsaya]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTouch]
|
Save this as
CFScript
Referring to the picture above, drag CFScript into ComboFix.exe
Follow the prompts, and post the resulting log, C:\ComboFix.txt
Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
--------------------------------------------------------------
Reply back with the following:
CF_RC.txt
C:\ComboFix.txt
Update on system behaviour?