Quote:
|
After running combofix, The same problems as my original post still exist.
|
We're getting there.
Download
SDFix and save it to your Desktop. Double click
SDFix.exe and it will extract the files to %systemdrive% -(Drive that contains the Windows Directory, typically C:\SDFix). Do not run it yet.
----------------------------------------------------------------
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight
Safe Mode and press Enter.
5)
Login with your usual account. Make sure to close any open browsers.
--------------------------------------------------------------------
Open the extracted SDFix folder and double click
RunThis.bat to start the script.
- Type Y to begin the cleanup process.
- It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
When the PC restarts, the Fixtool will run again and complete the removal process then display
Finished.
- Press any key to end the script and load your desktop icons.
- Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt I'll need that in your next reply.
--------------------------------------------------------------------
From Normal Mode...
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
--------------------------------------------------------------------
Open
notepad and copy/paste the text in the quote box below into it:
Quote:
http://www.techsupportforum.com/security-center/hijackthis-log-help/279296-slow-internet-explorer-folder-browsing.html
Collect::
C:\WINDOWS\000001_.tmp
C:\WINDOWS\el.ini
C:\WINDOWS\004026_.tmp
C:\WINDOWS\system32\drivers\_004740_.tmp.dll
C:\WINDOWS\system32\drivers\_004748_.tmp.dll
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"C:\WINDOWS\system32\kdykd.exe"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B0D039E0-C6F0-CC70-A44C-B49BC97A72AA}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNM]
O15 - Trusted Zone: http://www.casharrives365.com
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} -
|
Save this as
"CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you. Post that log in your next reply.
**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
- Ensure you are connected to the internet and click OK on the message box.
- A browser will open.
- Simply follow the instructions to copy/paste/send the requested file.
----------------------------------------------------------------
Please include the following in your next reply:
C:\SDFix\Report.txt
C:\ComboFix.txt
Update on system behavior
__________________
Member of ASAP since 2005
Member of UNITE since 2006
"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."