Tech Support Forum - View Single Post

**Glaswegian** · 01-18-2009, 09:46 AM

Hi again

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Please go to: VirusTotal

In the middle of the page you'll find a "Browse" button.

Click the "Browse" button and browse to this file in RED:

c:\Program Files\song-10452.ram
Click "Open".
Then click the "Send File" button at the bottom of the VirusTotal page.
This will scan the file. Please be patient.
Once scanned, copy and paste the results in your next reply.

Repeat the above for this file:-

c:\windows\{00466B67-7C72-478A-A2DE-6D0A96A55F58}_WiseFW.ini

Combofix

Close any open browsers.
Open notepad and copy/paste the text in the box below into it:

Code:

File::
c:\Program Files\Common Files\Ndm361a2rL.exe
c:\windows\system32\xsl93180.dll
c:\windows\system32\sl93180.dll
I:\f0.cmd
G:\cfdflx.com
G:\RavMon.exe
c:\windows\system32\ropfnqz.exe

Folder::

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe]
"Debugger"=-
[-KEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4468579e-28d8-11dd-a4e7-005056c00008}]
[-KEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b2c3e5e-f5b7-11dc-a3e2-005056c00008}]
[-KEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7456a580-7166-11db-9d4b-0040cadbf51d}]
[-KEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8508c5dc-9d4e-11dd-a688-005056c00008}]
[-KEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab9d60ed-5a8a-11dd-a593-005056c00008}]
[-KEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d262192a-a225-11dc-a2db-005056c00008}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85CAE368-E5CD-305E-A63D-477B433653A8}]

Looking at the image below as an example

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript onto ComboFix.exe.

When finished, it will produce a log for you at "C:\ComboFix.txt"

Do not mouseclick combofix's window whilst it's running. This may cause it to stall.

CAUTION! Anyone else thinking of using the above script does so at their own risk - you may end up having to re-install Windows!

Please post the log C:\ComboFix.txt for further review. Please also let me know how your system is running.

01-18-2009, 09:46 AM	#4 (permalink)
Glaswegian Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic Join Date: Sep 2005 Location: Glasgow Posts: 25,186 OS: Win XP Pro SP3 / Win 7 Pro My System Blog Entries: 10	Re: IE 7 not working Hi again Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below. Please go to: VirusTotal In the middle of the page you'll find a "Browse" button. Click the "Browse" button and browse to this file in RED: c:\Program Files\song-10452.ram Click "Open". Then click the "Send File" button at the bottom of the VirusTotal page. This will scan the file. Please be patient. Once scanned, copy and paste the results in your next reply. Repeat the above for this file:- c:\windows\{00466B67-7C72-478A-A2DE-6D0A96A55F58}_WiseFW.ini Combofix Close any open browsers. Open notepad and copy/paste the text in the box below into it: Code: File:: c:\Program Files\Common Files\Ndm361a2rL.exe c:\windows\system32\xsl93180.dll c:\windows\system32\sl93180.dll I:\f0.cmd G:\cfdflx.com G:\RavMon.exe c:\windows\system32\ropfnqz.exe Folder:: Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe] "Debugger"=- [-KEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4468579e-28d8-11dd-a4e7-005056c00008}] [-KEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b2c3e5e-f5b7-11dc-a3e2-005056c00008}] [-KEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7456a580-7166-11db-9d4b-0040cadbf51d}] [-KEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8508c5dc-9d4e-11dd-a688-005056c00008}] [-KEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab9d60ed-5a8a-11dd-a593-005056c00008}] [-KEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d262192a-a225-11dc-a2db-005056c00008}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85CAE368-E5CD-305E-A63D-477B433653A8}] Looking at the image below as an example Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript onto ComboFix.exe. When finished, it will produce a log for you at "C:\ComboFix.txt" Do not mouseclick combofix's window whilst it's running. This may cause it to stall. CAUTION! Anyone else thinking of using the above script does so at their own risk - you may end up having to re-install Windows! Please post the log C:\ComboFix.txt for further review. Please also let me know how your system is running. __________________ Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums. PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner