A third party firewall will.A discussion on free firewalls can be found here.http://forum.avast.com/index.php?topic=30808.0orhttp://forum.avast.com/index.php?topic=33530.0Take care and keep safe. After running the script may i post the combofix report ?thanks a million Lucian Bara 14.07.2008 11:47 yes, you can post a cmobofix logfor this pc:CODEbeginSetAVZGuardStatus(True);SearchRootkit(true, true); DelBHO('{A6F5090F-D9EC-4263-9D7D-2968C5179291}'); DelBHO('{54F2B877-2F95-4FA2-B030-9A39C9891BE8}'); QuarantineFile('xxyywtsq.dll',''); QuarantineFile('C:\WINDOWS\system32\xxyywtsq.dll',''); Thank you very very much Lucian Bara 14.07.2008 12:34 Pc1 (first combofix log):CODEbeginSetAVZGuardStatus(True);SearchRootkit(true, true);QuarantineFile('C:\WINDOWS\system32\drivers\95632036.sys','');QuarantineFile('C:\WINDOWS\BM4bd99c3c.xml','');QuarantineFile('C:\WINDOWS\HPHins15.dat.temp','');QuarantineFile('C:\WINDOWS\hphmdl15.dat.temp','');DeleteFile('C:\WINDOWS\system32\drivers\95632036.sys');DeleteFile('C:\WINDOWS\BM4bd99c3c.xml');DeleteFile('C:\WINDOWS\HPHins15.dat.temp');DeleteFile('C:\WINDOWS\hphmdl15.dat.temp');BC_ImportDeletedList;ExecuteSysClean;BC_Activate;RebootWindows(true);end.Pc2(2nd log):CODEbeginSetAVZGuardStatus(True);SearchRootkit(true, true);QuarantineFile('C:\WINDOWS\system32\drivers\76487755.sys','');QuarantineFile('C:\WINDOWS\BM731e58d8.xml','');DeleteFile('C:\WINDOWS\BM731e58d8.xml');DeleteFile('C:\WINDOWS\system32\drivers\76487755.sys');BC_ImportDeletedList;ExecuteSysClean;BC_Activate;RebootWindows(true);end. Don Quichotte 14.07.2008 12:51 QUOTE(Don Quichotte @ 14.07.2008 12:06) Hi there, after running the 2nd script for my other computer i am attaching the combofix report of my 2nd computer, i his comment is here

Just a short note, When i run the ComboFix.exe, I wasn't able to do so. This procedure can take some time, so please be patient. XP is still supported until 2014. Please do the following: §Close any open browsers. §Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. §OpenNotepadand copy/paste the text

I did antivirus scan with avast and avast found some malware. how do i get into the registery to delete that file... (HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2) Don Quichotte 14.07.2008 13:02 QUOTE(Lucian Bara @ 14.07.2008 12:53) also, on both machines delete this registry key (will be You can now delete the ComboFix.exe program from your computer.

Stages of the ComboFix AutoScan At the time of this writing there are a total of 50 stages as shown in the image below, so please be patient. They may otherwise interfere with our tools.

It got hosed big time. Uninstall Combofix Click on the Control Panel option. You will now see a menu similar to the image below. It will then display the log file automatically for you as shown below.

Please copy/paste the information in your next reply. ------------------------------------------------------------------------------------ IN YOUR NEXT REPLY I NEED: 1.) Your Combofix log 2.) How is your system running now? When it is done, a blue screen will appear as shown below.

posted! We strongly suggest that you still post your log into the topic that you are receiving help as you most likely will have infections left over that your helper will need scanning hidden files ... If your Control Panel is set to Category View, then double-click on Network and Internet Connections and then click on Network Connections at the bottom.

When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.

Please include a link to your topic in the Private Message. Staff Online Now davehc Trusted Advisor You will now see the ComboFix disclaimer screen as shown below.

ComboFix Disclaimer Please read through the disclaimer and if you do not agree to it, then please click on the Cancel button to exit the program.

It looks super suspicious I think. The file has been deleted 2. Manually restoring the Internet connection If, by some chance, you no longer have access to your Internet connection after running ComboFix then the first thing to try is to reboot your

Your helper will now analyze this log and let you know what they would like you to do next. Delete it as instructed, it will be recreated.Thank you Very much. It should also be noted that when you run ComboFix it will automatically delete files from the following locations: Windows Recycle Bin Temporary Internet Files Temp Folder If you store files This new recovery tool is sometimes preinstalled on your computer via your computer manufacturer and is accessed from the Windows boot menu.

Back to top #3 nasdaq nasdaq Malware Response Team 35,202 posts OFFLINE Gender:Male Location:Montreal, QC. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.4. Does anyone around here have any clue what this script is doing? -This was a file without an extension, found in C:\Users\ Please let me know even if you know a I hope it is alright for you to view the log.

ash82: I have uninstalled Zone Alarm. At this point you should close all open Windows and double-click on the ComboFix icon found on your desktop. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C--- Code: ---KillAll::Registry::[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04079646-aa8b-11db-bc88-0016e6d61212}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a427cde-fab2-11dd-a473-8000600fe800}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9a2d404-a11d-11dd-a395-0016e6d61634}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce29bc4a-2fe3-11dd-a2a1-0016e6d61634}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e82bca55-d236-11db-a0dd-0016e6d61634}]--- End code ---3. Furthermore, the ComboFix program cannot be hosted at any other site without direct permission from the developer.

Once reported, our moderators will be notified and the post will be reviewed. Once it has finished installing, you will be presented with the screen shown below. Please start a New Thread if you're having a similar issue.View our Welcome Guide to learn how to use this site.

If you do so, it may lead to problems with the normal functionality of your computer. ComboFix is now preparing to run. ComboFix will now automatically install the Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer.

