Hello and welcome to Techspot.
If you followed the instructions, then why haven`t you told us the results of the Antirootkit scan?
Go to add remove programmes in your control panel and uninstall anything to do with(
if there).
WinAble
Close control panel.
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..
Pay particular attention to this :-
Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:
File::
C:\WINDOWS\system32\thftadsk.dll
C:\WINDOWS\system32\decueybd.dll
C:\WINDOWS\system32\jklhkluw.dll
C:\WINDOWS\system32\wwbfmfuh.dll
C:\WINDOWS\system32\yxsluuue.dll
C:\WINDOWS\system32\bxsiphxi.dll
C:\WINDOWS\system32\hggebay.dll
C:\WINDOWS\mrofinu922.exe
C:\WINDOWS\system32\iifeday.dll
C:\temp\aver_2.DAT
C:\temp\SaoGiao.DAT
C:\temp\Sectores_temp.DAT
C:\temp\DT_export_BM1_08.DAT
C:\temp\DT_export.DAT
C:\Documents and Settings\Al\Line_To_SC_Movil.DAT
C:\temp\DT_export_before.DAT
C:\temp\Line_To_SC_Movil.DAT
C:\temp\BM1_HSDPA_Stats_Redrive_Mapinfo.DAT
C:\temp\FM.DAT
C:\WINDOWS\system32\mllmn.dll
Folder::
C:\VundoFix Backups
C:\qoobox
C:\temp\temp
C:\Program Files\WinAble
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bf44893-bda6-4bff-ab8e-14bea6bbadad}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dcf05624"=-
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"ShowDeskFix"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vwiqcynp]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mllmn.dll
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAble]
Save this as
CFScript.txt
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.
Also, let us know the results of the Panda Antirootkit scan.
Regards Howard :wave: :wave:
This thread is for the use of percebe only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.