One of the reasons why we tell users not to run Combofix unless their helper instructs them to is that they do not follow the guidance set up. The following is script that will run in Combofix. It does not mean that you don't need to run the other programs.
Please be sure to follow the following instructions to disable your security before running:
b]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.[/b]
Custom CFScript
[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad and copy/paste the text in the code below into it:
Code:
File::
c:\windows\Internet Logs\xDB2A.tmp
c:\windows\Internet Logs\xDB2B.tmp
c:\windows\Internet Logs\xDB29.tmp
c:\windows\Internet Logs\xDB28.tmp
c:\windows\Internet Logs\xDB27.tmp
c:\program files\Viewpoint\Common\ViewpointService.exe
Extra::
File::
c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
Firefox::
Firefox-: Profile - c:\documents and settings\JD Sadighi\Application Data\Mozilla\Firefox\Profiles\k7ctfi3h.default\
RegLock:
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_USERS\S-1-5-21-507921405-1682526488-839522115-1004\Software\G*e*n*i*e*"!\FM Genie Scout 10]
[HKEY_USERS\S-1-5-21-507921405-1682526488-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\EBB2C2E551D91D14350DC3E3F0408953]
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB]
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB\0ECC3A43B9416605BEB3AE7E61B07718]
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB\B405A2EBBFCE91A4C13BDEA4B89DC260]
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB\D3D1B0FFCBEAEE83F78310A5B5826958]
Folder::
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=-
Driver::
Viewpoint Service
FCopy::
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it will produce a log for you at C:\ComboFix.txt . Please attach to your next reply.
========================================
I note that you are using 3 file sharing programs: LimeWire, Gnutella and BitComet and that a 4th, BitTorrent[/b] has just been uninstalled.[/B] And I notice that ou have globally open ports for BitComent. That means that any account on the system can use BitComet at lower security settings.You can expect to get frequent, multiple malware infection from these programs. I recommend that you uninstall all 3 of them for these reasons:
- Even if you are using a "safe" P2P program, it is only the program that is safe.
- As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
- Malware writers use these program to include malicious content.
- Fie sharing is usually unmonitored and there is a danger that your private files might be accessed.
- The 'sharing' also includes malware that the shared system has on it.
- Files that are illegal can be spread through file sharing.
Please read the information on
P2P Warning to help you better understand these dangers.
If you decide not to uninstall them, please do
not use any of them while I am helping you.
Include all logs in your next reply.