Hi spetrarca,
Why yes there is.
That got some of it. let's go for the rest.
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
- Right click on ComboFix.exe, click Run as Administrator & follow the prompts.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3 CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Please post back with the combofix log.
Tow's the computer?
Member of UNITE and ASAP
So far so good, however during combofix I recieved the attached notification - I have disabled Norton 360 Autoprotect as instructed here - am I clear to proceed, or is there another step I need to take to "fully" disable N360?
Hi spetrarca,
I think you should be all right.
Member of UNITE and ASAP
Great
Logfile attached.
As an aside, when I tried to open Windows Explorer after running CF and letting it run through its thing and reboot, I got the error message "C:\windows\explorer.exe Illegal operation attempted on a registry key that has been marked for deletion" - possibly related to the issue at hand?
Again - thanks!
Hi spetrarca,
No that message sometimes occurs after running combofix on a Vista or Win7 machine. Reboot the computer and it will go away.
Please follow all previous instructions regarding security programs.
Open a new Notepad session
- Click the Start button, click run
- in the run box type notepad
- click ok
- In the notepad, Click "Format" and be certain that Word Wrap is not checked.
- Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE
In the notepadCode:File:: c:\windows\svchost.exe
- Click File, Save as..., and set the Save in to your Desktop
- In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
- Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.
This will start ComboFix again.Close all browser/windows first.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
Please post the combofix log.
How is the computer?
Last edited by oldman960; 2012-04-25 at 18:04.
Member of UNITE and ASAP
It's definitely booting a bit quicker, but I won't really be able to put it through its paces until I get home and connect it to my home network. For obvious reasons, I'm not sure connecting a possibly still infected laptop to the network at the office is a "good idea"
Here's the new log file
Hi spetrarca,
Something is holding that file. Please rerun TDSSKiller with the same settings as before so we can make sure it did it's job. Please post the log.
Thanks
Member of UNITE and ASAP