I see it was hooked up when CF was run.
Once we clean these leftovers, we need to protect the drives again, so DO NOT surf the net until we are done here.
Hello.
Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.
Now open a new notepad file.
Input this into the notepad file:
Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.
Once we clean these leftovers, we need to protect the drives again, so DO NOT surf the net until we are done here.
Hello.
Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.
- AVG8
Now open a new notepad file.
Input this into the notepad file:
KILLALL::
Driver::
navigator
deebn
File::
C:\diopero.exe
c:\windows\Tasks\durwbwtc.job
c:\windows\fd.dll
c:\documents and settings\HP_Administrator\S87ekhV.exe
Folder::
C:\_OTMoveIt
c:\program files\AVG
c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR
c:\documents and settings\All Users\Application Data\avg8
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{173ffb8a-d0af-11dd-8965-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2663234-d0af-11dd-bf98-806d6172696f}]
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msqpdxserv.sys]
Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.