Now open a new notepad file.
Input this into the notepad file:
Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.
Input this into the notepad file:
KILLALL::
Driver::
dphkbhyxrlue
File::
c:\documents and settings\Shimri Yancey\Application Data\Mozilla\Firefox\Profiles\24ykkije.default\user.js
c:\windows\system32\drivers\lmielwq.sys
C:\4321f456.bat
c:\program files\something1.exe
c:\program files\something.exe
c:\program files\rmdndup.exe
Folder::
c:\windows\system32\796525
c:\Program Files\LimeWire
Firefox::
FF - ProfilePath - c:\documents and settings\Shimri Yancey\Application Data\Mozilla\Firefox\Profiles\24ykkije.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www1.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: keyword.URL - hxxp://www1.yoog.com/search.php?q=
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-
Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.