magna86
18
One more script:
Open notepad and copy/paste the text present inside the code box below:
Registry::
[-HKLM\~\startupfolder\C:^Documents and Settings^Windows XP Pro^Start Menu^Programs^Startup^usbAl.vbs]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\usbAl]
File::
c:\documents and settings\Windows XP Pro\Start Menu\Programs\Startup\usbAl.vbs
c:\windows\pss\usbAl.vbsStartup
C:\Program Files\mozilla firefox\browser\searchplugins\911bg.xml
C:\Program Files\mozilla firefox\browser\searchplugins\diribg.xml
C:\Program Files\mozilla firefox\browser\searchplugins\pe-bg.xml
C:\Program Files\mozilla firefox\browser\searchplugins\portalbgdict.xml
C:\Windows\system32\drivers\scsiport.sys
KillAll::
Driver::
ScsiPort
FileLook::
c:\windows\system32\wscript.exe
c:\windows\system32\eappprxy.dll
Firefox::
FF - ProfilePath - c:\documents and settings\Windows XP Pro\Application Data\Mozilla\Firefox\Profiles\2186w7x4.default\
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - bcb35a4f000000000000001e8c0cdcc4
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15816
FF - user.js: extensions.delta.vrsn - 1.8.16.16
FF - user.js: extensions.delta.vrsni - 1.8.16.16
FF - user.js: extensions.delta.vrsnTs - 1.8.16.1618:49
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
Save this as CFScript.txt
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )
----- next -----
Can you please re-upload to me Quarantine folders created by FRST and Combofix?
C:\FRST[b]Quarantine[/b]
C:\Qoobox[b]Quarantine[/b]
Attach it with password.
http://www.wikisend.com
Please post me here download link.