Next time copy and paste your logs into a reply. I think that's why you got ignored so long.
You've got a rootkit.
Copy the text between the lines of stars by highlighting and Ctrl + c.
******************************************
Killall:
RootKit::
c:\windows\system32\drivers\ovfsthxfbkatrww.sys
c:\windows\system32\ovfsthxcimcrenf.dat
c:\windows\system32\ovfsthxeaujlcqp.dll
c:\windows\system32\ovfsthxjbvscnvt.dll
c:\windows\system32\ovfsthxkdjdwfke.dll
c:\windows\system32\ovfsthxlomhfeff.dat
c:\windows\system32\ovfsthxmpfulnor.dll
c:\windows\system32\ovfsthxpegoievi.dll
c:\windows\system32\ovfsthxqrkdpdco.dll
c:\windows\system32\ovfsthxuxyyueqx.dat
c:\windows\system32\ovfsthxyyifgsgq.dat
File::
c:\windows\system32\drivers\ovfsthxfbkatrww.sys
c:\windows\system32\ovfsthxcimcrenf.dat
c:\windows\system32\ovfsthxeaujlcqp.dll
c:\windows\system32\ovfsthxjbvscnvt.dll
c:\windows\system32\ovfsthxkdjdwfke.dll
c:\windows\system32\ovfsthxlomhfeff.dat
c:\windows\system32\ovfsthxmpfulnor.dll
c:\windows\system32\ovfsthxpegoievi.dll
c:\windows\system32\ovfsthxqrkdpdco.dll
c:\windows\system32\ovfsthxuxyyueqx.dat
c:\windows\system32\ovfsthxyyifgsgq.dat
C:\Ntf21.tmp
C:\Ntf22.tmp
C:\Ntf20.tmp
C:\Ntf1F.tmp
C:\Ntf1D.tmp
C:\Ntf1E.tmp
C:\Ntf1B.tmp
C:\Ntf1C.tmp
C:\Ntf19.tmp
C:\Ntf1A.tmp
C:\Ntf17.tmp
C:\Ntf18.tmp
C:\Ntf15.tmp
C:\Ntf16.tmp
C:\Ntf13.tmp
C:\Ntf14.tmp
C:\Ntf11.tmp
C:\Ntf12.tmp
C:\NtfF.tmp
C:\Ntf10.tmp
C:\NtfD.tmp
C:\NtfE.tmp
C:\NtfB.tmp
C:\NtfC.tmp
C:\NtfA.tmp
C:\Ntf9.tmp
C:\Ntf8.tmp
C:\Ntf7.tmp
C:\Ntf4.tmp
C:\Ntf3.tmp
C:\Ntf2.tmp
C:\Ntf1.tmp
C:\Ntf6.tmp
C:\Ntf5.tmp
******************************************
Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.
Drag it over to combofix and let it start as before.
Post the new log.
Ron
Sign In
Create Account
