Hi
Upload following file to http://virusscan.jotti.org or http://www.virustotal.com and post back the results:
C:\WINDOWS\BM9306bfba.xml
Start hjt, click do a system scan only, check:
O24 - Desktop Component 0: (no name) - C:\Program Files\microsoft frontpage\profsydyb.html
Close browsers and other windows. Click fix checked.
Open notepad and copy/paste the text in the quotebox below into it:
Code:
File::
C:\WINDOWS\system32\bffqjctj.ini
C:\WINDOWS\system32\bhqvqhsv.ini
C:\WINDOWS\system32\lblylhwa.ini
C:\WINDOWS\system32\pwhhyajh.ini
C:\WINDOWS\system32\pwtfrynd.ini
C:\WINDOWS\system32\wswiybhw.ini
C:\WINDOWS\system32\glnlrcvu.ini
C:\WINDOWS\system32\hcfvxavg.ini
C:\WINDOWS\system32\htopqmqs.ini
C:\WINDOWS\system32\siisktvu.ini
C:\WINDOWS\system32\vmeyokfr.ini
C:\WINDOWS\system32\hvjbormc.ini
C:\WINDOWS\system32\ldvmpqii.ini
C:\WINDOWS\system32\clreuols.ini
C:\WINDOWS\system32\agrscidh.ini
C:\WINDOWS\system32\aapuaklr.ini
C:\WINDOWS\system32\fpgnbttm.ini
C:\WINDOWS\system32\ybjkplaj.ini
C:\WINDOWS\system32\pgpcekok.ini
C:\WINDOWS\system32\tamevpiu.ini
C:\WINDOWS\mrofinu572.exe.tmp
C:\PROGRAM FILES\MSN\HOKEV83122.DLL
C:\Program Files\microsoft frontpage\lavupah465.dll
C:\Program Files\microsoft frontpage\profsydyb.html
C:\WINDOWS\system32\mghufopw.dll
C:\WINDOWS\system32\trflilhq.dll
C:\Documents and Settings\Compaq_Owner\My Documents\Symantec\msiexec.exe
C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Windows\rayiou.exe
C:\WINDOWS\CROSOF~1\mshta.exe
Folder::
C:\VundoFix Backups
C:\WINDOWS\UmljaGFyZCBBcmNodWxldGE
C:\Program Files\p2pnetworks
C:\Program Files\Web Buying
C:\Documents and Settings\Compaq_Owner\Application Data\WinTouch
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1118974E-D28A-4CED-B32F-EAC47B55E0E2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C9C2502-715E-4AC8-84F9-C91D0F3D36AC}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CB8D929F-CD1C-4A85-AFFD-51BDE98217B2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0CB963A-5E29-4F49-C583-28EF4395BE61}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\90358c26]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM9306bfba]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cgvoy]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaPipe P2P Loader]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrPack10]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Router]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6w]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Srro]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebBuying]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTouch]
Save this as
CFScript
http://img.photobucket.com/albums/v6...s/CFScript.gif
Refering to the picture above, drag CFScript into ComboFix.exe
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, click Yes.- The program will launch and start to download the latest definition files.
- Once the scanner is installed and the definitions downloaded, click Next.
- Now click on Scan Settings and select the following:
Scan using the following Anti-Virus database:
- Extended (If available, otherwise Standard)
Scan Options:
- Scan Archives
- Scan Mail Bases
- Click OK.
- Under
select a target to scan
, select My Computer. - The scan will take a while so be patient and let it run. As it scans your machine very deeply it could take hours to complete, Kaspersky suggests running it during a time of low activity.
Once the scan is complete:- Click on the Save as Text button.
- Save the file to your desktop.
- Copy and paste that information into your next post if the AV content will fit into one post only. Post also ComboFix log & a fresh hjt log.
- If the results of the anti virus scan itself will take more than one post to contain, you may upload it to http://rapidshare.com
Note for Internet Explorer 7 users: If at any time you have trouble with the Accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.
If having a problme doing the above
Make sure that your Internet security settings are set to default values.
To set default security settings for Internet Explorer:
* Open Internet Explorer.
* Go to the Tools menu, then choose Internet Options.
* Click on the Security tab.
* Make sure that all four item (Internet, Local intranet, Trusted sites, and Restricted sites) are set to their default settings.