Good. Now we'll continue
Open notepad and copy/paste the text in the quotebox below into it:
Code:
File::
c:\windows\system32\dsmsykom.ini
c:\windows\system32\kbjwqmph.ini
c:\windows\system32\qeiwxodd.ini
c:\windows\system32\cfuglynx.ini
c:\windows\system32\cwkmnpdp.ini
c:\windows\system32\xbgqggmo.ini
c:\windows\system32\ffvsjxsv.ini
c:\windows\system32\eimjhiln.ini
c:\windows\system32\xtvutmdd.ini
c:\windows\system32\ocyikufb.ini
c:\windows\system32\lgtqoowj.ini
c:\windows\system32\ydelhfoj.ini
c:\windows\system32\xpvqeyho.ini
c:\windows\system32\fpevohds.ini
c:\windows\system32\iilbnpqs.ini
c:\windows\system32\ybamatnx.ini
c:\windows\system32\btarqitq.ini
c:\windows\system32\cxrxptlp.ini
c:\windows\system32\ictvuvls.ini
c:\windows\system32\domjjmsj.ini
c:\windows\system32\rwcouuqu.ini
c:\windows\system32\pjmwfllu.ini
c:\windows\system32\ktryrpdg.ini
c:\windows\system32\thkbuner.ini
c:\windows\system32\icovoalg.ini
c:\windows\system32\voicjuho.ini
c:\windows\system32\thtpunrq.ini
c:\windows\system32\grgybgos.ini
c:\windows\system32\umoelrmg.ini
c:\windows\system32\ghesvcas.ini
c:\windows\system32\wkvfgywv.ini
c:\windows\system32\vnwhceip.ini
c:\windows\system32\onlqqctg.ini
c:\windows\system32\hlhpwmqw.ini
c:\windows\system32\wwyxpmoj.ini
c:\windows\system32\afvgjskx.ini
c:\windows\system32\nnnkjiGX.dll
c:\windows\system32\lbfqrxss.dll
c:\windows\system32\jkkJcBRk.dll
c:\windows\system32\akikdpqi.dll
c:\windows\system32\urqPiFWP.dll
c:\windows\system32\vtUmNDtq.dll
C:\WINDOWS\system32\vykftmlm.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{46E5E9B7-8252-4CCB-B388-8327B0C540BD}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{748D6EA8-CD59-4682-91E7-AF92F4F2D40E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"343d1c3d"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{748D6EA8-CD59-4682-91E7-AF92F4F2D40E}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUmNDtq]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages=hex(7):6d,73,76,31,5f,30,00,00
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please download Malwarebytes' Anti-Malware to your desktop.
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform full scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
- Please post contents of that file, a fresh hjt log and above mentioned ComboFix resultant log.