View Single Post

**ceewi1** · 06-20-2008, 01:52 PM

Open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

Code:

File::
C:\WINDOWS\system32\nbuxtonv.dll
C:\WINDOWS\system32\mtejfprj.dll
C:\WINDOWS\system32\ayhxxrbt.dll
C:\WINDOWS\system32\tplngtmn.dll
C:\WINDOWS\system32\qwhffqyr.dll
C:\WINDOWS\system32\wgtpaita.exe
C:\WINDOWS\system32\wqmjebst.dll
C:\WINDOWS\system32\dojttunq.dll
C:\WINDOWS\system32\tjrwkjvw.exe
C:\WINDOWS\system32\smswifys.dll
C:\WINDOWS\system32\qhtpgyck.dll
C:\WINDOWS\system32\yxgabave.dll
C:\WINDOWS\system32\fxjgdkok.dll
C:\WINDOWS\system32\vmmyibyr.exe
C:\WINDOWS\system32\lddwskjf.dll
C:\WINDOWS\system32\qqerciqr.dll
C:\WINDOWS\system32\hgGASMdB.dll
C:\WINDOWS\system32\ihpinktu.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{853B95C0-607B-4596-97B0-74C4E2C657EF}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD4A65C7-61D7-445F-BCF1-5065F765EAF9}]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{DD4A65C7-61D7-445F-BCF1-5065F765EAF9}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGASMdB]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMd76bfe83]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\d458cd1f]

Save this as CFScript.txt and change the Save as type to All Files and place it on your desktop.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply, along with a new HijackThis log. How is your system running now?

CAUTION:
Do NOT mouse-click ComboFix's window while it is running. That may cause it to stall.
Also, please do NOT adjust your time format while ComboFix is running.

06-20-2008, 01:52 PM	#9 (permalink)
ceewi1 Moderator Join Date: Dec 2005 Location: Melbourne, Australia Age: 21 Posts: 5,305	Open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below: Code: File:: C:\WINDOWS\system32\nbuxtonv.dll C:\WINDOWS\system32\mtejfprj.dll C:\WINDOWS\system32\ayhxxrbt.dll C:\WINDOWS\system32\tplngtmn.dll C:\WINDOWS\system32\qwhffqyr.dll C:\WINDOWS\system32\wgtpaita.exe C:\WINDOWS\system32\wqmjebst.dll C:\WINDOWS\system32\dojttunq.dll C:\WINDOWS\system32\tjrwkjvw.exe C:\WINDOWS\system32\smswifys.dll C:\WINDOWS\system32\qhtpgyck.dll C:\WINDOWS\system32\yxgabave.dll C:\WINDOWS\system32\fxjgdkok.dll C:\WINDOWS\system32\vmmyibyr.exe C:\WINDOWS\system32\lddwskjf.dll C:\WINDOWS\system32\qqerciqr.dll C:\WINDOWS\system32\hgGASMdB.dll C:\WINDOWS\system32\ihpinktu.dll Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{853B95C0-607B-4596-97B0-74C4E2C657EF}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD4A65C7-61D7-445F-BCF1-5065F765EAF9}] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{DD4A65C7-61D7-445F-BCF1-5065F765EAF9}"=- [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGASMdB] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00 [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMd76bfe83] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\d458cd1f] Save this as CFScript.txt and change the Save as type to All Files and place it on your desktop. Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal. When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply, along with a new HijackThis log. How is your system running now? CAUTION: Do NOT mouse-click ComboFix's window while it is running. That may cause it to stall. Also, please do NOT adjust your time format while ComboFix is running. __________________ CPU: Core 2 Duo E6600 / MOBO: Gigabyte 965P-DS3 / GPU: Gigabyte HD4870 RAM: 2GB G.Skill F2-6400CL4D-2GBPK / HDD: 2TB Total HDD / PSU: Antec NeoPower 480W Cheap PSUs - 2% of system costs, responsible for 28% of system deaths As Sealed Stick was removed, lost or damaged, it shall be out of warranty validity. - The "Warranty void if removed" sticker on numerous CoolerMaster PSUs. Useful PSU Guides