And still more to come out...Cant understand where they are all coming from.We may have to do more Vundo fixing if this does not fix them this time..
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the text in the quotebox below into it:
Quote:
File::
C:\WINDOWS\system32\fgjlm.bak2
C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\efcyvuu.dll
C:\WINDOWS\system32\kwinpmdt.exe
C:\WINDOWS\system32\cmivcwsv.exe
C:\WINDOWS\system32\cojydbmm.dll
C:\WINDOWS\system32\xtkfqqqe.exe
C:\WINDOWS\system32\ljdsrngr.exe
C:\WINDOWS\rassb0578.exe
C:\WINDOWS\vjcwogxA.exe
C:\WINDOWS\vjcwogx.exe
C:\WINDOWS\system32\dwdsrngt.exe
C:\WINDOWS\system32\mwinkmdt.exe
C:\Program Files\Common Files\zyliv
C:\Program Files\Common Files\zyliv944
C:\WINDOWS\b103.exe
C:\WINDOWS\b138.exe
Folder::
C:\VundoFix Backups
C:\WINDOWS\ukqw
C:\Program Files\Common Files\ukqw
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\configs
C:\Temp\fse
C:\Temp\1cb
DirLook::
C:\Temp
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C8B5E32-E4A7-44DD-BC81-82C7BCF3E50D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{770D2125-C293-4531-AA78-53BFEEEB49BF}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ukqw"=-
[-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E9BD0828-1FD9-410C-A50F-43EBE65D310F}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcyvuu]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljgf]
|
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at *C:\ComboFix.txt*
*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*