Now for the big cleanup.
Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the text in the quotebox below into it:
Quote:
KillAll::
File::
C:\WINDOWS\system32\cjbougsy.ini
C:\WINDOWS\systeldd32.dll
C:\WINDOWS\system32\rrutv.bak2
C:\WINDOWS\Registration\nurs.bak1
C:\WINDOWS\Registration\nurs.bak2
C:\WINDOWS\System32\ftsrch.exe
C:\WINDOWS\System32\ir41_qcx.exe
C:\WINDOWS\System32\inetcomm.exe
Folder::
C:\Program Files\Viewpoint
C:\Program Files\Qtbwnj
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5AA6D3DC-5327-4122-A52E-D06114743764}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D6AA9327-8DAD-4559-7AB3-20BAEA823D74}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F44D8E66-7BB6-49BD-A924-5E0368C00FD1}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ulib"=-
"197_150_ni_1"=-
"dbnetlib"=-
"wiavusd"=-
"rsvpsp"=-
"adsmsext"=-
"schannel"=-
"sisbkup"=-
"mll_hp"=-
"tdi-sonyomg"=-
"mchgrcoi"=-
"powrprof"=-
"usp10"=-
"pngfilt"=-
"winhttp"=-
"ipmontr"=-
"iuctl"=-
"schedsvc"=-
"msisip"=-
"eglivecam_1028"=-
"qedit"=-
"mspatcha"=-
"javacypt"=-
"msr2cenu"=-
"igmpagnt"=-
"comctl32"=-
"ftsrch"=-
"browsewm"=-
"digest"=-
"dpwsockx"=-
"neth"=-
"dmintf"=-
"kbdlt1"=-
"ir41_qcx"=-
"modemui"=-
"umpnpmgr"=-
"netapi"=-
"sccbase"=-
"tapisrv"=-
"kbdla"=-
"rasppp"=-
"rdocurs"=-
"inetcomm"=-
"ntdsapi"=-
"dbmsvinn"=-
"icmui"=-
"wiaservc"=-
"cnmlm38"=-
"wupdinfo"=-
"ezstub3"=-
"rtipxmib"=-
"kbdazel"=-
"rdpcfgex"=-
"ntlsapi"=-
"kbdnec"=-
"dmdlgs"=-
"mswsock"=-
"dispex"=-
"wifeman"=-
"wiashext"=-
"ds32gt"=-
"wtsapi32"=-
"ialmgicd"=-
"bszip"=-
"nmsapi"=-
"rtm"=-
"sfmapi"=-
"wmpcd"=-
"bidispl"=-
"riched32"=-
"unimdmat"=-
"msencode"=-
"csh"=-
"racpldlg"=-
"jgaw400"=-
"txflog"=-
"cabinet"=-
"kbdbu"=-
"shlwapi"=-
"wlnotify"=-
"ntmssvc"=-
"mswebdvd"=-
"kbdal"=-
"ialmgdev"=-
"uniplat"=-
"mindex"=-
"pdh"=-
"mfc42u"=-
"certmgr"=-
"faultrep"=-
"odbc16gt"=-
"eventlog"=-
"wshext"=-
"qedwipes"=-
"feclient"=-
"wmpui"=-
"comuid"=-
"qmgr"=-
"dsound"=-
"smlogcfg"=-
"srvsvc"=-
"deskadp"=-
"autodisc"=-
"rtutils"=-
"fsusd"=-
"wowfax"=-
"dbmsrpcn"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"rasfont"=-
"uvuditwh"=-
"fol"=-
"Etwawx"=-
"{77-7C-C8-8D-ZN}"=-
"ctfmona"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{b585105c-0e84-4ef0-9c6a-fbe134a72945}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qkihlbti]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tnjfcfka]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsqr32]
|
Save this as
CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.
Refering to the picture above, drag
CFScript.txt into ComboFix.exe
When finished, it shall produce a log for you at
C:\ComboFix.txt
Please
copy and paste the
ComboFix.txt
*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*
==============================
Important.We will need to update your Microsoft security.
Download Service Pack2 and install it.
http://www.microsoft.com/windowsxp/sp2/default.mspx
Post a fresh HJT log when done.