Hi griff
Thats fine now. You now have the Recovery Console installed as a precaution, it will help us recover the system should it become unbootable. It will now appear as a new option when the PC boots. Do not select the Recovery Console unless asked to do so.
----------------------------
Scan with HijackThis and check the following entries (If they still exist) (make sure not to miss any)
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\winmgd.win
F1 - win.ini: run=C:\WINDOWS\system32\mouse_configurator.win
Remember to close all other windows and click Fix Checked
--------------------------------------------
1. Close any open browsers.
2. Open
notepad and copy/paste the text in the quotebox below into it:
Code:
File::
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\tdgdehhw.ini
C:\WINDOWS\mrofinu1188.exe.tmp
C:\WINDOWS\system32\RCX18F.tmp
C:\WINDOWS\system32\RCX1AAB.tmp
C:\WINDOWS\system32\RCX1C6D.tmp
C:\WINDOWS\system32\RCX220F.tmp
C:\WINDOWS\system32\RCX3948.tmp
C:\WINDOWS\system32\RCX40F3.tmp
C:\WINDOWS\system32\winmgd.win
C:\WINDOWS\system32\mouse_configurator.win
Folder::
C:\WINDOWS\SG9tZQ
C:\temp\cEeer12
C:\WINDOWS\system32\ardCo18
C:\WINDOWS\system32\elmo1
C:\WINDOWS\system32\jab2
C:\WINDOWS\system32\vmi4
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2BBC3B13-C0E3-4517-9769-2D454B4E8371}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tsue"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Router"=-
RenV::
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3 .exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
Save this as
CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at
"C:\ComboFix.txt"
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
-------------------------
Required Logs
C:\ComboFix.txt
a new HijackThis log