[sUBs]

Open NOTEPAD and copy/paste the text in the quotebox below into it:

Folder::
c:\WINDOWS\[email protected]
File::
c:\windows\system32\A1A6BC2E.cfg
c:\windows\system32\VACFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\D9C002DD.cfg
c:\windows\system32\FFAE967F.cfg
c:\windows\system32\E1D19FCC.cfg
c:\windows\system32\d435fd4.sys
c:\windows\system32\B8E83D3C.cfg
c:\windows\system32\f35ee9e.sys
c:\windows\system32\de8296f.sys
c:\windows\system32\C8FFD223.cfg
c:\windows\system32\F2CBFAC4.cfg
c:\windows\system32\E5D39975.cfg
c:\windows\system32\F8E07BB2.cfg
c:\windows\system32\windg.exe
c:\windows\system32\d435fd4.sys 
c:\windows\system32\de8296f.sys
c:\windows\system32\f35ee9e.sys
driver::
d435fd4
de8296f
f35ee9e
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Client.exe]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\[email protected]\\iexplorer.exe"=-
"c:\\Documents and Settings\\demo\\My Documents\\uTorrent.exe"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5353:TCP"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c21fc2e-582f-11dc-bfa0-0013ce46134d}]

Save this as "CFScript"

Referring to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

--------


In your next post, tell us what type of antivirus program you currently have installed on the machine

 

[sUBs]

Do this fast if you wish to avoid a regeneration.


Open NOTEPAD and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\201476D0.cfg
c:\windows\system32\A55F538E.cfg
c:\windows\MSVB50CHS.dll
c:\windows\MPKrnl.dll
c:\windows\MKMKrnl.dll
c:\windows\system32\oleadp.dll
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MPKrnl"="-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"MPMKrnl"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8E07BB2-7A19-4057-80F1-E14646E630B4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D9C002DD-EA51-43A2-9009-54EAAAF031A4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A1A6BC2E-C6A1-43C1-8884-A31D772F42B8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201476D0-2B18-462E-AB9F-3E2B0CC8732B}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A55F538E-9E65-4706-9458-852BF6592063}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFAE967F-D0FC-4D2B-A0F5-D1BF27F46418}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{93DEE065-EC9B-4505-ADD3-19880AD3C38F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29EA67E0-9EE5-4D1A-A056-5B7BDAC4CF97}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01AFE3DC-2242-436E-9B44-6DD1C664E828}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\HelpSvc.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UIHost.kxp]

Save this as "CFScript"

Referring to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Additonally, ComboFix will generate a zipped file at C:\Qoobox\Quarantine\[4][email protected]_Time.zip
Before proceeding to the next step, please submit this file to http://www.bleepingcomputer.com/submit-malware.php?channel=4


---------------


Using Internet Explorer, visit http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
      [*]Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  
  
  
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan


---------------


In your next post, please include fresh logs from:

1. Online scan
   [*] ComboFix's log

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

 

[sUBs]

i do not use any antivirus programs, as i plan to switch to linux soon.

I'll be honest. The above statement is the reason why nobody has replied you. We put in a lot of effort to clean a machine. Statements like "I don't need an antivirus program" OR "I'm switching to another OS soon" doesn't help. Why break our backs over it?

I apologise is this doesn't go down well with you. Perhaps it's a good time to switch to Linux now