Open Notepad and copy/paste the text in the box into the window:
File::
C:\WINNT\system32\user32.dll.vir
Folder::
C:\Program Files\PLUS!
C:\WINNT\Ympkb25pcw
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"431010bd"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayywvu]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09985909-06B9-4005-A4CF-1C9C6E1690AA}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CFCC577-EA60-4A9C-8980-BB486556BA61}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{49D35D4F-4738-41FE-A616-77D4947520AA}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8652D896-3C1F-4182-9400-B172A853AE58}]
Save it to your desktop as CFScript.txt
Refering to the picture above, drag CFScript.txt into ComboFix.exe
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
---------------------------------------------------------------------------------------
Please download a free version of CCleaner from here.
To install:
- Select a language.
- Click Next.
- Click I Agree.
- Select your Destination Folder and click Next. The default is set to C:\Program Files\CCleaner. This is OK to use, unless you would prefer it installed to another permanent folder.
- Choose your Install Options.
- Click Install.
- Click Finish when prompted.
To run:
- Before first use, check under Options, Advanced, and UNCHECK "Only delete files in Windows Temp folder older than 48 hours".
- A pop up box will appear advising this process will permanently delete files from your system.
- Then select the items you wish to clean up. (See note below)
- Clean all entries in the "Internet Explorer". If you prefer to keep your cookies, uncheck the Cookies entry. Deleting cookies will require re-entry of user names and passwords on next visit to sites that require users log in.
- Clean all the entries in the "Windows Explorer" section.
- Clean all entries in the "System" section.
- Clean all entries in the "Advanced" section.
- Clean any others that you choose.
- Clean all (optionally, except cookies) in the Firefox/Mozilla section if you use it.
- Clean all in the Opera section if you use it.
- Clean Sun Java in the Internet Section.
- Clean any others that you choose.
- Then click the "Run Cleaner" button and it will scan and clean your system.
- Click exit.
Note: Please print out these instructions or save them to a new text file on your desktop. The next steps in this fix require booting to Safe Mode, where you will not be able to access this forum.
Reboot into Safe Mode . To do this, please follow these steps:
- Click start.
- Select Turn off computer.
- Select Restart and click OK.
- During restart, hold down the F8 key on your keyboard until the Windows Startup menu appears.
- If your PC starts beeping then release the key for a few seconds before holding it down again.
- Select Safe Mode from the Startup menu, and press the Enter button on your keyboard.
- Windows should start in Safe Mode. If Windows doesn't restart in Safe Mode, then please repeat these steps.
Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
- Install AVG Anti-Spyware by double clicking the installer.
- Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
- On the main screen under Your Computer's security.
- Click on Change state next to Resident shield. It should now change to inactive.
- Click on Change state next to Automatic updates. It should now change to inactive.
- Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
- Wait until you see the Update succesfull message.
- Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
- Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
- Click on Scanner on the toolbar.
- Click on the Settings tab.
- Under How to act?
- Click on Recommended Action and choose Quarantine from the popup menu.
- Under How to scan?
- All checkboxes should be ticked.
- Under Possibly unwanted software:
- All checkboxes should be ticked.
- Under Reports:
- Select Automatically generate report after every scan and uncheck Only if threats were found.
- Under What to scan?
- Select Scan every file.
- Under How to act?
- Click on the Scan tab.
- Click on Complete System Scan to start the scan process.
- Let the program scan the machine.
- When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.- Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
- At the bottom of the window click on the Apply all Actions button. (3)
- When done, click the Save Scan Report button. (4)
- Click the Save Report as button.
- Save the report to your Desktop.
- Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
----------------------------------------------------------------------------------------------
In your next reply, please include the following:
- The new Combofix log
- The AVG Anti-Spyware log
- A fresh HijackThis log
- A description of how the PC is running.
Thanks,
markamus