|
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28181
Loc: belfast
|
Re: Blue Screen - please check log
Mon Mar 31 2008 11:45 PM
|
|
|
I don't know what you clicked on at 13.50 on 29/03/08 but it installed a lot of nasty files on your comp.
Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the text in the quotebox below into it:
Quote:
Killall::
File::
C:\WINDOWS\system32\ncxudivg.exe
C:\WINDOWS\winsystem.exe
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\system32WINWGPX.EXE
C:\WINDOWS\system32winsystem.exe
C:\WINDOWS\system32winlogonpc.exe
C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32temp#01.exe
C:\WINDOWS\system32taack.exe
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32sysreq.exe
C:\WINDOWS\system32ssvchost.exe
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32sncntr.exe
C:\WINDOWS\system32Rundl1.exe
C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32psoft1.exe
C:\WINDOWS\system32psof1.exe
C:\WINDOWS\system32ps1.exe
C:\WINDOWS\system32newsd32.exe
C:\WINDOWS\system32netode.exe
C:\WINDOWS\system32mwin32.exe
C:\WINDOWS\system32mtr2.exe
C:\WINDOWS\system32msvchost.exe
C:\WINDOWS\system32mssecu.exe
C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32msgp.exe
C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32hxiwlgpm.exe
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32hoproxy.dll
C:\WINDOWS\system32h@tkeysh@@k.dll
C:\WINDOWS\system32emesx.dll
C:\WINDOWS\system32dpcproxy.exe
C:\WINDOWS\system32bsva-egihsg52.exe
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32awtoolb.dll
C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32akttzn.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\bdn.com
C:\WINDOWS\a.bat
C:\DOCUME~1\Annette\DesktopTrojan.Win32.BlackBird.exe
C:\DOCUME~1\Annette\DesktopFWebdEditor.exe
C:\DOCUME~1\Annette\Desktopfwebd.exe
C:\DOCUME~1\Annette\Desktopfkwp2.0.exe
C:\DOCUME~1\Annette\Desktopfkwp1.5.exe
C:\DOCUME~1\Annette\Desktopfilemanagerclient.exe
C:\DOCUME~1\Annette\DesktopEditorFKWP2.0.exe
C:\DOCUME~1\Annette\DesktopEditorFKWP1.5.exe
Folder::
C:\WINDOWS\system32smp
C:\DOCUME~1\Annette\Desktopvirii
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.
Refering to the picture above, drag CFScript.txt into ComboFix.exe
Restart your computer.
When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please and
let me know how it is running.
*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
 
A computer once beat me at chess, but it was no match for me at kick boxing. 
|
|
|
|
1 registered and 22 anonymous users are browsing this forum.
Moderator: putasolutions, greysts, bricat, AndrewC, Joe_London, John_McKenna, Mouse, Hello_There, TheFatControlleR, Nanook, Noviciate
Print Thread
|
Forum Permissions
You cannot start new topics
You cannot reply to topics
HTML is disabled
Mark-up is enabled
|
Rating:
Thread views: 0
|
|
|
Previous
Index
Next
Flat
Edit
Reply
Quote
