Go to add/remove programs and uninstall:
Java DB 10.3.1.4
Java(TM) SE Development Kit 6 Update 6
Viewpoint Media Player
----------
Open Hijackthis and select Do a system scan only and place a check mark next to these entries:
- R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://search.search-exe.com/nph-search.cgi?tcode=exebar1&look=sbar1_srchbtn- R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=- R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=- O4 - HKLM\..\Run: [SoftwareUpdater] C:\WINDOWS\SoftwareUpdater.exe
- O4 - HKLM\..\Run: [GoogleUpdate] C:\Program Files\Internet Explorer\3424.EXE
- O4 - HKCU\..\Run: [SoftwareUpdater] C:\WINDOWS\SoftwareUpdater.exe
- O4 - HKCU\..\Policies\Explorer\Run: [shsxpr] C:\WINDOWS\System32\shsxpr.exe
- O16 - DPF: {10000000-1000-0000-1000-000000000000} - mhtml:file://C:\ARCHIVE.MHT!http://aseger.info/server.exe
- O16 - DPF: {10003000-1000-0000-1000-000000000000} -
http://www.ethiotravelandtours.com/kav1.exe- O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://d: oo.mht!http://www.ethiotravelandtours.com/x.chm::/money.e xe
- O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7.cab
- O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
- O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} -
http://ax.web-nexus.net/download/ax/228/installer.exe- O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
- O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
Important: Close all windows and then click Fix checked.
Exit Hijackthis.
----------
Delete these files/folders, as follows:
1. Go to
Start >
Run > type
Notepad.exe and click
OK to open Notepad.
It
must be Notepad, not Wordpad.
- Click Start , then Run
- Type notepad.exe in the Run Box.
2. Copy the text in the below code box by highlighting all the text and pressing
Ctrl+CKillAll::
File::
C:\WINDOWS\SoftwareUpdater.exe
C:\Program Files\Internet Explorer\3424.EXE
C:\WINDOWS\System32\shsxpr.exe
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoftwareUpdater"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"shsxpr"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmona]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\2e790fdd-3996-497e-a3ab-29a954949d29]
3. Go to the Notepad window and click
Edit >
Paste4. Then click
File >
Save5. Name the file
CFScript.txt - Save the file to your Desktop
6. Then drag the
CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below.
Important: Perform this instruction carefully!
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
Note:
Do not mouseclick combofix's window while it is running. That may cause your system to freeze----------
Download
ATF Cleaner by Atribune.
Note: Vista users must use Run As Administrator- Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser- Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser- Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click
Exit on the Main menu to close the program.
----------
Next post
Combofix logHow are things now?