Although it was needed, I wasn't actually looking for a combofix log, please try not to run any tools unless asked. Some are very powerful and can destroy a PC if used improperly.
If there are any warez/cracked programs on the PC remove them now.
Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.
If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.
Additionally, cracked programs are illegal.
----------
Delete these files/folders, as follows:
1. Go to
Start >
Run > type
Notepad.exe and click
OK to open Notepad.
It
must be Notepad, not Wordpad.
- Click Start , then Run
- Type notepad.exe in the Run Box.
2. Copy the text in the below code box by highlighting all the text and pressing
Ctrl+CKillAll::
Folder::
C:\WINDOWS\VmFsdWVkIEN1c3RvbWVy
File::
C:\WINDOWS\system32\lpjooesx.exe
C:\WINDOWS\system32\qyskketg.exe
C:\WINDOWS\system32\atmtd.dll.tmp
C:\WINDOWS\system32\rvhqjxoh.exe
C:\jfcjr.exe
C:\flciijjq.exe
C:\1154735127
C:\60.tmp
C:\WINDOWS\b156.exe_old
C:\EZ-DJ_Plus_v1.2_-_By_Samurize.rar
C:\WINDOWS\SCE2287D1.tmp
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM47e0ef24"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{FA8BE6D5-40E0-48B8-B317-18A4A590918A}"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXPJYrq]
3. Go to the Notepad window and click
Edit >
Paste4. Then click
File >
Save5. Name the file
CFScript.txt - Save the file to your Desktop
6. Then drag the
CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below.
Important: Perform this instruction carefully!
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
Note:
Do not mouseclick combofix's window while it is running. That may cause your system to freeze----------
After combofix has completed run a new Hijackthis scan and post the new log from it along with the combofix log.