Did you open these ports?
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
---------------------------------------------------------------------
Remove bad HijackThis entries
- Run HijackThis
- Click on the System Scan Only button
- Put a check beside all of the items listed below (if present):
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = file://c:/windows/homepage.html
O4 - HKLM\..\Run: [HTV Agent] C:\Program Files\HTV\HTV.exe
O4 - HKLM\..\Run: [{B6-67-74-45-DW}] C:\windows\system32\jmwnw64p.exe DWramFF
- Close all open windows and browsers/email, etc...
- Click on the "Fix Checked" button
- When completed, close the application.
-----------------------------------------------------------------------------------
Run CFScript
Open
notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..
Pay particular attention to this :-
Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
File::
C:\WINDOWS\portsv.exe
C:\WINDOWS\system32\g34.exe
C:\WINDOWS\h8907435.exe
C:\windows\system32\jmwnw64p.exe
C:\WINDOWS\portsv.exe
Folder::
C:\WINDOWS\system32\1397
C:\WINDOWS\system32\xrem
C:\WINDOWS\system32\NMP
C:\WINDOWS\system32\inet2
C:\WINDOWS\system32\expo
C:\WINDOWS\system32\btz
C:\WINDOWS\system32\105772
C:\WINDOWS\444.0
C:\WINDOWS\444.470
C:\Program Files\HTV
Driver::
MSSECURITY1.209.4
NPF
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{B6-67-74-45-DW}"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PlugPlayRPC]
Save this as
CFScript.txt
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.