Please download
Combofix from
HERE
Save ComboFix to the desktop.
====================
Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the text in the quotebox below into it:
Quote:
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wineij32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmqx32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winpsa32]
|
Save this as
CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag
CFScript.txt into ComboFix.exe
Restart your computer.
When finished, it shall produce a log for you at
C:\ComboFix.txt
Post back the
ComboFix.txt along with a fresh HijackThis log please.
*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*
====================
Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.
O20 - Winlogon Notify: wineij32 - wineij32.dll (file missing)
O20 - Winlogon Notify: winmqx32 - winmqx32.dll (file missing)
O20 - Winlogon Notify: winpsa32 - winpsa32.dll (file missing)
Reboot and post a new HJT log..