Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.
O2 - BHO: (no name) - {2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B} - C:\WINDOWS\system32\rqrrqnl.dll
O2 - BHO: (no name) - {BE6C2349-407C-4987-8BF0-7B4B697B73D8} - C:\WINDOWS\system32\gebyv.dll
==========================
Open *notepad* and copy/paste the text in the quotebox below into it:
Quote:
KillAll::
File::
C:\WINDOWS\system32\uhesgkue.exe
C:\WINDOWS\system32\urqrpqr.dll
C:\WINDOWS\system32\jkkifeb.dll
C:\WINDOWS\system32\xxyaxut.dll
C:\WINDOWS\system32\khfdeca.dll
C:\WINDOWS\system32\rqrrqnl.dll
C:\WINDOWS\uccspecc.sys
C:\WINDOWS\system32\cpnprt2.cid
C:\WINDOWS\system32\vybeg.ini
C:\WINDOWS\system32\vybeg.ini2
Folder::
C:\WINDOWS\TXIuIEN1bm93
C:\Program Files\Coupons
C:\Program Files\Viewpoint
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"=-
"Aaou"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrrqnl]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\gebyv.dll
|
Save this as
CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.
Refering to the picture above, drag
CFScript.txt into ComboFix.exe
Restart your computer.
When finished, it shall produce a log for you at
C:\ComboFix.txt
Please
copy and paste the
ComboFix.txt along with a fresh HijackThis log in your next reply please.
*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*