Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.
O2 - BHO: (no name) - {7F228713-892A-4253-A13C-672ABA8BCED2} - C:\WINDOWS\system32\atmli.dll
Reboot...............
=============================
Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out
portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the text in the quotebox below into it:
Quote:
Killall::
File::
C:\WINDOWS\inf\SETB6.tmp
C:\WINDOWS\inf\SET66.tmp
C:\WINDOWS\system32\wadgh.bak1
C:\WINDOWS\system32\wadgh.bak2
C:\WINDOWS\system32\wadgh.ini2
C:\WINDOWS\system32\atmli.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F228713-892A-4253-A13C-672ABA8BCED2}]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\WINDOWS\system32\kqjptjrg.exe"=-
"C:\WINDOWS\system32\nwjxthvt.exe"=-
"C:\WINDOWS\system32\drvehwrj.exe"=-
"C:\WINDOWS\system32\tsmhmxgj.exe"=-
"C:\WINDOWS\system32\gigcbhhq.exe"=-
"C:\WINDOWS\system32\hlorfkyt.exe"=-
"C:\WINDOWS\system32\rhnoppmr.exe"=-
|
Save this as
CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.
Refering to the picture above, drag
CFScript.txt into ComboFix.exe
When finished, it shall produce a log for you at
C:\ComboFix.txt
Please
copy and paste the
ComboFix.txt along with a fresh HijackThis log in your next reply please.
*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your compter*