Click Start > Run and then copy/paste the following into the box and then click OK
"%userprofile%\Desktop\GooredFix.exe" /uninstall
If any of your security programs query a new Registry/AutoStart value being added please allow the changes.
Combofix reports McAfee as not up to date, so make sure, you update it.
1. Please
open Notepad- Click Start , then Run
- Type notepad .exe in the Run Box.
2. Now
copy/paste the entire content of the codebox below into the Notepad window:
Quote:
File::
c:\windows\system32\lmn_setup.exe
c:\windows\system32\cwrst_setup.exe
c:\windows\system32\click_setup.exe
C:\celkadaa.exe
C:\cqcsss.exe
C:\kggi.exe
C:\bomp.exe
c:\windows\instsp2.exe
c:\temp\SSV_Windows2.22.0046.exe
c:\windows\system32\rn.tmp
c:\windows\system32\itymrxgg.tmp
c:\windows\system32\xzgndh.dll
c:\windows\system32\ljxayqtk.dll
c:\windows\system32\hcfixv.dll
c:\windows\system32\qrqiaidd.dll
c:\windows\system32\vsagkk.dll
c:\windows\system32\gypgxuyw.dll
c:\program files\Common Files\eduwecotar.dll
c:\program files\Common Files\ohivoxup._sy
c:\program files\Common Files\hegyqep.lib
c:\windows\SYSTEM32\nijegano.dll.vir
Folder::
Driver::
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SYS32DLL"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"SYS32DLL"=-
|
3.
Save the above as
CFScript.txt
4. Then
drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
- Combofix.txt
- A new HijackThis log.