Hi,
First of all... not sure where you have read the instructions to use Combofix, but the first step required before you run it is to install the Recovery Console.
Read here how to do this with Combofix:
http://www.bleepingc...to-use-combofixThe reason why Recovery Console is recommended is because malware damages a lot and causes an instable system - and because of that, it may happen that your computer won't be able to boot anymore. With the Recovery Console installed, there are extra options present to repair whatever malware damaged. Also, even though you're not infected, the presence of the Recovery Console is a useful feature in case a computer won't boot anymore because of several other reasons. Read
here what you can do with the Recovery Console.
Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.
Then, after you installed the Recovery Console..
* Open
notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:
File::
C:\WINDOWS\pskt.ini
C:\WINDOWS\BMeb508879.xml
C:\WINDOWS\system32\pmpltbhf.ini
C:\WINDOWS\system32\pwqxvuhi.dll
C:\WINDOWS\system32\fhbtlpmp.dll
C:\WINDOWS\system32\fljfdnsi.ini
C:\WINDOWS\system32\isndfjlf.dll
C:\WINDOWS\system32\bbqyqwlb.dll
C:\WINDOWS\system32\xwqfcckw.ini
C:\WINDOWS\system32\vrttdprx.ini
C:\WINDOWS\system32\blgtcpuw.ini
C:\WINDOWS\system32\khfcDtQg.dll
C:\WINDOWS\system32\ddcDtQih.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E23136A1-1AC4-4D1B-926F-5D537CFFF359}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BMeb508879"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{E23136A1-1AC4-4D1B-926F-5D537CFFF359}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcDtQih]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMeb508879]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e863bbe5]
Save this as txtfile
CFScript Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of
Combofix.txt in your next reply together with a
new HijackThislog.