1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

hijack this log

Discussion in 'Virus & Other Malware Removal' started by alroy, Sep 27, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. alroy

    alroy Thread Starter

    Joined:
    Sep 27, 2003
    Messages:
    2
    this my first time here, please let me know if i need to remove any of these. trend mirco picked up TROJ PEPER.A how do i get rid of these.



    Logfile of HijackThis v1.97.2

    Scan saved at 5:35:23 PM, on 9/27/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\SYSTEM\HIDSERV.EXE
    C:\OPLIMIT\OCRAWARE.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\OPLIMIT\OCRAWR32.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\IOMEGA CD-RW\DIRECTCD.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\3DFX INTERACTIVE\3DFX TOOLS\APPS\3DFXMAN.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\PROGRAM FILES\WINAMP3\WINAMPA.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\MEDIA\MEDIA\UPDATESTATS.EXE
    C:\PROGRAM FILES\TROJANHUNTER 3.6\THGUARD.EXE
    C:\PROGRAM FILES\IOMEGA CD-RW\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
    C:\WINDOWS\SYSTEM\IEDRIVER\IEDRIVER.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\BIGFIX\BIGFIX.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\SLNT.EXE
    C:\WINDOWS\SYSTEM\GUFJ.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAM FILES\EZULA\MMOD.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\SYSTEM\sb.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Mediacom Online
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.drudgereport.com/
    R3 - Default URLSearchHook is missing
    F1 - win.ini: load=C:\OPLIMIT\ocraware.exe
    N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%206%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\kbocgb9o.slt\prefs.js)
    O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file)
    O2 - BHO: NavErrRedir Class - {269B6797-664E-48AA-B283-B012BDF6E525} - C:\PROGRA~1\INCRED~1\BHO\BHO.DLL
    O2 - BHO: (no name) - {80672997-D58C-4190-9843-C6C61AF8FE97} - C:\WINDOWS\RUNDLL16.DLL (file missing)
    O2 - BHO: (no name) - {4DFD6A20-ED7C-11D7-A6D1-00C0F05BBC6C} - C:\WINDOWS\SYSTEM\OLECXNV32.DLL
    O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\BI.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: (no name) - {4B9BBF80-EB23-11D7-A6D1-00C0F05BBC6C} - (no file)
    O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-D3FA-F27BA787AD2D} - C:\PROGRA~1\POWERS~1\TOOLBAR\PWRSWMDA.DLL (file missing)
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\IOMEGA~1\DIRECTCD.EXE
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,CMNUpdateOnBoot
    O4 - HKLM\..\Run: [3dfx Task Manager] "C:\Program Files\3dfx Interactive\3dfx Tools\Apps\3dfxMan.exe"
    O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    O4 - HKLM\..\Run: [ATTRedUpate] C:\PROGRAM FILES\COMMON FILES\MEDIACOM\MIGCFG\PROGRAMS\AutoUpdate.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe
    O4 - HKLM\..\Run: [[email protected]#JAR2WZRKPP] C:\WINDOWS\SYSTEM\Bxe0n.exe
    O4 - HKLM\..\Run: [Rundll16] C:\WINDOWS\RUNDLL16.EXE
    O4 - HKLM\..\Run: [Welcome] C:\WINDOWS\Welcome.exe /R
    O4 - HKLM\..\Run: [OrbitUpdate] C:\Program Files\Orbit\update.exe
    O4 - HKLM\..\Run: [OrbitView] C:\Program Files\Orbit\view.exe
    O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 3.6\THGUARD.EXE"
    O4 - HKLM\..\Run: [RAV8Tray] C:\Program Files\GeCAD\RAV8 Desktop\ravtray8.exe
    O4 - HKLM\..\Run: [IEDriver] C:\WINDOWS\SYSTEM\IEDriver\IEDriver.exe
    O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\IOMEGA~1\EASYCD~1\CREATECD\CREATECD.EXE -r
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [NoAds] "C:\PROGRAM FILES\NOADS\NOADS.EXE"
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q
    O4 - HKCU\..\Run: [Cact] C:\WINDOWS\Application Data\htou.exe
    O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: Event Minder Reminders.lnk = C:\HALLMARK\EMREMIND.EXE
    O4 - Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/sa/common/common/bin/cabsa.cab
    O16 - DPF: {340FBD92-B7BB-11D2-8299-00104B27F81B} (ScanCtl Class) - http://outpost.zdnet.com/updates/resources/updates.cab
    O16 - DPF: {1FA643B0-F90E-11D3-BA0B-00C04F384A92} (HomeTsrCtrl Class) - http://image.excite.com/sputnik/dynacat_upload/HOME/ATHMWWW/locationchange.dll
    O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.elkhart.net/surround/svideo3.cab
    O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.103/03214c7cbcd3b704c717/netzip/RdxIE.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553542500} - http://active.macromedia.com/flash2/cabs/swflash.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805...ch.com/audit/includes/ContentAuditControl.cab
    O16 - DPF: {234B7457-1A7E-4268-BA71-9936F0C78BEC} (ContentCleanup3X Control) - http://a840.g.akamai.net/7/840/5805...com/cleanup/includes/ContentCleanup3Proj1.cab
    O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37883.6147453704
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} (CarPoint Auto-Pricer Control) - http://autos.msn.com/components/ocx/autopricer/autopricer.cab
    O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} (Register Class) - http://content.hiwirenetworks.net/inbrowser/cabfiles/2.5.30/Hiwire.cab
    O16 - DPF: {F8F88D0D-E455-11D6-B547-00400555C7FB} (DiskHealth2 Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup.cab
    O16 - DPF: {FC87A650-207D-4392-A6A1-82ADBC56FA64} (MultiDist) - http://xbs.climaxbucks.com/internet-optimizer/MultiDist.CAB
    O16 - DPF: {6ABC861A-31E7-4D91-B43B-D3C98F22A5C0} (SecureWeb Class) - http://secure.goodthinxx.com/(kdwdmk45fv2rgp55pbdux33p)/secureweb/securewebgt.cab
    O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/0fb5e03023def1/housecall.antivirus.com/housecall/xscan53.cab
     
  2. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    Are you sure thats the exact name of the virus? I can't find anything at Trend Micro about a virus called Peper.A.
     
  3. buckaroo

    buckaroo

    Joined:
    Mar 25, 2001
    Messages:
    3,334
    Hi alroy, welcome to TSG.

    You do have some stuff that you can use HJT remove. Close your browser, check the following items in HJT and click Fix. Reboot afterwards.


    R3 - Default URLSearchHook is missing


    O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file)

    O2 - BHO: NavErrRedir Class - {269B6797-664E-48AA-B283-B012BDF6E525} - C:\PROGRA~1\INCRED~1\BHO\BHO.DLL

    O2 - BHO: (no name) - {80672997-D58C-4190-9843-C6C61AF8FE97} - C:\WINDOWS\RUNDLL16.DLL (file missing)

    O2 - BHO: (no name) - {4DFD6A20-ED7C-11D7-A6D1-00C0F05BBC6C} - C:\WINDOWS\SYSTEM\OLECXNV32.DLL

    O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\BI.DLL


    O3 - Toolbar: (no name) - {4B9BBF80-EB23-11D7-A6D1-00C0F05BBC6C} - (no file)

    O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-D3FA-F27BA787AD2D} - C:\PROGRA~1\POWERS~1\TOOLBAR\PWRSWMDA.DLL (file missing)


    O4 - HKLM\..\Run: [[email protected]#JAR2WZRKPP] C:\WINDOWS\SYSTEM\Bxe0n.exe

    O4 - HKLM\..\Run: [Rundll16] C:\WINDOWS\RUNDLL16.EXE


    O4 - HKLM\..\Run: [OrbitUpdate] C:\Program Files\Orbit\update.exe

    O4 - HKLM\..\Run: [OrbitView] C:\Program Files\Orbit\view.exe


    O4 - HKLM\..\Run: [IEDriver] C:\WINDOWS\SYSTEM\IEDriver\IEDriver.exe

    O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe


    O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.103/03214c7cbcd3b7...etzip/RdxIE.cab


    ...this following entry is spyware related and can be removed too:

    O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q

    ...I can't find anything on this next item. It may be legitimate, or if you don't recognize it you may also want to remove it:

    O4 - HKCU\..\Run: [Cact] C:\WINDOWS\Application Data\htou.exe


    After rebooting, delete the following folders:

    C:\Program Files\Orbit\view.exe

    C:\WINDOWS\SYSTEM\IEDriver\IEDriver.exe

    O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe


    Then go here and downlaod Spybot:

    http://www.safer-networking.org/index.php?lang=en&page=download

    ....after installing, have it go on line and download all updates. Then have it check your system for any problems. Everything it finds in RED is safe to delete.

    :)
     
  4. NiteHawk

    NiteHawk

    Joined:
    Mar 9, 2003
    Messages:
    4,699
    In Hijack This, check ALL of the following items. Double check so as to be sure not to miss a single one.
    Next, close all browser Windows, and have HT fix all checked.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\SYSTEM\sb.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Mediacom Online
    R3 - Default URLSearchHook is missing
    F1 - win.ini: load=C:\OPLIMIT\ocraware.exe
    O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file)
    O2 - BHO: NavErrRedir Class - {269B6797-664E-48AA-B283-B012BDF6E525} - C:\PROGRA~1\INCRED~1\BHO\BHO.DLL
    O2 - BHO: (no name) - {80672997-D58C-4190-9843-C6C61AF8FE97} - C:\WINDOWS\RUNDLL16.DLL (file missing)
    O2 - BHO: (no name) - {4DFD6A20-ED7C-11D7-A6D1-00C0F05BBC6C} - C:\WINDOWS\SYSTEM\OLECXNV32.DLL
    O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\BI.DLL
    O3 - Toolbar: (no name) - {4B9BBF80-EB23-11D7-A6D1-00C0F05BBC6C} - (no file)
    O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-D3FA-F27BA787AD2D} - C:\PROGRA~1\POWERS~1\TOOLBAR\PWRSWMDA.DLL (file missing)

    O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [ATTRedUpate] C:\PROGRAM FILES\COMMON FILES\MEDIACOM\MIGCFG\PROGRAMS\AutoUpdate.exe
    O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe
    O4 - HKLM\..\Run: [[email protected]#JAR2WZRKPP] C:\WINDOWS\SYSTEM\Bxe0n.exe
    O4 - HKLM\..\Run: [Rundll16] C:\WINDOWS\RUNDLL16.EXE
    O4 - HKLM\..\Run: [Welcome] C:\WINDOWS\Welcome.exe /R
    O4 - HKLM\..\Run: [OrbitUpdate] C:\Program Files\Orbit\update.exe
    O4 - HKLM\..\Run: [OrbitView] C:\Program Files\Orbit\view.exe
    O4 - HKLM\..\Run: [IEDriver] C:\WINDOWS\SYSTEM\IEDriver\IEDriver.exe
    O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q
    O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe

    O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.103/03214c7cbcd3b7...etzip/RdxIE.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805...uditControl.cab
    O16 - DPF: {234B7457-1A7E-4268-BA71-9936F0C78BEC} (ContentCleanup3X Control) - http://a840.g.akamai.net/7/840/5805...eanup3Proj1.cab
    O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} (Register Class) - http://content.hiwirenetworks.net/i...5.30/Hiwire.cab
    O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/...IL/PhPSetup.cab



    Most Accelerator programs don't really do much except take up additional recources.

    IF you are running ME or XP Disable SYSTEM RESTORE : How to disable or enable System Restore in Windows ME

    How to disable or enable System Restore in Windows XP


    Next reboot into Safe Mode and remove the following files and folders that are bolded

    C:\WINDOWS\BI.DLL

    C:\WINDOWS\RUNDLL16.DLL
    C:\WINDOWS\Welcome.exe

    C:\WINDOWS\SYSTEM\sb.htm
    C:\WINDOWS\SYSTEM\OLECXNV32.DLL
    C:\WINDOWS\SYSTEM\Bxe0n.exe

    C:\PROGRAM FILES\COMMON FILES\MEDIACOM\MIGCFG\PROGRAMS\AutoUpdate.exe
    C:\Program Files\Orbit\update.exe
    C:\PROGRA~1\CLOCKS~1\Sync.exe /q
    C:\PROGRA~1\ezula\mmod.exe

    See here http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406 for how to start in safe mode if you don't know how.

    Reboot into normal mode

    RE-ENABLE SYSTEM RESTORE and create a new restore point


    Now download Spybot - Search & Destroy (if you haven't got the program installed already)

    After installing, first press Online, and search for, put a check mark at, and install all updates.

    Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove/fix all it finds that are in RED

    Reboot

    Last, run HJT again and post your log again to see if anything was missed.

    Thanks
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/167940

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice