1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Problem PC needs HJT Review

Discussion in 'Virus & Other Malware Removal' started by HOBOcs, Nov 9, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. HOBOcs

    HOBOcs Thread Starter

    Joined:
    Jan 5, 2004
    Messages:
    8,500
    First Name:
    Jim
    Hjt for Review and direction.

    I've run Grisoft Anti-Virus, Ewido, cleanup.

    Logfile of HijackThis v1.99.1
    Scan saved at 11:11:52 PM, on 11/9/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Utilities\hijack this\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\kqlji.dll/sp.html#12345%resultposition.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\kqlji.dll/sp.html#12345%resultposition.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\kqlji.dll/sp.html#12345%resultposition.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = res://C:\WINDOWS\system32\cmyfh.dll/sp.html#12345%resultposition.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = res://C:\WINDOWS\system32\cmyfh.dll/sp.html#12345%resultposition.net
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {02B1DD18-286C-7339-2831-1E97FFBF8C58} - (no file)
    O2 - BHO: (no name) - {05DF759A-7AB8-74F8-1007-762880E7156C} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {073966FB-50D8-55DE-2E21-4EF25367618D} - (no file)
    O2 - BHO: (no name) - {0AF241F4-2D7B-CEAF-AD06-F0A5B6C98D86} - (no file)
    O2 - BHO: (no name) - {13BD8F78-7E21-B649-0FD6-1E7E44CDB342} - (no file)
    O2 - BHO: (no name) - {18A23373-407C-5064-29FC-1C2D804594FA} - (no file)
    O2 - BHO: (no name) - {24FC655B-81EC-FEB9-56AA-B6D3DD9EFE0F} - (no file)
    O2 - BHO: (no name) - {26035A02-7899-DB05-D475-AE4FA3F22563} - (no file)
    O2 - BHO: (no name) - {2846032F-8EA0-4EFF-E13E-006290501796} - (no file)
    O2 - BHO: (no name) - {35BB6475-7B7C-B04E-A3C4-99FEB74D4761} - (no file)
    O2 - BHO: (no name) - {44B25686-99F8-F195-F825-431202F0463F} - (no file)
    O2 - BHO: (no name) - {59EE675B-6A9B-6F9E-50B2-F9D78BD7C3B7} - (no file)
    O2 - BHO: (no name) - {61D7C233-1C3C-2344-8212-77DF99E12940} - (no file)
    O2 - BHO: (no name) - {760FD349-1147-8034-4280-A8F6BEA97A65} - (no file)
    O2 - BHO: (no name) - {862B880F-8C8B-27F3-B154-FA38A4A647BA} - (no file)
    O2 - BHO: (no name) - {8CE9207B-A144-CAF0-58BD-F15E7B49A977} - (no file)
    O2 - BHO: (no name) - {9C1B2B2A-8963-C92B-AF30-4849E4570A9A} - (no file)
    O2 - BHO: (no name) - {9CAD02CC-BB43-75C0-802F-FB2C2F6800B4} - (no file)
    O2 - BHO: (no name) - {AD33C71D-2AED-FD32-6CBA-5204BFD00A87} - (no file)
    O2 - BHO: (no name) - {CB3F3E7C-119E-F9E7-9AC4-5F32D3180EFD} - (no file)
    O2 - BHO: (no name) - {CDA2D77E-431C-B261-D538-A1395D2DA449} - (no file)
    O2 - BHO: (no name) - {D1F78513-F05A-BA7F-9F26-0910C16BA47D} - (no file)
    O2 - BHO: (no name) - {D45F954C-7B53-AE0C-955A-307DD79D8456} - (no file)
    O2 - BHO: (no name) - {DA3BFEDE-5DCB-6D48-F52D-F5F30B78210B} - (no file)
    O2 - BHO: (no name) - {DD49FC7F-E64C-A994-24CA-172CC116D30F} - (no file)
    O2 - BHO: (no name) - {E2D53A22-B5A2-6CEA-2CBA-2124E08BE388} - (no file)
    O2 - BHO: (no name) - {E6510F00-8D63-A5DF-5C50-00AE920791E7} - (no file)
    O2 - BHO: (no name) - {E8CB8F3D-0EF0-B83E-7CE8-95669AA1BCA0} - (no file)
    O2 - BHO: (no name) - {EFC5B77D-89C3-A962-9A96-1C6818B08696} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [msci] c:\program files\mcafee.com\shared\mcinfo.exe /insfin
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [Pwhzkh] C:\WINDOWS\System32\??rvices.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O15 - Trusted Zone: *.frame.crazywinnings.com
    O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,911,0
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
     
  2. kdd9

    kdd9

    Joined:
    Mar 24, 2005
    Messages:
    516
    Hello ucurl. Welcome. I am reviewing your HijackThis log now and will be back with a reply as soon as possible.

    Please note that I am currently an undergraduate at a malware removal school which means that all of my responses are checked by an expert (teacher) before they reach the persons that I am helping. So there may be a slight lag in response time, but this assures that you receive quality assistance and that I get properly trained. Your patience is appreciated.:)

    Here are a few tips to help make things go smoothly:

    • * Feel free to stop and ask about anything that you are unsure of before proceeding.
      * It is often worth reading through the instructions and printing them for ease of reference.
      * Please reply only to this thread rather than start a new one.
      * Leave System Restore enabled during the handling.
      * If possible, continue to follow the topic until the system is pronounced clean; absence of symptoms does not necessarily mean absence of all malware.

    Please let me know immediately if you happen to be using a 64 bit version of Windows.
     
  3. kdd9

    kdd9

    Joined:
    Mar 24, 2005
    Messages:
    516
    The HijackThis log appears to have been created from Safe Mode. Would you please run a new one from Normal Mode.
    This time, when the scan finishes and the logfile opens in Notepad, click "File" > "Save As", save the logfile to your desktop, close Notepad, and then hit the "Config..." button in the lower right-hand corner of the HijackThis interface. Then click on the "Misc Tools" button near the top. Then click on the "Open Uninstall Manager" button. Then hit the "Save list..." button, save the Uninstall List to the desktop as well, and post both the HijackThis scan logfile and the Uninstall List back to this thread.
    Thank you.
     
  4. HOBOcs

    HOBOcs Thread Starter

    Joined:
    Jan 5, 2004
    Messages:
    8,500
    First Name:
    Jim
    Ok, let's start again.
    FYI I've remove Java runtime environment.. and have not loaded the new 5.0 yet. (I know older versions can cause problems)

    Also I'm receiveing an "Windows Explorer has encountered a problem and must be shut down" this appears over and over as I press "don't send a report" back to ms.
    Note: this does not appear in safe mode.

    Background.
    1) Loaded Grisoft - downloaded latest updates - ran in normal and safe modes
    2) loade Ewido (Grisoft Ant-spyware) loaded updates and ran in normal and safe modes.
    3) Installed Spybots search and destroy - downloaded latest updates - ran in normal and safe modes.
    4) Installed "Cleanup" ran in normal.
    5) Downloaded Hoster - ran and restored original hosts.


    Stopping here.
    Hijack this show a couple of things that are a concern
    1) Nofile (02) entires - If I try to fix they come back.
    2) 015 enties require cleanup - fixing doesn't help

    I will load xp SP2 once all is clean


    Here is latest hjt log

    Logfile of HijackThis v1.99.1
    Scan saved at 6:34:27 PM, on 11/10/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\System32\dwwin.exe
    C:\Utilities\hijack this\HijackTh.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
    O2 - BHO: (no name) - {02B1DD18-286C-7339-2831-1E97FFBF8C58} - (no file)
    O2 - BHO: (no name) - {05DF759A-7AB8-74F8-1007-762880E7156C} - (no file)
    O2 - BHO: (no name) - {073966FB-50D8-55DE-2E21-4EF25367618D} - (no file)
    O2 - BHO: (no name) - {0AF241F4-2D7B-CEAF-AD06-F0A5B6C98D86} - (no file)
    O2 - BHO: (no name) - {13BD8F78-7E21-B649-0FD6-1E7E44CDB342} - (no file)
    O2 - BHO: (no name) - {18A23373-407C-5064-29FC-1C2D804594FA} - (no file)
    O2 - BHO: (no name) - {24FC655B-81EC-FEB9-56AA-B6D3DD9EFE0F} - (no file)
    O2 - BHO: (no name) - {26035A02-7899-DB05-D475-AE4FA3F22563} - (no file)
    O2 - BHO: (no name) - {2846032F-8EA0-4EFF-E13E-006290501796} - (no file)
    O2 - BHO: (no name) - {35BB6475-7B7C-B04E-A3C4-99FEB74D4761} - (no file)
    O2 - BHO: (no name) - {44B25686-99F8-F195-F825-431202F0463F} - (no file)
    O2 - BHO: (no name) - {59EE675B-6A9B-6F9E-50B2-F9D78BD7C3B7} - (no file)
    O2 - BHO: (no name) - {61D7C233-1C3C-2344-8212-77DF99E12940} - (no file)
    O2 - BHO: (no name) - {760FD349-1147-8034-4280-A8F6BEA97A65} - (no file)
    O2 - BHO: (no name) - {862B880F-8C8B-27F3-B154-FA38A4A647BA} - (no file)
    O2 - BHO: (no name) - {8CE9207B-A144-CAF0-58BD-F15E7B49A977} - (no file)
    O2 - BHO: (no name) - {9C1B2B2A-8963-C92B-AF30-4849E4570A9A} - (no file)
    O2 - BHO: (no name) - {9CAD02CC-BB43-75C0-802F-FB2C2F6800B4} - (no file)
    O2 - BHO: (no name) - {AD33C71D-2AED-FD32-6CBA-5204BFD00A87} - (no file)
    O2 - BHO: (no name) - {CB3F3E7C-119E-F9E7-9AC4-5F32D3180EFD} - (no file)
    O2 - BHO: (no name) - {CDA2D77E-431C-B261-D538-A1395D2DA449} - (no file)
    O2 - BHO: (no name) - {D1F78513-F05A-BA7F-9F26-0910C16BA47D} - (no file)
    O2 - BHO: (no name) - {D45F954C-7B53-AE0C-955A-307DD79D8456} - (no file)
    O2 - BHO: (no name) - {DA3BFEDE-5DCB-6D48-F52D-F5F30B78210B} - (no file)
    O2 - BHO: (no name) - {DD49FC7F-E64C-A994-24CA-172CC116D30F} - (no file)
    O2 - BHO: (no name) - {E2D53A22-B5A2-6CEA-2CBA-2124E08BE388} - (no file)
    O2 - BHO: (no name) - {E6510F00-8D63-A5DF-5C50-00AE920791E7} - (no file)
    O2 - BHO: (no name) - {E8CB8F3D-0EF0-B83E-7CE8-95669AA1BCA0} - (no file)
    O2 - BHO: (no name) - {EFC5B77D-89C3-A962-9A96-1C6818B08696} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O15 - Trusted Zone: *.frame.crazywinnings.com
    O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,911,0
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163137444046
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
     
  5. HOBOcs

    HOBOcs Thread Starter

    Joined:
    Jan 5, 2004
    Messages:
    8,500
    First Name:
    Jim
    bumping for assistance/directions
     
  6. HOBOcs

    HOBOcs Thread Starter

    Joined:
    Jan 5, 2004
    Messages:
    8,500
    First Name:
    Jim
    Seeking assistance
     
  7. kdd9

    kdd9

    Joined:
    Mar 24, 2005
    Messages:
    516
    Sorry for the delay ucurl.

    Please uninstall ewido anti-spyware and use the latest version, AVG Antispyware. You will want to turn off ewido before uninstalling it.

    • # Open ewido by double-clicking the yellow 'e' icon in the system tray.
      # In the 'Your security status' section, toggle the ewido Guard realtime protection 'off' by clicking 'active' which will then change the protection status to 'inactive'.

    Next, please uninstall CleanUp through the Add/Remove Programs list in the Control Panel. (I am going to recommend a safer drive cleaner to use.)


    Download AVG Anti-Spyware to your Desktop or to your usual Download Folder if you haven't already.
    http://www.ewido.net/en/download/
    • Install AVG Anti-Spyware by double clicking the installer.
    • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
    • On the main screen under Your Computer's security.
      • Click on Change state next to Resident shield. It should now change to inactive.
      • Click on Change state next to Automatic updates. It should now change to inactive.
      • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
      • Wait until you see the Update succesfull message.
    • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
    • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
    If you are having problems with the updater, you can use this link to manually update AVG Antispyware.
    AVG Anti-Spyware manual updates.
    Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.


    Download and install CCleaner from here.
    Do not run CCleaner just yet.


    Please download and unzip
    AboutBuster to a folder.


    Download CW-Shredder at the link below if you don’t already have it:
    http://www.trendmicro.com/ftp/products/online-tools/cwshredder.exe


    Download and unzip HSfix to your desktop. use link below:
    DownloadItHere


    Now double click on the Hsfix and when asked to merge say yes.

    Run CW-Shredder - Hit the FIX button - let it run and fix what it finds.

    Please print out the following instructions or copy them to Notepad as you will not have internet access from Safe Mode:

    Now, boot the computer into Safe Mode.
    Choose your usual account.
    Click here for instructions on how to boot into Safe Mode.


    Open HijackThis, do a system scan only, and when it finishes place a check before the following lines if present:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
    O2 - BHO: (no name) - {02B1DD18-286C-7339-2831-1E97FFBF8C58} - (no file)
    O2 - BHO: (no name) - {05DF759A-7AB8-74F8-1007-762880E7156C} - (no file)
    O2 - BHO: (no name) - {073966FB-50D8-55DE-2E21-4EF25367618D} - (no file)
    O2 - BHO: (no name) - {0AF241F4-2D7B-CEAF-AD06-F0A5B6C98D86} - (no file)
    O2 - BHO: (no name) - {13BD8F78-7E21-B649-0FD6-1E7E44CDB342} - (no file)
    O2 - BHO: (no name) - {18A23373-407C-5064-29FC-1C2D804594FA} - (no file)
    O2 - BHO: (no name) - {24FC655B-81EC-FEB9-56AA-B6D3DD9EFE0F} - (no file)
    O2 - BHO: (no name) - {26035A02-7899-DB05-D475-AE4FA3F22563} - (no file)
    O2 - BHO: (no name) - {2846032F-8EA0-4EFF-E13E-006290501796} - (no file)
    O2 - BHO: (no name) - {35BB6475-7B7C-B04E-A3C4-99FEB74D4761} - (no file)
    O2 - BHO: (no name) - {44B25686-99F8-F195-F825-431202F0463F} - (no file)
    O2 - BHO: (no name) - {59EE675B-6A9B-6F9E-50B2-F9D78BD7C3B7} - (no file)
    O2 - BHO: (no name) - {61D7C233-1C3C-2344-8212-77DF99E12940} - (no file)
    O2 - BHO: (no name) - {760FD349-1147-8034-4280-A8F6BEA97A65} - (no file)
    O2 - BHO: (no name) - {862B880F-8C8B-27F3-B154-FA38A4A647BA} - (no file)
    O2 - BHO: (no name) - {8CE9207B-A144-CAF0-58BD-F15E7B49A977} - (no file)
    O2 - BHO: (no name) - {9C1B2B2A-8963-C92B-AF30-4849E4570A9A} - (no file)
    O2 - BHO: (no name) - {9CAD02CC-BB43-75C0-802F-FB2C2F6800B4} - (no file)
    O2 - BHO: (no name) - {AD33C71D-2AED-FD32-6CBA-5204BFD00A87} - (no file)
    O2 - BHO: (no name) - {CB3F3E7C-119E-F9E7-9AC4-5F32D3180EFD} - (no file)
    O2 - BHO: (no name) - {CDA2D77E-431C-B261-D538-A1395D2DA449} - (no file)
    O2 - BHO: (no name) - {D1F78513-F05A-BA7F-9F26-0910C16BA47D} - (no file)
    O2 - BHO: (no name) - {D45F954C-7B53-AE0C-955A-307DD79D8456} - (no file)
    O2 - BHO: (no name) - {DA3BFEDE-5DCB-6D48-F52D-F5F30B78210B} - (no file)
    O2 - BHO: (no name) - {DD49FC7F-E64C-A994-24CA-172CC116D30F} - (no file)
    O2 - BHO: (no name) - {E2D53A22-B5A2-6CEA-2CBA-2124E08BE388} - (no file)
    O2 - BHO: (no name) - {E6510F00-8D63-A5DF-5C50-00AE920791E7} - (no file)
    O2 - BHO: (no name) - {E8CB8F3D-0EF0-B83E-7CE8-95669AA1BCA0} - (no file)
    O2 - BHO: (no name) - {EFC5B77D-89C3-A962-9A96-1C6818B08696} - (no file)
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O15 - Trusted Zone: *.frame.crazywinnings.com
    O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)

    Then make sure ALL windows are closed except HijackThis and hit the "Fix checked" button.


    Find and delete the following files if present:

    kqlji.dll
    (should be located in C:\WINDOWS
    cmyfh.dll (should be located in C:\WINDOWS\system32

    (and any other files with the same name that end in .dll, .exe or .dat, you may find them right next to each other, example - kqlji.exe, kqlji.dll, kqlji.dat)


    Run AboutBuster (Still in Safe Mode)

    • 1) Unzip all files to a folder.
      2) Start AboutBuster 6.05
      3) Hit begin removal and allow the program to run.
      4) AboutBuster will finish and open a new page. Follow the instructions for protection on that page.
      5) Shut down AboutBuster. A log should have been created.
      6) Run AboutBuster again.
      7) Note that it saved a log with the results of both scans on it. Post the log in your next reply.


    Run CCleaner:

    • * Double-click it's desktop icon to open the program.
      * Click the "Options" button, then click "Advanced".
      * Uncheck, "Only delete files in Windows Temp folders older than 48 hours".
      * Click the "Cleaner" button (where the brush is.)
      * Click the "Run Cleaner" button.
      * Click "OK" to proceed.
      * Let it scan and clean until it's finished, and when it says, "Cleaning complete" in the status window, exit the program.


    Run AVG Antispyware
    Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
    • Click on Scanner on the toolbar.
    • Click on the Settings tab.
      • Under How to act?
        • Click on Recommended Action and choose Quarantine from the popup menu.
      • Under How to scan?
        • All checkboxes should be ticked.
      • Under Possibly unwanted software:
        • All checkboxes should be ticked.
      • Under Reports:
        • Select Automatically generate report after every scan and uncheck Only if threats were found.
      • Under What to scan?
        • Select Scan every file.
    • Click on the Scan tab.
    • Click on Complete System Scan to start the scan process.
    • Let the program scan the machine.
    • When the scan has finished, follow the instructions below.
      IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
      • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
      • At the bottom of the window click on the Apply all Actions button. (3)
        [​IMG]
    • When done, click the Save Scan Report button. (4)
      • Click the Save Report as button.
      • Save the report to your Desktop.
    • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
    Reboot in Normal Mode.

    Now please go HERE to run the Trend Micro™ HouseCall Scan. (Use Internet Explorer for this.)

    ***Colored items available in Internet Explorer only
    • Read and place a check mark next to-"Yes, I accept the terms of use".
    • Place a check mark next to-"I want to select a different Housecall Kernel".
    • Click Launch HouseCall.
    • Select:
    • Using Java-Based Housecall Kernel
    • Click Starting HouseCall.
      Or
    • "Browser plug-in" Installing and using the Housecall Kernel
    • Click Starting HouseCall --(Allow ActiveX install)
    • Choose:
    • "Scan complete computer for malware, greyware and vulnerabilities".
    • Click Next.
      Or
    • "Scan individuals selected folders only".
    • Click Select.
    • Select folders to scan.
    • Click Next.
    • Please be patient, the scan can take a while.
    • When the scan is finished, a summary page will open.
    • Under Cleanup options:
    • Choose clean all detected infections automatically.
    • Click Clean now>>.
    • If anything was found you may be prompted to run the scan again, you can just close the browser window.
    • Please write down the full path and filename of anything that could not be cleaned/deleted.

    10. Reboot and post a fresh HJT log back here along with the report from AVG Antispyware and the AboutBuster log.
     
  8. kdd9

    kdd9

    Joined:
    Mar 24, 2005
    Messages:
    516
    Oh, I still need that Uninstall List too.

    • * Open up HijackThis again.
      * Click on "Open the Misc Tools section".
      * Click on "Open Uninstall Manager".
      * Click on "Save list".
      * Save it to your Desktop.
      * Copy and paste the list here with the others.
    Thanks.
     
  9. HOBOcs

    HOBOcs Thread Starter

    Joined:
    Jan 5, 2004
    Messages:
    8,500
    First Name:
    Jim
    I did some investigation on my own.
    My explorer error message appears to be a result of a faild SP2 install - so I back it out and reinstalled.
    I also reinstalled AVG anti-spyware and ran that prior to you return - so I did not save the report.

    Followed your instructions.
    About buster
    CCleaner
    HSfix
    Files you indicated were not found.
    Other: When I returned to Normal mode I was noat abale to get to the internet - so I ran winsockfixxp - and I now have regained access.




    Latest HJT
    My issues appear to be only with the 02 entries I cannot get rid of.


    Logfile of HijackThis v1.99.1
    Scan saved at 3:29:29 PM, on 11/12/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Utilities\hijack this\HijackTh.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    O2 - BHO: (no name) - {02B1DD18-286C-7339-2831-1E97FFBF8C58} - (no file)
    O2 - BHO: (no name) - {05DF759A-7AB8-74F8-1007-762880E7156C} - (no file)
    O2 - BHO: (no name) - {073966FB-50D8-55DE-2E21-4EF25367618D} - (no file)
    O2 - BHO: (no name) - {0AF241F4-2D7B-CEAF-AD06-F0A5B6C98D86} - (no file)
    O2 - BHO: (no name) - {13BD8F78-7E21-B649-0FD6-1E7E44CDB342} - (no file)
    O2 - BHO: (no name) - {18A23373-407C-5064-29FC-1C2D804594FA} - (no file)
    O2 - BHO: (no name) - {24FC655B-81EC-FEB9-56AA-B6D3DD9EFE0F} - (no file)
    O2 - BHO: (no name) - {26035A02-7899-DB05-D475-AE4FA3F22563} - (no file)
    O2 - BHO: (no name) - {2846032F-8EA0-4EFF-E13E-006290501796} - (no file)
    O2 - BHO: (no name) - {35BB6475-7B7C-B04E-A3C4-99FEB74D4761} - (no file)
    O2 - BHO: (no name) - {44B25686-99F8-F195-F825-431202F0463F} - (no file)
    O2 - BHO: (no name) - {59EE675B-6A9B-6F9E-50B2-F9D78BD7C3B7} - (no file)
    O2 - BHO: (no name) - {61D7C233-1C3C-2344-8212-77DF99E12940} - (no file)
    O2 - BHO: (no name) - {760FD349-1147-8034-4280-A8F6BEA97A65} - (no file)
    O2 - BHO: (no name) - {862B880F-8C8B-27F3-B154-FA38A4A647BA} - (no file)
    O2 - BHO: (no name) - {8CE9207B-A144-CAF0-58BD-F15E7B49A977} - (no file)
    O2 - BHO: (no name) - {9C1B2B2A-8963-C92B-AF30-4849E4570A9A} - (no file)
    O2 - BHO: (no name) - {9CAD02CC-BB43-75C0-802F-FB2C2F6800B4} - (no file)
    O2 - BHO: (no name) - {AD33C71D-2AED-FD32-6CBA-5204BFD00A87} - (no file)
    O2 - BHO: (no name) - {CB3F3E7C-119E-F9E7-9AC4-5F32D3180EFD} - (no file)
    O2 - BHO: (no name) - {CDA2D77E-431C-B261-D538-A1395D2DA449} - (no file)
    O2 - BHO: (no name) - {D1F78513-F05A-BA7F-9F26-0910C16BA47D} - (no file)
    O2 - BHO: (no name) - {D45F954C-7B53-AE0C-955A-307DD79D8456} - (no file)
    O2 - BHO: (no name) - {DA3BFEDE-5DCB-6D48-F52D-F5F30B78210B} - (no file)
    O2 - BHO: (no name) - {DD49FC7F-E64C-A994-24CA-172CC116D30F} - (no file)
    O2 - BHO: (no name) - {E2D53A22-B5A2-6CEA-2CBA-2124E08BE388} - (no file)
    O2 - BHO: (no name) - {E6510F00-8D63-A5DF-5C50-00AE920791E7} - (no file)
    O2 - BHO: (no name) - {E8CB8F3D-0EF0-B83E-7CE8-95669AA1BCA0} - (no file)
    O2 - BHO: (no name) - {EFC5B77D-89C3-A962-9A96-1C6818B08696} - (no file)
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,911,0
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163137444046
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
     
  10. kdd9

    kdd9

    Joined:
    Mar 24, 2005
    Messages:
    516
    OK. Let's try to get rid of the 02s manually. At this point they are inactive anyway but this should tidy up the HijackThis log.

    Copy the text from the Code box below to Notepad (Not Wordpad). Make sure that there is no space above "REGEDIT4", and that there is a blank line as the bottom line of the text box or the fix will not work.

    Save the file to your Desktop as fix.reg
    Make sure you save it as file type, "All Files".

    Then doubleclick on the new fix.reg icon on the desktop and when it asks you if you want to merge the contents to the registry, click yes/ok.

    Code:
    REGEDIT4
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02B1DD18-286C-7339-2831-1E97FFBF8C58}]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05DF759A-7AB8-74F8-1007-762880E7156C}]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{073966FB-50D8-55DE-2E21-4EF25367618D}]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0AF241F4-2D7B-CEAF-AD06-F0A5B6C98D86}]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13BD8F78-7E21-B649-0FD6-1E7E44CDB342}]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18A23373-407C-5064-29FC-1C2D804594FA}]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{24FC655B-81EC-FEB9-56AA-B6D3DD9EFE0F}]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26035A02-7899-DB05-D475-AE4FA3F22563}]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2846032F-8EA0-4EFF-E13E-006290501796}]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35BB6475-7B7C-B04E-A3C4-99FEB74D4761}]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44B25686-99F8-F195-F825-431202F0463F}]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59EE675B-6A9B-6F9E-50B2-F9D78BD7C3B7}]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61D7C233-1C3C-2344-8212-77DF99E12940}]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{760FD349-1147-8034-4280-A8F6BEA97A65}]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{862B880F-8C8B-27F3-B154-FA38A4A647BA}]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8CE9207B-A144-CAF0-58BD-F15E7B49A977}]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9C1B2B2A-8963-C92B-AF30-4849E4570A9A}]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CAD02CC-BB43-75C0-802F-FB2C2F6800B4}]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AD33C71D-2AED-FD32-6CBA-5204BFD00A87}]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB3F3E7C-119E-F9E7-9AC4-5F32D3180EFD}]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CDA2D77E-431C-B261-D538-A1395D2DA449}]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D1F78513-F05A-BA7F-9F26-0910C16BA47D}]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D45F954C-7B53-AE0C-955A-307DD79D8456}]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA3BFEDE-5DCB-6D48-F52D-F5F30B78210B}]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DD49FC7F-E64C-A994-24CA-172CC116D30F}]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E2D53A22-B5A2-6CEA-2CBA-2124E08BE388}]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E6510F00-8D63-A5DF-5C50-00AE920791E7}]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8CB8F3D-0EF0-B83E-7CE8-95669AA1BCA0}]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EFC5B77D-89C3-A962-9A96-1C6818B08696}]
    
    

    Reboot the pc (Normal Mode) and try another HijackThis scan and we'll see if they are gone.
     
  11. HOBOcs

    HOBOcs Thread Starter

    Joined:
    Jan 5, 2004
    Messages:
    8,500
    First Name:
    Jim
    Resolved - Closed
    Thanks for the assistance(y)
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/516987

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice