Check logs please

[cjb137]

I have just started getting pop up ads and webpages redirected. One is trying to look like windows defender to get you to install their software.

Thanks for looking and have a Merry Christmas.

 

[gillianbrown]

You're running HijackThis from the wrong location. Please delete your existing copy of HJT and do the following.

Make sure you have the LATEST version of HJT (currently 2.0.0.2) from HERE.

Double-click on the file you just downloaded.
Click on the "Install" button to install.
It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis
Please do not change the default install location.

[center]Very Important.[/center]

You need to rename HijackThis.exe to Crusty.exe. This is because some malware can hide from HijackThis.exe. Follow these instructions in order to do so.

Go to the C:\Program Files\Trend Micro\HijackThis\HijackThis.exe file and right click on HijackThis.exe. Choose rename. Click in the title box and hit the enter key to clear what`s there.

Now type Crusty.exe into the title box and hit the enter key. Right click on the Crusty.exe file and choose "Send to desktop Create Shortcut".

You can now close the HJT directory.


Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: (no name) - {EC9FA9ED-7983-4AB1-94F6-A5BD8C02BA29} - C:\WINDOWS\system32\hgGayxXq.dll (file missing)

Fix all 015 Trusted Zone entries.

O20 - Winlogon Notify: jkkHYqnM - jkkHYqnM.dll (file missing)

Click on the fix checked button.

Close HJT and reboot your system.

Download combofix.exe to your desktop. Double click combofix.exe & follow the prompts. A window will open with a warning. Type "1" (and Enter) to start the fix. When the scan completes it will open a text window.

Do not touch your mouse/keyboard until the scan has completed.[/b] The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Combofix will automatically save the log file to C:\combofix.txt

Please attach the Combofix log as well as a fresh HJT log.

 

[cjb137]

Thanks and here are the new logs.

 

[gillianbrown]

Both logs are clean.

Unless you're still having problems, you should be good to go.

Please download OTMoveIt by OldTimer OTMoveIt.exe, unzip it and place it on your desktop.

1. Double click OTMoveIt.exe to launch it.
2. Click on the CleanUp! button.
3. OTMoveIt will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. You will be prompted to allow the clean up procedure, click Yes
5. When finished exit out of OTMoveIt