TechSpot

Help with HJT Log, Thanks.

By bay
Feb 20, 2005
  1. Would someone be so kind to help me with my HJT log. I have run Adware, NoAdware, Norton, CWShredder and finally Hijack This. However I still have problems with IE, whenever I open my homepage another page opens aswell. This also happens whenever I click on a link or 'back'. I am not sure which logs I should delete from my HJT report (and not sure if all I have to do is get HJT to fix them?)
    As you may be able to tell I am not really computer literate!

    ps BIG Thanks to realblackstuff he obviously knows what he is doing.
     

    Attached Files:

  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    Boot in Safe Mode
    Switch off System Restore
    Use ctrl/alt/del and in Taskmanager try to stop:

    MsnMsgr.Exe
    emptemp2.exe
    PowerReg Scheduler V3.exe

    Next, UNinstall anything to do with this FAKE:
    C:\Program Files\MSN Messenger\MsnMsgr.Exe

    Next, run HJT on its own and let it 'fix' if still there:
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: emptemp2.lnk = C:\Program Files\Empty Temp Folders 2.8.3\emptemp2.exe
    O4 - Startup: PowerReg Scheduler V3.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1105964427656
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {C20EB175-0DD0-4979-A994-1F0DBA69F627} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1032_EN_XP.cab

    If these are NOT from YOUR ISP, 'fix' with HJT
    O17 - HKLM\System\CCS\Services\Tcpip\..\{98EE1F25-E5F2-4CB3-9E11-0DBA7D058FDF}: NameServer = 203.12.160.35 203.12.160.36

    When done, delete the bold files. When a directory is also bold, delete everything in it, including that directory itself.
    Empty all contents from your \Temp directory.
    Boot normal. If all OK, turn System Restore back on.

    And stop using IE except for Windows updates!
    go to www.getfirefox.com
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.