Lots of Virus problems
- Thread starter drewbp
- Start date
- Status
howard_hopkinso
Posts: 21,238 +17
wshjc.exe and other problems
I have followed all the directions I was able to follow.
My screen comes up on regular boot, then turns to blue backgroung, then I get the active desktop warnings. I also have 2 items in startup in msconfig that I don't see in the Hack this log gjpfdy in system32, although I can't find it there, and xrcgj, that is a common start up item.
Thanks for the help in advance.
I have followed all the directions I was able to follow.
My screen comes up on regular boot, then turns to blue backgroung, then I get the active desktop warnings. I also have 2 items in startup in msconfig that I don't see in the Hack this log gjpfdy in system32, although I can't find it there, and xrcgj, that is a common start up item.
Thanks for the help in advance.
howard_hopkinso
Posts: 21,238 +17
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Drew's Internet
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\wshjc.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,honnnep.exe
O4 - HKCU\..\Run: [Poay] C:\WINDOWS\ICROSO~1\explorer.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net This entry should be fixed if this address does not belong to your PC-manufacturer or your 'Internet-Service-Provider (ISP)'.
O15 - Trusted Zone: http://officebeta.iponet.net
Fix all 016-DPF entries.
O23 - Service: JavaHMO TiVo TCM (JavaHMO) - Unknown owner - C:\Program Files\JavaHMO\bin\Wrapper.exe" -s "C:\Program Files\JavaHMO\conf\wrapper.conf (file missing)
Click on the fix checked button.
Close HJT.
Reboot into normal mode and turn system restore back on.
Please post a fresh HJT log.
Regards Howard
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Drew's Internet
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\wshjc.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,honnnep.exe
O4 - HKCU\..\Run: [Poay] C:\WINDOWS\ICROSO~1\explorer.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net This entry should be fixed if this address does not belong to your PC-manufacturer or your 'Internet-Service-Provider (ISP)'.
O15 - Trusted Zone: http://officebeta.iponet.net
Fix all 016-DPF entries.
O23 - Service: JavaHMO TiVo TCM (JavaHMO) - Unknown owner - C:\Program Files\JavaHMO\bin\Wrapper.exe" -s "C:\Program Files\JavaHMO\conf\wrapper.conf (file missing)
Click on the fix checked button.
Close HJT.
Reboot into normal mode and turn system restore back on.
Please post a fresh HJT log.
Regards Howard
- Status
Latest posts
-
US TikTok ban could begin next year as Biden signs law, but legal battle looms- GodisanAtheist replied
-
8BitDo updates gamepads with drift-proof hall-effect analog sticks- Daniel Sims replied
-
The Best Handheld Gaming Consoles- amghwk replied