someone please read hijack this logfile and tell me what to delete
- Thread starter fruto
- Start date
- Status
howard_hopkinso
Posts: 21,238 +17
Hello and welcome to Techspot.
Go HERE and have your computer scanned.
Then, go and read both these threads by RBS. Follow all the instructions exactly.
How to remove Trojans and its ilk! and How to remove Begin2search / coolwebsearch and other nasties.
Only after doing the above, post a fresh HJT log.
Regards Howard :wave: :wave:
Go HERE and have your computer scanned.
Then, go and read both these threads by RBS. Follow all the instructions exactly.
How to remove Trojans and its ilk! and How to remove Begin2search / coolwebsearch and other nasties.
Only after doing the above, post a fresh HJT log.
Regards Howard :wave: :wave:
howard_hopkinso
Posts: 21,238 +17
Boot into safe mode.
Turn off system restore.
In Windows Explorer, turn on "Show all files and folders, including hidden and system".
Go to add remove programmes in your control panel, and uninstall anything to do with(if there).
C:\Program Files\Daily Weather Forecast\weather.exe
Close control panel.
Open your task manager, by pressing the ctrl/alt/delete keys together.
Click on the processes tab, and end process for(if there).
weather.exe
m?config.exe
Close task manager.
Run HJT with no other programmes open, and have HJT fix the following, by placing a tick in the little box next to(if there).
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://engadget.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R3 - URLSearchHook: (no name) - {927927BB-CC52-B9F6-28E5-C79EFF3802C5} - C:\WINDOWS\system32\psq.dll
O2 - BHO: (no name) - {927927BB-CC52-B9F6-28E5-C79EFF3802C5} - C:\WINDOWS\system32\psq.dll
O4 - HKCU\..\Run: [Perfjcv] C:\WINDOWS\system32\m?config.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.runaware.com/dolphin/wficat.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Support/PestScanner/pestscan.cab
O16 - DPF: {9B8D3E79-A732-4EC0-AEEE-8AF8CDF10D8A} (PalmSourceInstallerX) - http://installer.palmsource.com/PSIWebStub.dll
Now click on the fix checked button.
Close HJT.
Locate, and delete the following bold files(if there).
C:\Program Files\Daily Weather Forecast\weather.exe
C:\WINDOWS\system32\m?config.exe
Boot into normal mode, and turn system restore back on.
Regards Howard
Turn off system restore.
In Windows Explorer, turn on "Show all files and folders, including hidden and system".
Go to add remove programmes in your control panel, and uninstall anything to do with(if there).
C:\Program Files\Daily Weather Forecast\weather.exe
Close control panel.
Open your task manager, by pressing the ctrl/alt/delete keys together.
Click on the processes tab, and end process for(if there).
weather.exe
m?config.exe
Close task manager.
Run HJT with no other programmes open, and have HJT fix the following, by placing a tick in the little box next to(if there).
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://engadget.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R3 - URLSearchHook: (no name) - {927927BB-CC52-B9F6-28E5-C79EFF3802C5} - C:\WINDOWS\system32\psq.dll
O2 - BHO: (no name) - {927927BB-CC52-B9F6-28E5-C79EFF3802C5} - C:\WINDOWS\system32\psq.dll
O4 - HKCU\..\Run: [Perfjcv] C:\WINDOWS\system32\m?config.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.runaware.com/dolphin/wficat.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Support/PestScanner/pestscan.cab
O16 - DPF: {9B8D3E79-A732-4EC0-AEEE-8AF8CDF10D8A} (PalmSourceInstallerX) - http://installer.palmsource.com/PSIWebStub.dll
Now click on the fix checked button.
Close HJT.
Locate, and delete the following bold files(if there).
C:\Program Files\Daily Weather Forecast\weather.exe
C:\WINDOWS\system32\m?config.exe
Boot into normal mode, and turn system restore back on.
Regards Howard
- Status
Latest posts
-
TechSpot is hiring: We're looking for tech enthusiasts with sharp writing skills- Julio Franco replied
-
Viewing a color E-ink display under a 230x digital microscope
- Tinderbox replied
