Sorry, HJT file now *attached*

Status
Not open for further replies.
Still no HJT log!!

Go HERE and follow the instructions exactly.

Once you have done that, go HERE for instructions on how to post your Hijackthis log as an attatchment.

Regards Howard :) :)
 
Boot in Safe Mode.
Switch System restore OFF, see how here.
In Windows Explorer, turn on "show all files and folders, including hidden and system". See how here.
Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:
fash.exe <<== IBIS toolbar/Hijacker
nnkjrj.exe
PowerReg Scheduler.exe

Next, run a HJT scan and place a tick-mark in the little square before (if still there):
...................................................................................................
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\nnkjrj.exe reg_run
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: Add to White List - C:\Program Files\Advanced Searchbar\addtolist.js
O8 - Extra context menu item: Delete from White List - C:\Program Files\Advanced Searchbar\delfromlist.js
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\wncsvc.dll
...................................................................................................
Now click on the Fix Checked button in HJT.

When done, from between the dotted lines, delete the highlighted bold files.
When a \directory-name\ is bold, delete everything in it, including that directory itself.
Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
Repeat this for ALL [usernames].
Delete all files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
Boot normal. When all OK, switch System Restore back on.
 
Thanks - the popups have ceased, but I'm still having a problem with unwanted downloads onto my desktop. Also, there are some files that I can't delete from TEMP because access is denied - even in safe mode. Lastly, I don't understand what you mean by "from between the dotted lines, delete the highlighted bold files." After I run a scan and fix the selected items, my HJT screen is blank. I've attached my new HJT file - thanks again for your help.
 
Where the hell do you think those dotted lines are? Starts with m, ends with oron.

Boot in Safe Mode.
Switch System restore OFF, see how here.
In Windows Explorer, turn on "show all files and folders, including hidden and system". See how here.
Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:
casclient.exe

Next, try to UNinstall anything to do with (not delete yet!):
C:\Program Files\Cas\Client\casclient.exe

Next, run a HJT scan and place a tick-mark in the little square before (if still there):
...................................................................................................
C:\Program Files\Cas\Client\casclient.exe
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll
O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\wncsvc.dll
...................................................................................................
Now click on the Fix Checked button in HJT.

When done, from between the above dotted lines, delete the highlighted bold files.
When a \directory-name\ is bold, delete everything in it, including that directory itself.
Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
Repeat this for ALL [usernames].
Delete all files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
Boot normal. When all OK, switch System Restore back on.
 
When I copy and paste your instructions to MS Word so I can read them in safe mode, green squiggly lines cover up the dotted lines - and nothing is bolded. Maybe it's my old 97 version of MS Office that does that, but I don't need your ridicule. We can't all be computer dorks like yourself. Starts with "A" ends with "sshole"
 
Don't blame us for your non-functional software.
And it's amazing how quickly you can end up on someone's hitlist. You just made it...
 
Status
Not open for further replies.

Similar threads

R
Solved Norton blocked attack by: System Infected: Miner.Bitcoinminer Activity #
2
Replies
32
Views
3K
Broni
Broni
A
Some QNAP NAS devices affected by a critical vulnerability, updates available right now
Replies
4
Views
175
Puiu
Puiu
Shawn Knight
The IRS launches a free online tax filing tool in 12 states
Replies
6
Views
135
Uncle Al
Uncle Al

Latest posts

Back