internet home page
- Thread starter nko
- Start date
howard_hopkinso
Posts: 21,238 +17
howard_hopkinso
Posts: 21,238 +17
That`s as maybe, but an antivirus programme won`t stop every kind of malware there is. That`s why I suggested you post a HJT log as per the instructions in the link I gave you.
Regards Howard
Regards Howard
howard_hopkinso
Posts: 21,238 +17
I have no idea what you`re on about. Are you sure you`ve posted in the right thread?
Regards Howard
Regards Howard
hi! as per your instruction iam attaching the file. pl. advise
thx
nko
thx
nko
howard_hopkinso said:That`s as maybe, but an antivirus programme won`t stop every kind of malware there is. That`s why I suggested you post a HJT log as per the instructions in the link I gave you.
Regards Howard
howard_hopkinso
Posts: 21,238 +17
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKUS\S-1-5-18\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [supportdir] cmd /c "rmdir /q /s "C:\WINDOWS\TEMP\{48227AEB-DC8E-4A90-A274-0B4A39D699B1}"" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'Default user')
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://gujarateducation.gswan.gov.in/e-book/tdserver.cab
O16 - DPF: {1A8AE742-2CDF-43E6-B3B9-C17F0AD302B0} (nCodeC1.nCodectl) - https://www.nprocure.com/include/pki/nCodeC1.CAB
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\WINDOWS\TEMP\{48227AEB-DC8E-4A90-A274-0B4A39D699B1}<Delete the entire folder.
Reboot into normal mode and rehide your protected OS files.
Post a fresh HJT log and let me know how your system is running.
Regards Howard
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKUS\S-1-5-18\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [supportdir] cmd /c "rmdir /q /s "C:\WINDOWS\TEMP\{48227AEB-DC8E-4A90-A274-0B4A39D699B1}"" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'Default user')
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://gujarateducation.gswan.gov.in/e-book/tdserver.cab
O16 - DPF: {1A8AE742-2CDF-43E6-B3B9-C17F0AD302B0} (nCodeC1.nCodectl) - https://www.nprocure.com/include/pki/nCodeC1.CAB
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\WINDOWS\TEMP\{48227AEB-DC8E-4A90-A274-0B4A39D699B1}<Delete the entire folder.
Reboot into normal mode and rehide your protected OS files.
Post a fresh HJT log and let me know how your system is running.
Regards Howard
Similar threads
Latest posts
-
AMD beats Nvidia in German GPU sales with Radeon RX 9070 XT on top- midian182 replied
-
Apple iPhone: The Gadget That Rewired Modern Life- ZedRM replied
