8 steps logs inside
- Thread starter gmh265
- Start date
touch
Posts: 976 +0
Run a scan with HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):
F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system\svchost.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Reboot to safe mode:
Begin tapping the F8 key every few seconds as the system boots up until the screen offering
the Safe Mode option appears (if Windows launches before you can choose a Safe Mode, restart your
computer and try again).
SHOW HIDDEN FILES
1. Click Start button, then go to Programs, Accessories and click on Windows Explorer.
2. Select the Tools menu and click Folder Options.
3. Select the View Tab.
4. Under the "Hidden files and folders" heading please check Show hidden files and folders.
5. Uncheck the Hide protected operating system files (Recommended) option.
6. Click Yes to confirm.
7. Click OK.
Delete this file ->
C:\WINDOWS\system\svchost.exe
NB. You have a legal Microsoft svchost.exe file, located here:
C:\WINDOWS\system32\svchost.exe << don´t delete it
Reboot normally, post new hijackthis log (attacht it) and tell how things are running now
F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system\svchost.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Reboot to safe mode:
Begin tapping the F8 key every few seconds as the system boots up until the screen offering
the Safe Mode option appears (if Windows launches before you can choose a Safe Mode, restart your
computer and try again).
SHOW HIDDEN FILES
1. Click Start button, then go to Programs, Accessories and click on Windows Explorer.
2. Select the Tools menu and click Folder Options.
3. Select the View Tab.
4. Under the "Hidden files and folders" heading please check Show hidden files and folders.
5. Uncheck the Hide protected operating system files (Recommended) option.
6. Click Yes to confirm.
7. Click OK.
Delete this file ->
C:\WINDOWS\system\svchost.exe
NB. You have a legal Microsoft svchost.exe file, located here:
C:\WINDOWS\system32\svchost.exe << don´t delete it
Reboot normally, post new hijackthis log (attacht it) and tell how things are running now
kritius
Posts: 2,077 +0
The F2 entry is fine. Leave it alone.
I don't see an anitivirus program installed.
Today's internet is simply suicide without an up to date antivirus.
Not much point in you and I cleaning up the system if you refuse to protect yourself.
However -- if you don't understand or cannot install an antivirus -- please let me know.
Please download ONE of the following antivirus programs and install it.
Once installed, Update it, run full system scan with it and allow it to fix up what it wants.
Reboot if it fixed anything.
You should get a firewall as well, either,
Rename HijackThis.exe to gmh265.exe by doing the following;
- Navigate here using Windows Explorer (windows button + E) or My Computer -> Local Disk C: -> C:\Program Files\Trend Micro\HijackThis
- Right-click on the HijackThis.exe
- Choose from the pull-down menu; "Rename"
- And now Rename HijackThis.exe to gmh265.exe
- When you've renamed HijackThis, open HijackThis again.
- Take a fresh HijackThis log (click Do a system scan and save a log file)
- Post the fresh HijackThis log here.
Are you working off the same Hijackthis log kritius?
Here's what I say (just to put 3 points of view into this
Uninstall your AVG Antivirus
Then run the removal tool
Here is the 32Bit version (most users): http://www.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe
Here is the 64Bit version: http://www.avg.com/filedir/util/avg_arv_sup_____.dir/avgremoverx64.exe
Install Avira free AntiVirus
Start up Malwarebytes again; Update it; then run another full scan (remove all found Malwares)
kritius
Posts: 2,077 +0
Potentially not, had three or four logs open at once. Don't know how I missed it. Must still be rusty.
Hi kritius
Don't I know know how easy that is as i have done it often. Not so much that i had them open but after reading several in succession remember the wrong one!
For the fourth point of view, the F2 should be removed as even tho it is the legit svchost running from the correct location, it should not be attached to userinit.
Removing the F2 will only un-attach it from the userinit and will not bother the svchost!
Mike
Don't I know know how easy that is as i have done it often. Not so much that i had them open but after reading several in succession remember the wrong one!
For the fourth point of view, the F2 should be removed as even tho it is the legit svchost running from the correct location, it should not be attached to userinit.
Removing the F2 will only un-attach it from the userinit and will not bother the svchost!
Mike
Similar threads
Latest posts
-
The OLED Burn-In Test: 15-Month Update- BlackyNoir replied
-
AI flunks logic test: Multiple studies reveal illusion of reasoning- MasterAce replied
