Move HJT to its OWN directory, not in Temp or Desktop
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
Boot in Safe Mode.
Switch System restore OFF.
Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:
GameDrvr.exe
rjrnma.exe
Nail.exe
GameChannel.exe
Netsurf.exe
vngC.exe
KHost.exe
unip.exe
cewvusd.exe
adwarealert.Exe
oiljzlp.exe
winser32.exe
ycld3x40.exe
Next, click on Start/Run and type in nail.exe /FullRemove’ and click OK. Leave the command session.
Next, try to UNinstall anything to do with (not delete yet!):
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\Program Files\Optimum Online\Netsurf.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\AdwareAlert\adwarealert.Exe
C:\Program Files\AOL Toolbar\toolbar.dl
Next, run a HJT scan and place a tick-mark in the little square before (if still there):
...................................................................................................
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\WINDOWS\System32\rjrnma.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [vngC] C:\documents and settings\owner\local settings\temp\vngC.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [unip] C:\WINDOWS\Fonts\unip.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [v72O39P] cewvusd.exe
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\adwarealert.Exe -boot
O4 - HKLM\..\Run: [ptkzux] c:\windows\system32\oiljzlp.exe r
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\rjrnma.exe reg_run
O4 - HKLM\..\RunServices: [Windows32 Serivces] winser32.exe
O4 - HKCU\..\Run: [ewtERVjsg] ycld3x40.exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
Fix ALL your O16 - DPF: entries
Fix this O17 if it is not an IP-address from your ISP
O17 - HKLM\System\CCS\Services\Tcpip\..\{27717353-5445-4135-8A1C-2EFA9018700D}: NameServer = 205.188.146.145
O23 - Service: Srv32 - Unknown owner - C:\WINDOWS\system32\srv32.exe (file missing)
...................................................................................................
Now click on the Fix Checked button in HJT.
When done, from between the dotted lines, delete the highlighted bold files.
When a \directory-name\ is bold, delete everything in it, including that directory itself.
Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
Repeat this for ALL [usernames].
Boot normal. When all OK, switch System Restore back on.
Amazon denies claims it started a business just to spy on rivals
The Best Phones: Top Picks for Every Price Range
Sony's Ghost of Tsushima brings familiar PlayStation features to PC
