could someone look at this HijackThis log file? any nasties?
- Thread starter josharm
- Start date
- Status
howard_hopkinso
Posts: 21,238 +17
howard_hopkinso
Posts: 21,238 +17
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Click start/run and type services.msc into the run box and press the enter key.
When the window appears, maximise it. Locate the following services(if there) and double click on them. Select stop if they are running and set the startup type to disabled. Click apply/ok.
Microsoft Update
Close the services window.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
wuammgr32.exe
Close task manager.
Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).
R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O1 - Hosts: This *must* be the first line: 127.0.0.1 localhost #
O4 - HKLM\..\Run: [Microsoft Update] wuammgr32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuammgr32.exe
O4 - HKCU\..\Run: [Microsoft Update] wuammgr32.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site .cab?1142554795390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_si te.cab?1142563056328
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files(if there).
wuammgr32.exe You will need to search your computer to find this file.
Reboot into normal mode and turn system restore back on.
Regards Howard
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Click start/run and type services.msc into the run box and press the enter key.
When the window appears, maximise it. Locate the following services(if there) and double click on them. Select stop if they are running and set the startup type to disabled. Click apply/ok.
Microsoft Update
Close the services window.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
wuammgr32.exe
Close task manager.
Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).
R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O1 - Hosts: This *must* be the first line: 127.0.0.1 localhost #
O4 - HKLM\..\Run: [Microsoft Update] wuammgr32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuammgr32.exe
O4 - HKCU\..\Run: [Microsoft Update] wuammgr32.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site .cab?1142554795390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_si te.cab?1142563056328
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files(if there).
wuammgr32.exe You will need to search your computer to find this file.
Reboot into normal mode and turn system restore back on.
Regards Howard
howard_hopkinso
Posts: 21,238 +17
Your HJT log is clean.
Regards Howard
Regards Howard
- Status
