Darn pop ups! HJT file attached
- Thread starter vankanma
- Start date
- Status
RealBlackStuff
Posts: 6,450 +3
C:\Documents and Settings\Mark\Desktop\HijackThis.exe
Put HijackThis in e.g. C:\Program Files\HJT and NOT in Temp or on the Desktop!.
First Read: Only use these HJT-instructions when asked!
/P/ Process needs to be stopped
/U/ UNinstall anything to do with this
/R/ unRegister the xxx.DLL in that line
Transfer the text from between these dotted lines underneath to between the dotted lines of that post.
Make sure to follow ALL instructions in SEQUENCE, and in HiJackThis tick/fix ALL lines indicated here!
...................................................................................................
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
/P/U/ O4 - HKCU\..\Run: [wkkf] C:\PROGRA~1\COMMON~1\wkkf\wkkfm.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1106167466328
/R/ O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\j42q0ef5eh2.dll
...................................................................................................
STOP using that crappy IE (other than for Windows-updates) and install Firefox from www.getfirefox.com
Put HijackThis in e.g. C:\Program Files\HJT and NOT in Temp or on the Desktop!.
First Read: Only use these HJT-instructions when asked!
/P/ Process needs to be stopped
/U/ UNinstall anything to do with this
/R/ unRegister the xxx.DLL in that line
Transfer the text from between these dotted lines underneath to between the dotted lines of that post.
Make sure to follow ALL instructions in SEQUENCE, and in HiJackThis tick/fix ALL lines indicated here!
...................................................................................................
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
/P/U/ O4 - HKCU\..\Run: [wkkf] C:\PROGRA~1\COMMON~1\wkkf\wkkfm.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1106167466328
/R/ O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\j42q0ef5eh2.dll
...................................................................................................
STOP using that crappy IE (other than for Windows-updates) and install Firefox from www.getfirefox.com
still popping
Thanks for looking into this, but it's still popping.
I notice some of the things you asked to fix were not there or only shows up in normal boot mode.
I've attached two more logs, one for safe mode and the other for normal boot.
I use Firefox at home, but I'm stuck with IE at work.
Thanks for looking into this, but it's still popping.
I notice some of the things you asked to fix were not there or only shows up in normal boot mode.
I've attached two more logs, one for safe mode and the other for normal boot.
I use Firefox at home, but I'm stuck with IE at work.
RealBlackStuff
Posts: 6,450 +3
First Read: Only use these HJT-instructions when asked!
/R/ unRegister the xxx.DLL in that line
Transfer the text from between these dotted lines underneath to between the dotted lines of that post.
Make sure to follow ALL instructions in SEQUENCE, and in HiJackThis tick/fix ALL lines indicated here!
...................................................................................................
/R/ O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\mv24l9fq1.dll
...................................................................................................
STOP using that crappy IE (other than for Windows-updates) and install Firefox from www.getfirefox.com
/R/ unRegister the xxx.DLL in that line
Transfer the text from between these dotted lines underneath to between the dotted lines of that post.
Make sure to follow ALL instructions in SEQUENCE, and in HiJackThis tick/fix ALL lines indicated here!
...................................................................................................
/R/ O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\mv24l9fq1.dll
...................................................................................................
STOP using that crappy IE (other than for Windows-updates) and install Firefox from www.getfirefox.com
This line keeps coming back but with a different xxx.dll, I tried delete on reboot with no luck.
...................................................................................................
/R/ O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\mv24l9fq1.dll
...................................................................................................
I re-ran adaware but this time with the Vx2 plugin, it reports "Posssible new VX2 variant file: C:\WINDOWS\system32\f6l02g3mg6.dll" the clean button is greyed out.
What to do next?
...................................................................................................
/R/ O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\mv24l9fq1.dll
...................................................................................................
I re-ran adaware but this time with the Vx2 plugin, it reports "Posssible new VX2 variant file: C:\WINDOWS\system32\f6l02g3mg6.dll" the clean button is greyed out.
What to do next?
Vigilante
Posts: 1,634 +0
You want to go in Safe Mode when removing this. And not go to Normal Mode until you are clean.
The Notify key is in the registry (start-run-regedit) under:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Delete the Key on the left which references the bad DLL on the right. Then find and delete the DLL in Explorer.
However, it is possible that this file is referenced in other places in the registry, namely, a service. If so, other such references should be deleted as well.
The problem is that this DLL may not be the "main" baddy, there could be a daddy program that is restarting and renaming it.
So if you delete the Notify entry manually in Safe Mode, and it comes back, you've got some nasties in there which may need more advanced techniques to remove.
If you don't want to edit the registry, then just tell us what IS in the Notify key, and what file it points to on the right-hand side of regedit. Then do a search for that file and post here what other keys it is referenced by.
If all this sounds scary to you, you may just want to take it somewhere to be fixed.
The Notify key is in the registry (start-run-regedit) under:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Delete the Key on the left which references the bad DLL on the right. Then find and delete the DLL in Explorer.
However, it is possible that this file is referenced in other places in the registry, namely, a service. If so, other such references should be deleted as well.
The problem is that this DLL may not be the "main" baddy, there could be a daddy program that is restarting and renaming it.
So if you delete the Notify entry manually in Safe Mode, and it comes back, you've got some nasties in there which may need more advanced techniques to remove.
If you don't want to edit the registry, then just tell us what IS in the Notify key, and what file it points to on the right-hand side of regedit. Then do a search for that file and post here what other keys it is referenced by.
If all this sounds scary to you, you may just want to take it somewhere to be fixed.
- Status
Similar threads
Latest posts
-
Tesla is laying off 10% of global workforce amid declining sales and production cuts- captaincranky replied
-
Samsung's 2024 TV lineup receives a new 98-inch model for $3,999- Squid Surprise replied
-
How to play PS1 Doom on PC (and why you might want to)- Daniel Sims replied
-
Boston Dynamics unveils impressive all-electric Atlas robot- RudyBob replied
