Eliminating the dreaded "winantivirus PRO 2006" malware
- Thread starter Achilles
- Start date
fastco
Posts: 1,075 +2
howard_hopkinso
Posts: 21,238 +17
Hello and welcome to Techspot.
Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - ~EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: (no name) - {c350525f-ebd6-4d76-bb25-e6812dc8948c} - C:\WINDOWS\system32\lsasReg.dll (file missing)
Fix all 016-DPF entries.
O17 - HKLM\System\CCS\Services\Tcpip\..\{2859F36F-BC0D-40AF-B74D-75EB4861782C}: NameServer = 68.237.161.12 71.250.0.12<Only fix this, if it doesn`t belong to your ISP.
O20 - Winlogon Notify: lsasReg - lsasReg.dll (file missing)
Click on the fix checked button.
Close HJT.
Reboot your system and post a fresh HJT log. Please tell us how your system is running now.
Regards Howard :wave: :wave:
Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - ~EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: (no name) - {c350525f-ebd6-4d76-bb25-e6812dc8948c} - C:\WINDOWS\system32\lsasReg.dll (file missing)
Fix all 016-DPF entries.
O17 - HKLM\System\CCS\Services\Tcpip\..\{2859F36F-BC0D-40AF-B74D-75EB4861782C}: NameServer = 68.237.161.12 71.250.0.12<Only fix this, if it doesn`t belong to your ISP.
O20 - Winlogon Notify: lsasReg - lsasReg.dll (file missing)
Click on the fix checked button.
Close HJT.
Reboot your system and post a fresh HJT log. Please tell us how your system is running now.
Regards Howard :wave: :wave:
Similar threads
- Locked
Latest posts
-
Trump warns Apple CEO Tim Cook against expanding iPhone assembly in India- scavengerspc replied
