Pc Noob4life
Posts: 18 +0
Can you please have a look at my log and let me know what to get rid of. thanx
HJT log, PLZ HELP!
- Thread starter Pc Noob4life
- Start date
- Status
howard_hopkinso
Posts: 21,238 +17
Pc Noob4life
Posts: 18 +0
HJT log
Ok, done what u asked. i have a few RUNDLL.EXE but i dont know if they are the ones to delete . thanks
Ok, done what u asked. i have a few RUNDLL.EXE but i dont know if they are the ones to delete . thanks
howard_hopkinso
Posts: 21,238 +17
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
PowerReg Scheduler.exe
Close task manager.
Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).
O4 - Startup: PowerReg Scheduler.exe
Fix all 016-DPF entries.
O17 - HKLM\System\CCS\Services\Tcpip\..\{49D381AC-883F-42F7-BE8E-40554505CD80}: NameServer = 80.225.252.58 80.225.252.50<Only fix this, if it doesn`t belong to your ISP.
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
PowerReg Scheduler.exe
Reboot into normal mode and turn system restore back on.
Other than the above, your HJT log is clean.
Regards Howard
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
PowerReg Scheduler.exe
Close task manager.
Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).
O4 - Startup: PowerReg Scheduler.exe
Fix all 016-DPF entries.
O17 - HKLM\System\CCS\Services\Tcpip\..\{49D381AC-883F-42F7-BE8E-40554505CD80}: NameServer = 80.225.252.58 80.225.252.50<Only fix this, if it doesn`t belong to your ISP.
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
PowerReg Scheduler.exe
Reboot into normal mode and turn system restore back on.
Other than the above, your HJT log is clean.
Regards Howard
Pc Noob4life
Posts: 18 +0
Hi, thanks for that. i guess my comp is in the all clear now. Can you check my HJT log (after doing what you said) just to check i aint got infected after the first HJT log. thanks again.
Pc Noob4life
Posts: 18 +0
HJT log 2 from after scan
howard_hopkinso
Posts: 21,238 +17
You seem to have picked up an infection since your last HJT log.
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
autoclk.exe
Close task manager.
Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).
O4 - HKLM\..\Run: [autoclk] autoclk.exe
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
autoclk.exe
Reboot into normal mode and turn system restore back on.
Post a fresh HJT log.
Regards Howard
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
autoclk.exe
Close task manager.
Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).
O4 - HKLM\..\Run: [autoclk] autoclk.exe
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
autoclk.exe
Reboot into normal mode and turn system restore back on.
Post a fresh HJT log.
Regards Howard
Pc Noob4life
Posts: 18 +0
Ok, deleted: O4 - HKLM\..\Run: [autoclk] autoclk.exe
Thanks for the help
Thanks for the help
Pc Noob4life
Posts: 18 +0
HJT log
Can someone have a look at this log and let me know what to delete plz
Can someone have a look at this log and let me know what to delete plz
howard_hopkinso
Posts: 21,238 +17
I have merged your new thread into this one.
I did ask you to post a fresh HJT log, the last time I posted, but you didn`t.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
VideoEggPublisher.exe
Close task manager.
Have HJT fix these entries.
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{991FBDA8-8D77-4D36-931C-10E975C6F1FB}: NameServer = 80.225.252.58 80.225.252.50<Only fix this, if it doesn`t belong to your ISP.
Other than the above, your HJT log is clean.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of Pc Noob4life only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
I did ask you to post a fresh HJT log, the last time I posted, but you didn`t.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
VideoEggPublisher.exe
Close task manager.
Have HJT fix these entries.
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{991FBDA8-8D77-4D36-931C-10E975C6F1FB}: NameServer = 80.225.252.58 80.225.252.50<Only fix this, if it doesn`t belong to your ISP.
Other than the above, your HJT log is clean.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of Pc Noob4life only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Pc Noob4life
Posts: 18 +0
did i not send u a fresh log? sorry. is that the only prob i have? i got video egg publisher from a legit website www.bebo.com to upload videos for your profile? is this a form of virus?
howard_hopkinso
Posts: 21,238 +17
If you know it`s a legit website, then don`t fix it. I wasn`t sure of it`s origins and that`s why I suggested it be fixed.
As I said, your HJT log is clean.
Regards Howard
Pc Noob4life
Posts: 18 +0
thank you )
)- Status
Similar threads
Latest posts
-
Apple slashes Vision Pro production, might cancel 2025 model in response to plummeting demand- WhoCaresAnymore replied
-
Is there any way to get back my Flash drive data? Free of cost- miahenry replied
