My hijackthis log

[Majestic]

[EDIT] Hijackthis log has been updated.

Ok,I've done everything as suggested in https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
including the removal tools that I first thought were bad.

I believe I've removed a whole load of virii/torjans etc. Ive tried to reinstall NAV but just before it completes it stops, removes everything and says the installation was interupted. Could this be another virus?

 

[howard_hopkinso]

Hello and welcome to Techspot.

Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: (no name) - {278B661A-14A8-D8B0-6AF4-03088B866149} - C:\WINDOWS\system32\unaoakg.dll

O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt1.dll (file missing)

O4 - HKLM\..\Run: [uhvjsul.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\uhvjsul.dll,mrpmvyf

O17 - HKLM\System\CCS\Services\Tcpip\..\{A9B3A941-A76A-4E51-8470-D2D604486720}: NameServer = 194.72.0.114 62.6.40.162<Only fix this, if it doesn`t belong to your ISP.

Click on the fix checked button.

Close HJT.

Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.

These are the filepaths you need to enter into killbox.

C:\WINDOWS\system32\unaoakg.dll
C:\WINDOWS\system32\uhvjsul.dll,mrpmvyf

Once your system has rebooted, turn system restore back on and rehide your protected OS files.

Post a fresh HJT log and let me know how your system is running.

Regards Howard :wave: :wave:

This thread is for the use of Majestic only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Majestic]

Ok, I've done what you said.

System has been running much better after completing the whole https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/ guide. Except for Iexplorer, which was still being redirected, firefox was fine though.

Now that I've done what you said Iexplorer is running fine.

When I ran the killbox I did exactly what was said but when I tried to kill the second dll, ater the countdown to reebot I got a "pendingfilerenameoperations registry data has been removed by external process" pop up warning thing and it didnt reboot.So I restarted manually.

Is this bad?

 

[howard_hopkinso]

Your HJT log is now clean.

Don`t worry about the killbox message it`s fine. You can now delete the killbox backups folder.

It appears you`re not running any antivirus or firewall software. This is a huge security risk.

Download and install either the free AVG or Avast antivirus programmes and either the free Zonealarm or Kerio firewall programmes. You can get them HERE, HERE, HERE and HERE.

Install whichever firewall you chose, followed by whichever antivirus programme you chose. Reboot your system the required number of times. Run the antivirus updates.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of Majestic only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Majestic]

I've just reinstalled AVG free. Did a full scan and came up clean.

There is one thing however. I can't view streaming video in webpages. It comes up with a "cannot create directshow player" error. My own searching suggestes a dll is corrupt or missing.

Should I try a XP repair? Or would reinstalling DirectX help?

 

[howard_hopkinso]

Before attempting a repair, I suggest you download and install the latest versions of Java and Flash Player. See if that solves your problem.

Regards Howard