Troj_VB.AML-Ewido log file

Status
Not open for further replies.
Hello and welcome to Techspot.

I see that Ewido has cleaned a lot of crap from your computer.

However, there maybe a lot more left to clean.

Go HERE and follow the instructions exactly.

Post afresh HJT log into this thread, only after doing the above.

Regards Howard :wave: :wave:
 
Hi Howard,

Okay. I downloaded and ran all the software according to the instructions.

Then I rebooted in safe mode and ran HijackThis, created a log file. From there, I'm lost. :( I'm not understanding what I'm supposed to be fixing. lol

Kim
 
You`re not supposed to be fixing anything.

Post your HJT log and I`ll take a look at it and tell you if anything needs to be fixed and how to do it.

Regards Howard :)
 
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [TgAddServer] "C:\@Home\tioga\bin\tgfix" /fds "http://www/download/tioga"

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra button: @Home - {92E71752-3340-4D08-AC68-A93FCAEC29B8} - http://home.excite.ca (file missing) (HKCU)

Fix all 016-DPF entries.

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: winzwr32 - winzwr32.dll (file missing)

Click on the fix checked button.

Close HJT.

Reboot into normal mode and turn system restore back on.

Post a fresh HJT log.


Regards Howard :)

Edit: I suggest you copy and paste this post into a .txt document. That way you can have it open in safe mode while you are fixing the entries I advised.
 
Status
Not open for further replies.

Similar threads

midian182
Think tank warns that North Korea could use Western cloud services for AI-powered military...
Replies
6
Views
185
Underdog
Underdog
E
SK Hynix on track to deliver HBM3E this year, HBM4 memory for next-gen GPUs in 2026
Replies
1
Views
166
letsgoiowa
letsgoiowa
Shawn Knight
The IRS launches a free online tax filing tool in 12 states
Replies
6
Views
126
Uncle Al
Uncle Al

Latest posts

Back