Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=54729
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = net3:8080
<only fix this if you did not set this proxy yourself or don`t know what it is.
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: IESideBar - {DFEFF09F-785E-4191-8E5D-A7650A1C4F9A} - shdocvw.dll (file missing)
O9 - Extra 'Tools' menuitem: IESideBar - {DFEFF09F-785E-4191-8E5D-A7650A1C4F9A} - shdocvw.dll (file missing)
O16 - DPF: {FE6A3E85-0F6C-49AD-8843-68FF44E7EEAB} (BHO Class) -
http://plugin.secureservicepack.com/SecureServicePack3.cab
O20 - Winlogon Notify: winoqx32 - winoqx32.dll (file missing)
Click on the fix checked button.
Close HJT and reboot your system.
Other than the above, your HJT log is clean.
bushwhacker: The reason your advice was wrong, you didn`t spot the HijackThis.exe file hadn`t been renamed. Without renaming the HijackThis.exe file, it`s impossible to tell whether there are any hidden nasty entries.
Also, your advice to fix the 023 entries was wrong, as those entries are perfectly safe. The file missing at the end of 023 entries is caused by a small bug in HJT and doesn`t mean anything.
In anycase, 023 entries are run as services and cannot simply be fixed by HJT. The services would have to be stopped and disabled by clicking start/run and typing srevices.msc into the run box and pressing the enter key. You would then have to locate the services and stop them from running as well as setting the startup type to disabled.
Regards Howard
This thread is for the use of Sjbrand99 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.