Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help diagnose


  • Please log in to reply
9 replies to this topic

#1 fuqvision

fuqvision

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 15 December 2004 - 01:08 AM

I have run Spybot S&D, Adaware, CWshredder and HijackThis and all of them clean up my computer, but the next time I reboot and launch the internet, Search Assistant/about blank hijacks my home page. My home page is set to Yahoo.

I notice that 'Search Assistant' is a listed in my 'Add/Remove Programs' list, but when I click on remove, nothing happens.

Out of curiosity, I clicked on start-run-and keyed in 'regedit' then keyed in 'search assistant' and clicked find. Regedit found two entries: SearchAssistant.SearchAssistantOC and
SearchAssistant.SearchAssistantOC.1

Can I delete this?

Here is my latest log: NOTE--when I tell HijackThis to delete R1, R0, etc., entries, they go away, but when I run HijackThis again, they're back.

PLEASE HELP! :flowers:

Logfile of HijackThis v1.98.2
Scan saved at 1:06:26 AM, on 12/15/04
:thumbsup: Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP PRECISIONSCAN\PRECISIONSCAN\HPLAMP.EXE
C:\WINDOWS\SYSTEM\HPSJVXD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\CAERE\PAGEKEEPER30\SYSTEM\PKJOBS.EXE
C:\LOTUS\SMARTCTR\SMARTCTR.EXE
C:\LOTUS\SMARTCTR\SUITEST.EXE
C:\LOTUS\ORGANIZE\EASYCLIP.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\CAERE\PAGEKEEPER30\SYSTEM\PKTOPASS.EXE
C:\PROGRAM FILES\CAERE\PAGEKEEPER30\SYSTEM\PKSLAPI.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WUTEMP\COM_MICROSOFT.Q313829_W98_5285\Q313829.EXE
C:\WINDOWS\TEMP\IXP000.TMP\VERINST.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\HIJACK\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {2DCCE724-4E25-11D9-B588-A2CA1C8111FD} - C:\WINDOWS\SYSTEM\JHKGHIA.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
O4 - HKLM\..\Run: [HPSCANMonitor] C:\WINDOWS\SYSTEM\hpsjvxd.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunOnce: [Registering itss.dll..] C:\WINDOWS\SYSTEM\regsvr32 /s itss.dll
O4 - HKLM\..\RunOnce: [GrpConv] grpconv.exe -o
O4 - HKLM\..\RunOnce: [Registering xenroll.dll..] C:\WINDOWS\SYSTEM\regsvr32 /s xenroll.dll
O4 - HKLM\..\RunOnce: [Registering hhctrl.ocx..] C:\WINDOWS\SYSTEM\regsvr32 /s hhctrl.ocx
O4 - HKLM\..\RunOnce: [Registering itircl.dll..] C:\WINDOWS\SYSTEM\regsvr32 /s itircl.dll
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Startup: PageKeeper Jobs.lnk = C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
O4 - Startup: Lotus SmartCenter.lnk = C:\lotus\smartctr\smartctr.exe
O4 - Startup: Lotus SuiteStart.lnk = C:\lotus\smartctr\suitest.exe
O4 - Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
O4 - Startup: Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O18 - Filter: text/html - {2DCCE723-4E25-11D9-B588-A2CA93688989} - C:\WINDOWS\SYSTEM\JHKGHIA.DLL
O18 - Filter: text/plain - {2DCCE723-4E25-11D9-B588-A2CA93688989} - C:\WINDOWS\SYSTEM\JHKGHIA.DLL

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:57 AM

Posted 16 December 2004 - 10:01 AM

Please follow these steps:

Step 1:

1. Click on Start, then Run and type msinfo32 and press the OK button.
2. Expand the Software Environment section.
3. Expand the System Hooks Section.
4. Look for the which may be listed As:

-Hook type: Window Procedure
-Hooked by: XXXXX.dll
-Application: RUNDLL32.EXE
-Dll path: C:\WINDOWS\SYSTEM\XXXXX.dll
-Application path: C:\WINDOWS\RUNDLL32.EXE

Where XXXXX..dll is the file name.

If you find that file, highlight it with your mouse and click on edit then copy to copy the filename.

Then post that filename with the information in the next step in a reply to this post.

5. Continue to Step 2.

Step 2:

1. Download: "StartDreck" from:

http://www.niksoft.at/download/startdreck.htm

2. Extract the file into c:\startdreck.

3. Navigate to c:\startdreck and double-click on Startdreck.exe

4. When the program opens click on the Config button.

5. Then click on the unmark all button.

6. Then put checkmarks in the following checkboxes:

Under Registry put a checkmark in the Run Keys checkbox.

Under System/Drivers put a check in the Running Proccess checkbox.

7. Press the OK button.

8. Press the Save button. Type in the location you want to save the log to, or use the defaults which will save the log into the directory you are running the program from. If you choose the defaults the filename for the log will be StartDreck.log.

9. Post a copy of the log as a reply to this post.

#3 fuqvision

fuqvision
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 17 December 2004 - 12:45 AM

Hi Grinler,

This is the .dll file from msinfo32:

Window Procedure Hlpj.dll RUNDLL32.EXE C:\WINDOWS\SYSTEM\Hlpj.dll C:\WINDOWS\RUNDLL32.EXE


I then went to step 2 and downloaded "startdreck" and saved it in c:\startdreck, but when I clicked on startdreck.exe an error message popped up saying:

"A required .DLL file, VB40032.DLL was not found"

I saw the above file in the list of files included with startdreck.exe, but I guess for some reason it was where it was supposed to be. Please advise. :thumbsup:

Thanks.

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:57 AM

Posted 17 December 2004 - 01:55 PM

Did you run startdreck from the zip file itself or did you extract it to a directory on your hard drive and run it from there? Sounds like you ran it from the zip file. You need to extract it and run it from where you extracted it

#5 fuqvision

fuqvision
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 19 December 2004 - 12:11 AM

Grinler,

OK, I went and downloaded startdreck and saved it to my desktop. I double-clicked the startdreck winzip icon on the desktop and a list of the downloaded files appeared. I right clicked on startdreck.exe and chose 'extract'. When winzip asked where I wanted to extract to, I chose c:\startdreck. An icon that looks like a campfire appeared in the folder c:\startdreck. I double-clicked the campfire(startdreck) icon expecting the program to open, but I still get the missing VB40032.DLL file.

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:57 AM

Posted 19 December 2004 - 02:07 PM

1. Goto the site : http://www10.brinkster.com/expl0iter/freeatlast/pvtool.htm

2. Download Win98Fix.zip and extract it into c:\win98fix.

3. Navigate to the c:\win98fix folder and double-click on the RunFix.reg. If it prompts you to allow it run, say Yes.

4. When that is done reboot your computer.

5. Now find C:\WINDOWS\SYSTEM\Hlpj.dll which should be visible now and delete the file.

6. Post a new hijackthis log.

#7 fuqvision

fuqvision
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 20 December 2004 - 11:34 PM

Grinler,

I decided that before I followed your latest instructions about going to www.10brinkster.com, I would try the startdreck idea once more. This time, I went to another computer and copied the vb40032.dll file to a disk and loaded it on my computer and startdreck finally opened.

I followed your instructions using startdreck and here is my log:

>>Registry
>>Run Keys
>>Current User
>>Run
*Spysweeper=C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
>>RunOnce
>>Default User
>>Run
*Spysweeper=C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
>>RunOnce
>>Local Machine
>>Run
*ScanRegistry=C:\WINDOWS\scanregw.exe /autorun
*TaskMonitor=C:\WINDOWS\taskmon.exe
*System Tray=SysTray.Exe
*LoadPowerProfile=Rundll32.exe powrprof.dll, LoadCurrentPwrScheme
*HP Lamp=C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HP Lamp.exe
*HPSCANMonitor=C:\WINDOWS\SYSTEM\STIMON.EXE
>>RunOnce
>>RunServices
*LoadPowerProfile=Rundll32.exe powrprof.dll, LoadCurrentPwrScheme
*SchedulingAgent=mstask.exe
>>RunServices
>>RunOnceEx
>>RunServicesOnceEx
>>Files
>>System/Drivers
>>Running Processing
+FFCFE8A3=C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFFDFDF=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
+FFFE284F=C:\WINDOWS\SYSTEM\MPREXE.EXE
+FFFE3287=C:\WINDOWS\SYSTEM\mmtask.tsk
+FFFE5CEB=C:\WINDOWS\SYSTEM\MSTASK.EXE
+FFFEE7EF=C:\WINDOWS\EXPLORER.EXE
+FFFC4907=C:\WINDOWS\TASKMON.EXE
+FFFC0C57=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
+FFFC9AA3=C:\PROGRAM FILES\HEWLETT-PACKARD\HP PRECISIONSCAN\PRECISIONSCAN\HPLAMP.EXE
+FFFCFF93=C:\WINDOWS\SYSTEM\HPSJVXD.EXE
+FFFCFEF7=C:\WINDOWS\SYSTEM\STIMON.EXE
+FFFA5E97=C:\PROGRAM FILES\CAERE\PAGEKEEPER\SYSTEM\PKJOBS.EXE
+FFF9A7D7=C:\LOTUS\SMARTCTR\SMARTCTR.EXE
+FFF9DA4F=C:\LOTUS\SMARTCTR\SUITEST.EXE
+FFFB003F=C:\LOTUS\ORGANIZE\EASYCLIP.EXE
+FFFB6B5F=C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
+FFFB6A53=C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
+FFFBC0B3=C:\WINDOWS\SYSTEM\WMIEXE.EXE
+FFF8D797=C:\PROGRAM FILES\CAERE\PAGEKEEPER30\SYSTEM\PKTOPASS.EXE
+FFF8D6CB+C:\PROGRAM FILES\CAERE\PAGEKEEPER30\SYSTEM\PKSLAPI.EXE
+FFFA0CD3=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
+FFF9970B=C:\WINDOWS\SYSTEM\TAPISRV.EXE
+FFFBDD67=C:\WINDOWS\SYSTEM\RNAAPP.EXE
+FFF63127=C:\WINDOWS\SYSTEM\DDHELP.EXE
+FFFDECIF=C:\WINDOWS\SYSTEM\PSTORES.EXE
+FFF7A187=C:\STARTDRECK\STARTDRECK.EXE
>>Application specific

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:57 AM

Posted 21 December 2004 - 06:23 PM

Ok lets move forward with this:

1. Goto the site : http://www10.brinkster.com/expl0iter/freeatlast/pvtool.htm

2. Download Win98Fix.zip and extract it into c:\win98fix.

3. Navigate to the c:\win98fix folder and double-click on the RunFix.reg. If it prompts you to allow it run, say Yes.

4. When that is done reboot your computer.

5. Now find C:\WINDOWS\SYSTEM\Hlpj.dll which should be visible now and delete the file.

6. Post a new hijackthis log.

#9 fuqvision

fuqvision
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 23 December 2004 - 08:10 PM

OK, I downloaded win98fix.zip and deleted hlph.dll and here is my log:
Logfile of HijackThis v1.98.2
Scan saved at 8:10:58 PM, on 12/23/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

NOTE: In order for me to access this website, I have to run hijackthis and delete all of the O1 and O2 entries (which pertain to 'about.blank/search assistant'). Otherwise, every time I select any site to go to, the hijack (about.blank/search assistant) sends me to their site. Therefore, the log below does not show the O1 or O2 entries.

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP PRECISIONSCAN\PRECISIONSCAN\HPLAMP.EXE
C:\WINDOWS\SYSTEM\HPSJVXD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\CAERE\PAGEKEEPER30\SYSTEM\PKJOBS.EXE
C:\LOTUS\SMARTCTR\SMARTCTR.EXE
C:\LOTUS\SMARTCTR\SUITEST.EXE
C:\LOTUS\ORGANIZE\EASYCLIP.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\CAERE\PAGEKEEPER30\SYSTEM\PKSLAPI.EXE
C:\PROGRAM FILES\CAERE\PAGEKEEPER30\SYSTEM\PKTOPASS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HIJACK\HIJACKTHIS\HIJACKTHIS.EXE

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
O4 - HKLM\..\Run: [HPSCANMonitor] C:\WINDOWS\SYSTEM\hpsjvxd.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Startup: PageKeeper Jobs.lnk = C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
O4 - Startup: Lotus SmartCenter.lnk = C:\lotus\smartctr\smartctr.exe
O4 - Startup: Lotus SuiteStart.lnk = C:\lotus\smartctr\suitest.exe
O4 - Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
O4 - Startup: Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O18 - Filter: text/html - {E8675DA3-52CA-11D9-B588-A5BEC0742515} - C:\WINDOWS\SYSTEM\FLI.DLL
O18 - Filter: text/plain - {E8675DA3-52CA-11D9-B588-A5BEC0742515} - C:\WINDOWS\SYSTEM\FLI.DLL

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:57 AM

Posted 23 December 2004 - 10:54 PM

Print out these instructions and then close all windows including Internet Explorer.


Reboot your computer into Safe Mode


Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:

O18 - Filter: text/html - {E8675DA3-52CA-11D9-B588-A5BEC0742515} - C:\WINDOWS\SYSTEM\FLI.DLL
O18 - Filter: text/plain - {E8675DA3-52CA-11D9-B588-A5BEC0742515} - C:\WINDOWS\SYSTEM\FLI.DLL


Then delete these files or directories (Do not be concerned if they do not exist)

C:\WINDOWS\SYSTEM\FLI.DLL
Reboot your computer to go back to normal mode and post a new log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users