Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please check my log [RESOLVED]


  • This topic is locked This topic is locked

#16
alinnh

alinnh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:03:12 PM, 9/2/2005
+ Report-Checksum: 54B69604

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{8DA5457F-A8AA-4CCF-A842-70E6FD274094} -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10020} -> Trojan.FAVADD.C : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{C89E0F84-3C34-43D1-A72C-AF1A160A7C07} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\SecureWin -> Spyware.Adlogix : Cleaned with backup
HKLM\SOFTWARE\skin -> Spyware.Delfin : Cleaned with backup
HKU\.DEFAULT\Software\intexp -> Spyware.IEPlugin : Cleaned with backup
HKU\.DEFAULT\Software\intexp\Config -> Spyware.IEPlugin : Cleaned with backup
HKU\.DEFAULT\Software\intexp\MyFileSystem2 -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-392096884-2334867860-569258666-1008\Software\Bundles -> Spyware.SecondThought : Cleaned with backup
HKU\S-1-5-21-392096884-2334867860-569258666-1008\Software\{12EE7A5E-0674-42f9-A76B-000000004D00} -> Spyware.BrowserAid : Cleaned with backup
HKU\S-1-5-18\Software\intexp -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-18\Software\intexp\Config -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-18\Software\intexp\MyFileSystem2 -> Spyware.IEPlugin : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP190\A0075453.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP208\A0075755.exe -> Spyware.AproposMedia : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP208\A0075756.dll -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP208\A0075757.dll -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP208\A0075759.dll -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP208\A0075760.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP208\A0075761.dll -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP208\A0075793.exe -> Spyware.Broadcap.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP217\A0076461.dll -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP222\A0079245.exe -> Spyware.VX2 : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP222\A0079246.exe -> Spyware.Broadcap.d : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP222\A0079247.cfg -> Spyware.FlashEnhancer : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP222\A0079252.exe -> Heuristic.Win32.AVKiller : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP222\A0079255.exe -> Spyware.VX2 : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP222\A0079260.exe -> Spyware.HotSearchBar.d : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP222\A0079264.dll -> Spyware.Adstart : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP222\A0079265.exe -> Spyware.Adstart : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP222\A0079266.exe -> Spyware.Adstart : Cleaned with backup


::Report End
  • 0

Advertisements


#17
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi,

The log looks fine. All the entries were taken care of by Ewido

How is your PC behaving now ??
  • 0

#18
alinnh

alinnh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Pretty good except for some things that Zone alarm is picking up.
A program called BPCv2.exe, also with other variations, keeps trying to access the internet to 66.230.182.34 which is destination DNS "www.broadcastpc.tv". This one is very persistant.

Also this one, which is called Fax server fxssvc.exe to 127.0.0.1:1024 to destination DNS "loopback" This one was a frequent one before we started working on this sick puppy.

I blocked access for the above in zone alarm.

Still having trouble with manipulating the user accounts in the control panel.
Getting that internet explorer pop up with the "about blank in the address window.

Things are looking up though.
Thanks
Al
By the way this is my niece's pc and I offered to fix it for her.
  • 0

#19
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Run Hijack This and click on scan. The following items need to be fixed -

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [BPCv2] C:\Program Files\bpc_search\BPCv2.exe


Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.

Open Add or Remove Programs (click on Start ---> Settings ---> Control panel. This should be the 3rd item). Uninstall or remove the following items -

RVP

Open Windows Explorer (right click on Start and then click on explore). Locate and delete the following folder -

C:\Program Files\bpc_search


Click on Start ---> Run. Type Services.msc and hit enter. Locate the item - Fax. Right click on it and then click on properties. In the Startup Type choose the option Disable. Close the window.

(Due to this action you will not be able to send or receive faxes from your PC !!!! If you want to do that, the in services.msc choose the option manual / automatic)

Let me know how this goes and whether your firewall continues to warn you !!!!

Edited by tampabelle, 03 September 2005 - 09:35 AM.

  • 0

#20
alinnh

alinnh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
I was able to do everything except remove RVP. It wasn't in the Add/remove list in control panel.

I have the firewall set to show allalerts. I'll watch it for a while after I reboot, and let you know what I see. Trying to figure out if there is a way to send the ZA alert log to you.
  • 0

#21
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
I doubt if those things are going to pop-up in Zone Alarm !!!!

Is your IE - About Blank issue resolved ???

What exactly is the problem with the "use accounts"?? If you can be a bit more specific, maybe we can pinpoint the source of the problem.
  • 0

#22
alinnh

alinnh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Zone alarm is running clean.

I logged in under the other two user accounts on this pc and ran ewido. It picked up and cured 3 infections in each user. All the same files. Have rebooted several times and run ewido again without any errors.

Each user is classified as an administrator and neither needs a password to log in windows. As far as keeping out the spys goes, would it be best for each user to have a password to login?

When I go to user accounts in the control panel, there is a box in the upper left thats labeled "learn about". If I click on any of those three topics within that box, I get "specified module cannot be loaded" Then I click on the OK and up pops internet explorer with about:blank in its address window. I can close out that IE window ok after though.

Also in that same user accounts under "Pick a task", If I click on "change the way users log on or off I get "specified module cannot be loaded" again and I click on "OK" but the IE does not pop up this time. I do get to the two "Logon and logoff options" ok but when I check off one of those two selections like "use fast user switching" and click on apply options it won't take. When I go back into Logon and logoff options neither box that I checked ("use fast user switching" or the "use the welcome screen" remains checked.

Thanks again
Al
  • 0

#23
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Lets try this first -

Click on Start ---> Run. Type in

sfc /scannow

and hit enter.

This will check the integrity of all the system files.

Let me know how it goes.
  • 0

#24
alinnh

alinnh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi Tampabelle,

I did that scan and it just scanned to the end and that was it.

I tried going into the user accounts stuff and that remains the same as before with the problems I described in last post.

Just in case its related:
I don't mean to annoy you with more promblems, but there is a small screen that pops up when logging off and switching between the three users.
It says "Digital line detected (PBX): please verify that your phone line from your computer is directly connected tp a standard analog modem or fax line"

I am using broadband here at my house to fix this. Don't know how my niece will use this to get online once it is back to her house.
Thanks
  • 0

#25
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
O4 - Global Startup: Digital Line Detect.lnk = ?

This line in Hijack THis log is the cause of that.

This program checks whether the line you are connected to is a analog line or a digital line. The reason is that digital line operates at higher voltages than analog lines and this could fry your modem if the analog modem is connected to a digital line.

Typically digital lines are part of a PABX system !!

In any case please check with your ISP whether you can disable this check !! If the ISP tells you to disable this check, then you can fix the entry in HJT !!

Let me know how it goes
  • 0

Advertisements


#26
alinnh

alinnh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
For now what I did is disable the dlg startup in msconfig. That took care of that pop up about the digital line when switching between users.

The other problem still remains in the user accounts.
The PC is set up so each user is classified as an administrator and neither needs a password to log in windows. As far as keeping out the spys goes, would it be best for each user to have a password to login?

When I go to user accounts in the control panel, there is a box in the upper left thats labeled "learn about". If I click on any of those three topics within that box, I get "specified module cannot be loaded" Then I click on the OK and up pops internet explorer with about:blank in its address window. I can close out that IE window ok after though.

Also in that same user accounts under "Pick a task", If I click on "change the way users log on or off I get "specified module cannot be loaded" again and I click on "OK" but the IE does not pop up this time. I do get to the two "Logon and logoff options" ok but when I check off one of those two selections like "use fast user switching" and click on apply options it won't take. When I go back into Logon and logoff options neither box that I checked ("use fast user switching" or the "use the welcome screen" remains checked.

Edited by alinnh, 04 September 2005 - 08:43 PM.

  • 0

#27
alinnh

alinnh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi Tampabelle,

Looks like I got the user accounts fixed. I followed a procedure in your XP forum to repair XP and now I can do the user accounts ok.

Now I have some questions for you.

Should each of the three users on this pc use passwords to log into windows?
I am wondering if doing so would better protect the pc from hackers? The way they do it now is just click on their name and in they go.

Also,
I have free spyware blaster installed and is set for automatic updates for its definitions. Is this a good one to have in case the users don't update the definitions frequently? I also have adawareSe and spybot.
Have avg free also and of course Zone Alarm.

Any recommendations are appreciated.

Thanks again
Al
  • 0

#28
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Al,

I was leaning towards the Windows Repair install. Looks like you found it and resolved the issue. Good.

Password for the login name is only for the "physical protection" of the contents of the PC. Passwords dont have an impact / impede infections.

No program is good, if you dont get the updates frequently. A lot of the programs do the updates frequently. In cases where updates are not available automatically (typically where the product has been downloaded as a "freeware", the programs should be manually updated.

If you post a fresh HJT log, I can check if you need any additional protection !!!

Edited by tampabelle, 06 September 2005 - 11:14 AM.

  • 0

#29
alinnh

alinnh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Logfile of HijackThis v1.99.1
Scan saved at 6:18:55 PM, on 9/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\WINDOWS\System32\lexpps.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Coleen S\Desktop\PC Repair programs\hijack this\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: winlogin.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: PCPitstop-Tracks-Checker - http://www.pcpitstop...y/PCPTracks.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...83/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1125176987790
O16 - DPF: {69AE25AC-A688-429F-AF30-6CBD5A64FAAC} - http://www.alwaysupd...om/install2.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {BC18E6DF-BE57-4580-93E8-F228F9A133AA} (MaxisSimCity4LotTeleX Control) - http://simcity.ea.co...ty4LotTeleX.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,20/mcgdmgr.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.co...ty4PatcherX.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#30
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Al,

Looks like we forgot the winlogin entry !!!


1) Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.

2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

3) Once in Safe Mode, please run Killbox.

4) Select "Delete on Reboot".

5) Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogin.exe
C:\WINDOWS\system32\winlogin.exe


6) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

7) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

Let the system reboot.

Run Hijack This and click on scan. The following items need to be fixed -

O4 - Global Startup: winlogin.exe

Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.

Reboot the PC and post a fresh HJT log
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP