HELP!!! Win32/Nuqel.E and Bankerfox.A...cannot remove!!

View previous topic View next topic Go down

HELP!!! Win32/Nuqel.E and Bankerfox.A...cannot remove!!

Post by Heatherjclay on 13th November 2009, 2:19 am

New to this so not sure what to do here.....but help please!!!

Heatherjclay
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-11-13
OS OS : Windows XP
Points Points : 25829
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HELP!!! Win32/Nuqel.E and Bankerfox.A...cannot remove!!

Post by Dr Jay on 13th November 2009, 2:21 am

Please download A-Squared HiJackFree from [You must be registered and logged in to see this link.] and save it to your Desktop. Double-click to install. When you launch the program, please wait 1 minute to allow it to load all the Processes, Services, etc.
Then, click the following:
Save the log to the Desktop, or some other memorable place. Then, the log shall launch in Notepad. Please post the results of that log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: HELP!!! Win32/Nuqel.E and Bankerfox.A...cannot remove!!

Post by Heatherjclay on 13th November 2009, 2:35 am

Process list saved on 8:34:36 PM, on 11/12/2009
Platform: Windows XP Service Pack 3 (Windows NT 5.1.2600)

[pid] [full path to filename] [file version] [company name]
540 C:\Program Files\a-squared HiJackFree\a2hijackfree.exe 3.1.0.22 Emsi Software GmbH
1460 C:\WINDOWS\AGRSMMSG.exe 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 Agere Systems
3676 C:\WINDOWS\System32\alg.exe 5.1.2600.5512 Microsoft Corporation
352 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 2.50.39.0 Apple Inc.
2432 C:\Program Files\AVG\AVG9\avgam.exe 9.0.0.691 AVG Technologies CZ, s.r.o.
960 C:\Program Files\AVG\AVG9\avgchsvx.exe 9.0.0.676 AVG Technologies CZ, s.r.o.
1312 C:\Program Files\AVG\AVG9\avgcsrvx.exe 9.0.0.663 AVG Technologies CZ, s.r.o.
3280 C:\Program Files\AVG\AVG9\avgcsrvx.exe 9.0.0.663 AVG Technologies CZ, s.r.o.
4140 C:\Program Files\AVG\AVG9\avgcsrvx.exe 9.0.0.663 AVG Technologies CZ, s.r.o.
2552 C:\Program Files\AVG\AVG9\avgnsx.exe 9.0.0.705 AVG Technologies CZ, s.r.o.
1036 C:\Program Files\AVG\AVG9\avgrsx.exe 9.0.0.663 AVG Technologies CZ, s.r.o.
484 C:\Program Files\AVG\AVG9\avgscanx.exe 9.0.0.663 AVG Technologies CZ, s.r.o.
1876 C:\PROGRA~1\AVG\AVG9\avgtray.exe 9.0.0.706 AVG Technologies CZ, s.r.o.
372 C:\Program Files\AVG\AVG9\avgwdsvc.exe 9.0.0.663 AVG Technologies CZ, s.r.o.
3228 C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe 11.80.1065.0 Logitech Inc.
1636 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
492 C:\WINDOWS\system32\csrss.exe 5.1.2600.5512 Microsoft Corporation
1920 C:\WINDOWS\system32\ctfmon.exe 5.1.2600.5512 Microsoft Corporation
308 C:\WINDOWS\Explorer.EXE 6.00.2900.5512 Microsoft Corporation
1480 C:\WINDOWS\FixCamera.exe 1, 0, 0, 9
1356 C:\WINDOWS\system32\hkcmd.exe 3.0.0.3889 Intel Corporation
3836 C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe 053.000.013.000 Hewlett-Packard Co.
1336 C:\windows\system\hpsysdrv.exe 1, 7, 0, 0 Hewlett-Packard Company
1932 C:\WINDOWS\system32\HPZipm12.exe 9, 0, 0, 0 HP
2264 C:\Program Files\Internet Explorer\IEXPLORE.EXE 8.00.6001.18702 Microsoft Corporation
3252 C:\Program Files\Internet Explorer\IEXPLORE.EXE 8.00.6001.18702 Microsoft Corporation
3556 C:\Program Files\iPod\bin\iPodService.exe 8.2.1.6 Apple Inc.
1712 C:\Program Files\iTunes\iTunesHelper.exe 8.2.1.6 Apple Inc.
844 C:\Program Files\Java\jre6\bin\jqs.exe 6.0.110.3 Sun Microsystems, Inc.
1364 C:\HP\KBD\KBD.EXE 1.0.2.0 Hewlett-Packard Company
2232 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe 2.54.11.0 Logitech Inc.
572 C:\WINDOWS\system32\lsass.exe 5.1.2600.5512 Microsoft Corporation
1032 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe 1.17.1048.0 Logitech Inc.
3392 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe 1.17.1048.0 Logitech Inc.
1136 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe 11.80.1048.0 Logitech Inc.
1764 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 7.00.9466 Microsoft Corporation
472 C:\Program Files\Bonjour\mDNSResponder.exe 1,0,6,2 Apple Inc.
1688 C:\Program Files\QuickTime\qttask.exe 7.6.2 Apple Inc.
1680 C:\Program Files\Logitech\QuickCam\Quickcam.exe
1220 C:\Program Files\Common Files\Real\Update_OB\realsched.exe 0.1.0.3034 RealNetworks, Inc.
560 C:\WINDOWS\system32\services.exe 5.1.2600.5755 Microsoft Corporation
424 C:\WINDOWS\System32\smss.exe 5.1.2600.5512 Microsoft Corporation
1388 C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe 2007, 9, 20, 0 SAMSUNG ELECTRONICS
1244 C:\WINDOWS\system32\spoolsv.exe 5.1.2600.5512 Microsoft Corporation
724 C:\WINDOWS\system32\svchost.exe 5.1.2600.5512 Microsoft Corporation
788 C:\WINDOWS\system32\svchost.exe 5.1.2600.5512 Microsoft Corporation
856 C:\WINDOWS\System32\svchost.exe 5.1.2600.5512 Microsoft Corporation
892 C:\WINDOWS\system32\svchost.exe 5.1.2600.5512 Microsoft Corporation
984 C:\WINDOWS\system32\svchost.exe 5.1.2600.5512 Microsoft Corporation
1092 C:\WINDOWS\system32\svchost.exe 5.1.2600.5512 Microsoft Corporation
1992 C:\WINDOWS\system32\svchost.exe 5.1.2600.5512 Microsoft Corporation
2092 C:\WINDOWS\system32\svchost.exe 5.1.2600.5512 Microsoft Corporation
4 N/A
0 N/A
2256 C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
516 C:\WINDOWS\system32\winlogon.exe 5.1.2600.5512 Microsoft Corporation
3404 C:\WINDOWS\system32\wbem\wmiprvse.exe 5.1.2600.5755 Microsoft Corporation
1816 C:\Documents and Settings\HP_Owner\Local Settings\Application Data\gaeipn\yjwlsysguard.exe 5.00.2195.6625 Microsoft Corporation




That

Heatherjclay
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-11-13
OS OS : Windows XP
Points Points : 25829
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HELP!!! Win32/Nuqel.E and Bankerfox.A...cannot remove!!

Post by Dr Jay on 13th November 2009, 3:34 am

Please download: [You must be registered and logged in to see this link.] to your Desktop.
  • Double Click the HijackThis icon, located on your Desktop.
  • By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
    It will also create a shortcut on your Desktop.
  • Accept the license agreement.
  • Click Do a System Scan and Save a Logfile.
  • Please post the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: HELP!!! Win32/Nuqel.E and Bankerfox.A...cannot remove!!

Post by Heatherjclay on 13th November 2009, 4:08 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:08:05 PM, on 11/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\FixCamera.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\gaeipn\yjwlsysguard.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll (file missing)
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.227 antiviraprof2009.microsoft.com
O1 - Hosts: 91.212.127.227 antiviraprof2009.com
O1 - Hosts: 91.212.127.227 [You must be registered and logged in to see this link.]
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [cyqyuskk] C:\Documents and Settings\HP_Owner\Local Settings\Application Data\gaeipn\yjwlsysguard.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cyqyuskk] C:\Documents and Settings\HP_Owner\Local Settings\Application Data\gaeipn\yjwlsysguard.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - [You must be registered and logged in to see this link.]
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - [You must be registered and logged in to see this link.]
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Filter hijack: text/html - {83aac818-04b9-46bf-8fe3-9f49d5bb8669} - C:\WINDOWS\batmeter16.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Windows CardSpace (idsvc) - Unknown owner - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10300 bytes

Heatherjclay
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-11-13
OS OS : Windows XP
Points Points : 25829
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HELP!!! Win32/Nuqel.E and Bankerfox.A...cannot remove!!

Post by Heatherjclay on 13th November 2009, 4:22 am

Have to go to bed and wontbe back until tomorrow night.....do I shut down computer or leave it on and running???? Thank You!

Heatherjclay
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-11-13
OS OS : Windows XP
Points Points : 25829
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HELP!!! Win32/Nuqel.E and Bankerfox.A...cannot remove!!

Post by Dr Jay on 14th November 2009, 1:13 am

Please re-open HijackThis and scan. Check the boxes next to all the entries listed below.

O1 - Hosts: 91.212.127.227 antiviraprof2009.microsoft.com
O1 - Hosts: 91.212.127.227 antiviraprof2009.com
O1 - Hosts: 91.212.127.227 [You must be registered and logged in to see this link.]
O4 - HKLM\..\Run: [cyqyuskk] C:\Documents and Settings\HP_Owner\Local Settings\Application Data\gaeipn\yjwlsysguard.exe
O4 - HKCU\..\Run: [cyqyuskk] C:\Documents and Settings\HP_Owner\Local Settings\Application Data\gaeipn\yjwlsysguard.exe
O18 - Filter hijack: text/html - {83aac818-04b9-46bf-8fe3-9f49d5bb8669} - C:\WINDOWS\batmeter16.dll

Now close all windows other than HijackThis, then click Fix Checked. Close HijackThis.

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Documents and Settings\HP_Owner\Local Settings\Application Data\gaeipn

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):

C:\WINDOWS\batmeter16.dll


Please reboot your computer (back to Normal Mode), and post a new HijackThis log here in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum