Indeed still a hole bunch left , but we'll get them.
Please download
Process Explorer by Systernals from
HERE.
Also download
KillBox by Option^Explicit from
HERE.
Download
Smitrem to your desktop:
http://noahdfear.geekstogo.com/click...click.php?id=1
Run the installer and then press Start to Extract the
files to the desktop, Do not run it yet.
Reboot into safe mode (Reboot and keep tapping F8 then choose safe mode from the list)
Run Smitrem:
Open the SmitRem folder and double click the "RunThis.bat"
file to start the tool , Follow the prompts on
screen. Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of the drive that you ran the batch file on, eg; Local Disk C: or partition where your operating system is installed. Please attach this log to your next reply.
Reboot in safemode again.
Unzip
Process Explorer and double click on
procexp.exe
In the top section of the Process Exlporer screen double click on
winlogon.exe to bring up the winlogon.exe properties screen. Click on the
Threads tab at the top.
Once you see this screen click on each instance of
winrso32.dll once and then click the
kill button.
After you have killed all of the
winrso32.dll's under winlogon click
OK.
Next In the top section of the Process Exlporer screen again , double click on
explorer.exe and again click once on each instance of
winrso32.dll then click the
kill button.
Once you have done that click
OK again.
Then fix these entry's with
hjt:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {38CA6F55-A4BC-D410-CF4A-DBEF460EA2E5} - C:\WINDOWS\system32\supexda.dll
O20 - Winlogon Notify: winrso32 - C:\WINDOWS\SYSTEM32\winrso32.dll
Delete the file in bold , and run Ccleaner again.
Also manually delete these files if still present:
C:\Documents and Settings\Mark\Local Settings\Temp\
ddl17F1.tmp.exe
C:\Documents and Settings\Mark\My Documents\
Windows_98_SE_OEM_and_Office_2000_Serial_Keys_Coll ection_www.crack.cd_.zip[kje.exe]
c:\Program Files\
srar
C:\Documents and Settings\All Users\Application Data\
Starware
C:\Documents and Settings\Mark\My Documents\
?icrosoft
Double click on
Killbox.exe and then check the
delete on reboot button.
Enter the following filepath and filename into the Full path of file to delete box:
C:\WINDOWS\SYSTEM32\winrso32.dll
Click the
red circle with the white x and allow your computer to reboot.
(if killbox doesn't reboot on its own then please reboot manually)
You will need to reload your wallpaper as the SmitRem
tool will reset it, you can do this by right clicking
desktop and choosing properties, First check Theme and
set it to Windows XP then click the Desktop tab and
choose the one you want to use and press apply.
install and run RegSupremePro. It will want to make a backup of your registry , let it. Once it has finished, click on the Registry Cleaner tab, select Aggressive. When it has completed, click on Select, choose All. Click on Fix, and let it fix everything that it finds.
http://www.majorgeeks.com/download4256.html
Now please post a new
hjt log (out of regular mode , not safemode) , and the smitrem log.
I would also recommend to have a firewall installed , see our download section for free ones.
[Fixed] popups and general weirdness
PC Help Forum
» Security & Safety
» [Fixed] Hijackthis! Logs
»
[Fixed] popups and general weirdness
Linear Mode
