1. Print this post out, since you won't have an access to it at some point.
2. Download, and install Spybot (if you don't have it) from here:
http://www.safer-networking.org/en/download/index.html3. Close all windows, except for HJT.
4. Put a checkmark next to following HJT entries:
- O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
- O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
- O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
- O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
- O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
- O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
- O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
- O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
- O2 - BHO: Flash Module - {3039C679-F399-4c5a-B465-47385038D0EC} - ktaskr.dll (file missing)
- O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
- O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
- O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
- O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
- O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
- O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
- O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
- O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
- O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
- O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
- O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
- O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
- O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
- O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
- O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
- O2 - BHO: oembios32.msdn_hlp - {D79E1D43-C805-40EF-8ACB-DFFB17E9A4AF} - C:\WINDOWS\system32\oembios32.dll
- O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
- O2 - BHO: Flash Module - {DF50F976-592A-47a4-81C7-AD34D5A3A947} - btasv.dll (file missing)
- O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
- O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
- O4 - HKLM\..\Run: [AntispyStorm] C:\Program Files\AntispyStorm\AntispyStorm.exe
- O23 - Service: Performance Monitor Command Line Shell (Performance Monitor) - Unknown owner - C:\WINDOWS\perfmon.exe (file missing)
- O23 - Service: tjk8rla0zxexp - Unknown owner - C:\WINDOWS\system32\systs.exe
5. Click on "Fix It" button.
6. Restart your computer in Safe Mode (F8)
7. Run Spybot (click on updates, first), and fix whatever it asks you to fix.
8. Open Windows Explorer. Go Tools>Folder Options, put a checkmark next to "Show hidden files, and folders".
9. Delete following files (if they still exist):
-
AntispyStorm.exe from C:\Program Files\AntispyStorm\
-
perfmon.exe from C:\WINDOWS\
-
systs.exe from C:\WINDOWS\system32\
10. Turn off System Restore.
11. Restart in Normal Mode.
12. Turn System Restore on.
13. Run HJT again, and post back its log back here.