Hello JohnBergt and welcome to
Computer Hope Forum. My name is Superdave but you can just call me SD. I'm sorry I'm so late but we are all busy. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.
1. I will be working on your
Malware issues. This
may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please
DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
Download
Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.
Do not confuse
Windows Messenger with
MSN Messenger because they are not the same.
Windows Messenger is a frequent cause of popups.
Unzip the file on the desktop. Open the
MessengerDisable.exe and choose the bottom box -
Uninstall Windows Messenger and click
Apply.Exit out of
MessengerDisable then delete the two files that were put on the desktop.
Open
HijackThis and select
Do a system scan onlyPlace a check mark next to the following entries: (if there)
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Description: Intel hotkey applet. Unnecessary. Removing this will free up a small amount of system resources.)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] \"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe\" (Description: Adobe reader startup - unnecessarily uses system resources.)
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (Description: Nvidia system tray applet. Not necessary. Removing this entry will free up a small amount of system resources.)
O4 - HKLM\..\Run: [SunJavaUpdateSched] \"C:\Program Files\Java\jre6\bin\jusched.exe\" (Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (Description: WinZip system tray application. Not necessary. Removing this entry will free up a small amount of system resources.)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
Important: Close all open windows except for
HijackThis and then click
Fix checked.Once completed, exit
HijackThis.Please go to
Jotti's malware scan(If more than one file needs scanned they must be done separately and logs posted for each one)* Copy the file path in the below Code box:
C:\WINDOWS\system32\011dc9.exe* At the upload site, click once inside the window next to
Browse.
* Press
Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click
Submit file* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
*
Important: Wait for all of the scanning engines to complete.
*
Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
