SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\shchostv.exe
F3 - REG:win.ini: load=C:\WINDOWS\System32\shchostv.exe
F3 - REG:win.ini: run=C:\WINDOWS\System32\shchostv.exe
O2 - BHO: C:\WINDOWS\System32\304A4.dll - {855875B5-93F3-429D-FF34-660B206D897C} - C:\WINDOWS\System32\304A4.dll
O4 - HKLM\..\Run: [WIN_DRIVR32] C:\WINDOWS\System32\shchostv.exe
O4 - HKLM\..\RunOnce: [WIN_DRIVR32] C:\WINDOWS\System32\shchostv.exe
O4 - HKCU\..\Run: [WIN_DRIVR32] C:\WINDOWS\System32\shchostv.exe
O4 - HKCU\..\RunOnce: [WIN_DRIVR32] C:\WINDOWS\System32\shchostv.exe
O20 - AppInit_DLLs: wmspfsus.dll lprhwmpl.dll
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - (no file)
O21 - SSODL: CrbIGNMtWhDm - {24F2FF9F-8E58-5535-537E-EE6E5C0F82A1} - C:\WINDOWS\System32\jy.dll (file missing)
Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.
1) Please download the
Killbox.
Unzip it to the desktop and run it.
2) Select "
Delete on Reboot".
3) Then Click the "
All Files" button.
4) Copy the file names below to the clipboard by highlighting them and pressing Control-C:
Quote:
C:\WINDOWS\System32\msrdusrc.exe
C:\WINDOWS\System32\304A4.dll
C:\WINDOWS\System32\shchostv.exe
C:\WINDOWS\System32\wmspfsus.dll
C:\WINDOWS\System32\lprhwmpl.dll
C:\WINDOWS\System32\jy.dll
|
5) Return to Killbox, go to the
File menu, and choose "
Paste from Clipboard".
6) Click the red-and-white "
Delete File" button. Click "
Yes" at the Delete on Reboot prompt. Click "
Yes" to reboot next.
POST A REVISED HIJACKTHIS LOG for review:
Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.