- Mar 8, 2003
- 38,416
- 4
- 0
Hello cohenfive,
Before you do anything
1. Make sure that you have extracted HiJackthis to a folder that is isolated before removing anything, for hijackthis makes backups within the folder it is in.
2. Disable system restore, malware can come back through it.
3. Reboot into safe mode.
4. Close all browsers/windows explorer.
fix the following in hijackthis(kill the process in process viewer, if its there)
Before you do anything
1. Make sure that you have extracted HiJackthis to a folder that is isolated before removing anything, for hijackthis makes backups within the folder it is in.
2. Disable system restore, malware can come back through it.
3. Reboot into safe mode.
4. Close all browsers/windows explorer.
fix the following in hijackthis(kill the process in process viewer, if its there)
- 0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
- O1 - Hosts: com
- O1 - Hosts: com
- O1 - Hosts: .com
- O1 - Hosts: .com
- O1 - Hosts: .com
- O2 - BHO: CATLEvents Object - {3EC8E271-FAB9-418a-8A8E-65AEB4029E64} - (no file)
- O2 - BHO: CATLEvents Object - {72AC6865-B1D3-4C32-A27B-4B3BF04DE655} - (no file)
- O2 - BHO: CATLEvents Object - {ED5ABC42-8E4F-4C39-9972-F0CF619D672F} - C:\DOCUME~1\Owner\LOCALS~1\Temp\itnaagv.dat
- O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
- O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
- O4 - HKLM\..\Run: [Uninstall_WinTools] C:\WINDOWS\Temp\WTuninst.exe /remove
- O4 - HKLM\..\Run: [*vgaanti] C:\WINDOWS\Help\starter\vgaanti.exe
- O4 - HKLM\..\RunOnce: [*vgaanti] C:\WINDOWS\Help\starter\vgaanti.exe rerun
- O4 - HKCU\..\Run: [TrayX] C:\WINDOWS\winppr32.exe /sinc
- O4 - HKCU\..\RunOnce: [*WinLogon] C:\DOCUME~1\Owner\LOCALS~1\Temp\bkinst.exe ren time:1100300117
- O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.c....com/prod/install.html