possible pepper?

NOTE: Per the tutorial in this Sticky thread < Hijack This Tutorial And How To Post Your Log File > your log file file has been removed. Read the bold print again!!!!! We did not ask for your log.

Update! Due to Hijack This logs destroying search engine and web site searches, we now ask you do not post your Hijack This log file unless requested by us. It is for advanced users, so if you do not understand how to use it, you do not need it....yet. Instead, please tell us in your post what symptoms you are experiencing so we can try and resolve it that way. When, and if, we ask you to post your log file, please attach it as a file. To do this save the log file and select manage attachments in a new thread to upload it. All running programs should be closed, including your web browser, e-mail, items in the tray, anything you can close... Close before running Hijack This!

"Do not to install Hijack This to the Desktop, a temp folder or choose run from the download. Place it in its own folder, for example C:\Program Files\HJT"


However you should have follow the stuff below before even thinking about using HijackThis.

Please follow all the steps in this Sticky thread < READ ME FIRST: Basic Spyware, Trojan And Virus Removal > If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.

 

Have you run everything in the tutorials? What did they find?
And when you do have problems or see popups or error messages (whatever) alway right down the EXACT message. That is very important. Even the order of the words matters. It make it easier when searching for info to know the exact message or the exact name of some piece of malware detected by a scan.

 

Hi,
Ok, if you get an error about a program loading, the question is where is loading from? Check our admin tools section for a startup manager like this one: http://majorgeeks.com/download.php?det=4317

If you can find this program loading, then remove it from the list in one of those programs. A Trojan scan might be a good idea as well.

Let us know please!

 

Yes! Post your log as an attachment.

Usually this problem looks something like the below and is cleaned as described below(yours may be similar but will not necessarily be exactly the same):

Fix this in HJT after shutting down your browsers:
O2 - BHO: Browser - {046D6EA4-15E3-4b27-8010-45BD78A9219E} - C:\PROGRAM FILES\INTERNET KEYWORD\INETKW.DLL
O4 - HKLM\..\Run: [inetmgr] C:\PROGRA~1\INTERN~2\INETMGR.EXE
O4 - HKLM\..\Run: [30AGP5] C:\WINDOWS\SYSTEM\30AGP5.exe

Reboot in safe mode and delete
C:\PROGRAM FILES\INTERNET KEYWORD <-------- The whole directory

So see if you can figure out your problem from the above by comparing to your log.
It is possible the O2 line may be block on your PC because of BHO Demon.

 

I don't see one! And everything is okay now? If so, we don't need a log.

 

Did you edit your log file? There are a load of Windows Processes not showing. Do not edit the HJT log files. Always post the whole log unless we ask for something specific. Editing out lines is not the same as running the scan after shutting down all unnecessary processes. Right now from your log I would have to wonder if Windows would even run since so much is missing.

You also did not follow all the directions. You HijackThis version is out of date. Please download version 1.98.2 and repost a complete log using it.

 

Okay that's a complete log but you still did not use HJT version 1.98.2. Please get the correct version. 1.98.0 has bugs.

And are you saying you do not know what this is: C:\PCFlashbang

 

Why are you changing things? You log is different now. You also have now installed BHODemon? Also, SpyBot Teatimer is new too.

You are not making it easy to work on this if you keep doing things that I'm not asking for.

And now C:\PCFlashbang is gone!

In fact what problem's do you have now?

 

Absolutely not TRUE! Please look at the previous two logs and tell me something has not changed.

Your last two are basically the same except this time you shut down winzip before running HijackThis. But the previous two are not the same. And the first one you said you did not edit but there was obviously stuff missing as you can see from the next two logs.

In the first log BHODemon did not show. In the second and third it did.

PCFlashBang is no longer in your HijackThis logs. As far a directory on your PC, I cannot see it. PCFlashBang only showed in your first log and not in the second and third.

SpyBot Teatimer did not show in the first log but was in the second and third. So something has changed why they are in the logs. So either the first log was edited or BHODemon and Teatimer were installed or enabled after the first log was made.

But let's drop this discussion and get on with any problems.
If you still have a directory with PCFlashBang in it, just delete it.
Are there any other problems?

 

Great! Your welcome!