Used all rec.programs& I'm back to sq.1

If you have run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal and after doing ALL of the above you still have a problem, follow the steps below to post your HJT log as an attachment. Make sure you follow the below instructions.

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

 

Re: Attachment

Please do not put your log in a ZIP file. Just attached the log file as HijackThis creates it (a .log file).

 

Re: Attachment

Your OS and IE versios are way out of date and must be updated after we file any current problems.

You need to go back to the READ ME FIRST and read step 2. The below service must be stopped and disabled.
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\apigm

Let me know if you are able to do this.

 

Re: Attachment

It is not so simple as having HJT fix that line! We have a lot more work to do.

First, based on your last log, it does not look like the O23 Service actually was stopped and then disable. Sometimes they restart almost as soon as you stop them due to other processes running. I will be posting a procedure to follow in my next message.

 

Re: Attachment

Please run HijackThis and click on the "Open the Misc Tools Section" button on the open page. Then select "Open process manager" on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click "Kill process". Then click yes.
C:\WINDOWS\syskf32.exe

After killing all the above processes, exit HijackThis.

To double check, let's repeat step 2 of the Getting Prepared section of the READ ME FIRST where we asked that you stop and disable any of the three services listed. You must go follow that step so that HijackThis can repair the O23 line.

O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\apigm.exe

Please go back and do that now. If it is already stopped and disabled or it does not show up just continue with the below steps. Either way, follow the steps below! Do not stop any other services. If you do not match exactly word for word Workstation NetLogon Service, do not touch it.

Now run HijackThis again but this time click on the "Open the Misc Tools Section" button on the open page. Then select "Delete an NT service" on the left-hand side. A "Delete a Windows NT Service" window will pop up. Try entering the following into the box and then click OK:
Workstation NetLogon Service
If that does not work try entering the short name: 11Fßä#·ºÄÖ`I
You will need to cut and paste the short name since the characters are not easily typed.

After doing the above exit HijackThis.

Make sure you have both about:Buster and HSremove downloaded from the READ ME FIRST. And make sure you have UPDATED the database for about:buster. I believe it is up to number 26.

You need to print or save these instructions locally because after this reading this sentence you will need to physically unplug your connection from your cable, ADSL, or dial-up modem to your PC and then you MUST exit all browsers and DO NOT run any again until requested.

Okay, unplug your internet connection and exit browsers now!!!!
Please run HijackThis and click on the "Open the Misc Tools Section" button on the open page. Then select "Open process manager" on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click "Kill process". Then click yes.
C:\WINDOWS\syskf32.exe <-- double checking to make sure it did not restart

After killing all the above processes, click "Back". Then please click "Scan" and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now (DO NOT OPEN ANOTHER BROWSER UNTIL AFTER POWER DOWN AND POWER UP, see below):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\cuqtb.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\cuqtb.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\cuqtb.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\cuqtb.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\cuqtb.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\cuqtb.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\cuqtb.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {99FA4172-70BA-F5F0-EB8D-3E910E0ADD26} - C:\WINDOWS\apphm.dll
O4 - HKLM\..\Run: [syskf32.exe] C:\WINDOWS\syskf32.exe
O9 - Extra button: Microsoft AntiSpyware helper - {34EE261A-6EBB-4A1D-8650-555B1974874C} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {34EE261A-6EBB-4A1D-8650-555B1974874C} - (no file) (HKCU)
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup152.cab
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\apigm.exe

Then exit HJT after clicking FIX


Run Windows Explorer and look for and try to delete (sort the listing in windows explorer by Modification Date or Date Created and look for possibly other similarly name files from the same date - let me know if you find others even if they have different 3 character extensions like .dat, .ini, .dll, .exe but DO NOT delete anything on your own.):
C:\WINDOWS\system32\cuqtb.dll
C:\WINDOWS\apphm.dll
C:\WINDOWS\syskf32.exe
C:\WINDOWS\system32\apigm.exe

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. If you cannot find or delete them, note which ones and continue (tell me the results when you come back here).

- Run about:Buster and save the log to ab1.log (make sure you let it do the second scan).

- NOW PULL THE POWER PLUG TO YOUR PC! Yes, you read that correctly. This is very important! I do not want you to power down the normal way.

- After that wait a minute or two and then power up into safe mode (still with no internet connection available and do not open any browsers). Only run what I request.

- Empty your Recycle Bin and delete all files in the c:\windows\prefetch folder. In fact as an additional measure do the following, run Ccleaner that you installed while running the READ ME FIRST.

Now we need to Reset Web Settings:
1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

- Run HSremove and then run about:Buster again and save the log to ab2.log (let it do second scan)!

- Immediately after about:buster completes, reboot in normal mode. (you do not need to pull the powser plug here. Just reboot.)

- Plug your cable to the internet back in now.

- Open and close a couple of IE sessions and then with IE closed get a new HJT log.

- Now come back here and post both about:Buster logs and the new HJT log. And tell me what happened during the procedure.

Let me know anything else that you notice.

 

Re: Attachment

Have you started running the steps in message #9? Do not reboot or shut your system off after posting your logs. That can cause problems (if they still exist) to spread and mutate which could make the follow up logs not usefule.

 

It is pretty simple! You just need to change your View in Windows Explorer. With Windows Explorer open click View and select Details. Now you should see the Date Created field. If you right click on the Headings (where Name, Size, Date Created) are you will see a list of other items you can turn on if desired.

Stay out of the registry unless you really know what your are doing there or given specific instructions from us on doing anything in there.

If you have not completed all the steps that I gave you and came back on line to report this, the fix will probably not be effective and we may be starting all over again.

 

The address is given with each of the files as I said before:
c:\windows
or
c:\windows\system32

Those are the folders to look for the filenames in. C:\ is just the root folder for drive C you need to click on the Windows folder to see what is in it and then click on the system32 folder (which is in the Windows folder) to see what is in it. You need to "explore" that's why they call it Windows Explorer.

Try using Pocket Killbox as BJ suggested. If you still have a problem, let me know.

 

Let's start this process over again! You cannot do the process part way and come back here inbetween to ask questions by using your browser. You must be 100% disconnected from the internet and have no browsers running anytime after starting the cleanup process until we request (in the procedure) that you reconnect. Not following that guideline will result in the cleanup failing and the hijacker will mutate and spread.

Please post a new HJT log attachment and DO NOT reboot or shut your PC down after posting. You must wait for me to post a fix. And the read thru the whole procedure without doing any of the steps and make sure you understand it and can do all steps (ask questions first) before starting the procedure.

 

BJ, I'll handle this! It is too confusing with these Hijacker's to have multiple people jumping in and out.

 

From this log it looks to me like you never really complete all the steps in message # 9!

 

What happens if you try the following:

Run HijackThis click on the "Open the Misc Tools Section" button on the open page. Then select "Delete an NT service" on the left-hand side. A "Delete a Windows NT Service" window will pop up. Try entering the following into the box and then click OK:
Workstation NetLogon Service

If that does not work try entering the short name: 11Fßä#·ºÄÖ`I

You will need to cut and paste the short name since the characters are not easily typed.

 

Are you still here? Are you having a problem doing what I asked? I would not expect it to take this long to do that step.

 

HELLO! Why are you looking at the READ ME FIRST THREAD? Just complete the what I asked you to do in message # 29. What are you doing? I will not be here much longer tonight.

 

Okay I cannot wait for you anymore! Follow the steps below! MAKE SURE YOU FOLLOW THEM EXACTLY! Read thru all of them first before you actually do anything to make sure your understand them.

Make sure you have both about:Buster and HSremove downloaded from the READ ME FIRST. And make sure you have UPDATED the database for about:buster. I believe it is up to number 26.

You need to print or save these instructions locally because after this reading this sentence you will need to physically unplug your connection from your cable, ADSL, or dial-up modem to your PC and then you MUST exit all browsers and DO NOT run any again until requested.

Okay, unplug your internet connection and exit browsers now!!!!
Please run HijackThis and click on the "Open the Misc Tools Section" button on the open page. Then select "Open process manager" on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click "Kill process". Then click yes.
C:\WINDOWS\syskf32.exe
C:\WINDOWS\system32\winar32.exe

After killing all the above processes, click "Back". Then please click "Scan" and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now (DO NOT OPEN ANOTHER BROWSER UNTIL AFTER POWER DOWN AND POWER UP, see below):
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\sngyr.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\sngyr.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\sngyr.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\sngyr.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\sngyr.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\sngyr.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\sngyr.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {DFA66CB8-38A2-958B-E335-DF82AF8300E8} - C:\WINDOWS\system32\netkt.dll
O4 - HKLM\..\Run: [syskf32.exe] C:\WINDOWS\syskf32.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Microsoft AntiSpyware helper - {34EE261A-6EBB-4A1D-8650-555B1974874C} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {34EE261A-6EBB-4A1D-8650-555B1974874C} - (no file) (HKCU)
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup152.cab
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\apigm.exe (file missing)



Then exit HJT after clicking FIX (make sure you clicked Fix)


Run Windows Explorer and look for and try to delete (sort the listing in windows explorer by Modification Date or Date Created and look for possibly other similarly name files from the same date - let me know if you find others even if they have different 3 character extensions like .dat, .ini, .dll, .exe but DO NOT delete anything on your own.):
C:\WINDOWS\sngyr.dll
C:\WINDOWS\system32\netkt.dll
C:\WINDOWS\syskf32.exe
C:\WINDOWS\system32\winar32.exe

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. If you cannot find or delete them, note which ones and continue (tell me the results when you come back here - not now - later).

- Run about:Buster and save the log to ab1.log (make sure you let it do the second scan).

- NOW PULL THE POWER PLUG TO YOUR PC! Yes, you read that correctly. This is very important! I do not want you to power down the normal way.

- After that wait a minute or two and then power up into safe mode (still with no internet connection available and do not open any browsers). Only run what I request.

- Empty your Recycle Bin and delete all files in the c:\windows\prefetch folder. In fact as an additional measure do the following, run Ccleaner that you installed while running the READ ME FIRST.

Now we need to Reset Web Settings:
1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

- Run HSremove and then run about:Buster again and save the log to ab2.log (let it do second scan)!

- Immediately after about:buster completes, reboot in normal mode. (you do not need to pull the powser plug here. Just reboot.)

- Plug your cable to the internet back in now.

- Open and close a couple of IE sessions and then with IE closed get a new HJT log.

- Now come back here and post both about:Buster logs and the new HJT log. And tell me what happened during the procedure.

Let me know anything else that you notice.

 

When you say you did it all, which message number are you referring too. Since you are stating that you had to download things that you were missing that makes it appear to me that you never even ran the READ ME FIRST completely. If you had run it, you would already have had all the programs you needed. Also if you had run the steps in message # 9 previously, you would also have everything you need.

So please explain step by step what you just ran and what the results where for each step. The steps I gave you to run work! They have been proven well over several hundread times on many different PCs to work. If they are not working for you, you must be doing something wrong. Sorry if this sounds harsh, I don't mean it to sound that way. But these hijacks are very stubborn and the only way they can be fix is by following procedures exactly. For example, if you do not physically unplug your connection (even a dial-up modem) they can fail. If you open a browser at any point or fail to shut them down to begin with, the process will fail. If you do not get the Workstation NetLogon Service stopped and disabled, the process will fail.

You never answered what I asked you to do in message # 27. In order for me to properly help you, you must help me by giving me answers to all my questions and by telling what goes on during the procedures.

Also double check to make sure you have the below options set correctly. Tell me if you have these already setup or if you did not:

Right Click Start.
Select Explorer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide extensions for known file types option.
Uncheck the Hide protected operating system files (recommended) option.
Click Apply.
Click OK.

Have you shut down or rebooted since posting your last HijackThis log?

 

It was too late to go back and run # 9. The problem had already mutated. You have to keep up. It tool you too long to get around to run # 9 and now if you have rebooted, it is too late to run my last fix. You should not have needed to gather extra programs. They should already have been downloaded in step 4 of the READ ME FIRST. Did you run the full READ ME FIRST? It does not appear like it.

You will need to post a new log, if you have rebooted.

You still must do a better job answering questions and following directions.
I need to now what happened when doing msg # 27. What message did HJT this give you? Was it able to fix (remove) the O23 line? You were suppose to cut & paste 11Fßä #•ºÄÖ`I without the parenthesis. Is that what you did, or did you leave the ( )? But what was the end result.

So you did not have hidden files & folders and system files unchecked before? Why? It is step # 3 in the READ ME FIRST.

 

Okay that's good news! Now let's see if we can finish off the rest of the problem.

Make sure you have both about:Buster and HSremove downloaded from the READ ME FIRST. And make sure you have UPDATED the database for about:buster. I believe it is up to number 26.

You need to print or save these instructions locally because after this reading this sentence you will need to physically unplug your connection from your cable, ADSL, or dial-up modem to your PC and then you MUST exit all browsers and DO NOT run any again until requested. Run this procedure from start to finish with no interruptions

Okay, unplug your internet connection and exit browsers now!!!!
Please run HijackThis and click on the "Open the Misc Tools Section" button on the open page. Then select "Open process manager" on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click "Kill process". Then click yes.
C:\WINDOWS\system32\winar32.exe
C:\WINDOWS\system32\iesf32.exe

After killing all the above processes, click "Back". Then please click "Scan" and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now (DO NOT OPEN ANOTHER BROWSER UNTIL AFTER POWER DOWN AND POWER UP, see below):
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\sngyr.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\sngyr.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\sngyr.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\sngyr.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\sngyr.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\sngyr.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\sngyr.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {DFA66CB8-38A2-958B-E335-DF82AF8300E8} - C:\WINDOWS\system32\netkt.dll
O4 - HKLM\..\Run: [iesf32.exe] C:\WINDOWS\system32\iesf32.exe
O4 - HKLM\..\RunOnce: [winar32.exe] C:\WINDOWS\system32\winar32.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

Then exit HJT after clicking FIX (make sure you clicked Fix)

Run Windows Explorer and look for and try to delete (sort the listing in windows explorer by Modification Date or Date Created and look for possibly other similarly name files from the same date - let me know if you find others even if they have different 3 character extensions like .dat, .ini, .dll, .exe but DO NOT delete anything on your own.):
C:\WINDOWS\sngyr.dll
C:\WINDOWS\system32\netkt.dll
C:\WINDOWS\system32\winar32.exe
C:\WINDOWS\system32\iesf32.exe

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. If you cannot find or delete them, note which ones and continue (tell me the results when you come back here - not now - later).

- Run about:Buster and save the log to ab1.log (make sure you let it do the second scan).

- NOW PULL THE POWER PLUG TO YOUR PC! Yes, you read that correctly. This is very important! I do not want you to power down the normal way.

- After that wait a minute or two and then power up into safe mode (still with no internet connection available and do not open any browsers). Only run what I request.

- Empty your Recycle Bin and delete all files in the c:\windows\prefetch folder. In fact as an additional measure do the following, run Ccleaner that you installed while running the READ ME FIRST.

Now we need to Reset Web Settings:
1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

- Run HSremove and then run about:Buster again and save the log to ab2.log (let it do second scan)!

- Immediately after about:buster completes, reboot in normal mode. (you do not need to pull the powser plug here. Just reboot.)

- Plug your cable to the internet back in now.

- Open and close a couple of IE sessions and then with IE closed get a new HJT log.

- Now come back here and post both about:Buster logs and the new HJT log. And tell me what happened during the procedure. Do not reboot or shutdown after posting your log!

Let me know anything else that you notice.

 

Did you notice that the below is back:


O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\apigm.exe (file missing)

You must go back and run service.msc and stop and disable this process. And then use HJT as we did before to Delete an NT Serrvice. After that reboot and post a new HJT log.

 

Reset your Web settings one more time (like I had you do in message # 39). Leave the home page set to www.majorgeeks.com as requested. I want to see the effect from doing the reset.

Reboot your PC and make sure that O23 line is still gone from your HJT log.

 

That looks clean! But why are you now using msconfig? What are you trying to prevent from loading?

You also need to run ALL the steps in the below thread. You are seriously out of date with your Windows updates (which is step 1) and you must get a firewall installed ASAP.

How to Protect yourself from malware!

 

You will continue to have problems unless you get Windows updated. You really need to purchase your own valid copy of Windows.

Yes even with a router you should have a software firewall installed.

If you have Norton and you like it and keep it up to date (you pay for a subscription) then you do not need AVG. At any rate, only one AV should be installed.

I'm not sure what is going on with you Java issue. Are you sure you installed the Sun Java application?