Computer problems - Hijack This

HijackThis is the last step and we have rules about how and when to post a log.

Please follow all the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.


NOTE: You should read the tutorial in this Sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Do not post a HijackThis log until we ask you to and when we do it must be text document attachment to your message. To do this save the log file and select manage attachments in a new thread to upload it. All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

Note: You were running HJT from the ZIP file and you still had IE running!


Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

 

The items I have listed below will not be fixed by running the READ ME FIRST tutorial (which you still must run).

Make sure you have system restore disabled and viewing of hidden files enabled.

Please bring up Task Manager by hitting CTRL-ALT-DEL and click the Processes tab. Find the below process and right click on it and select End process tree:
C:\Program Files\Windows SyncroAd\SyncroAd.exe


Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now (I have added/some comments/notes in someplaces too.)

realtime.exe is process belonging to PC Doctor Online. It is an application used to examine and fix errors in your registry. However, unless you purchase it, it does not fix anything. InThis is a non-essential process. You should fix this line (uninstalling the demo may also remove this).
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe

Do you want your home page to be set to http://www.freeserve.com/ ? If not fix the next line, otherwise skip and continue fixing the rest.
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...3b97d39236de5cd
O16 - DPF: {CC110316-5BE7-4AAA-AEDD-1A5B147BE34C} (MyWebOperator Class) - http://198.143.27.18/dialer_loader/UK.cab


Boot into safe mode and use Windows Explorer to delete:
C:\Program Files\Windows SyncroAd <---- the whole directory

No reboot in normal mode and post a new HJT log. And tell us how things are working.

 

You're welcome!