My HJT FIle

I have followed all the previous steps... here is my HJT file.

 

Scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)

O4 - HKLM\..\Run: [Popup Defence Updater] regsvr32 /s C:\WINDOWS\System32\pdfupd.dll
O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_4970.dll"
O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_4970.dll"

O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled and navigate to and DELETE the following if they should remain:

C:\WINDOWS\System32\pdfupd.dll

C:\WINDOWS\System32\sfg_4970.dll

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.
Note: Dont forget to update Spybot S&D by selecting "Search For Updates"

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot to Normal Windows , Scan with HijackThis and attach the new log.

 

Thanks for the help... here is my new HJT file.

... in theory when we are done, I should be able to have normal access to all websites again, correct?

 

Download Pocket KillBox
(Don't run it yet)

Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_4970.dll"
O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_4970.dll"

Again, make sure All Browser Windows are Closed when you Click FIX.


Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Now, Copy and Paste C:\WINDOWS\System32\sfg_4970.dll into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES.

Allow Killbox to reboot your system. After you have rebooted and windows has loaded attach a fresh HJT log.

 

A few notes.

I ran pocket killbox, however this error occured three different times "Pendingfilerenameoperations Registry data has been removed by and external process" What does this mean?

 

At this point in time I still can't acess most webpages, nor can I download firefox or even most stuff from Major Geeks. I am guessing there is still something wrong in my HJT file. Thanks for all the help from you all... I just want to get this fixed, cause I do NOT want to have to reload AOHELL to regain my webaccess.

 

Your HJT log is clean, are you familiar with WINnerTweak3 PopUp Blocker?

Generate a StartupList log using HijackThis.
Run HJT and on the first screen, click the button that says "Open the Misc Tools section". In the next window first select "List also minor sections (full)" and then click the button that says "Generate StartupList log". CLick Yes to the Do you want to continue prompt. Now a notepad window will come up with the Startuplist.txt file. It is already saved in the the directory HJT is running from. So just come back here and upload the file as an attachment to your next message.

 

All done... here is the list.

 

bjgarrick... I reread what you wrote... you asked if I was familiar with WINnerTweak3 PopUp Blocker?

Yes, I know what it is... I downloaded the whole tweak program last night.

Is there something I should know?

 

another question while my file gets reviewed... why is it that our other computer (which has the same problems accessing the net with IE or Firefox) works fine when AOL starts up? Its the only way I can access half my pages!

WHY is this?

 

Bjgarrick???

did you have a chance to check this out??

 

Just confirming you was comfortable with it and knew the program.

Personally I wouldnt use the AOL software as it does more harm than good in many cases I've seen.

 

Your startup list shows me a baddie, boot into Safe Mode and delete the below file.

C:\WINDOWS\System32\shmgrate.exe
(If you cant find this if the above location, search for it and delete it!)

After you delete the above file reboot back into normal mode and attach a fresh HJT log.

 

BJG,

Ok, I couldn't agree more about AOL... thats why I want to get this problem fixed. I can't access about 2/3rds of pages with IE or firefox, UNLESS.. I start AOL. Now I deleted it from my system before I started this thread, b/c I wanted to truly FIX the problem... but as it stands tonight I stil l can't access most webpages.

PLEASE HELP

 

I found the file and it was completely deleted. here is my new HJT file

 

Your HJT log is clean, everything looks ok as far as Malware. Now you must get a Firewall and AntiVirus running.

Check out this article on How to Protect yourself from malware! for some free recommended programs.


If you still have the AOL/Browser problems I would recommend posting that in the Software Forum. They will get you all fixed up!

Good Luck!

 

will do... thanks!

 

Let me know how everything works out!