A
AndyManchesta
Hi Stuart
I will check your logs out and get back to you as soon as
possible
Regards
Andy
I will check your logs out and get back to you as soon as
possible
Regards
Andy
G
Guest
Andy,
I fixed it. I downloaded Vumdofix and ran that first in
safemode, then I ran hijackthis selecting the box I
listed along with the install box. When I rebooted and
rechecked, it was finally gone.
Thanks for checking though.
I fixed it. I downloaded Vumdofix and ran that first in
safemode, then I ran hijackthis selecting the box I
listed along with the install box. When I rebooted and
rechecked, it was finally gone.
Thanks for checking though.
A
AndyManchesta
No Problem
That is good news ! Id just come back on after checking
your logs , You had 2 problem files both being called
from the winlogon/notify key so it made it hard to decide
which was the best method to use to fix the problem,
Id put a fix together for you using Vundofix and trying
to take them both out at the same time rather than enter
the same dll name the way its shown and then backwards
which is the usual way to deal with this.
This is the problem files shown in the Hijack Log:
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-
7C6AB89BC441} - C:\WINDOWS\system32\mljgg.dll
O2 - BHO: MSEvents Object - {52B1DFC7-AAFC-4362-B103-
868B0683C697} - C:\WINDOWS\system32\awtqr.dll
O20 - Winlogon Notify: awtqr - C:\WINDOWS\system32
\awtqr.dll
O20 - Winlogon Notify: mljgg - C:\WINDOWS\SYSTEM32
\mljgg.dll
But hopefully you have been able to remove them and get
clean using the vundofix tool
If the files have been deleted you should enable hidden
files and folders:
(Goto Start Menu and Search then Tools on the Top Bar,
Choose Folder Options then goto the view tab)
make sure that 'Show hidden files and folders' is
enabled. 'Display the contents of system folders' is
checked & 'Hide extentions for known file types ' is not
checked then press apply
You can set this back later by opening the same page and
pressing 'restore defaults' then pressing apply,
And make sure none of these files exist now on your
system :
C:\WINDOWS\system32\awtqr.dll
C:\WINDOWS\system32\mljgg.dll
C:\WINDOWS\system32\rqtwa.bak1
C:\WINDOWS\system32\rqtwa.bak2
C:\WINDOWS\system32\rqtwa.ini
C:\WINDOWS\system32\rqtwa.ini2
C:\WINDOWS\system32\rqtwa.tmp
C:\WINDOWS\system32\rqtwa.tmp1
C:\WINDOWS\system32\rqtwa.tmp2
Glad you found the solution for this
Regards
Andy
That is good news ! Id just come back on after checking
your logs , You had 2 problem files both being called
from the winlogon/notify key so it made it hard to decide
which was the best method to use to fix the problem,
Id put a fix together for you using Vundofix and trying
to take them both out at the same time rather than enter
the same dll name the way its shown and then backwards
which is the usual way to deal with this.
This is the problem files shown in the Hijack Log:
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-
7C6AB89BC441} - C:\WINDOWS\system32\mljgg.dll
O2 - BHO: MSEvents Object - {52B1DFC7-AAFC-4362-B103-
868B0683C697} - C:\WINDOWS\system32\awtqr.dll
O20 - Winlogon Notify: awtqr - C:\WINDOWS\system32
\awtqr.dll
O20 - Winlogon Notify: mljgg - C:\WINDOWS\SYSTEM32
\mljgg.dll
But hopefully you have been able to remove them and get
clean using the vundofix tool
If the files have been deleted you should enable hidden
files and folders:
(Goto Start Menu and Search then Tools on the Top Bar,
Choose Folder Options then goto the view tab)
make sure that 'Show hidden files and folders' is
enabled. 'Display the contents of system folders' is
checked & 'Hide extentions for known file types ' is not
checked then press apply
You can set this back later by opening the same page and
pressing 'restore defaults' then pressing apply,
And make sure none of these files exist now on your
system :
C:\WINDOWS\system32\awtqr.dll
C:\WINDOWS\system32\mljgg.dll
C:\WINDOWS\system32\rqtwa.bak1
C:\WINDOWS\system32\rqtwa.bak2
C:\WINDOWS\system32\rqtwa.ini
C:\WINDOWS\system32\rqtwa.ini2
C:\WINDOWS\system32\rqtwa.tmp
C:\WINDOWS\system32\rqtwa.tmp1
C:\WINDOWS\system32\rqtwa.tmp2
Glad you found the solution for this
Regards
Andy