Welcome back
Please
disable SpySweeper, as it may hinder the removal of some HijackThis entries. You can re-enable it after you're clean.
To disable SpySweeper:
Open it, click > Options over to the left then > click the Program tab > Uncheck "Start Spy Sweeper at Windows startup".
Over to the left click "shields"
- Click the "Internet Explorer" tab and and uncheck all there.
- Click the "Windows System" tab and uncheck all there.
- Click the "Host File" tab and uncheck all there.
- Click the "Startup Programs" tab and uncheck "Startup Items Shield".
Remember after your system is clean to re-enable Spy Sweeper.
We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again
Please disable
CounterSpy, as it may hinder in fixing of some HijackThis entries. You can re-enable it after you're clean.
To disable
CounterSpy:
- Right Click on the CounterSpy Icon located in your system tray.
- With your mouse, hover over Active Protection Status (This should be enabled)
- A menu will slide out, then right click on Disable Active Protection
Once your log is clean please re-enable CounterSpy
I see you have
Morpheus installed. I do not recommend Morpheus because it is bundled with spyware. That's why I suggest to uninstall
Morpheus
Go to Add/Remove programs in the Control panel and uninstall
Morpheus
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Open HJT and click scan only, place a check by these entries
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [96] "C:\WINDOWS\system32\96.exe"
Close all windows and browsers except HJT and click fix checked
Open notepad and copy/paste the entire text in the quotebox below: (don't forget to copy and paste REGEDIT4)
Quote:
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Alcmtr"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"96"=-
|
Save the file as
"delete.reg". Make sure to save it with the quotes. Choose to
"Save as type" -
"All Files" Double click on the
delete.reg file and choose
Yes to merge/add it to the registry. You may delete the file afterwards
Please download
ATF Cleaner by Atribune and save it to your desktop.
Download
AVG Anti-Spyware 7.5 from
Here
And save that file to your desktop.[*]Once you have downloaded AVG anti-spyware, locate the icon on the your desk top and double-click it to launch the set up program.[*]Once the setup is complete you will need run AVG Anti-Spyware 7.5 and definition files.[*]On the main screen select the icon
"Update then select the
"Update Now" link.
- Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
*Once the update has completed select the
Scanner icon at the top of the screen, then select the
Settings tab.
*Once in the Settings screen click on
"Recommended Actions" and then select
"Quarantine". <--VERY IMPORTANT"
*Under
"Reports"
Select
"Automatically generate report after every scan"
Un-Select
"Only if threats were found"
Close AVG Anti-Spyware 7.5, Do not run a scan yet.
Reboot your computer into
Safe Mode. Tap the F8 key just before Windows starts to load and select Safe Mode from the menu.
Using windows explorer search for and delete these file/folders in
bold
C:\WINDOWS\system32\
SBRC.dat
C:\WINDOWS\system32\
SBFC.dat
C:\WINDOWS\system32\
96.exe
Please go to
Start then
Search locate and delete
ALCMTR.EXE
If you have trouble finding any of those files, then configure Windows Explorer to show hidden files and folders and go after them again.
(Remember to Hide files and folders once done).
To enable viewing of hidden files as follows:
1) Go to My Computer, and click on the "Tools" menu
2) Click "Folder options"
3) Select the "View" tab
4) Make sure "Show hidden files and folders" is selected
5) Make sure "Hide extensions for known file types" is unchecked
6) Make sure "Hide protected operating system files (recommended)" is unchecked.
Double-click ATF-Cleaner.exe to run the program.- Under Main "Select Files to Delete" choose: Select All.
- Click the Empty Selected button.
- If you use Firefox browser click Firefox at the top and choose: Select All
- Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
- If you use Opera browser click Opera at the top and choose: Select All
- Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click
Exit on the Main menu to close the program.
Important.. Do not open any other windows or programs while AVG is scanning, it may interfere with the scanning proccess:
- Launch AVG Anti-Spyware 7.5 by double-clicking the icon on your desktop.
- Select the "Scanner" icon at the top and then the "Scan"tab then click on "Complete Scan".
- AVG will now begin the scanning process, be patient this may take a little time to complete.
Once the scan is complete do the following:- If you have any infections you will prompted, then select "Apply all"
- Next select the "Reports" icon at the top.
- Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system, (Make sure to remember where you have saved the file, this is important.
- Close AVG Anti-Spyware 7.5 and reboot your system back into Normal Mode
IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.
AVG Anti-Spyware is free for 30 days and all the extensions of the full version will be activated. After the 30 day trial, active protection extensions will be deactivated and the program will turn into a feature-limited freeware version that you can can continue to use as an on-demand scanner or you may purchase a license to use the full version.
In your next reply I need:
Avg Anti-Spyware log
New HJT log
Comments on how your computer is running now