Hello and welcome to TSF
Please print out or copy this page to
Notepad in order to assist you when carrying out the following instructions.
Open Hijack This and click on Scan. Check the following entries
(make sure you do not miss any)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\mdgll.dll/sp.html#12802
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\mdgll.dll/sp.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\trudk.dll/sp.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\mdgll.dll/sp.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\trudk.dll/sp.html#12802
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\mdgll.dll/sp.html#12802
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {78C71316-E1F4-10DF-C8B1-6D0D878AF0BF} - C:\WINNT\system32\addqj.dll
O4 - HKLM\..\Run: [addri32.exe] C:\WINNT\system32\addri32.exe
Please remember to close any open windows and browsers before fixing any entries.
In Hijack This, hit the Fix checked button.
Reboot into Safe Mode (hit F8 key until menu shows). Delete the following Files indicated in
RED and Folders indicated in
BLUE if they still exist.
C:\WINNT\system32\addri32.exe
Run AboutBuster again and follow the prompts to scan (choose Yes / OK for all). It will ask you if you want a second scan, choose Yes.
Reboot your System in normal mode.
Run an online scan at
Trend Micro or
RAV Antivirus.
Please select the “autoclean” option when using Trend Micro.
Please post a fresh Hijack This log so that we can check if your system is clean.