Thread: extmgr32.dll problem
View Single Post
Join Date: Jul 2008
Posts: 2,817
Reputation: jholland1964 is a name known to all jholland1964 is a name known to all jholland1964 is a name known to all jholland1964 is a name known to all jholland1964 is a name known to all jholland1964 is a name known to all 
Solved Threads: 161
Featured Poster
jholland1964 jholland1964 is offline Offline
Posting Maven

Re: extmgr32.dll problem

 
0
  #3
Nov 16th, 2008
Ok, several things I see here in the logs.
#1 the ESET scanner clearly says this in the log created at 6:01
C:\WINDOWS\system32\extmgr32.dll Win32/Agent.OAF trojan (unable to clean - deleted (after the next restart))
meaning you should have shut down immediately after the scan and restarted, did you do this then or at a later time after you had renamed the file?
The first MBA-M scan was done at 7:09 and found and removed all those Adware.MyWebSearch, this was a Quick Scan not a full scan. The second MBA-M run was at 7:31 and nothing was found. The third MBA-M scan was done at 8:25, was a full scan and DID again find Adware.MyWebSearch BUT what this tells me is that this scan was done AFTER a reboot because all of these were found in your System Restore so they were of no harm unless you had used that restore point to do a system restore, I know you didn't, MBA-M then removed those items from System Restore so they should be gone now. The restore point was made when MBA-M first removed the Adware.MyWebSearch but didn't show up until you did a reboot. This is quite common for this to happen, it is a change to specific files so Windows automatically backs those up in case they are needed.

You need to go in and UNINSTALL that Prevx CSI. It may have found something but it's website clearly says
It will also remove Adware infections for free!
well obviously that is not true if you were told you would have to purchase to remove so Uninstall this program. It IS running on your system, it shows in your HJT log, which can interfere with fixes attempted.
I would like you to try the following AFTER Uninstalling the Prevx CSI program.
Make sure that Windows Defender is TURNED OFF. Leave it off, the same goes for Diskeeper. There is no reason this program needs to be running at start up or running all the time. It can be run manually.

Update MBA-M, there have been two database updates since you last updated. It is now database version 1401 your database version shows as 1399.
Reboot the computer in Safe Mode
Run MBA-M again, Full System Scan. Let's see if it will pick up more items. Let it fix everything it finds. Reboot if it is necessary for cleaning.

After rebooting run a new HJT scan and place a check mark next to the following entries if they still exist.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Morpheus Premium\Plugins\RazaWebHook.dll (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\extmgr32.dll
O20 - Winlogon Notify: 10f6fd16502 - C:\WINDOWS\System32\extmgr32.dll
Once you have placed the check marks then click the Fix Checked button.
Exit HJT.
Reboot.
Run a new scan with HJT and post back with THAT log and also the MBA-M log, and please only run MBA-M once as instructed.
Reply With Quote