Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My Infected Computer..

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

My Infected Computer..

Unread postby fundancepj » March 21st, 2005, 11:31 am

HI..I RAN THE hijackthis-scan..WELL, I HAVE A WHOLE LIST OF STUFF AND I'M NOT SURE WHAT TO DELETE ??!! DO I JUST GET RID OF IT ALL OR WILL THAT MESS UP MY COMPUTER EVEN MORE ?? PLEASE HELP !!
THANKS.... :roll:
fundancepj
Active Member
 
Posts: 5
Joined: March 21st, 2005, 11:12 am
Advertisement
Register to Remove

Unread postby FBJ » March 21st, 2005, 12:23 pm

No - do not get rid of anything. HijackThis will show both good and bad "stuff". Copy the contents of the HijackThis log into this thread and we will tell you what to keep and what to remove.

Please follow these instructions first:

http://www.malwareremoval.com/forum/viewtopic.php?t=12
User avatar
FBJ
Visiting Expert
Visiting Expert
 
Posts: 32
Joined: March 1st, 2005, 12:42 pm
Location: Copenhagen, Denmark

thanks..

Unread postby fundancepj » March 24th, 2005, 10:00 am

THANKS FOR YOUR REPLY..I'M NOT SURE HOW TO GET THE HIJACKTHIS LOG INTO THIS THREAD :cry:
THANKS FOR YOUR TIME.......[/b]
fundancepj
Active Member
 
Posts: 5
Joined: March 21st, 2005, 11:12 am

Unread postby FBJ » March 24th, 2005, 10:13 am

Try and see if this tutorial is any help:

http://www.bleepingcomputer.com/forums/ ... utorial=42

The text under figure 3 should explain how to....
_______________________________________

Please don't use Caps Lock. Using only capital letters means that you are shouting :)
User avatar
FBJ
Visiting Expert
Visiting Expert
 
Posts: 32
Joined: March 1st, 2005, 12:42 pm
Location: Copenhagen, Denmark

thanks...

Unread postby fundancepj » March 28th, 2005, 9:34 am

:lol: thanks for your help..sorry for using the capital letters..i didn't know that it meant that..
i would've answered sooner, but, my pages keep getting re-directed..and, i'm about to pull my hair out..lol :shock:
i'm running the hijackthis scan now..
thanks...
fundancepj
Active Member
 
Posts: 5
Joined: March 21st, 2005, 11:12 am

HijackThis Log: Please help Diagnose

Unread postby fundancepj » March 28th, 2005, 10:40 am

Logfile of HijackThis v1.99.1
Scan saved at 9:13:18 AM, on 3/25/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 SP1 (5.50.4522.1800)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\Profiles\Patsy\Desktop\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\Profiles\Patsy\Desktop\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {1CFEF10E-5A33-4C22-9CF8-BD90D866A445} - C:\WINDOWS\SYSTEM\BEKG.DLL
O4 - HKLM\..\Run: [sp] rundll32 C:\SE.DLL,DllInstall
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O18 - Filter: text/html - {CFE31907-A4B8-44F1-9A9B-E3B57F1A2D24} - C:\WINDOWS\SYSTEM\BEKG.DLL
O18 - Filter: text/plain - {CFE31907-A4B8-44F1-9A9B-E3B57F1A2D24} - C:\WINDOWS\SYSTEM\BEKG.DLL
fundancepj
Active Member
 
Posts: 5
Joined: March 21st, 2005, 11:12 am

Unread postby FBJ » March 28th, 2005, 3:49 pm

That is a short HijackThis log. Did you fix anything yourself..? If yes, you need to run HijackThis, click Config in the lower right corner, click Backups, put a checkmark to the left of all lines and click Restore. This will restore all lines that you fixed.

If you fixed anything you now need to reboot your computer and post a fresh log here - do not follow the instructions below the line (*****).

***************************************************************

If you didn't fix anything yourself.....

1. First of all I need you to download some programs for use later.

Download About:Buster from here. Once it is downloaded extract it to c:\aboutbuster and check for updates. Do NOT use it yet

Download CWShredder from here, install it, check for updates but again, don't use it yet.

Download FxAgentB from here

2. Ensure hidden files and folders are set to show;
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.

Please disconnect from the Internet and unplug your modem for the duration of this fix You may want to print the rest of these instructions.

3. Reboot your computer into Safe Mode by tapping F8 while booting up and continue for the rest of the fix in SAFE MODE

4. Open Cwshredder that you downloaded in the first step. Close all browser windows and click on the fix/next button.

5. Now run HijackThis and click the scan button, when it has finished scanning put a check against the following and click 'fix checked'

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\Profiles\Patsy\Desktop\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\Profiles\Patsy\Desktop\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {1CFEF10E-5A33-4C22-9CF8-BD90D866A445} - C:\WINDOWS\SYSTEM\BEKG.DLL
O4 - HKLM\..\Run: [sp] rundll32 C:\SE.DLL,DllInstall
O18 - Filter: text/html - {CFE31907-A4B8-44F1-9A9B-E3B57F1A2D24} - C:\WINDOWS\SYSTEM\BEKG.DLL
O18 - Filter: text/plain - {CFE31907-A4B8-44F1-9A9B-E3B57F1A2D24} - C:\WINDOWS\SYSTEM\BEKG.DLL

6. Find and delete:

C:\WINDOWS\SYSTEM\BEKG.DLL
C:\WINDOWS\Profiles\Patsy\Desktop\se.dll

7. Now navigate to the c:\aboutbuster directory and double-click on aboutbuster.exe When the tool is open press the OK button, then the Start button, then the OK button, and then finally the Yes button. It will start scanning your computer for files. If it asks if you would like to do a second pass, allow it to do so. Post the log file in your next reply.

8. Finally run the FxAgentB tool you downloaded earlier.

9. Now reboot,and run hijackthis again and post a fresh log along with the about buster log.
User avatar
FBJ
Visiting Expert
Visiting Expert
 
Posts: 32
Joined: March 1st, 2005, 12:42 pm
Location: Copenhagen, Denmark

HijackThis Log: Please help Diagnose

Unread postby fundancepj » March 28th, 2005, 7:06 pm

Logfile of HijackThis v1.99.1
Scan saved at 6:11:08 PM, on 3/28/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SPOOLSRV32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOHMR08.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\CPQMLCK.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://msn.dll/index
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://msn.dll/index
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://msn.dll/index
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://msn.dll/msn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://msn.dll/msn
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = res://msn.dll/index
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = res://msn.dll/index
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {1CFEF10E-5A33-4C22-9CF8-BD90D866A445} - C:\WINDOWS\SYSTEM\BEKG.DLL
O2 - BHO: (no name) - {881DEEBA-B562-4C9F-B249-9A42B4F9B7B8} - C:\WINDOWS\SYSTEM\BEKG.DLL
O2 - BHO: Tubby - {9EAC0102-5E61-2312-BC2D-4D54434D5443} - C:\WINDOWS\SYSTEM\MTC.DLL
O2 - BHO: (no name) - {D9A063F7-354F-4794-BDD3-EE05987B5148} - C:\WINDOWS\SYSTEM\BEKG.DLL
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765728274} - C:\WINDOWS\SYSTEM\WER8274.DLL
O3 - Toolbar: Search Toolbar - {9EAC0102-5E61-2312-BC2D-4D54434D5443} - C:\WINDOWS\SYSTEM\MTC.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [sp] rundll32 C:\SE.DLL,DllInstall
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [XoftSpy] C:\PROGRAM FILES\XOFTSPY\XoftSpy.exe -s
O4 - HKLM\..\Run: [SwatIt] C:\PROGRAM FILES\SWAT IT V2.1\SWATIT.EXE /tray
O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe
O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\RunServices: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - HKCU\..\Run: [winltmpv] c:\windows\nvsvwc.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
O4 - Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe
O4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O18 - Filter: text/html - {89B684E7-5766-4F50-B795-EC1601919EFF} - C:\WINDOWS\SYSTEM\BEKG.DLL
O18 - Filter: text/plain - {89B684E7-5766-4F50-B795-EC1601919EFF} - C:\WINDOWS\SYSTEM\BEKG.DLL
O21 - SSODL: Sysctl Desktop Handler - {23456789-0000-0020-0900-00AAFF6D2EA4} - (no file)
fundancepj
Active Member
 
Posts: 5
Joined: March 21st, 2005, 11:12 am

Unread postby FBJ » March 29th, 2005, 1:11 am

1. First of all I need you to download some programs for use later.

Download About:Buster from here. Once it is downloaded extract it to c:\aboutbuster and check for updates. Do NOT use it yet

Download CWShredder from here, install it, check for updates but again, don't use it yet.

Download FxAgentB from here

Download CleanUp! from here

2. Ensure hidden files and folders are set to show;
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.

Please disconnect from the Internet and unplug your modem for the duration of this fix You may want to print the rest of these instructions.

3. Reboot your computer into Safe Mode by tapping F8 while booting up and continue for the rest of the fix in SAFE MODE

4. Open Cwshredder that you downloaded in the first step. Close all browser windows and click on the fix/next button.

5. Now run HijackThis and click the scan button, when it has finished scanning put a check against the following and click 'fix checked'

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://msn.dll/index
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://msn.dll/index
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://msn.dll/index
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://msn.dll/msn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://msn.dll/msn
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = res://msn.dll/index
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = res://msn.dll/index
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {1CFEF10E-5A33-4C22-9CF8-BD90D866A445} - C:\WINDOWS\SYSTEM\BEKG.DLL
O2 - BHO: (no name) - {881DEEBA-B562-4C9F-B249-9A42B4F9B7B8} - C:\WINDOWS\SYSTEM\BEKG.DLL
O2 - BHO: Tubby - {9EAC0102-5E61-2312-BC2D-4D54434D5443} - C:\WINDOWS\SYSTEM\MTC.DLL
O2 - BHO: (no name) - {D9A063F7-354F-4794-BDD3-EE05987B5148} - C:\WINDOWS\SYSTEM\BEKG.DLL
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765728274} - C:\WINDOWS\SYSTEM\WER8274.DLL
O3 - Toolbar: Search Toolbar - {9EAC0102-5E61-2312-BC2D-4D54434D5443} - C:\WINDOWS\SYSTEM\MTC.DLL
O4 - HKLM\..\Run: [sp] rundll32 C:\SE.DLL,DllInstall
O4 - HKLM\..\RunServices: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe
O4 - HKCU\..\Run: [winltmpv] c:\windows\nvsvwc.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O18 - Filter: text/html - {89B684E7-5766-4F50-B795-EC1601919EFF} - C:\WINDOWS\SYSTEM\BEKG.DLL
O18 - Filter: text/plain - {89B684E7-5766-4F50-B795-EC1601919EFF} - C:\WINDOWS\SYSTEM\BEKG.DLL
O21 - SSODL: Sysctl Desktop Handler - {23456789-0000-0020-0900-00AAFF6D2EA4} - (no file)

6. Find and delete:

C:\SE.DLL
C:\WINDOWS\SYSTEM\BEKG.DLL
C:\WINDOWS\SYSTEM\MTC.DLL
C:\WINDOWS\SYSTEM\WER8274.DLL
C:\WINDOWS\System\spoolsrv32.exe
c:\windows\nvsvwc.exe
C:\WINDOWS\web\related.htm

7. Now navigate to the c:\aboutbuster directory and double-click on aboutbuster.exe When the tool is open press the OK button, then the Start button, then the OK button, and then finally the Yes button. It will start scanning your computer for files. If it asks if you would like to do a second pass, allow it to do so. Post the log file in your next reply.

8. Now run the FxAgentB tool you downloaded earlier.

9. Finally, run CleanUp - let it clean your computer of temp files. Decline when it asks you to log off.

10. Now reboot,and run hijackthis again and post a fresh log along with the about buster log.
User avatar
FBJ
Visiting Expert
Visiting Expert
 
Posts: 32
Joined: March 1st, 2005, 12:42 pm
Location: Copenhagen, Denmark

Unread postby ChrisRLG » April 14th, 2005, 6:48 am

Whilst we appreciate that you may be busy, it has been 14 days or more since we heard from you.

Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Malware Removal Forum

If you wish this topic reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 365 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware