Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Need some help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Need some help

Unread postby Platinum » July 11th, 2006, 11:28 am

Hey, I'm an asst. network admin. here and someone who works in the office brought me their computer because it was running "slow." well, slow doesnt describe it, it was practically shot but i ran spybot S&D, adaware, and went through the registry for a solid week. Spybot found 26000 entries after running for 3 days, taking another day just to delete them! Anyway, I used to come here last summer and was being trained with HJT so I figured I would scan it and just take a look at the log and see how bad it was (no, I didn't do anything, I just scanned and looked up some processes to see what she had) so here I am, and here is the log!

Thanks in advance for the help...


Logfile of HijackThis v1.99.1
Scan saved at 11:17:28 AM, on 7/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\okmlo.dll/sp.html#28129%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\okmlo.dll/sp.html#28129%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\alnwb.dll/sp.html#28129%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\okmlo.dll/sp.html#28129%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0125D352-F431-AB07-E2B0-4258BCF7AC07} - (no file)
O2 - BHO: (no name) - {01455E70-B6DC-DF81-8323-ADC8CB9B6016} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {092DB4EF-A153-233B-B473-7DD7913C97E5} - (no file)
O2 - BHO: (no name) - {093646C5-CDDB-2035-BD50-008A30E3EA96} - (no file)
O2 - BHO: (no name) - {1B8F483E-94BD-24D3-A479-2063E618DDF5} - (no file)
O2 - BHO: (no name) - {22B1C431-5AB7-DE44-9B59-32F72B1F1675} - (no file)
O2 - BHO: (no name) - {2B346C41-2D83-7EA3-145F-F1A22D8F5142} - (no file)
O2 - BHO: (no name) - {2F705A01-7E96-92A9-E87A-8EC094F830E1} - (no file)
O2 - BHO: (no name) - {2FEADC72-1B9D-0091-9E66-846197ADA43C} - (no file)
O2 - BHO: (no name) - {3DCC3A22-49AB-3E61-BA5F-E5B9AC8B375E} - (no file)
O2 - BHO: (no name) - {41C95B86-7625-43F0-4BD5-77F23CE36D52} - (no file)
O2 - BHO: (no name) - {4763166E-429C-B5AF-C8E8-C91F5368F74C} - (no file)
O2 - BHO: (no name) - {492BF9B9-13D0-58BB-37CB-DF9BECE39907} - (no file)
O2 - BHO: (no name) - {4B1F2248-1481-1DBC-EEBD-29F80FEB4854} - (no file)
O2 - BHO: (no name) - {4FFCD01F-8BF9-C079-27AB-2851683DB1DC} - (no file)
O2 - BHO: (no name) - {53710463-D86F-4380-3AEC-F58B9A66C964} - (no file)
O2 - BHO: (no name) - {5589D9AB-A0F2-680A-D323-258D1B13015E} - (no file)
O2 - BHO: (no name) - {55F4B2C0-1BA9-30E2-C41A-87A1C59255C2} - (no file)
O2 - BHO: (no name) - {5AD344A2-E0B4-149E-E60D-3E9011BC2368} - (no file)
O2 - BHO: (no name) - {5D9A8CEB-C14A-F94D-5897-F84779EFE938} - (no file)
O2 - BHO: (no name) - {6BE5F602-57FC-035D-69BB-0127DBDAD5A1} - (no file)
O2 - BHO: (no name) - {7091E7AC-9792-0B02-E2FF-3EAF307B875C} - (no file)
O2 - BHO: (no name) - {76B5AF0F-241F-A182-52CD-21C2EFCA324D} - (no file)
O2 - BHO: (no name) - {7A318DE9-62B5-FF57-A970-C3C5DEFD3476} - (no file)
O2 - BHO: (no name) - {802A649E-3116-B069-41CB-4D33F17750FD} - (no file)
O2 - BHO: (no name) - {81BC3EBA-35E5-E622-0BAD-7095B849C484} - (no file)
O2 - BHO: (no name) - {8524EB63-E94C-0E8C-81F9-0567631683AE} - (no file)
O2 - BHO: (no name) - {916E0E7F-1B81-53C6-429D-2ABB3F3CFBCF} - (no file)
O2 - BHO: (no name) - {9D982F9D-035B-FE7A-252A-1E960E1F3E5A} - (no file)
O2 - BHO: (no name) - {A3E59314-F18B-E35B-1289-B3D8F43C3B9D} - (no file)
O2 - BHO: (no name) - {A81A1A73-0ABD-D6BC-44CD-1C5B54E9058A} - (no file)
O2 - BHO: (no name) - {AF2EE742-5DA8-18C9-C2ED-E2A6A656CC6A} - (no file)
O2 - BHO: (no name) - {B04EE120-83B9-B26D-500D-49A7F8C6CB92} - (no file)
O2 - BHO: (no name) - {B36BE120-95DE-5F02-4335-36B4124FB086} - (no file)
O2 - BHO: (no name) - {B85396EA-22B1-1A27-067A-B8F1A2D6BD90} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C516B337-4790-1C2D-E70B-A3EC67307C3E} - (no file)
O2 - BHO: (no name) - {C5BA8DF6-BD9D-3B14-33B4-A52F6A5DB2AA} - (no file)
O2 - BHO: (no name) - {C8004A51-B1C6-2B52-CE97-BA80D6D6C5DB} - (no file)
O2 - BHO: (no name) - {CBCBACBA-B5C6-0928-434A-CE4EEBE36A38} - (no file)
O2 - BHO: (no name) - {D4830DD3-9ABD-EA24-ED6B-4C012094FCAD} - (no file)
O2 - BHO: (no name) - {D52FA8C3-E2FA-4536-0AF5-BF01EB52CE95} - (no file)
O2 - BHO: (no name) - {D9DCC50A-EE62-0287-E4FA-5C092B0FC97E} - (no file)
O2 - BHO: (no name) - {E2D21C40-4D0E-92DA-315E-5394C622B623} - (no file)
O2 - BHO: (no name) - {E38ED9F3-91EA-355E-5715-27B3113CA15D} - (no file)
O2 - BHO: (no name) - {E68FF21A-1D01-4C00-EDC8-A80470B5A15F} - (no file)
O2 - BHO: (no name) - {E7F1CA25-18BA-5AA2-86D0-F9E3A0C2CA0D} - (no file)
O2 - BHO: (no name) - {E90875AE-7FC7-43DA-EFDD-064D538C94EB} - (no file)
O2 - BHO: (no name) - {EAA00845-B10D-A53B-8771-FBD4916BCE85} - (no file)
O2 - BHO: (no name) - {EE1F3F25-A9E9-DC91-4CB7-91FF510DCAA0} - (no file)
O2 - BHO: (no name) - {F8143114-CDD3-F1BE-E167-AB80E5C3C6A3} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O16 - DPF: {8AF9A654-6644-46AD-A344-34B71839659E} (Fix Class) - http://www2.stlu.com/plugins/PluginLatest/fixst.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
User avatar
Platinum
Regular Member
 
Posts: 189
Joined: August 1st, 2005, 2:00 pm
Location: Long Island, NY
Advertisement
Register to Remove

Unread postby Nellie2 » July 11th, 2006, 5:19 pm

Oh dear... so, what do you think the problem is and how would you go about fixing it?

Have you done some searching on this one?
User avatar
Nellie2
Administrator Emeritus
 
Posts: 8737
Joined: December 16th, 2004, 5:01 pm
Location: UK

Unread postby Platinum » July 12th, 2006, 9:33 am

I looks like it has About:Blank v.1&2, and I don't even know what the deal is with all those O2's. I haven't been in training in awhile, nor do I have the resources now either. I reapplied.
User avatar
Platinum
Regular Member
 
Posts: 189
Joined: August 1st, 2005, 2:00 pm
Location: Long Island, NY

Unread postby Platinum » July 12th, 2006, 3:44 pm

Help please? I've had her computer for over a week and she needs it back ASAP. I don't mean to rush you guys though.
User avatar
Platinum
Regular Member
 
Posts: 189
Joined: August 1st, 2005, 2:00 pm
Location: Long Island, NY

Unread postby Nellie2 » July 12th, 2006, 3:50 pm

Give me ten minutes, I'm composing a reply now
User avatar
Nellie2
Administrator Emeritus
 
Posts: 8737
Joined: December 16th, 2004, 5:01 pm
Location: UK

Unread postby Platinum » July 12th, 2006, 3:55 pm

ill tell you what, you can take 11 minutes. 8)
User avatar
Platinum
Regular Member
 
Posts: 189
Joined: August 1st, 2005, 2:00 pm
Location: Long Island, NY

Unread postby Platinum » July 12th, 2006, 3:57 pm

also, i went to reapply for MWR univ. and my email wasnt supported, so I changed it and reactivated it (obviously) so if theres anything you can do to get me back in, that'd be appreciated.
User avatar
Platinum
Regular Member
 
Posts: 189
Joined: August 1st, 2005, 2:00 pm
Location: Long Island, NY

Unread postby Platinum » July 12th, 2006, 4:07 pm

Another note: This computer is at work, and I leave at 4:30 EST today and normally 5:00 EST so I'm leaving soon. So I won't be able to get back to you about it until tomorrow.
User avatar
Platinum
Regular Member
 
Posts: 189
Joined: August 1st, 2005, 2:00 pm
Location: Long Island, NY

Unread postby Nellie2 » July 12th, 2006, 4:13 pm

First of all you need to turn off Spybots teatimer.

Click running icon of Spybot's teatimer and choose exit

Now I need you to download some programs for use later.

Download this file and unzip it to your desktop

Download About:Buster from here. Once it is downloaded extract it to c:\aboutbuster and check for updates. Do NOT use it yet

Download CWShredder from here, install it, check for updates but again, don't use it yet.

Download Ewido Anti-Spyware 4.0 from here. Once installed, make the following settings changes:
  • Under the Status menu (which opens by default), under "Your Computer's Security," Change Status on Resident Guard to Inactive
  • Click Update Now
  • Under the now-opened Update menu, uncheck "Download and Install Updates Automatically (Recommended)"
  • Click Scanner in the top bar
  • Click the Settings tab
    • Under "How To Act?" set "Default Action for Detected Malware" to Quarantine
    • Under "How to Scan" ALL boxes should be checked
    • Under "What to Scan," "Scan every file" should be highlighted
    • Under "Possibly Unwanted Software" ALL boxes should be checked
  • Under Reports select "Automatically generate report after every scan" and uncheck "Only if threats were found"
Do not scan with it yet!

Ensure hidden files and folders are set to show;
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.

Please disconnect from the Internet and unplug your modem for the duration of this fix You may want to print the rest of these instructions.

Reboot your computer into Safe Mode by tapping F8 while booting up and continue for the rest of the fix in SAFE MODE

While in safe mode, double click on the HSfix.reg file you downloaded at the beginning. Grant it permission to add the registry items.

Then Open cwshredder that you downloaded in the first step. Close all browser windows and click on the fix/next button.

Now find and delete these files, if you can't find one then don't worry.. just move on to the next one.

C:\WINDOWS\okmlo.dll
C:\WINDOWS\alnwb.dll


Now run hijackthis and click the scan button, when it has finished scanning put a check against the following and click 'fix checked'

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\okmlo.dll/sp.html#28129%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\okmlo.dll/sp.html#28129%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\alnwb.dll/sp.html#28129%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\okmlo.dll/sp.html#28129%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0125D352-F431-AB07-E2B0-4258BCF7AC07} - (no file)
O2 - BHO: (no name) - {01455E70-B6DC-DF81-8323-ADC8CB9B6016} - (no file)
O2 - BHO: (no name) - {092DB4EF-A153-233B-B473-7DD7913C97E5} - (no file)
O2 - BHO: (no name) - {093646C5-CDDB-2035-BD50-008A30E3EA96} - (no file)
O2 - BHO: (no name) - {1B8F483E-94BD-24D3-A479-2063E618DDF5} - (no file)
O2 - BHO: (no name) - {22B1C431-5AB7-DE44-9B59-32F72B1F1675} - (no file)
O2 - BHO: (no name) - {2B346C41-2D83-7EA3-145F-F1A22D8F5142} - (no file)
O2 - BHO: (no name) - {2F705A01-7E96-92A9-E87A-8EC094F830E1} - (no file)
O2 - BHO: (no name) - {2FEADC72-1B9D-0091-9E66-846197ADA43C} - (no file)
O2 - BHO: (no name) - {3DCC3A22-49AB-3E61-BA5F-E5B9AC8B375E} - (no file)
O2 - BHO: (no name) - {41C95B86-7625-43F0-4BD5-77F23CE36D52} - (no file)
O2 - BHO: (no name) - {4763166E-429C-B5AF-C8E8-C91F5368F74C} - (no file)
O2 - BHO: (no name) - {492BF9B9-13D0-58BB-37CB-DF9BECE39907} - (no file)
O2 - BHO: (no name) - {4B1F2248-1481-1DBC-EEBD-29F80FEB4854} - (no file)
O2 - BHO: (no name) - {4FFCD01F-8BF9-C079-27AB-2851683DB1DC} - (no file)
O2 - BHO: (no name) - {53710463-D86F-4380-3AEC-F58B9A66C964} - (no file)
O2 - BHO: (no name) - {5589D9AB-A0F2-680A-D323-258D1B13015E} - (no file)
O2 - BHO: (no name) - {55F4B2C0-1BA9-30E2-C41A-87A1C59255C2} - (no file)
O2 - BHO: (no name) - {5AD344A2-E0B4-149E-E60D-3E9011BC2368} - (no file)
O2 - BHO: (no name) - {5D9A8CEB-C14A-F94D-5897-F84779EFE938} - (no file)
O2 - BHO: (no name) - {6BE5F602-57FC-035D-69BB-0127DBDAD5A1} - (no file)
O2 - BHO: (no name) - {7091E7AC-9792-0B02-E2FF-3EAF307B875C} - (no file)
O2 - BHO: (no name) - {76B5AF0F-241F-A182-52CD-21C2EFCA324D} - (no file)
O2 - BHO: (no name) - {7A318DE9-62B5-FF57-A970-C3C5DEFD3476} - (no file)
O2 - BHO: (no name) - {802A649E-3116-B069-41CB-4D33F17750FD} - (no file)
O2 - BHO: (no name) - {81BC3EBA-35E5-E622-0BAD-7095B849C484} - (no file)
O2 - BHO: (no name) - {8524EB63-E94C-0E8C-81F9-0567631683AE} - (no file)
O2 - BHO: (no name) - {916E0E7F-1B81-53C6-429D-2ABB3F3CFBCF} - (no file)
O2 - BHO: (no name) - {9D982F9D-035B-FE7A-252A-1E960E1F3E5A} - (no file)
O2 - BHO: (no name) - {A3E59314-F18B-E35B-1289-B3D8F43C3B9D} - (no file)
O2 - BHO: (no name) - {A81A1A73-0ABD-D6BC-44CD-1C5B54E9058A} - (no file)
O2 - BHO: (no name) - {AF2EE742-5DA8-18C9-C2ED-E2A6A656CC6A} - (no file)
O2 - BHO: (no name) - {B04EE120-83B9-B26D-500D-49A7F8C6CB92} - (no file)
O2 - BHO: (no name) - {B36BE120-95DE-5F02-4335-36B4124FB086} - (no file)
O2 - BHO: (no name) - {B85396EA-22B1-1A27-067A-B8F1A2D6BD90} - (no file)
O2 - BHO: (no name) - {C516B337-4790-1C2D-E70B-A3EC67307C3E} - (no file)
O2 - BHO: (no name) - {C5BA8DF6-BD9D-3B14-33B4-A52F6A5DB2AA} - (no file)
O2 - BHO: (no name) - {C8004A51-B1C6-2B52-CE97-BA80D6D6C5DB} - (no file)
O2 - BHO: (no name) - {CBCBACBA-B5C6-0928-434A-CE4EEBE36A38} - (no file)
O2 - BHO: (no name) - {D4830DD3-9ABD-EA24-ED6B-4C012094FCAD} - (no file)
O2 - BHO: (no name) - {D52FA8C3-E2FA-4536-0AF5-BF01EB52CE95} - (no file)
O2 - BHO: (no name) - {D9DCC50A-EE62-0287-E4FA-5C092B0FC97E} - (no file)
O2 - BHO: (no name) - {E2D21C40-4D0E-92DA-315E-5394C622B623} - (no file)
O2 - BHO: (no name) - {E38ED9F3-91EA-355E-5715-27B3113CA15D} - (no file)
O2 - BHO: (no name) - {E68FF21A-1D01-4C00-EDC8-A80470B5A15F} - (no file)
O2 - BHO: (no name) - {E7F1CA25-18BA-5AA2-86D0-F9E3A0C2CA0D} - (no file)
O2 - BHO: (no name) - {E90875AE-7FC7-43DA-EFDD-064D538C94EB} - (no file)
O2 - BHO: (no name) - {EAA00845-B10D-A53B-8771-FBD4916BCE85} - (no file)
O2 - BHO: (no name) - {EE1F3F25-A9E9-DC91-4CB7-91FF510DCAA0} - (no file)
O2 - BHO: (no name) - {F8143114-CDD3-F1BE-E167-AB80E5C3C6A3} - (no file)
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O16 - DPF: {8AF9A654-6644-46AD-A344-34B71839659E} (Fix Class) - http://www2.stlu.com/plugins/PluginLatest/fixst.cab


The following step is important as you may have several malware files in your temp directories.

Then browse to the C:\documents and settings\Your User Name (repeat for all other user names in documents and settings)\local settings\temp folder and delete all files and folders in it. Then browse to the C:\Window\Temp folder and delete all files and folders in it. Then in internet explore click tools>internet Options>General. Click on Delete Files make sure you get all offline content as well.

Now navigate to the c:\aboutbuster directory and double-click on AboutBuster.exe. Click Begin Removal to allow AboutBuster to scan. When it has finished, AboutBuster will open a 'Scan Completed' window. Click OK. Another information window will open. Click on Exit. AboutBuster will inform you that a log has been created. Click OK. I will need you to post that log later.

Run an Ewido Scan
  • Click on the Scan Tab
  • Click on Complete System Scan
  • Let the program scan the machine -- it can take a while, just give it time.
  • When scan has finished, at bottom of screen click Apply all Actions
  • Click Save Report
  • Click Save Report As ("Save As" window should pop up.)
  • Click Desktop
  • Click Save
  • Exit ewido


Now reboot,and run hijackthis again and post a fresh log along with the about buster log and the Ewido log. :)

I'll be here tomorrow too!
User avatar
Nellie2
Administrator Emeritus
 
Posts: 8737
Joined: December 16th, 2004, 5:01 pm
Location: UK

Unread postby Platinum » July 13th, 2006, 10:39 am

So everything was going smoothly, then I started Aboutbuster. I ran it, it cleaned everything, but during the process deleted some vital files (hal.dll being 1). Windows will no longer start, but I'm in the process of trying to fix that.
User avatar
Platinum
Regular Member
 
Posts: 189
Joined: August 1st, 2005, 2:00 pm
Location: Long Island, NY

Unread postby Nellie2 » July 13th, 2006, 5:43 pm

I've never had a problem with the tool before now, I will contact the developer and let him know.
User avatar
Nellie2
Administrator Emeritus
 
Posts: 8737
Joined: December 16th, 2004, 5:01 pm
Location: UK

Unread postby 'KotaGuy » July 30th, 2006, 10:23 pm

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 293 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware