[Home Search Assistent/About:Blank Page Problem] -
Home Search Assistent/About:Blank Page Problem
Discuss Home Search Assistent/About:Blank Page Problem
Posted by: glassinthetrees
My AOL Instant Messanger keeps crashing and as it turns out my computer has been infected by Home Search Assistent, Search Extender, and Shopping Wizard. When I open IE, my homepage is always reset to "about:blank" and I always get pop ups from "Only the Best". I ran ad-aware and it didn't get rid of the problem. If anyone could help me out with this and walk me through the steps I would really appreciate it. Here's my Hijackthis list:
Logfile of HijackThis v1.98.2
Scan saved at 7:31:08 PM, on 11/29/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\netnc.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\adddp.exe
C:\Documents and Settings\khayes\Desktop\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\mkofc.dll/sp.html#22776
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\mkofc.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\mkofc.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\mkofc.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\mkofc.dll/sp.html#22776
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\mkofc.dll/sp.html#22776
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [url]http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int
ernet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C8CA3BC0-2B1E-FD1D-3A00-E174FA3DEC18} - C:\WINDOWS\mfczn32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ntgn32.exe] C:\WINDOWS\system32\ntgn32.exe
O4 - HKLM\..\Run: [ISLP2STA.EXE] ISLP2STA.EXE START
O4 - HKLM\..\Run: [ipsn32.exe] C:\WINDOWS\system32\ipsn32.exe
O4 - HKLM\..\Run: [adddp.exe] C:\WINDOWS\adddp.exe
O4 - HKLM\..\RunOnce: [apiep.exe] C:\WINDOWS\apiep.exe
O4 - HKLM\..\RunOnce: [d3vi.exe] C:\WINDOWS\system32\d3vi.exe
O4 - HKLM\..\RunOnce: [ntbm.exe] C:\WINDOWS\system32\ntbm.exe
O4 - HKLM\..\RunOnce: [iewm.exe] C:\WINDOWS\iewm.exe
O4 - HKLM\..\RunOnce: [msfp.exe] C:\WINDOWS\msfp.exe
O4 - HKLM\..\RunOnce: [d3wp32.exe] C:\WINDOWS\d3wp32.exe
O4 - HKLM\..\RunOnce: [crsg.exe] C:\WINDOWS\crsg.exe
O4 - HKLM\..\RunOnce: [ieby.exe] C:\WINDOWS\ieby.exe
O4 - HKLM\..\RunOnce: [ieqi32.exe] C:\WINDOWS\ieqi32.exe
O4 - HKLM\..\RunOnce: [mfcob32.exe] C:\WINDOWS\system32\mfcob32.exe
O4 - HKLM\..\RunOnce: [ietr32.exe] C:\WINDOWS\ietr32.exe
O4 - HKLM\..\RunOnce: [netux32.exe] C:\WINDOWS\system32\netux32.exe
O4 - HKLM\..\RunOnce: [netnm.exe] C:\WINDOWS\netnm.exe
O4 - HKLM\..\RunOnce: [apifv.exe] C:\WINDOWS\system32\apifv.exe
O4 - HKLM\..\RunOnce: [javaqb32.exe] C:\WINDOWS\javaqb32.exe
O4 - HKLM\..\RunOnce: [syski.exe] C:\WINDOWS\system32\syski.exe
O4 - HKLM\..\RunOnce: [ntpw.exe] C:\WINDOWS\ntpw.exe
O4 - HKLM\..\RunOnce: [netsz32.exe] C:\WINDOWS\system32\netsz32.exe
O4 - HKLM\..\RunOnce: [crjx.exe] C:\WINDOWS\crjx.exe
O4 - HKLM\..\RunOnce: [d3en32.exe] C:\WINDOWS\system32\d3en32.exe
O4 - HKLM\..\RunOnce: [appdg32.exe] C:\WINDOWS\appdg32.exe
O4 - HKLM\..\RunOnce: [javaeb32.exe] C:\WINDOWS\javaeb32.exe
O4 - HKLM\..\RunOnce: [mscl.exe] C:\WINDOWS\mscl.exe
O4 - HKLM\..\RunOnce: [winke32.exe] C:\WINDOWS\system32\winke32.exe
O4 - HKLM\..\RunOnce: [sdknc.exe] C:\WINDOWS\system32\sdknc.exe
O4 - HKLM\..\RunOnce: [atlvl32.exe] C:\WINDOWS\system32\atlvl32.exe
O4 - HKLM\..\RunOnce: [netmv32.exe] C:\WINDOWS\system32\netmv32.exe
O4 - HKLM\..\RunOnce: [sysdm32.exe] C:\WINDOWS\sysdm32.exe
O4 - HKLM\..\RunOnce: [d3dr.exe] C:\WINDOWS\d3dr.exe
O4 - HKLM\..\RunOnce: [mfcip32.exe] C:\WINDOWS\system32\mfcip32.exe
O4 - HKLM\..\RunOnce: [atlnj32.exe] C:\WINDOWS\system32\atlnj32.exe
O4 - HKLM\..\RunOnce: [appae.exe] C:\WINDOWS\appae.exe
O4 - HKLM\..\RunOnce: [apinv32.exe] C:\WINDOWS\apinv32.exe
O4 - HKLM\..\RunOnce: [iptu.exe] C:\WINDOWS\iptu.exe
O4 - HKLM\..\RunOnce: [d3at.exe] C:\WINDOWS\system32\d3at.exe
O4 - HKLM\..\RunOnce: [crhi.exe] C:\WINDOWS\crhi.exe
O4 - HKLM\..\RunOnce: [mfcyt32.exe] C:\WINDOWS\system32\mfcyt32.exe
O4 - HKLM\..\RunOnce: [syscb.exe] C:\WINDOWS\syscb.exe
O4 - HKLM\..\RunOnce: [iert.exe] C:\WINDOWS\system32\iert.exe
O4 - HKLM\..\RunOnce: [crmz.exe] C:\WINDOWS\system32\crmz.exe
O4 - HKLM\..\RunOnce: [mspn.exe] C:\WINDOWS\system32\mspn.exe
O4 - HKLM\..\RunOnce: [appep.exe] C:\WINDOWS\appep.exe
O4 - HKLM\..\RunOnce: [mfcev32.exe] C:\WINDOWS\system32\mfcev32.exe
O4 - HKLM\..\RunOnce: [winto.exe] C:\WINDOWS\winto.exe
O4 - HKLM\..\RunOnce: [atlpa32.exe] C:\WINDOWS\atlpa32.exe
O4 - HKLM\..\RunOnce: [atlkz.exe] C:\WINDOWS\atlkz.exe
O4 - HKLM\..\RunOnce: [d3td.exe] C:\WINDOWS\system32\d3td.exe
O4 - HKLM\..\RunOnce: [crcj.exe] C:\WINDOWS\system32\crcj.exe
O4 - HKLM\..\RunOnce: [atlvb32.exe] C:\WINDOWS\atlvb32.exe
O4 - HKLM\..\RunOnce: [javanr32.exe] C:\WINDOWS\system32\javanr32.exe
O4 - HKLM\..\RunOnce: [d3er.exe] C:\WINDOWS\d3er.exe
O4 - HKLM\..\RunOnce: [sdkav32.exe] C:\WINDOWS\sdkav32.exe
O4 - HKLM\..\RunOnce: [DelDirTree] C:\WINDOWS\UnInst32.exe C:\WINDOWS\DelDir.BEN
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Advisor - {126D9184-71E9-42D0-9DE5-DEA8508E6ABF} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - [url]http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe[/url]
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - [url]http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe[/url]
I don't know which files I should delete. Someone please help me.
Posted by: southernlady
glassinthetrees, I want you to turn off system restore and I am going to get help because you are beyond my ability. Do NOT reboot your system. Liz
Posted by: glassinthetrees
Ok Liz I just turned off system restore. Can someone please help me out with my problem?
Posted by: DMo224
Yes, we'll definitely help with your problems. I'll be posting later about the log.
Dave :D
Posted by: glassinthetrees
Ok thanks a lot Dave
Posted by: DMo224
[i]You may want to print this out since you'll need all browser windows closed when fixing.[/i]
For your start and/or search page items, R0-R3, if you don't recognize the url, then fix it:
[b]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\mkofc.dll/sp.html#22776
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\mkofc.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about :blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\mkofc.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\mkofc.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\mkofc.dll/sp.html#22776
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\mkofc.dll/sp.html#22776
R3 - Default URLSearchHook is missing[/b]
There's going to be a little work to do here, so make sure to read the end of this post.
Fix the following:
[b]O2 - BHO: (no name) - {C8CA3BC0-2B1E-FD1D-3A00-E174FA3DEC18} - C:\WINDOWS\mfczn32.dll
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [ntgn32.exe] C:\WINDOWS\system32\ntgn32.exe
O4 - HKLM\..\Run: [ipsn32.exe] C:\WINDOWS\system32\ipsn32.exe
O4 - HKLM\..\Run: [adddp.exe] C:\WINDOWS\adddp.exe
O4 - HKLM\..\RunOnce: [apiep.exe] C:\WINDOWS\apiep.exe
O4 - HKLM\..\RunOnce: [d3vi.exe] C:\WINDOWS\system32\d3vi.exe
O4 - HKLM\..\RunOnce: [ntbm.exe] C:\WINDOWS\system32\ntbm.exe
O4 - HKLM\..\RunOnce: [iewm.exe] C:\WINDOWS\iewm.exe
O4 - HKLM\..\RunOnce: [msfp.exe] C:\WINDOWS\msfp.exe
O4 - HKLM\..\RunOnce: [d3wp32.exe] C:\WINDOWS\d3wp32.exe
O4 - HKLM\..\RunOnce: [crsg.exe] C:\WINDOWS\crsg.exe
O4 - HKLM\..\RunOnce: [ieby.exe] C:\WINDOWS\ieby.exe
O4 - HKLM\..\RunOnce: [ieqi32.exe] C:\WINDOWS\ieqi32.exe
O4 - HKLM\..\RunOnce: [mfcob32.exe] C:\WINDOWS\system32\mfcob32.exe
O4 - HKLM\..\RunOnce: [ietr32.exe] C:\WINDOWS\ietr32.exe
O4 - HKLM\..\RunOnce: [netux32.exe] C:\WINDOWS\system32\netux32.exe
O4 - HKLM\..\RunOnce: [netnm.exe] C:\WINDOWS\netnm.exe
O4 - HKLM\..\RunOnce: [apifv.exe] C:\WINDOWS\system32\apifv.exe
O4 - HKLM\..\RunOnce: [javaqb32.exe] C:\WINDOWS\javaqb32.exe
O4 - HKLM\..\RunOnce: [syski.exe] C:\WINDOWS\system32\syski.exe
O4 - HKLM\..\RunOnce: [ntpw.exe] C:\WINDOWS\ntpw.exe
O4 - HKLM\..\RunOnce: [netsz32.exe] C:\WINDOWS\system32\netsz32.exe
O4 - HKLM\..\RunOnce: [crjx.exe] C:\WINDOWS\crjx.exe
O4 - HKLM\..\RunOnce: [d3en32.exe] C:\WINDOWS\system32\d3en32.exe
O4 - HKLM\..\RunOnce: [appdg32.exe] C:\WINDOWS\appdg32.exe
O4 - HKLM\..\RunOnce: [javaeb32.exe] C:\WINDOWS\javaeb32.exe
O4 - HKLM\..\RunOnce: [mscl.exe] C:\WINDOWS\mscl.exe
O4 - HKLM\..\RunOnce: [winke32.exe] C:\WINDOWS\system32\winke32.exe
O4 - HKLM\..\RunOnce: [sdknc.exe] C:\WINDOWS\system32\sdknc.exe
O4 - HKLM\..\RunOnce: [atlvl32.exe] C:\WINDOWS\system32\atlvl32.exe
O4 - HKLM\..\RunOnce: [netmv32.exe] C:\WINDOWS\system32\netmv32.exe
O4 - HKLM\..\RunOnce: [sysdm32.exe] C:\WINDOWS\sysdm32.exe
O4 - HKLM\..\RunOnce: [d3dr.exe] C:\WINDOWS\d3dr.exe
O4 - HKLM\..\RunOnce: [mfcip32.exe] C:\WINDOWS\system32\mfcip32.exe
O4 - HKLM\..\RunOnce: [atlnj32.exe] C:\WINDOWS\system32\atlnj32.exe
O4 - HKLM\..\RunOnce: [appae.exe] C:\WINDOWS\appae.exe
O4 - HKLM\..\RunOnce: [apinv32.exe] C:\WINDOWS\apinv32.exe
O4 - HKLM\..\RunOnce: [iptu.exe] C:\WINDOWS\iptu.exe
O4 - HKLM\..\RunOnce: [d3at.exe] C:\WINDOWS\system32\d3at.exe
O4 - HKLM\..\RunOnce: [crhi.exe] C:\WINDOWS\crhi.exe
O4 - HKLM\..\RunOnce: [mfcyt32.exe] C:\WINDOWS\system32\mfcyt32.exe
O4 - HKLM\..\RunOnce: [syscb.exe] C:\WINDOWS\syscb.exe
O4 - HKLM\..\RunOnce: [iert.exe] C:\WINDOWS\system32\iert.exe
O4 - HKLM\..\RunOnce: [crmz.exe] C:\WINDOWS\system32\crmz.exe
O4 - HKLM\..\RunOnce: [mspn.exe] C:\WINDOWS\system32\mspn.exe
O4 - HKLM\..\RunOnce: [appep.exe] C:\WINDOWS\appep.exe
O4 - HKLM\..\RunOnce: [mfcev32.exe] C:\WINDOWS\system32\mfcev32.exe
O4 - HKLM\..\RunOnce: [winto.exe] C:\WINDOWS\winto.exe
O4 - HKLM\..\RunOnce: [atlpa32.exe] C:\WINDOWS\atlpa32.exe
O4 - HKLM\..\RunOnce: [atlkz.exe] C:\WINDOWS\atlkz.exe
O4 - HKLM\..\RunOnce: [d3td.exe] C:\WINDOWS\system32\d3td.exe
O4 - HKLM\..\RunOnce: [crcj.exe] C:\WINDOWS\system32\crcj.exe
O4 - HKLM\..\RunOnce: [atlvb32.exe] C:\WINDOWS\atlvb32.exe
O4 - HKLM\..\RunOnce: [javanr32.exe] C:\WINDOWS\system32\javanr32.exe
O4 - HKLM\..\RunOnce: [d3er.exe] C:\WINDOWS\d3er.exe
O4 - HKLM\..\RunOnce: [sdkav32.exe] C:\WINDOWS\sdkav32.exe
O4 - HKLM\..\RunOnce: [DelDirTree] C:\WINDOWS\UnInst32.exe C:\WINDOWS\DelDir.BEN
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?[/b]
Fix:
[b]O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup [color=red]This is a questionable spyware killer. I suggest getting rid of it and use Ad-Aware or SpyBot S&D.[/color][/b]
You can get rid of this if you want, especially if you don't have a Presario:
[b]O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409[/b]
Next, download [i]About: Buster[/i] from [b][url=http://www.spyware911.net/downloads.htm]here[/url][/b]. Run AboutBuster.exe, click [i]OK[/i], then [i]start[/i], then
[i]OK[/i]. This will scan your computer for the files responsible for
hijacking your home and/or search settings/page, and produce a rreport.
Reboot and post a new HijackThis log along with the report from [i]About:Buster[/i].
Dave :D
Posted by: glassinthetrees
Hey Dave I fixed all of the bad files in HijackThis but when I ran about:Buster it said "MsComCtl.ocx' " or one of its dependencies is not correctly registered and that a file was missing or invalid. What should I do?
Posted by: intercodes
glassinthetrees,
okie. ..this helps I guess.
[url]http://www.majorgeeks.com/faqshow.php?id=8[/url]
Posted by: DMo224
Also, you can try downloading and installing again.
Dave :D
Posted by: glassinthetrees
Dave I'm having some trouble running the file from the majorgeeks site, it says "Load Library (MSCOMCTL.OCX) failed-The specific module could not be found. I also tried downloading about:Buster again and I got the same response as before. I have no idea what to do now. Please help!!
Posted by: mobo
You can get that file here [url]http://www.spyware911.net/downloads.htm[/url]
Put it in c:\windows\system32
Posted by: glassinthetrees
Ok here's my About:Buster report and my new HijackThis report
Scanned at: 7:54:44 PM on: 12/5/2004
-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 16
Removed Data Streams:
C:\WINDOWS\addat32.exe:jzmqv
C:\WINDOWS\addmr32.exe:uzevp
C:\WINDOWS\apiep.exe:xcatf
C:\WINDOWS\ieqi32.exe:rdvws
C:\WINDOWS\ipll.exe:zcmkn
C:\WINDOWS\iput.exe:jdeyi
C:\WINDOWS\jautoexp.dat:nlysr
C:\WINDOWS\javaeb32.exe:fmrfl
C:\WINDOWS\javaiv.dll:ueiie
C:\WINDOWS\javaqb32.exe:nfany
C:\WINDOWS\KB824105.log:ssgux
C:\WINDOWS\KB825119.log:klzzr
C:\WINDOWS\KB837001.log:vjknt
C:\WINDOWS\kbbktv.dat:ykngq
C:\WINDOWS\kftul.dll:qlglk
C:\WINDOWS\mfchy32.exe:bnjwg
C:\WINDOWS\mhmhmw.dat:tnbja
C:\WINDOWS\netai.exe:cqoun
C:\WINDOWS\netnm.exe:ocjtb
C:\WINDOWS\netqm.exe:urzzh
C:\WINDOWS\netva32.exe:gcbzd
C:\WINDOWS\ntbtlog.txt:fkkse
C:\WINDOWS\n_cclhvn.dat:nruhx
C:\WINDOWS\n_djxbhi.dat:rtqfn
C:\WINDOWS\sdkfg.exe:dwzwf
C:\WINDOWS\sdkwx.exe:yzuue
C:\WINDOWS\sysdm32.exe:xtivj
C:\WINDOWS\twunk_16.exe:pxcvc
C:\WINDOWS\twunk_32.exe:dxhlw
C:\WINDOWS\UNINST32.EXE:szyka
Removed 3 Random Key Entries
Removed! : C:\WINDOWS\coskyy.dat
Removed! : C:\WINDOWS\dxfzc.dat
Removed! : C:\WINDOWS\icjms.dat
Removed! : C:\WINDOWS\iduff.dat
Removed! : C:\WINDOWS\jprdz.dat
Removed! : C:\WINDOWS\kcvuj.dat
Removed! : C:\WINDOWS\lhqrk.dat
Removed! : C:\WINDOWS\nhoxg.dat
Removed! : C:\WINDOWS\n_inzaqp.dat
Removed! : C:\WINDOWS\n_preawj.dat
Removed! : C:\WINDOWS\pvbku.dat
Removed! : C:\WINDOWS\swwmj.dat
Removed! : C:\WINDOWS\wthhc.dat
Removed! : C:\WINDOWS\wyxjj.dat
Removed! : C:\WINDOWS\xveqi.dat
Removed! : C:\WINDOWS\zwjrb.dat
Removed! : C:\WINDOWS\system32\aoqfj.dat
Removed! : C:\WINDOWS\system32\fnoao.dat
Removed! : C:\WINDOWS\system32\hcmeq.dat
Removed! : C:\WINDOWS\system32\icmoq.dat
Removed! : C:\WINDOWS\system32\lahwu.dat
Removed! : C:\WINDOWS\system32\vqsbx.dat
Removed! : C:\WINDOWS\system32\xjvoj.dat
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!
-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 16
Removed Data Streams:
C:\WINDOWS\addat32.exe:jzmqv
C:\WINDOWS\addmr32.exe:uzevp
C:\WINDOWS\apiep.exe:xcatf
C:\WINDOWS\ieqi32.exe:rdvws
C:\WINDOWS\ipll.exe:zcmkn
C:\WINDOWS\iput.exe:jdeyi
C:\WINDOWS\jautoexp.dat:nlysr
C:\WINDOWS\javaeb32.exe:fmrfl
C:\WINDOWS\javaiv.dll:ueiie
C:\WINDOWS\javaqb32.exe:nfany
C:\WINDOWS\KB824105.log:ssgux
C:\WINDOWS\KB825119.log:klzzr
C:\WINDOWS\KB837001.log:vjknt
C:\WINDOWS\kbbktv.dat:ykngq
C:\WINDOWS\kftul.dll:qlglk
C:\WINDOWS\mfchy32.exe:bnjwg
C:\WINDOWS\mhmhmw.dat:tnbja
C:\WINDOWS\netai.exe:cqoun
C:\WINDOWS\netnm.exe:ocjtb
C:\WINDOWS\netqm.exe:urzzh
C:\WINDOWS\netva32.exe:gcbzd
C:\WINDOWS\ntbtlog.txt:fkkse
C:\WINDOWS\n_cclhvn.dat:nruhx
C:\WINDOWS\n_djxbhi.dat:rtqfn
C:\WINDOWS\sdkfg.exe:dwzwf
C:\WINDOWS\sdkwx.exe:yzuue
C:\WINDOWS\sysdm32.exe:xtivj
C:\WINDOWS\twunk_16.exe:pxcvc
C:\WINDOWS\twunk_32.exe:dxhlw
C:\WINDOWS\UNINST32.EXE:szyka
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!
Logfile of HijackThis v1.98.2
Scan saved at 8:03:41 PM, on 12/5/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\netnc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\adddp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\khayes\Desktop\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\flebn.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\flebn.dll/sp.html#22776
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\flebn.dll/sp.html#22776
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [url]http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int
ernet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {07850CE3-1044-C87E-2D7E-A3B83871E631} - C:\WINDOWS\atlli32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ISLP2STA.EXE] ISLP2STA.EXE START
O4 - HKLM\..\Run: [adddp.exe] C:\WINDOWS\adddp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Advisor - {126D9184-71E9-42D0-9DE5-DEA8508E6ABF} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - [url]http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe[/url]
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - [url]http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe[/url]
Posted by: southernlady
glassinthetrees, somehow you got dropped thru the cracks and I'm sorry for that. If you are still having problems and need help. please post a current HiJack Log. There is a NEW version, version 1.99 that can be found if you follow the link in my signature.
I am sorry you were ignored. Liz
Posted by: glassinthetrees
ok here is my current Hijackthis log
Logfile of HijackThis v1.99.0
Scan saved at 6:32:55 PM, on 12/31/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\netnc.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\adddp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\khayes\Desktop\New about buster\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\agvob.dll/sp.html#22776
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\agvob.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\agvob.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\agvob.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\agvob.dll/sp.html#22776
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\agvob.dll/sp.html#22776
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [url]http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int
ernet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FA4880A8-EDFC-DB28-205E-F33B87557FF5} - C:\WINDOWS\system32\sysxt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ISLP2STA.EXE] ISLP2STA.EXE START
O4 - HKLM\..\Run: [adddp.exe] C:\WINDOWS\adddp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Advisor - {126D9184-71E9-42D0-9DE5-DEA8508E6ABF} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - [url]http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe[/url]
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - [url]http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe[/url]
O23 - Service: HP Configuration Interface Service - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Network Security Service (NSS) - Unknown - C:\WINDOWS\system32\netnc.exe
Posted by: DMo224
We'll be getting to this log as soon as possible!
Dave :D
Posted by: jayareo
Glass,
I have the exact same issues. Please let me know if you find a fix, and what it is.
Thanks!
-john o
Posted by: MicroBell
[color=blue][b]Before attacking an adware/spyware problem with hijackthis make sure you have already run[color=red] ad-aware SE[/color] with [color=red]VX2[/color] add-on cleaner, [color=red]Spybot Search & Destroy[/color] (with updated database) and [color=red]CWShredder[/color] as these programs will clean a lot of the crap out first. All links to programs are in my signature. Ok..on to the log…..[/color][/b]
Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible also. Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore.
Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Open add/remove programs and remove [b]WeatherBug[/b].
[b]WeatherBug - it's adware. If you didn't install this yourself, uninstall it. If you did install it yourself, you may keep it and ignore any fixes/deletions listed below.[/b]
Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed (they shouldn't be but make sure)
[b]C:\WINDOWS\system32\netnc.exe
C:\WINDOWS\adddp.exe[/b]
Check and fix the following in HijackThis if they still exist (make sure you do not miss an entry)
[b]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\agvob.dll/sp.html#22776
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\agvob.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about :blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\agvob.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\agvob.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\agvob.dll/sp.html#22776
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\agvob.dll/sp.html#22776
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {FA4880A8-EDFC-DB28-205E-F33B87557FF5} - C:\WINDOWS\system32\sysxt.dll
O4 - HKLM\..\Run: [adddp.exe] C:\WINDOWS\adddp.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O23 - Service: Network Security Service (NSS) - Unknown - C:\WINDOWS\system32\netnc.exe[/b]
Delete the following Files/Folders in [color=red][b]RED[/color][/b] (delete folders if no filename is specified or they are RED) according to their directory (If you can't find them...do a search for them…make sure you have search hidden files, folders, sub directorys..ect enabled if it applys to your OS)
[b]C:\WINDOWS\system32\[color=red]netnc.exe[/color]
C:\WINDOWS\[color=red]adddp.exe[/color]
C:\WINDOWS\[color=red]agvob.dll[/color]
C:\WINDOWS\system32\[color=red]sysxt.dll[/color]
C:\Program Files\[color=red]AWS\WeatherBug\Weather.exe[/b][/color]
[color=blue]In safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.
Go to Start > Run and type [b]%temp%[/b] in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.
Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.[/color]
Navigate to the C:\Windows\Prefetch folder and delete all files in that folder
Once done reboot into Normal Mode and post a new HijackThis log file to confirm what was removed and if it's clean or not.
Posted by: southernlady
Closing this thread due to lack of activity. Liz