Can you help me please

Discussion in 'adware, spyware & hijack cleaning' started by GPontet, Jun 12, 2004.

Thread Status:
Not open for further replies.
  1. GPontet

    GPontet Registered Member

    Joined:
    Jun 9, 2004
    Posts:
    4
    I'm a novice user advised by aol to run hijackthis program then submit to wilders forum for deletion advice. Please can you tell me what to delete and what not to delete?

    Thank you for your help


    GPontet
     

    Attached Files:

    Last edited: Jun 12, 2004
  2. Yellowhammer

    Yellowhammer Spyware Fighter

    Joined:
    May 23, 2004
    Posts:
    53
    Location:
    Alabama, USA
    You have a fairly clean log.

    Close all windows and have hijackthis fix the following:

    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

    O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O3 - Toolbar: Crack Find Search - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\WINDOWS\SrchPlug.dll

    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab

    Then browse to the C:\documents and settings\Gerald\local settings\temp folder and delete all files and folders in it.
    Then browse to the C:\Windows\Temp folder and delete all files in it.
    Then in internet explore click tools>internet Options>General. Click on Delete Files make sure you get all offline content as well.

    Then reboot to normal mode.

    Then,

    Download ad-aware here -> http://fileforum.betanews.com/detail.php3?fid=965718306

    Before you scan with AdAware, check for updates of the reference file by using the "webupdate".

    Then ........

    From main window :Click "Start" then " Activate in-depth scan"

    then......

    click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

    then.........

    Click the "Tweak" button.

    Open up the "Scanning Engine" section and tick "Unload recognized processes during scanning"

    Then........"Cleaning engine" and "Let windows remove files in use at next reboot" and "Automatically try to unregister objects prior to deletion"

    then...... click "proceed" to save your settings.

    Now to scan it´s just to click the "Next" button.

    When scan is finished, mark everything for removal and get rid of it. .(Right-click the window and choose"select all" from the drop down menu) then press next and then say yes to the prompt, do you want to remove all these entries.

    Then,

    Download SPYBOT Search and Destroy here-> http://www.safer-networking.org/index.php?page=mirrors
    Install the program and then start it. Once the program has started make sure you are in the Spybot-S&D section. Click on the "Search for Updates" button. Download all updates. In some cases the program will restart after an update. When updated, click on the "Check for Problems" button. When the Check is over All problems displayed in red are regarded as real threats and should be dealt with. Make sure they are all selected and click the "Fix selected problems" button.

    Then Disable system restore: Instructions here.

    Reboot

    Enable system restore.

    Scan and Post another log.
     
  3. GPontet

    GPontet Registered Member

    Joined:
    Jun 9, 2004
    Posts:
    4
    Yellowhammer,

    here is revised log after following all of your instructions.

    impressive so far, thanks!

    GPontet
     

    Attached Files:

  4. Yellowhammer

    Yellowhammer Spyware Fighter

    Joined:
    May 23, 2004
    Posts:
    53
    Location:
    Alabama, USA
    It is clean now :)
     
Thread Status:
Not open for further replies.