Could someone help me with this Hijack This log.
I can't open "My Documents", "Control Panel" etc.
Dr Watson Error message comes up.
I have already downloaded:
cwsserviceremove.zip and unziped it to desktop
CWShredder to desktop
AboutBuster to desktop (was about to update it when everything froze again!!)
I think time zone problems could pose an issue (I am in Sydney, Australia).
So if you think it would be better, please email me on email address removed to prevent harvsting by spammers
Thanks very much for any help!!!
AJ
====================================
Logfile of HijackThis v1.99.1
Scan saved at 6:17:50 PM, on 3/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Read all these instructions carefully, Print them out and download all the things mentioned before starting
First
Download the Hoster from here . UnZip the file and run hoster then press "Restore Original Hosts" and press "OK". Exit Program.
Click here to download AboutBuster created by Rubber Ducky.
Unzip AboutBuster to the Desktop then click the "Update Button" then click "Check for Update" and download the updates and then click "Exit" because I don't want you to run it yet. Just get the updates so it is ready to run later in safe mode.
Download and install AdAware SE from http://www.lavasoft.de/support/download if you haven't already got it. If you have it, then make sure it is updated and configured as described later in the post
download http://www.mvps.org/winhelp2002/DelDomains.inf and place it of desktop
right click the file and select install, that will reset the trusted zone domains that have been wrongly placed there
Sign off the internet and remain offline until this procedure is complete. Unplug your modem or disconnect the cable or phone line. Copy these instructions to notepad and save them on your desktop for easy access. You must follow these directions exactly and you cannot skip any part of it.
Run hijackthis, tick these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked
now run killbox and paste the first one of these lines into the box, select delete on reboot then press the red X button,say yes to the prompt but NO to the reboot now prompt
then repeat with each line in turn, if it says file missing or if it says unable to delete then make a note of the files and report back at the end
then on the killbox top bar press tools/delete temp files and say yes to the prompt
Now Run CWSHREDDER
Close all browser windows, click on the cwshredder.exe then click "FIX" (Not "Scan only") and let it do it's thing.
Next run aboutbuster. Double click aboutbuster.exe, click OK, click Start, then click OK. This will scan your computer for the bad files and delete them.
then as some of the files or folders you need to delete may be hidden do this:
Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"
then go to C:\windows\temp and select EVERYTHING and delete all that and then do the same for C:\temp
1) Open Control Panel
2) Click on Internet Options
3) On the General Tab, in the middle of the screen, click on Delete Files
4) You may also want to check the box "Delete all offline content"
5) Click on OK and wait for the hourglass icon to stop after it deletes the temporary internet files
6) You can now click on Delete Cookies and click OK to delete cookies that websites have placed on your hard drive
then
Run ADAWARE
Before you scan with AdAware, check for updates of the reference file by using the "webupdate".
the current ref file should read at least SE1R32 09.03.2005 or a higher number/later date
Set up the Configurations as follows:
General Button
Safety:
Check (Green) all three.
Click on "Proceed"
Please deselect "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.
Click on "Scan Now"
Run the scanner using the Full Scan (Perform full system scan) mode.
When scan is finished, mark everything for removal and get rid of it. (Right-click the window and choose"select all" from the drop down menu) then press next and then say yes to the prompt, do you want to remove all these entries.
These hijackers are known to alter or delete certain files so check this out please:
If you have Spybot S&D installed you will also need to replace one file.
Go here and download SDHelper.dll. Copy the file to the folder containing you Spybot S&D program (normally C:\Program Files\Spybot - Search & Destroy)
Check in the System32 folder to be sure you have a file named Shell.dll. If you do not have one, go to System32\dllcache
Find shell.dll and right click on it. Choose Copy from the menu.
Open System32 and right click on an empty space in the window. Choose Paste from the menu.
control.exe may have been deleted.
See if control.exe is present in C:\windows\system32
If control.exe isn't there, go here, and download control.exe per the instructions at the site.
IMPORTANT!: Please check your ActiveX security settings. They may have been changed by this CWS variant to allow ALL ActiveX!! If they have been changed, reset your active x security settings in IE as recommended by opening IE/tools/options/security and press internet zone, then press default settings and OK
Thanks very much.
All instructions followed.
Here is the new log of HJT.
AJ
=============================
Logfile of HijackThis v1.99.1
Scan saved at 5:02:28 PM, on 3/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
has it all cleared up or are you still having any problems
Turn off system restore by following instructions here http://service1.symantec.com/SUPPORT...01111912274039
That will purge the restore folder and clear any malware that has been put in there. Then reboot & then re-enable sytem restore & create a new restore point.
and pay an urgent visit to windows update & get the bunch of new updates that are alleged to plug the security holes that let these pests on in the first place
THIS THREAD HAS EXPIRED.
Are you having the same problem?
We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Login 
Search 
Facebook
Twitter
TechGuy.tv
TSG Mobile
