Thread: Need Help - Getting too many pop-ups and lock downs. HJT included
View Single Post
Old 08-20-2005, 11:49 AM   #7 (permalink)
sUBs
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,353
OS: N/A


Please download KillBox v2.0.0.175.zip



Have HijackThis fix this entry:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =



Launch KillBox.exe & select the following options:
  • delete on Reboot
  • end Explorer shell while killing file
  • unregister dlll before deleting * if it's not grayed out
Select all the filenames below & then click on Notepad's 'Edit' menu & select Copy
  • C:\DOCUMENTS AND SETTINGS\FEDERICO VEGA\FAVORITES\SHOPPING\Ebay.url
    C:\WINDOWS\DOWNLOADED PROGRAM FILES\f3initialsetup1.0.0.8-2.inf
    C:\WINDOWS\INF\banner.inf
    C:\WINDOWS\INF\farmmext.inf
    C:\WINDOWS\games.exe
    C:\WINDOWS\GatorHDPlugin.log
    C:\PROGRAM FILES\FlashTalk
    C:\WINDOWS\system32\zivixiq.dll
    C:\WINDOWS\system32\msiaih.dll
    C:\WINDOWS\system32\msfdje.gif
    C:\WINDOWS\games.exe
    C:\WINDOWS\Downloaded Program Files\pinstall.dll
    C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.8-2.inf
    C:\WINDOWS\tlk0262[1].exe
    C:\WINDOWS\Windows Update Setup Files\utilcat.dll
    C:\WINDOWS\blocklist.reg
    C:\Documents and Settings\Federico Vega\Desktop\Hijack this\VundoFix\backups\backup-20050819-191706-208.dll
    C:\Documents and Settings\Federico Vega\Desktop\mailpv_setup.exe
    C:\Program Files\MSN Messenger\riched20.dll
    C:\Program Files\Mail PassView\mailpv.exe
* Go to the File menu, and choose Paste from Clipboard
* Click the RED X button.
* Click Yes at the Delete on Reboot prompt.
* Click Yes at the 'Pending Operations prompt'.

Quote:
If you received a message such as: "PendingFileRenameOperations registry data has been removed by external process", you have to restart Windows manually .
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again.

Upon reboot, run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider to Standard CleanUp!
3. Uncheck the following:
  • Delete Newsgroup cache
  • Delete Newsgroup Subscriptions
  • Scan local drives for temporary files
4. Click OK
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.


Post a fresh HJT log after this.
__________________

Question - what have you done for the community today?
sUBs is offline