Tech Support Forum - View Single Post

tetonbob · 12-02-2005, 09:01 PM

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Click on Start->Settings->Control Panel->Java Plug-in and click on the Cache tab. Then click on the Clear button and hit OK.

If you haven't already, uninstall your current version of Adaware, and download it again, please at http://www.lavasoftusa.com/ and install it Make sure it's the newest version and check for any updates before running it. Also make sure to customize the settings in Ad-aware at http://www.greyknight17.com/spyware.htm#adaware for better scan results. Do not run it yet. Once you've updated it, and customised the settings, close out Adaware.

Download KillBox v2.0.0.175.exe You will use this later.

Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop. Do not run it yet.

Download CleanUp! and install it. CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!. Run CleanUp! and click on the Options button. Uncheck those two Newsgroup entries if you don't want to delete them. Click OK and then click on the CleanUp! button. Let it run. After it's done, choose Yes to logoff.

Launch KillBox.exe & select the following options:

delete on Reboot

Select all the filenames below & then right-click & select Copy

C:\WINDOWS\SYSTEM\oleext.dll
C:\WINDOWS\SYSTEM\ll.exe
C:\WINDOWS\SYSTEM\sywsvcs.exe
C:\WINDOWS\SYSTEM\~update.exe
C:\WINDOWS\SYSTEM\hgqhp.exe
C:\WINDOWS\SYSTEM\cskhm.exe
C:\WINDOWS\SYSTEM\dmala.exe
C:\WINDOWS\SYSTEM\hlmicro.exe
C:\WINDOWS\SYSTEM\idemlog.exe
C:\WINDOWS\Desktop\backups\backup-20051129-210243-529.dll
C:\WINDOWS\Desktop\backups\backup-20051129-212230-167.dll
C:\WINDOWS\Desktop\backups\backup-20051130-101935-808.dll
C:\q940856.exe

* Go to the File menu, and choose Paste from Clipboard
* Click the RED X button.
* Click Yes at the Delete on Reboot prompt.
* Click Yes at the 'Pending Operations prompt'.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again.

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers.

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Open Ad-aware and do a full scan. Remove all it finds.

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present. Remove the check by "View my Active desktop as a web page".
Click OK then Apply and OK.

Reboot in normal mode, and run a new scan with HJT. Save the log and post it here.

Also run a new scan with Panda, and post the results here.

12-02-2005, 09:01 PM	#6 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,611 OS: 2000 Pro; XP Pro; XP Home	Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below. Click on Start->Settings->Control Panel->Java Plug-in and click on the Cache tab. Then click on the Clear button and hit OK. If you haven't already, uninstall your current version of Adaware, and download it again, please at http://www.lavasoftusa.com/ and install it Make sure it's the newest version and check for any updates before running it. Also make sure to customize the settings in Ad-aware at http://www.greyknight17.com/spyware.htm#adaware for better scan results. Do not run it yet. Once you've updated it, and customised the settings, close out Adaware. Download KillBox v2.0.0.175.exe You will use this later. Download smitRem.exe and save the file to your desktop. Double click on the file to extract it to it's own folder on the desktop. Do not run it yet. Download CleanUp! and install it. CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!. Run CleanUp! and click on the Options button. Uncheck those two Newsgroup entries if you don't want to delete them. Click OK and then click on the CleanUp! button. Let it run. After it's done, choose Yes to logoff. Launch KillBox.exe & select the following options: delete on Reboot Select all the filenames below & then right-click & select Copy C:\WINDOWS\SYSTEM\oleext.dll C:\WINDOWS\SYSTEM\ll.exe C:\WINDOWS\SYSTEM\sywsvcs.exe C:\WINDOWS\SYSTEM\~update.exe C:\WINDOWS\SYSTEM\hgqhp.exe C:\WINDOWS\SYSTEM\cskhm.exe C:\WINDOWS\SYSTEM\dmala.exe C:\WINDOWS\SYSTEM\hlmicro.exe C:\WINDOWS\SYSTEM\idemlog.exe C:\WINDOWS\Desktop\backups\backup-20051129-210243-529.dll C:\WINDOWS\Desktop\backups\backup-20051129-212230-167.dll C:\WINDOWS\Desktop\backups\backup-20051130-101935-808.dll C:\q940856.exe * Go to the File menu, and choose Paste from Clipboard * Click the RED X button. * Click Yes at the Delete on Reboot prompt. * Click Yes at the 'Pending Operations prompt'. If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again. Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers. Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish. The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply. Open Ad-aware and do a full scan. Remove all it finds. Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present. Remove the check by "View my Active desktop as a web page". Click OK then Apply and OK. Reboot in normal mode, and run a new scan with HJT. Save the log and post it here. Also run a new scan with Panda, and post the results here. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009