MicroBell

Hi and Welcome to TSF

Please DISABLE spybot's teatimer and LEAVE IT OFF until the fix is complete!

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running.

• Ad-Aware® SE Personal Edition
  *Note* For Ad-AwareSE also install the VX2 Addon Cleaner To run this tool once Adaware is updated click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK" , then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.
  
• Spybot Search & Destroy
• CWShredder

Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT)


Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to extract the files
• This will create a VundoFix folder on your desktop.
• After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
  
  Open add/remove programs and remove Myway/MySearch
  
  
• Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
• You will first be presented with a warning.
  It should look like this
  
  Quote:

  VundoFix V2.15 by Atri By using VundoFix you agree that you are doing so at your own risk Press enter to continue....

• At this point press enter one time.
• Next you will see:
  
  Quote:

  Please Type in the filepath as instructed by the forum staff and then press enter:

• At this point please type the following file path (make sure to enter it exactly as below!):
  
  C:\WINDOWS\system32\mllmn.dll
  
  
• Press Enter to continue with the fix.
• Next you will see:
  
  Quote:

  Please type in the second filepath as instructed by the forum staff then press enter:

• At this point please type the following file path (make sure to enter it exactly as below!)
  
  
  C:\WINDOWS\system32\nmllm.*
  
  
  This will be the vundo filename spelt backwards.
  
• Press Enter to continue with the fix.
• The fix will run then HijackThis will open, if it does not open automatically please open it manually.
• In HiJackThis, please place a check next to the following items and click FIX CHECKED:
  
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.myway.com/
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
  R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
  O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
  O2 - BHO: MSEvents Object - {CE70731D-F28D-4D81-9D61-C8EE60378401} - C:\WINDOWS\system32\mllmn.dll
  O20 - Winlogon Notify: mllmn - C:\WINDOWS\system32\mllmn.dll
  
  
• After you have fixed these items, close Hijackthis.
• Press enter to exit the program then manually reboot your computer.
• Once your machine reboots please continue with the instructions below.

Then, please run this online virus scan: ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.