Thread: HJT Log - Can I remove the ones listed as file missing?
View Single Post
Old 02-23-2007, 09:42 PM   #12 (permalink)
Ried
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,576
OS: WinXP and Vista


Ok Britt, we have a lot to do.

Please copy this page to Word Precessor and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

***************************************************

Downloads Please do not run until directed to do so.


KillBox (it's important that you get version v2.0.0.175)

--------------------------------------------

AproposFix from here:
http://swandog46.geekstogo.com/aproposfix.exe Save it to your desktop.

--------------------------------------------

Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download SideKickFix by LonnyRJones. Save it in the same folder you made earlier (c:\BFU).

RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download MediaGateway.bfu. Save it in the same folder you made earlier (c:\BFU).

--------------------------------------------

Download and save VundoFix to your desktop.

* Double-click VundoFix.exe to run it.
* Click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will reboot your computer, click OK.
* Please post the contents of C:\vundofix.txt in your next reply.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

--------------------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs)

Java 2 Runtime Environment, SE v1.4.2

--------------------------------------------------------------------

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entry:

O3 - Toolbar: Internet-Based-Moms - {D6223CBC-A263-4CB1-B35E-1AE40FEF3B3B} - C:\Program Files\IETB\ietoolbar.dll

Click 'Fix Checked' and close HijackThis.

--------------------------------------------------------------------

Double-click on SmitfraudFix.exe to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot into Normal Windows.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: (C:rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

----------------------------------------------------

Next go to Control Panel click Display>Desktop>Customize Desktop>Web> Now, Uncheck Everything and delete if present:
· "Security Info"
· "Warning Message"
· "Security Desktop"
· "Warning Homepage"
· "Desktop Uninstall"

Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK.

----------------------------------------------------

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.

----------------------------------------------------

Double-click on SmitfraudFix.exe to start the tool.
Select option #3 - Delete Trusted zone by typing 3 and press Enter
Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

----------------------------------------------------

Launch KillBox.exe.

Select/tick the following:
* Delete on Reboot
* Deltree (include subdirectories)
Click the RED X button.

Click Yes at the 'Delete on Reboot' prompt. Click NO at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again.


Copy the file names below to the clipboard by highlighting them and pressing Ctrl-C: Note--You'll have to split this list up as there are so many. I've placed a space between to set up groupings for you so no folders get overlooked in the copy/paste process.

C:\Program Files\winfixer_2006
C:\Program Files\whenu
C:\Program Files\websnitch v3.0
C:\Program Files\vvsdl
C:\Program Files\Common Files\winsoftware
C:\Program Files\Common Files\winfixer 2006
C:\Program Files\Common Files\whenu
C:\Program Files\Common Files\ucontrol
C:\Program Files\vvsn
C:\Program Files\vmntoolbar
C:\Program Files\ts trial
C:\Program Files\topmoxie
C:\Program Files\netmeting
C:\Program Files\hpdll
C:\Program Files\spyware stormer


**Repeat the above procedure for each of the following groupings**

C:\Program Files\softomate
C:\Program Files\seekmo
C:\Program Files\searchnet
C:\Program Files\screenview
C:\Program Files\savenow
C:\Program Files\relevantknowledge
C:\Program Files\rax search helper
C:\Program Files\p4p
C:\Program Files\ietoolbar
C:\Program Files\ezthemes_whenusavenow_installer
C:\Program Files\dynamic toolbar
C:\Program Files\Common Files\sogou pxp
C:\Program Files\startup mechanic
C:\Program Files\need2find
C:\Program Files\ncase


C:\Program Files\navexcel
C:\Program Files\navexcel search toolbar
C:\Program Files\mywebsearch
C:\Program Files\ddr
C:\Program Files\arcade!
C:\Program Files\support software
C:\Program Files\network essentials
C:\Program Files\md
C:\Program Files\lstsvc
C:\Program Files\kuaiso toolsbar
C:\Program Files\kgb keylogger
C:\Program Files\invisible secrets toolbar
C:\Program Files\instant buzz
C:\Program Files\instant access
C:\Program Files\exploreanywhere


C:\Program Files\Common Files\wqzq
C:\Program Files\Common Files\updmgr
C:\Program Files\Common Files\updater
C:\Program Files\Common Files\keenvalue
C:\Program Files\system soap pro
C:\Program Files\search toolbar
C:\Program Files\httper
C:\Program Files\homekeylogger
C:\Program Files\hbtools
C:\Program Files\hbinst
C:\Program Files\Common Files\wintools
C:\Program Files\Common Files\msiets
C:\Program Files\Common Files\btlink
C:\Program Files\xmod
C:\Program Files\xml


C:\Program Files\vcom
C:\Program Files\sync manager demo
C:\Program Files\scom
C:\Program Files\reg2
C:\Program Files\pvm
C:\Program Files\primesoft
C:\Program Files\paymentone
C:\Program Files\gsr
C:\Program Files\gsoft
C:\Program Files\gmsoft
C:\Program Files\globaldialer
C:\Program Files\ftk
C:\Program Files\flt
C:\Program Files\fln
C:\Program Files\flcp


C:\Program Files\fla
C:\Program Files\filesubmit
C:\Program Files\fen
C:\Program Files\fastseeker
C:\Program Files\dialers
C:\Program Files\webrebates
C:\Program Files\real-tens
C:\Program Files\popcorn.net
C:\Program Files\movienetworks
C:\Program Files\mlh
C:\Program Files\medch
C:\Program Files\kfh
C:\Program Files\ezurl
C:\Program Files\exact
C:\Program Files\e2give


C:\Program Files\e2g
C:\Program Files\downloadware
C:\Program Files\downloadware engine
C:\Program Files\dealhelper
C:\Program Files\dealhelper.com inc
C:\Program Files\dateregon
C:\Program Files\date manager
C:\Program Files\data19
C:\Program Files\comsoft
C:\Program Files\Common Files\eacceleration
C:\Program Files\windowssa
C:\Program Files\tvs
C:\Program Files\rvp
C:\Program Files\lycos
C:\Program Files\letssearch


C:\Program Files\gator.com
C:\Program Files\csbb
C:\Program Files\Common Files\psd tools
C:\Program Files\Common Files\gmt
C:\Program Files\Common Files\cmeii
C:\Program Files\colej_uk design toolbar
C:\Program Files\cntrc
C:\Program Files\clipgenie
C:\Program Files\clientman
C:\Program Files\clearsearch
C:\Program Files\btv
C:\Program Files\brp
C:\Program Files\browser pal
C:\Program Files\bpt
C:\Program Files\bpc_search


C:\Program Files\bonzibuddy
C:\Program Files\bde
C:\Program Files\sysal
C:\Program Files\mediaring talk
C:\Program Files\funcade
C:\Program Files\cardcrazy
C:\Program Files\bargain buddy
C:\Program Files\backweb
C:\Program Files\arcaderockstar
C:\Program Files\aproposclient
C:\Program Files\accoona
C:\Program Files\the guard
C:\Program Files\stc
C:\Program Files\srng
C:\Program Files\netturbotrial


C:\Program Files\malwaresweeper.com
C:\Program Files\fs
C:\Program Files\flobo spyware clean
C:\Program Files\fix my registry
C:\Program Files\Common Files\betterinternet
C:\Program Files\beclean
C:\Program Files\abetterinternet
C:\Program Files\2search
C:\Program Files\IETB

----------------------------------------------------

Double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

----------------------------------------------------

Now, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Beside the scriptline to execute field click the folder icon and select mediagateway.bfu by double clicking on it.
  • Press Execute and let it do it’s job. (You ought to see a blue progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.

----------------------------------------------------

Now, within the BFU folder, double-click on sidekickFix.bat. Click YES and follow the prompts, when prompted to restart the PC please do so.

----------------------------------------------------

Run another online scan at Panda and save the results.

----------------------------------------------------

Run ComboScan.exe once again.

----------------------------------------------------

Please include the following in your next reply:

C:\vundofix.txt
C:\rapport.txt
log.txt (located in the AproposFix folder)
Actions History Log (Open Killbox>file>logs>Actions History Log)
Panda results
ComboScan.txt (no need for the Supplementary.txt)
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Last edited by Ried; 02-23-2007 at 10:03 PM.
Ried is offline