Hello Punkymonk and welcome to TSF,
Please print out or copy this page to Notepad since you will not have any of browsers open while you are fixing this. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. Again, you should not have any open browsers when you are following the procedures below.
Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.
Download CleanUp! (Alternate Link if main link doesn't work) and install it. Do not run it yet.
Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers.
Go into Hijack This->Config->Misc. Tools->Open process manager. Select the following and click “Kill process” for each one if they are still listed (they shouldn't be - but double check it):(You must kill them one at a time).
C:\WINDOWS\system32\winhlp32.dll.exe
C:\WINDOWS\system32\winhlp32.dll.exe
Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Alfie Kong\Application Data\Mozilla\Profiles\default\sstsx817.slt\prefs.j s)
O4 - HKLM\..\Run: [winhlp32.exe] C:\WINDOWS\system32\winhlp32.dll.exe
Delete the following file:
C:\WINDOWS\system32\winhlp32.dll.exe
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
-Empty Recycle Bins
-Temporary Internet Files
-Delete Cookies
-Delete Prefetch files
]-[X]Scan local drives for temporary files [/b] (Please uncheck this option)
-Cleanup! All Users
Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.
IMPORTANT!:
Before we can proceed any further, please visit the Microsoft's Windows Update Page and install ALL Critical Updates for your system (except service pack 2 (SP2). SP2 should only be installed on a fully disinfected system.) At the minimum install at least SP1a for both XP and IE6. Without these updates your system is wide open to re-infection and we are both wasting our efforts to clean your system. After we have completed your clean-up, we will have you return to the Windows Update page and install SP2. We will also then advise you on how to better protect yourself online.
Please apply those updates BEFORE posting your next log. It is this forum's policy to stop the disinfection process until these basic updates are done. If during the updating process you get a message that your product key is invalid ....then you may not have a legitimate copy of Windows XP. Unfortunately it’s also this forums policy that we only address users with a legal copy of Windows XP.... therefore if you can not update Windows XP to SP1 we must stop the cleansing process here.
Perform an online scan with Internet Explorer with Panda ActiveScan - requires Internet Explorer
Please print out or copy this page to Notepad since you will not have any of browsers open while you are fixing this. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. Again, you should not have any open browsers when you are following the procedures below.
Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.
Download CleanUp! (Alternate Link if main link doesn't work) and install it. Do not run it yet.
Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers.
Go into Hijack This->Config->Misc. Tools->Open process manager. Select the following and click “Kill process” for each one if they are still listed (they shouldn't be - but double check it):(You must kill them one at a time).
C:\WINDOWS\system32\winhlp32.dll.exe
C:\WINDOWS\system32\winhlp32.dll.exe
Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Alfie Kong\Application Data\Mozilla\Profiles\default\sstsx817.slt\prefs.j s)
O4 - HKLM\..\Run: [winhlp32.exe] C:\WINDOWS\system32\winhlp32.dll.exe
Delete the following file:
C:\WINDOWS\system32\winhlp32.dll.exe
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
-Empty Recycle Bins
-Temporary Internet Files
-Delete Cookies
-Delete Prefetch files
]-[X]Scan local drives for temporary files [/b] (Please uncheck this option)
-Cleanup! All Users
Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.
IMPORTANT!:
Before we can proceed any further, please visit the Microsoft's Windows Update Page and install ALL Critical Updates for your system (except service pack 2 (SP2). SP2 should only be installed on a fully disinfected system.) At the minimum install at least SP1a for both XP and IE6. Without these updates your system is wide open to re-infection and we are both wasting our efforts to clean your system. After we have completed your clean-up, we will have you return to the Windows Update page and install SP2. We will also then advise you on how to better protect yourself online.
Please apply those updates BEFORE posting your next log. It is this forum's policy to stop the disinfection process until these basic updates are done. If during the updating process you get a message that your product key is invalid ....then you may not have a legitimate copy of Windows XP. Unfortunately it’s also this forums policy that we only address users with a legal copy of Windows XP.... therefore if you can not update Windows XP to SP1 we must stop the cleansing process here.
Perform an online scan with Internet Explorer with Panda ActiveScan - requires Internet Explorer
- Click on the Scan your PC button & a 'pop up' window shall appear. * ensure that your pop up blocker doesn't block it
- Click On 'Scan Now'
- Enter your e-mail address & click 'Scan Now' ...begins downloading Panda's ActiveX controls.- 8MB
- Begin the scan by selecting My Computer
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report. - If it finds any malware, it will offer you a report. Click on see report
- Then click Save report
- Post the contents of the report in your next reply along with a new HijackThis log.
