Overrun

Exactly what is it that this PC is used for and who has been using it??????

This PC appears to have the registry infected with almost every know piece of malware. It would appear that some one was trying to infect this PC as it would be almost impossible to have this many components of malware in the registry without doing it on purpose. Or unless the PC had been run for quite awhile with zero protection or outdated protection in place.

In reality it maybe safer to fdisk, repartition, format and reinstall this PC. We could attempt to clean it up by using a load of additional scanners and quite a bit of manual cleaning steps but it could be very time consuming and we may not even be able to locate everything.

If you would like to do manual cleaning, begin with the below:

Now Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Question: Did you knowingly install MovielinkManager and The Weather Channel FW ? I'm not saying they are malware. I just want to know if you installed them or if they were installed without your knowledge.

Now install the current version of Sun Java from: Sun Java Runtime Environment

Then install the current version of FireFox from: Mozilla Firefox

Then uninstall the below software using Add/Remove programs:
Java 2 Runtime Environment, SE v1.4.2
Java 2 Runtime Environment, SE v1.4.2_05
Mozilla Firefox (1.0.1)
Viewpoint Media Player


Also download HOSTER and then follow the below steps.

• Unzip Hoster to a convenient folder such as C:\Hoster
• Run Hoster.exe, click Restore Original Hosts and then click OK.
• Click the X to exit the program

Make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R3 - Default URLSearchHook is missing
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Class - {58C41DD1-9710-395E-F0B5-801EC66F7E9C} - C:\WINDOWS\lnllt1.dll (file missing)

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\lnllt1.dll
If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now run this procedure Running Spy Sweeper and attach the Spy Sweeper log.

Now reboot in normal mode and post a new HJT log.

Make sure you tell me how things are working now.

 

You're welcome! If you look at one of our other stickies (something we recommend when we finish cleaning PCs) you will see ZoneAlarm recommended. It was the first firewall put on the list. This is the sticky How to Protect yourself from malware!

Not necessary! I just wanted to be sure you installed them or at least knew about them.

Okay! We shall see how much we can fix but with so many bad things being present in the registry it could be very difficult to complete clean this PC. How did it get like this? What is it used for and who is using it?

 

You're welcome. Make sure you follow the tips in the below during and after your reinstall.

How to Protect yourself from malware!