About:Blank and other freaks!!(no reboot since this log!)

Archkre,

We have guidelines about posting HJT logs which you need to follow. First the Read ME FIRST sticky should be executed. I'll give you the benefit of the doubt and assume you ran all of it because I can see some evidence of particular steps being run. But from now on, please do not post logs unless requested and they must be posted as attachments to you message not as inline text.

You also need to update to the lastest HijackThis 1.99.1 and use it from now on.

First problem: You OS and IE versions are severely out of date an represent a major security risk. When we finish fixing up your current problems, you must get updated.

Second: looks like you have paid for Ad-Aware but you are run Ad-Aware 6. It is outdated. You need to get the current version Ad-Aware SE 1.05 and current reference files.

The only items that currently show in you HJT log are these two:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\nnger.dll/sp.html#37049
O4 - HKLM\..\Run: [msyn.exe] C:\WINDOWS\msyn.exe

Was that log from normal boot mode or safe mode? Most of the time we require logs from normal boot mode.


Hopefully things have not mutated since you posted your log. If you have problems finding the stuff I indicated below, you will need to post a new log and then DO NOT REBOOT. These infections spread and mutate during reboots.

Make sure you have both about:Buster and HSremove downloaded from the READ ME FIRST. And make sure you have UPDATED the database for about:buster. I believe it is up to number 23.

You need to print or save these instructions locally because after this reading this sentence you will need to physically unplug your connection from your cable, ADSL, or dial-up modem to your PC and then you MUST exit all browsers and DO NOT run any again until requested.

Okay, unplug your internet connection and exit browsers now!!!!

You then need to use TaskManager (CTRL-ALT-DEL) and select Processes and End the below process(if still showing up):
msyn.exe

Now run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now (DO NOT OPEN ANOTHER BROWSER UNTIL AFTER POWER DOWN AND POWER UP, see below):
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\nnger.dll/sp.html#37049
O4 - HKLM\..\Run: [msyn.exe] C:\WINDOWS\msyn.exe

Then exit HJT after clicking FIX

Run Windows Explorer and look for and try to delete:
C:\WINDOWS\system32\nnger.dll
C:\WINDOWS\msyn.exe

If you cannot find or delete them, note which ones and continue (tell me the results when you come back here).

- Run about:Buster and save the log to ab1.log (make sure you let it do the second scan).

- NOW PULL THE POWER PLUG TO YOUR PC! I do not want you to power down the normal way.

- After that wait a minute or two and then power up into safe mode (still with no internet connection available and do not open any browsers). Only run what I request.

- Empty your Recycle Bin and delete all files in the c:\windows\prefetch folder. In fact as an additional measure do the following:
Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin
And Click OK.

- Run HSremove and then run about:Buster again and save the log to ab2.log (let it do second scan)!

- Immediately after about:buster completed, reboot in normal mode. (you do not need to pull the powser plug here. Just reboot.)

- Plug your cable to the internet back in now.

- Open and close a couple of IE sessions and then with IE closed get a new HJT log.

- Now come back here and post both about:Buster logs and the new HJT log. And tell me what happened during the procedure.

Let me know anything else that you notice. It is possible that Ad-Aware or another utility can make it difficult to fix this problem. If that becomes the case we may need to disable them or uninstall them before fixing. But let's see what happens with the above first.

 

Sorry! I forgot to re-attach your log. But that's ok! After you finish the steps in my previous message you will be posting a new one for us anyway.

 

Surgeons only work on one patient at a time not 100!