COMMUNICATOR toolbar

I cant remove the COMMUNICATOR toolbar spyware from my computer without it causing a problem to my windows explorer, everytime i close a window in windows explorer it says that the program needs to shut down. i have done everything in the sticky threads but when it came to removing this particular spyware i had to restore it for my computer to work properly

i couldnt attach a file so ill have to paste the HJT file below

Edit by chaslang: Inline log attached

 

HijackThis logs are to be posted as ATTACHMNETS, never pasted into your log.

You have more far for serious problem than just the communicator tool bar.

Please make sure System Restore is OFF

Please follow the instructions in the following threads:
How to view hidden, system files & folders!

Searching for Hidden Files on WinXP

Running Ewido Security Suite

Post the Ewido log and a fresh HijackThis log when done.

 

ok i done tthe above here are the log files

 

Before I start giving you fixes please do the below.

Run CCleaner before doing the below.

Download WinPFind

Extract it to the root folder of drive C ( C:\ ). This will create a folder called WinPFind in the C:\ folder. Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

When it is done, it will show the results of the scan. Click on the Copy to Clipboard button and then paste the contents of the log in your clipboard. Then save it to a file using notepad and upload the text file here as an attachment.

 

ok here it is

 

Download
- Pocket Killbox
- Registrar Lite

Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.

On the page that opens, scroll down to nfsalnlygms ... right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

Next, run HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config" button, and then the Misc tools' button ... select 'Delete an NT Service" ... copy/paste the following into the box that opens, and press "OK":

nfsalnlygms

In HJT Choose Open the Misc Tools Section choose Process Manager, Highlight:

Choose Kill Process

Now scan and have HJT Fix the following:

Now run Registrar Lite

Navigate to the following:

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click OK.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

 

thanks alot for that help everything seems to be running ok

here is an updated hijack this log just for you to check over,
Thanks again