steplee loves majorgeeks!

I love you guys! It's awesome what you do here for everyone


Can you help me with another computer this time? I followed all the directions (correctly, I hope!) and I ran all the scans you recommend and I have attached 3 logs-- BitDefender, Panda ActiveScan, and HJT.

Please let me know if there is any hope for this machine!

Thank you

 

Download Pocket KillBox

• Save it to your desktop or a place easy to find.
• Do not run it yet

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe \RESET

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJ

Again, make sure ALL browser windows are closed when you click FIX.

Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

C:\Program Files\Common Files\Totem Shared ← Delete this whole folder if it exist!

Next, run CCleaner to clean up cookies and temp files.

Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Now, Copy and Paste C:\WINNT\NDNuninstall6_98.exe into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click NO.

Now, Copy and Paste C:\WINNT\System32\newone.exe into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click NO.

Now, Copy and Paste C:\WINNT\Downloaded Program Files\f3initialsetup1.0.0.15.inf into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES and allow your PC to reboot.

• If you get an error message about Pending Operations, just reboot your computer manually.

Once you complete this fix, reboot to normal mode and then procede with the next set of instructions.

Please see the below threads...

• Running WinPfind by OldTimer
• Using GetRunKey
• Using ShowNew

Once you have followed each thread you should attach these three logs to your next post.

• WinPFind.txt
• runkey.txt
• newfiles.txt

 

3 text files attached

 

A fresh HJT log please.

 

HJT log attached.

 

Your logs look ok to me, are you having any current problems?

 

I gave it a few days of use by the family... and no popups, no random toolbars, no problems.

Is this when I do the System Restore clearing?

 

You can if you like.

You should see this article on How to Protect yourself from malware!

Surf Safely!

 

Cool-- will do. Thanks so much, once again!

 

Your Welcome!