I did not notice the "Hijack this Log" that someone had posted for their machine until after I tried using the following fix for the problem. Being that this was my first time to this website, I did not realize that you had to post the Hijack This Log and after breaking my parents computer even moreso than it was, I realized that each post is for the specific machines and not a general fix.
_________________________________________________
These are the instructions that I followed:
Please read these instructions carefully and print them out! Be sure to follow ALL instructions!
Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found:
Security IGuard (found this and removed it)
Virtual Maid (this program was not there)
Search Maid (this program was not there)
Exit Add/Remove Programs.
*IMPORTANT* Be sure you know how to VIEW HIDDEN FILES
Press CTRL ALT DELETE to open Windows Task Manger. Click on the Processes tab and end the following processes:
wp.exe
Exit Task Manager.
*Click Here to download Killbox by Option^Explicit. (was able to download killbox)
*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*In the field labeled Full Path of File to Delete enter the file paths listed below ONE AT A TIME (EXACTLY as it appears, please double check to make sure! I would just copy each file path and paste it in the field) MAKE SURE TO ENTER ALL FILE PATHS!:
C:\wp.exe
C:\wp.bmp
C:\Windows\sites.ini
C:\Windows\popuper.exe
C:\Windows\System32\helper.exe
C:\Windows\System32\intmonp.exe : (typed in all of these with the delete at reboot option)
C:\Windows\System32\msmsgs.exe
C:\Windows\System32\ole32vbs.exe
C:\Windows\system32\msole32.exe
Press the button that looks like a red circle with a white X in it after each one. When it asks if you would like to delete on reboot, press the YES button, when it asks if you want to reboot now, press the NO button. Do this after each one until you have entered the LAST file path I have listed above. After that LAST file path has been entered press the YES button at both prompts so that your computer restarts. If you recieve an error message "PendingRenameOperation...." and your computer doesn't restart, please restart it manually.
While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.
Make sure you can view hidden files.
Using Windows Explorer, delete the following (please do NOT try to find them by "search" because they will not show up that way)
FOLDERS to delete (in bold) if found:
C:\Program Files\Search Maid -(was not there)
C:\Program Files\Virtual Maid -(was not there)
C:\Windows\System32\Log Files <-WILL be there! -(was not there)
C:\Program Files\Security IGuard -(deleted this folder)
Reboot into normal mode. (this is where I stopped b/c the system rebooted into normal mode but is now running very slowly and is not allowing me to do anything)
*Download and install Registrar Lite version 2.00
*Double click the purple Registrar Lite icon on your desktop.
*Copy the line below and paste it into the "Address" field (located at the top) of the program:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
*Click the "Go" button.
*It will take you into the "Policies" folder.
*Locate the "System" folder (in the right panel)
*If found, right-click on the System folder and go to Delete
*Be very careful that you only delete the System folder that is inside the Policies folder.
Reboot your computer again.
1.) Download the Hoster from HERE Press "Restore Original Hosts" and press "OK". Exit Program.
2.) Download: http://www.mvps.org/.../DelDomains.inf
To use: right-click and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.
3.) Download, install, and run CleanUp!
4.) Run this online virus scan: ActiveScan - Save the results from the scan!
Post a new HiJackThis log.
______________________________________________________________
I showed the steps that I took at the top of the "fix" and what the results were for each step. Im wondering if I can do a System Restore and Restore to an earlier point. The problem that I was having at first is that I downloaded some spyware removal s/w but the system would not let me install it at all. I downloaded SpyFighter and Microsoft Antispyware (i think), but am not able to install any programs.
The computer now has a black screen when it starts up, it appears to be loading the icons that normally load along the taskbar at the right of the screen, but when i click something (anything) nothing happens. I cant close out any of the pop-ups or any of the programs that start up automatically when windows starts up.
If anyone can be of assistance I would greatly appreciate it.
Thanks, D
Edited by dyray, 19 April 2005 - 10:02 AM.
Sign In
Create Account
