Thread: Re: help needed - %$thb$% drive c
View Single Post
Join Date: May 2005
Posts: 3,204
Reputation: gerbil will become famous soon enough gerbil will become famous soon enough 
Solved Threads: 188
gerbil gerbil is offline Offline
Nearly a Senior Poster

Re: help needed - %$thb$% drive c

 
0
  #2
Dec 2nd, 2008
That rather looks like a Lop infection there - it's pretty pesky adware. These two entries point it out:

O4 - HKLM\..\Run: [Comp about extra bin] C:\Documents and Settings\All Users\Application Data\Roam Program Comp About\Bend exit.exe
O4 - HKLM\..\Run: [bone thunk axis copy] C:\Documents and Settings\All Users\Application Data\pure coal bone thunk\Idol bore.exe

Best to use the proper tool, and then follow up with a clean and general adware/spyware scan.
==Download NoLop by Derek from the link on this page; some information is shown under the Proper Use button, press Search and Destroy to run the scan. Post the report C:\NoLop.log.
http://thespykiller.co.uk/index.php?action=tpmod;dl
Next clean with:
==Get CCleaner from http://www.ccleaner.com/ - and install it in a new folder. You should keep this one for general use. I set the installation checkboxes only to open from the recycle bin. It's neater that way.
Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...].
If you have FireFox open the Applications tab and ensure at least that Cookies and Cache are checked.
Select the Cleaner icon, press Run Cleaner.
Run CCleaner in any other Accounts.
And finally run another hijackthis scan and post that log also, please.
Last edited by gerbil; Dec 2nd, 2008 at 2:39 am.
Deep, deep in the woods, but walking about.
Reply With Quote