Sponsored By

therock247uk

Members
  • Content Count

    960
  • Joined

  • Last visited

Posts posted by therock247uk


  1. 1. Ok first download Adaware from. http://lavasoft.element5.com/support/download/#free Install it then open it and press check for updates. Dont scan with it yet we will do that later.

    2. Download Cwsshredder from. http://www.spywareinfo.com/~merijn/files/cwshredder.zip Unzip it dont run it yet.

    3. Boot into safemode go here for Intructions on how to. http://service1.symantec.com/SUPPORT/tsgen...001052409420406

    4. While in safemode open Adaware.

    Click Start

    Select Perform Full System Scan and hit Next to let Ad-Aware scan your drives.

    It will list malware files and registry keys. Click Next.

    Under the Critical Objects tab, rightclick in the list, choose Select All, then Next.

    It will ask for verification of checked items. Choose OK.

    Close Ad-Aware

    5. Run Cwsshredder which you downloaded earlyer and press fix.

    6. Reboot back in to Windows and run an online virus scan http://housecall.antivirus.com/ make sure the auto clean option is on.

    7. Then reboot again and post a new Hijackthis log here in a reply.


  2. 1. Ok open Hijackthis click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...5be907d85a1c422

    You can also fix this one as people report it sends Infomation about you computer to them. But it is up to you.

    O4 - Startup: PowerReg Scheduler V3.exe

    2. Download Lspfix from http://www.cexx.org/LSPFix.exe Open it and check mark the i know what im doing button. Then move osmim.dll to the remove panel and click finish.

    3. Then reboot and post a new Hijackthis log here in a reply.


  3. 1. Ok Open Hijackthis and click scan. Then tick and fix the following in hijackthis with all windows closed except Hijackthis.

    O2 - BHO: ngpw34.clsIS - {2D7CB618-CC1C-4126-A7E3-F5B12D3BCF71} - c:\windows\ngpw34.dll

    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)

    O2 - BHO: ngsw31.clsIS - {E9147A0A-A866-4214-B47C-DA821891240F} - c:\windows\ngsw31.dll

    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

    O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)

    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...5be907d85a1c422

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/07209a20e22212...ip/RdxIE601.cab

    2. Download Lspfix from http://www.cexx.org/LSPFix.exe Open it and check mark the i know what im doing button. Then move osmim.dll to the remove panel and click finish.

    3. Reboot and delete the files.

    c:\windows\ngsw31.dll

    4. Then post a new Hijackthis log here in a reply.


  4. Ok because you cannot run both Adaware and housecall we are going to do this.

    1. Make sure you have show hidden files on go here for instructions. http://www.xtra.co.nz/help/0,,4155-1916458,00.html Boot into safemode if you dont know how go here for Instructions. http://service1.symantec.com/SUPPORT/tsgen...001052409420406

    2. While in safemode. Open Hijackthis and click scan. Then tick and fix the following in hijackthis with all windows closed except Hijackthis leaving hijackthis the only program open.

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://super-spider.com/sp.htm?id=80

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=80

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll

    O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINNT\System32\RXLNFU~1.DLL

    O4 - HKLM\..\Run: [gggvrepb] C:\WINNT\System32\swxkqg.exe

    O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe

    O4 - HKCU\..\Run: [uninstal] regsvr32 /u /s image.dll

    O4 - HKCU\..\RunServices: [image] rundll32 C:\WINNT\d3wz.dll,Install

    O4 - Global Startup: winlogin.exe

    O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll

    O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\kxqwxepb.exe

    O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4...006_regular.cab

    O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab

    O20 - AppInit_DLLs: vz29kvl7s1zl0.dll

    3. Go to Start, Control Panel, Add/Remove and uninstall Wintools if it is there.

    4. Delete the folders.

    C:\Program Files\Submit\

    C:\Program Files\Common Files\WinTools\

    C:\Program Files\SideFind\

    5. Delete the files.

    C:\WINNT\System32\swxkqg.exe

    image.dll < Might be in C:\WINNT\ or C:\WINNT\System32

    vz29kvl7s1zl0.dll < Might be in C:\WINNT\ or C:\WINNT\System32

    C:\Program Files\Internet Explorer\kxqwxepb.exe

    C:\WINNT\System32\RXLNFU~1.DLL < File starts with RXLNFU

    6. Reboot into normal mode and post a new Hijackthis log here in a reply.


  5. 1. Download adaware from http://www.lavasoft.de/support/download/ install it and update it. Dont run the scan with it yet we will do that later on.

    2. Ok go into safemode following instructions on http://service1.symantec.com/SUPPORT/tsgen...001052409420406

    3. When in safemode. Open Adaware which is what you downloaded earlyer.

    Before scanning with Ad-aware SE Free:

    Run a FULL adaware scan using the following configuration below

    Click Start

    Select Perform Full System Scan and hit Next to let Ad-Aware scan your drives.

    It will list malware files and registry keys. Click Next.

    Under the Critical Objects tab, rightclick in the list, choose Select All, then Next.

    It will ask for verification of checked items. Choose OK.

    Close Ad-Aware, Reboot into normal mode.

    4. Then post a new Hijakckthis log here in a reply.


  6. 1. Go into safemode

    2. While in safemode. Open Hijackthis and click scan. Then tick and fix the following in hijackthis with all windows closed except Hijackthis.

    O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe

    3. Delete the folders.

    C:\Program Files\Windows SyncroAd\

    4. Reboot into normal mode then post a new log here in a reply.


  7. Ok tick and fix the following in Hijackthis with all windows closed except Hijackthis.

    O4 - HKLM\..\Run: [MV8DMOEW] C:\WINDOWS\SYSTEM\MV8DMOEW.exe

    Reboot then find the following files and delete them.

    C:\WINDOWS\SYSTEM\MV8DMOEW.exe

    Then post a new log here in a reply.