-
Welcome to Tech Spot.
Lets see what we can do.
----------
Follow this link to download and run LSP-Fix
http://www.bleepingcomputer.com/tutorials/tutorial59.html#howto
The entries in LSP-Fix you are looking for is
mshost.dll (there may be more than one)
If you are unsure of entries do not remove them
Use this link
http://www.castlecops.com/LSPs.html to determine good, bad and unknown LSPs.
Once done come back and continue with the rest of the steps.
----------
* Download OTMoveIt.exe from here and place it on your desktop:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
Don't run it yet we will use it later.
----------
Open HijackThis and select
Do a system scan only and place a check mark next to:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [MSSC] C:\Program Files\Common Files\System\avupdate.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Policies\Explorer\Run: [comrepl32] C:\windows\system32\com\comrepl32.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
Close all windows except for HijackThis and click
fix checked
----------
Double click
OTMoveIt.exe to launch it.
Copy/Paste the contents of the box below into the left hand pane of OTMoveIt.
C:\Program Files\Common Files\System\avupdate.exe
C:\windows\system32\com\comrepl32.exe
Then click the
MoveIt button.
* The list will be processed and the results will appear in the right hand pane.
* If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose
Yes.
* When finished click
Exit to exit the program.
* A log
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log will be created (where mmddyyyy_hhmmss are numbers giving date and time the log was created).
Please save this log to
attach later.
----------
Please download ATF Cleaner by Atribune.
ATF Cleaner.exe
Make sure that
all browser windows are closed.
* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose:
Select All and
UNCHECK Cookies.
* Click the
Empty Selected button.
If you use Firefox browser
* Click Firefox at the top and choose:
Select All and
UNCHECK Cookies.
* Click the
Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click
No at the prompt.
If you use Opera browser
* Click
Opera at the top and choose:
Select All and
UNCHECK Cookies.
* Click the
Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click
No at the prompt.
Click
Exit on the Main ATF Cleaner menu to close the program.
----------
Run this online scan
Requires Internet Explorer
Use the
ESET Nod32 Online Scanner
1. Check the box next to
YES, I accept the Terms of Use.
2. Click
Start
3. When asked, allow the activex control to install
4. Click
Start
5. Make sure that the option
Remove found threats and the option
Scan unwanted applications is check marked.
6. Click
Scan
7. Wait for the scan to finish
8. Use notepad to open the logfile located at
C:\Program Files\EsetOnlineScanner\log.txt
9.
Attach the
C:\Program Files\EsetOnlineScanner\log.txt log into your next reply
----------
Please download the trial version of
SpySweeper (2 week trial)
* Run the installer. Choosing to only install SpySweeper
* It will prompt you to update to the latest definitions, choose
Yes (recommended) and click
Next
* Once the definitions are installed, click
I accept the agreement and then
Next
* Choose
Typical Installation then click
Next
* Enter your email address then click
Next
Important Uncheck the box
Install the Webroot Ask toolbar Search Assistant, I agree to the terms above before clicking
Next
* Click
Install.
* Choose
Yes, restart my computer now (recommended) then click
Finish (the computer will restart)
* Once restarted open SpySweeper.
* Click the
Options tab. (lower left)
* Under
Options >
Sweep Tab >
Sweep Type choose
Full Sweep (Recommended)
* Click the
Always Apply tab and use the dropdown menu to select
Always Quarantine
* Click the
Home tab and choose
Start Full sweep
* When it's done scanning, Make sure
everything has a check next to it, then click the
Quarantine Selected button.
* It will quarantine all of the items found.
* Click
View Session Log in the upper right corner.
* Click the
Save To File button.
* Click
Desktop for the location.
* Next to the
Save as type: be sure it is set to
Text Document (.txt) and then click
Save
*
Attach the SpySweeper Session Log in your next reply.
----------
Next post please attach:
OTMoveIt log
EsetOnlineScanner\log.txt
SpySweeper Session Log
NEW HijackThis log.