B00kWyrm, please refer to this:
https://www.techspot.com/vb/topic120350.html
jmolina, please refrain from doing any Registry Edits.
If you followed the steps set up here:
https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
You will see that you are missing the SuperAntispyware log. But we'll go with what we have for now:
Remove bad HijackThis entries
• Run HijackThis
• Click on the System Scan Only button
• Put a check beside all of the items listed below (if present):
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ihub/
O4 - HKLM\..\Run: [Szagari] rundll32.exe "C:\WINDOWS\ucaxodem.dll",e
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
They will need to verify if this is a company or work Domain: If it is leave the entries. If it is not, check for HijackThis to remove:
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = chi.crainit.com
O17 - HKLM\Software\..\Telephony: DomainName = chi.crainit.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = chi.crainit.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = crain.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = crain.com
• Close all open windows and browsers/email, etc...
• Click on the "Fix Checked" button
• When completed, close the application.
Uninstall, then reinstall Spybot Search & Destroy. Be sure Teatimer is disabled for now
Download and Install SDFix from
HERE and save to your desktop.
* Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Boot into Safe Mode
* Restart your computer and start pressing the F8 key on your keyboard.
* Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
Run SDFix
* Open the extracted SDFix folder and double click RunThis.bat to start the script.
* Type Y to begin the cleanup process.
* It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
* Attach Report.txt back here
Please update and run Superantispyware after SDFix and follow that with a new HijackThis scan. Attach all logs and report.
