Hi,
Download LSPFix from HERE.
1. Disconnect from the Internet, go to the LSPfix file and extract/unzip LSP-Fix into its own folder [C:\lspfix].
2. Open the lspfix folder and double-click on LSPFix.exe to start the program.
3. Check the "I know what I am doing" checkbox.
4. Select (highlight) all instances of '
nwprovau.dll' in the left column under "Keep".
5. Click the arrow >> so it goes over to the right column under "Remove".
6. Click "Finish" and LSPfix will remove references to the file and restore the chain numbers.
7. Restart your computer
Please follow these instructions carefully.
1. Download The Avenger by Swandog46 from
HERE.
Save it to your Desktop and extract it.
2. Download the attached "avengerscript.txt" (
from my attachment) and save it to your desktop
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by double clicking on its icon on your desktop.
Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the attachment avengerscript.txt you have just downloaded, click on it and press open.
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. You may wish to copy and paste these instructions on notepad for easier reference later.
Boot into safe mode under your normal user name. See how
HERE
Next turn on "Show all files and folders, including hidden and system". See how
HERE
Open your task manager by pressing holding ctrl, alt and pressing del. Alternatively, use ctrl + shift + esc. Go to the processes tab, and end the following processes, if found:
NewDotNet
UnSpyPC
After that,
run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):
R3 - URLSearchHook: (no name) - {BA40A64C-2A13-BCAA-FBA9-CDD919F1124D} - driver64.dll (file missing)
O2 - BHO: (no name) - {92A444D2-F945-4dd9-89A1-896A6C2D8D22} - C:\WINDOWS\system32\ftxjftep.dll
Close HJT.
Navigate in Windows Explorer and delete the following
files and
folders in
bold.
C:\Program Files\
NewDotNet < or anything related
C:\Program Files\
UnSpyPC
Reboot into normal mode and rehide your protected OS files.
6.
Please attach the content of c:\avenger.txt into your reply, as well as a fresh HJT, ComboFix and AVG Antispyware log.
Regards,
Your friendly momok =)
This thread is for the use of Zyrreh only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.