Tech Support Forum - View Single Post

MicroBell · 09-01-2005, 01:35 AM

Please DISABLE spybot's teatimer and LEAVE IT OFF until the fix is complete!

Run hijackthis and fix the following entrys...

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -

Clear your Java Cache...

1. From the Start button, click Settings > Control Panel
2. In the Control Panel, open the "Java Plug-in Control Panel"
3. Select the Cache Tab
4. Click the Clear button inside the Cache Tab, which will clear your JRE cache directory.

Click START…RUN…Type in regedit. Make sure just “My Computer” is showing in the left pane and click..FILE….EXPORT…and save a copy some were in case you make a mistake. Now navigate to each of the following keys and delete the file/folder/entry I highlighted in RED.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"Media Gateway"="C:\\Program Files\\Media Gateway\\MediaGateway.exe"

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
mxnsfkns <--make sure you delete that folder!

C:\WINDOWS\System32\eanrj.dll<--delete that file

C:\Program Files\Media Gateway<-- delete that folder

Run the Cleanup utility and reboot. Then post another WinPfind and hijackthis log.

09-01-2005, 01:35 AM	#11 (permalink)
MicroBell Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter Join Date: Sep 2004 Location: Carmichaels, PA-USA Posts: 6,963 OS: Windows 7	Please DISABLE spybot's teatimer and LEAVE IT OFF until the fix is complete! Run hijackthis and fix the following entrys... R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - Clear your Java Cache... 1. From the Start button, click Settings > Control Panel 2. In the Control Panel, open the "Java Plug-in Control Panel" 3. Select the Cache Tab 4. Click the Clear button inside the Cache Tab, which will clear your JRE cache directory. Click START…RUN…Type in regedit. Make sure just “My Computer” is showing in the left pane and click..FILE….EXPORT…and save a copy some were in case you make a mistake. Now navigate to each of the following keys and delete the file/folder/entry I highlighted in RED. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Media Gateway"="C:\\Program Files\\Media Gateway\\MediaGateway.exe" HKEY_CLASSES_ROOT\\shellex\ContextMenuHandlers mxnsfkns <--make sure you delete that folder! C:\WINDOWS\System32\eanrj.dll<--delete that file C:\Program Files\Media Gateway<-- delete that folder Run the Cleanup utility and reboot. Then post another WinPfind and hijackthis log. __________________ We Are The BORG Spyware KILLER* and Adware Destroyer! Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder**