Don't worry about kernelfaultcheck, that entry isn't malicious anyway, just unnecessary.
Please print out or copy this page to
Notepad in order to assist you when carrying out the following instructions.
Viewing Hidden Files
Go to
My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the
Hide protected operating system files option.
Downloads(make sure to save these in a permanent location)
DelO15Domains- Right click on the link and select
Save Target As or
Save Link As. Save the file to your desktop. Right click on
delO15domains.inf and select
install. There will be no visible signs the program has run, this is normal.
Note: This will also delete any restricted entries placed by Spybot's Immunize or IESpyad. If you have used either of these please run them again to remain protected
I have attached a file called ndw.zip. Download it and unzip it to your desktop. Double click on ndw.reg and click
yes when asked to merge the information into the registry.
KillBox v2.0.0.175.exe (it's important that you get version v2.0.0.175)
Please
Disconnect your computer from the Internet. You may reconnect it when you reach the Online Scans portion of the fix.
HijackThis!
Open Hijack This and click on Scan. Check the following entries
(make sure you do not miss any)
O2 - BHO: (no name) - {0BAE99AF-A9F7-4f7e-9C72-2C1CC81BE0FF} - (no file)
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\SYSTEM32\6n9c.dll
O4 - HKLM\..\Run: [zgbpfp] C:\WINDOWS\System32\zgbpfp.exe
O16 - DPF: NDWCab -
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe (file missing)
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)
Please remember to close all other windows, including browsers then click Fix checked.
Launch
KillBox.exe & select the following
options:
Copy and Paste these files into Killbox one at a time following the directions below after each one. After the last file click yes at the "Pending Operations prompt".
- C:\WINDOWS\SYSTEM32\6n9c.dll
C:\Program Files\Common Files\qfuz
C:\WINDOWS\System32\zgbpfp.exe
C:\WINDOWS\SYSTEM32\data.~
C:\WINDOWS\SYSTEM32\winupdt.008
C:\WINDOWS\cfgmgr52.ini
C:\Documents and Settings\Lauren Kelley\Start Menu\Programs\AdDestroyer
C:\PROGRAM FILES\FwBarTemp
C:\PROGRAM FILES\sf
C:\PROGRAM FILES\COMMON FILES\Oem Common
C:\Documents and Settings\All Users\Application Data\msw
C:\WINDOWS\Downloaded Program Files\EPXActiveX.ocx
C:\WINDOWS\SYSTEM32\msshed32.exe
C:\WINDOWS\SYSTEM32\xmltok.dll
* Go to the File menu, and choose
Paste from Clipboard
* Click the
RED X button.
* Click Yes at the Delete on Reboot prompt.
* Click No at the 'Pending Operations prompt'.
Online Scans
Perform another online scan with Internet Explorer with
Panda ActiveScan
**
click on "Free use ActiveScan" located on the top right hand corner - Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
- Click Scan Now
- Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting
My Computer- If it finds any malware, it will offer you a report.
- Click on see report. Then click Save report
Post the contents of the report in your next reply
*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan
In your next post please include:
- Panda Activescan Log
- A new Hijackthis! Log