Hello Radja40,
Please copy this page to
Notepad since you will not have any browsers open while you are carrying out these instructions.
Please
disable Microsoft AntiSpyware, as it may hinder the removal of some entries. You can re-enable it after you're clean.
- Right click the Microsoft AntiSpyware icon located in the system tray
- Click on Security Agents Status (Enabled)
- Click on Disable Real-time Protection
---------------------------
Reboot into Safe Mode. (tapping F8 ro F5)
---------------------------
Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs):
eAcceleration
nkyjih
Stop-Sign System Protect
YourEnhance 1.0
---------------------------
Go to Start->Run and type in
regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now.
Go to Start->Run and type in
notepad and hit OK. Then copy and paste the following
bolded text into Notepad:
REGEDIT4
[-HKEY_CLASSES_ROOT\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}]
[-HKEY_CLASSES_ROOT\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}]
Save the file as
"delete.reg" .
**Make sure to save it with the quotes. Close Notepad.
Double click on the
delete.reg file and choose
Yes to merge/add it to the registry. You may delete the file afterwards.
---------------------------
Click Start>Run and copy/paste
regsvr32 /u occache.dll and click OK.
Delete the following
Files and
Folders:
C:\WINNT\DOWNLOADED PROGRAM FILES\
f3initialsetup1.0.0.8.inf
C:\WINNT\SYSTEM32\
bose.ico
C:\WINNT\SYSTEM32\
msegcompid.dll
C:\WINNT\
dsearch1.bin
C:\WINNT\
GatorGainInstaller.log
C:\WINNT\
icont.exe
C:\
keys.ini
C:\WINNT\system32\
InstallerV4.exe
C:\WINNT\system32\
??sembly\winspool.exe
<--The ?? can be any character. Look for winspool.exe and delete the folder you find it in.
C:\Program Files\
TBONAS
C:\Program Files\
eacceleration
C:\Program Files\
nkyjih
C:\Program Files\
Stop-Sign System Protect
C:\Program Files\
YourEnhance 1.0
C:\PROGRAM FILES\
DownloadWare(2)
C:\WINNT\SYSTEM32\
CdmFiles
C:\WINNT\SYSTEM32\
fiz1
Click Start>Run and copy/paste
regsvr32 occache.dll and click
OK.
---------------------------
Run CleanUp again. Set the program up as follows:
*Click "
Options..."
*Move the arrow down to "
Standard CleanUp!"
*
Uncheck the following:
-
Delete Newsgroup cache
-
Delete Newsgroup Subscriptions
-
Scan local drives for temporary files
Click
OK
Press the CleanUp! button to start the program.
Do NOT reboot/logoff when prompted.
---------------------------
Run Ewido again with it's updated definitions:(...it's important that all windows must be closed)
- Click Scanner
- Click Complete System Scan to begin scanning.
- Click OK when prompted to clean files
With the first file it prompts to clean, select the option:
- "Perform action on all infections"
- Choose clean and click OK.
Once finished, click the
Save report button & save the report to your desktop
---------------------------
Reboot into Normal Mode
---------------------------
Run another scan at Panda and post the results here along with the
Ewido results and a
new HijackThis log from Normal Mode.
__________________
Member of ASAP since 2005
Member of UNITE since 2006
"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."