Joined
·
26,408 Posts
Hello and Welcome to TSF!
Please subscribe to this thread to get immediate notification of fixes as soon as they are posted.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Please download these additional files/programs :- (Do not run them unless instructed to do so)
Unplug your computer from the Internet when you have finished downloading
CleanUp! - Install
KillBox v2.0.0.175 - Save to Desktop.
rdrivRem.zip - Unzip to Desktop.
UNPLUG YOUR COMPUTER FOM THE INTERNET WHEN YOU HAVE FINISHED DOWNLOADING
Please save the rest of these instructions in Notepad. I have customed my instructions on the assumption that you're using Notepad. It may lead to some confusion if you should choose to do otherwise.
If there's anything that you don't understand, kindly ask your questions before proceeding with the fixes. There should not be any opened browsers when you are carrying out the procedures below.
IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Copy the filename/s listed below.
Select/Highlight all the filenames & then click on Notepad's Edit menu & select Copy
* If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Reboot to SafeMode
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Double-click rdrivRem.bat to run the program - follow the instructions on the screen.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
CLOSE ALL OTHER PROGRAMS & ALL OPENED WINDOWS
Run a scan with HiJackThis & select/tick the following & click "Fix checked" :
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\OOBE\blank.htm
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Run Cleanup! using the following configuration:
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
REBOOT TO NORMAL MODE
Perform an online scan with Internet Explorer with Panda ActiveScan - requires Internet Explorer
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
In your next post, please include fresh logs from:
Please subscribe to this thread to get immediate notification of fixes as soon as they are posted.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Please download these additional files/programs :- (Do not run them unless instructed to do so)
Unplug your computer from the Internet when you have finished downloading
CleanUp! - Install
KillBox v2.0.0.175 - Save to Desktop.
rdrivRem.zip - Unzip to Desktop.
UNPLUG YOUR COMPUTER FOM THE INTERNET WHEN YOU HAVE FINISHED DOWNLOADING
Please save the rest of these instructions in Notepad. I have customed my instructions on the assumption that you're using Notepad. It may lead to some confusion if you should choose to do otherwise.
If there's anything that you don't understand, kindly ask your questions before proceeding with the fixes. There should not be any opened browsers when you are carrying out the procedures below.
IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Copy the filename/s listed below.
Select/Highlight all the filenames & then click on Notepad's Edit menu & select Copy
- C:\WINDOWS\svehost32.exe
C:\WINDOWS\SYSTEM\OOBE\blank.htm
C:\WINDOWS\wkssvc.exe
- Go to the File menu, and choose Paste from Clipboard
Click the dropdown-arrow next to the Full Path of File to Delete field.
Verify that the filenames you pasted are found in there. - Select/tick the following:
- Delete on Reboot
[*] End Explorer Shell While Killing File
[*] Unregister dlll Before deleting * if it's not grayed out
- Delete on Reboot
- Click the RED X button.
- Click Yes at the Delete on Reboot prompt.
- Click Yes at the 'Pending Operations prompt'.
* If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Reboot to SafeMode
- Shut Windows down, and then turn off the computer.
- Restart the computer. The computer begins processing a set of instructions known as the Basic Input/Output System (BIOS). What is displayed depends on the BIOS manufacturer. Some computers display a progress bar that refers to the word BIOS, while others may not display any indication that this process is happening.
- As soon as the BIOS has finished loading, begin tapping the F8 key on your keyboard. Continue to do so until the [Windows Advanced Options] menu appears.
- Using the arrow keys on the keyboard, scroll to and select the Safe mode menu item, and then press Enter.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
- Click Start->Run - type SERVICES.MSC & then click on the OK button
- Locate the service - Microsoft New Game 2 (svehost32)
- Double-click on it to open the Properties dialog.
- Stop the service by using the Stop button.
- Change the Startup type to Disabled & then click on the OK button
- Then start HiJackThis & go to Config>Misc.Tools...> Delete an NT service...
- In the popup box that appears, type in svehost32 & then click on the OK button
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Double-click rdrivRem.bat to run the program - follow the instructions on the screen.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
CLOSE ALL OTHER PROGRAMS & ALL OPENED WINDOWS
Run a scan with HiJackThis & select/tick the following & click "Fix checked" :
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\OOBE\blank.htm
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Run Cleanup! using the following configuration:
- Click Options...
- Move the arrow down to Custom CleanUp!
- Put a check next to the following:
- Empty Recycle Bins
[*]Delete Cookies
[*]Delete Prefetch files (Windows XP only)
[*][X]Scan local drives for temporary files (Please uncheck this option)
[*]Cleanup! All Users
- Empty Recycle Bins
- Click OK
- Press the CleanUp! button to start the program. Reboot/logoff when prompted.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
REBOOT TO NORMAL MODE
Perform an online scan with Internet Explorer with Panda ActiveScan - requires Internet Explorer
- Click on the Scan your PC button & a 'pop up' window shall appear. * ensure that your pop up blocker doesn't block it
- Click On 'Scan Now'
- Enter your e-mail address & click 'Scan Now' ...begins downloading Panda's ActiveX controls.- 8MB
- Begin the scan by selecting My Computer
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report. - If it finds any malware, it will offer you a report. Click on see report
- Then click Save report
- Post the contents of the report in your next reply
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
In your next post, please include fresh logs from:
- HiJackThis log
[*] Online Scan
