View Single Post
  #15  
Old November 9th, 2005, 04:03 PM
WhatYouWant WhatYouWant is offline
CTH Subscriber
 
Join Date: Jul 2004
Location: France
Posts: 2,776
Hi salaka,

Please disable disable SpySweeper, as it may hinder the removal of some HijackThis entries. You can re-enable it after you're clean.

To disable SpySweeper:

Open it, click > Options over to the left then > Program Options > Uncheck "load at windows startup".
Over to the left click "shields" and uncheck all there.
Uncheck "home page shield".
Uncheck "automatically restore default without notification".

Spyware Doctor's OnGuard protective functionality may interfere with certain HijackThis fixes we need to make. Please follow these instructions to disable it:

To deactivate Spyware Doctor's OnGuard Tools

From within Spyware Doctor, click the "OnGuard" button on the left side.
Uncheck "Activate OnGuard".

You can reenable it once your system is clean.

Go to Start > Run and type services.msc and OK. Look for the below service:

Service: xadz - Unknown owner - C:\WINDOWS\mpeqgf.exe

When you find it, stop it if it is running, doubleclick on it and change the startup type to disabled.

Close Internet Explorer and any open windows and run Hijack This again. Check the below entries if found and click on Fix Checked:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O1 - Hosts: com

O23 - Service: xadz - Unknown owner - C:\WINDOWS\mpeqgf.exe

Boot in safe mode
http://www.cybertechhelp.com/tutoria...into-safe-mode

Make sure that you can view hidden files and folders
http://www.cybertechhelp.com/tutoria...w-hidden-files

and uncheck "Hide Extensions for Known File Types" and delete the following file highlighted in bold if it still exists:

C:\WINDOWS\mpeqgf.exe

Restart in normal mode and upload this file:

C:\WINDOWS\system32\msctl32.dll

here:
http://virusscan.jotti.org/

Click on 'Submit' and post back the result with a fresh HijackThis log, please.

NB: Which antivirus are you running?

Reply With Quote