Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Aurora Pop-ups Won't Go Away [RESOLVED]


  • This topic is locked This topic is locked

#1
Tulip14

Tulip14

    Member

  • Member
  • PipPip
  • 10 posts
I've already gone through the steps geekstogo recommends before posting (running Ad-Aware, Spybot, etc.). I read the other posts having to do with Aurora but still wasn't sure which would apply to my system. Please help! I hate these ads. I warn you - I am not very computer savvy.
Here's the hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 5:52:50 PM, on 6/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
c:\windows\system32\lsddhb.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Wgseqpo\Vudkta.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThisReal\HijackThis.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Onfnuqrc] C:\Program Files\Wgseqpo\Vudkta.exe
O4 - HKLM\..\Run: [dosfwkt] c:\windows\system32\zfpkodh.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [whospef] c:\windows\system32\lsddhb.exe r
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [mtxclu] C:\WINDOWS\System32\mtxclu.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c18.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.co...76/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24....es/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.co...,16/mcgdmgr.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe


Please let me know what else I need to do and how to remove this Aurora thing.

Thank you,

Tulip14
  • 0

Advertisements


#2
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi [bTulip14[/b] and welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your log.

1. Go to Geeks to Go
. Click on My Controls at the top right hand corner of the window. (make sure you have signed in first)
. In the left hand column, click "View Topics"
. If you click on the title of your post, you will be taken there

2. Also, while at the My Controls page, check the box to the right of your post and then scroll down.
.Where it says "unsubscribe" click the pull-down menu and select "immediate email notification"

3. We have to start by uninstalling some undesireable pieces of software:

* I want you to UNINSTALL the following programs through the ADD/REMOVE feature of your Control Panel:

Media Access
Viewpoint

* Now, using Windows Explorer, I need you to DELETE the following folder(s) and all their content:

C:\Program Files\Media Access
C:\Program Files\Viewpoint

4. Reboot your system

5. Finally, run HijackThis, click SCAN, produce a LOG and POST it in this thread for review.

Regards,

Trevuren

  • 0

#3
Tulip14

Tulip14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Trevuren,

Thanks a lot. I was able to remove and then delete Viewpoint, but Media Access was not on the add/remove list or visible in the Program Files folder (???). Okay, so I removed Viewpoint and here's the log:

Logfile of HijackThis v1.99.1
Scan saved at 7:32:06 PM, on 6/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
c:\windows\system32\uuyucvp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Wgseqpo\Vudkta.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThisReal\HijackThis.exe
C:\WINDOWS\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Onfnuqrc] C:\Program Files\Wgseqpo\Vudkta.exe
O4 - HKLM\..\Run: [dosfwkt] c:\windows\system32\zfpkodh.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [qwdmul] c:\windows\system32\uuyucvp.exe r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [mtxclu] C:\WINDOWS\System32\mtxclu.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c18.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.co...76/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24....es/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.co...,16/mcgdmgr.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

Talk to you soon,

Tulip14
  • 0

#4
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
1. Please download the trial version of Ewido Security Suite from HERE

Install it, and update the definitions to the newest files. Do NOT run a scan yet.

2. Please download Nailfix.exe from HERE

. Click on Spyware Utilities.
. Then click on Nail/Aurora Fix

Unzip it to the desktop but please do NOT run it yet.

3. Next, please reboot your computer in Safe Mode
by doing the following:[list]

[*] Restart your computer
[*] After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
[*] Instead of Windows loading as normal, a menu should appear
[*] Select the first option, to run Windows in Safe Mode.

4. Once in Safe Mode, please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

5. Then please run Ewido, and run a full scan. Save the logfile from the scan.

6. Next run HijackThis, click Scan, and put a check mark beside:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [Onfnuqrc] C:\Program Files\Wgseqpo\Vudkta.exe
O4 - HKLM\..\Run: [dosfwkt] c:\windows\system32\zfpkodh.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [qwdmul] c:\windows\system32\uuyucvp.exe r
O4 - HKCU\..\Run: [mtxclu] C:\WINDOWS\System32\mtxclu.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c18.cab
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe


Close all open windows except for HijackThis and click Fix Checked.

7. Now using Windows Explorer, please locate and DELETE the following files/folders(and all their content), if they are still present:

c:\windows\system32\uuyucvp.exe
C:\Program Files\Wgseqpo<---Folder
C:\WINDOWS\Nail.exe
C:\WINDOWS\systb.dll
c:\windows\system32\zfpkodh.exe
C:\Program Files\Media Access<---Folder
C:\WINDOWS\wupdt.exe
C:\WINDOWS\System32\mtxclu.exe
C:\Program Files\Ebates_MoeMoneyMaker<---Folder
C:\WINDOWS\svcproc.exe

8. Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.


Trevuren
  • 0

#5
Tulip14

Tulip14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I don't know what's wrong. I downloaded Ewido and the updates. Immediately, it starts alerting me of viruses and asking me what action to take. I've been entering "none" and turning off the "guard." Then, I tried to download nailfix. I never get a webpage, just a dialogue box where I choose to run it. I never get the option to unzip anything. I saved it to my desktop. I've even tried all over and saved the extracted filed to my desktop. No good. Whether in regular or safe mode, nailfix.cmd does not show up on my desktop, just the zipped folder, and when I tried extracting the files, a regular nailfix folder with only the Process program and the Command Script program in it. I don't know what's missing or what I did incorrectly. Here's the updated log, let me know what else you need to know.

Tulip
log:

Logfile of HijackThis v1.99.1
Scan saved at 8:47:51 PM, on 6/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Wgseqpo\Vudkta.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
c:\windows\system32\srnopff.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThisReal\HijackThis.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Onfnuqrc] C:\Program Files\Wgseqpo\Vudkta.exe
O4 - HKLM\..\Run: [dosfwkt] c:\windows\system32\zfpkodh.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [uobfahq] c:\windows\system32\srnopff.exe r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [mtxclu] C:\WINDOWS\System32\mtxclu.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c18.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.co...76/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24....es/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.co...,16/mcgdmgr.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
  • 0

#6
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
When you install Ewido, try not to install the Guard feature.

As far as the NailFix file problem goes, that is my fault not yours. Our normal site went down and we are now using a mirror site as of last night. I will prepare a new fix for you based upon the new log and the altered info. It should be ready in about 30 minutes or so.


Trevuren
  • 0

#7
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
1. Please download the trial version of Ewido Security Suite from HERE

Install it, and update the definitions to the newest files. Do NOT run a scan yet.

2. Please download Nailfix.exe from HERE and Save it to your Desktop

* Create a Folder on your Desktop and name it NailFix
* Extract both files from NailFix.zip into this new folder

Please do NOT run it yet.

3. Next, please reboot your computer in Safe Mode
by doing the following:[list]

[*] Restart your computer
[*] After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
[*] Instead of Windows loading as normal, a menu should appear
[*] Select the first option, to run Windows in Safe Mode.

4. Once in Safe Mode, open your NailFix folder and double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

5. Then please run Ewido, and run a full scan. Save the logfile from the scan.

6. Next run HijackThis, click Scan, and put a check mark beside:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [Onfnuqrc] C:\Program Files\Wgseqpo\Vudkta.exe
O4 - HKLM\..\Run: [dosfwkt] c:\windows\system32\zfpkodh.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [uobfahq] c:\windows\system32\srnopff.exe r
O4 - HKCU\..\Run: [mtxclu] C:\WINDOWS\System32\mtxclu.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c18.cab


Close all open windows except for HijackThis and click Fix Checked and EXIT HJT.

7. Now using Windows Explorer, please locate and DELETE the following files/folders(and all their content), if they are still present:

C:\Program Files\Wgseqpo<---Folder
c:\windows\system32\srnopff.exe
C:\WINDOWS\Nail.exe
C:\WINDOWS\systb.dll
c:\windows\system32\zfpkodh.exe
C:\Program Files\Media Access<---Folder
C:\WINDOWS\wupdt.exe
C:\WINDOWS\System32\mtxclu.exe
C:\Program Files\Ebates_MoeMoneyMaker<---Folder

8. Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.


Trevuren
  • 0

#8
Tulip14

Tulip14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Again, thanks a million. I think I did it correctly. Here's the HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:36:00 PM, on 6/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThisReal\HijackThis.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.co...76/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24....es/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.co...,16/mcgdmgr.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

And here's the Ewido:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:08:47 PM, 6/27/2005
+ Report-Checksum: E3040FC6

+ Date of database: 6/28/2005
+ Version of scan engine: v3.0

+ Duration: 59 min
+ Scanned Files: 67634
+ Speed: 18.98 Files/Second
+ Infected files: 56
+ Removed files: 56
+ Files put in quarantine: 56
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
C:\Documents and Settings\Michelle Nichole\Cookies\michelle nichole@z1.adserver[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Michelle Nichole\Local Settings\Temp\GIQ\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Michelle Nichole\Local Settings\Temp\temp.frC6CD -> Spyware.WinAD.ag -> Cleaned with backup
C:\Program Files\Wgseqpo\Vudkta.exe -> Trojan.Small.cy -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP500\A0032699.dll -> Spyware.WebSearch -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP500\A0032709.exe -> Spyware.WebSearch -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP501\A0032730.exe -> Spyware.WebSearch -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP501\A0032767.exe -> Spyware.WebSearch -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP501\A0033766.exe -> Spyware.WebSearch -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP501\A0033792.dll -> Spyware.WebSearch.aj -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP502\A0033797.dll -> Spyware.WebSearch -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP502\A0033798.exe -> Spyware.WebSearch -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP502\A0033799.exe -> Spyware.WebSearch -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP502\A0033808.dll -> Spyware.MBKWBar.a -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP502\A0033827.exe -> TrojanDownloader.Dyfuca.dx -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP523\A0044144.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP523\A0044252.vxd -> Spyware.MediaPass -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP523\A0044253.exe -> Spyware.WinAD -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP523\A0044258.exe -> TrojanDownloader.Dyfuca.dp -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP523\A0044260.exe -> TrojanDownloader.Dyfuca.ei -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP523\A0044262.exe -> TrojanDownloader.Dyfuca.ei -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP523\A0044266.exe -> TrojanDownloader.Dyfuca.dp -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP523\A0044273.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP523\A0044274.exe -> Trojan.Stervis.c -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP523\A0044275.exe -> Trojan.Imiserv.c -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP523\A0044277.dll -> Spyware.WinAD.ag -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP523\A0044288.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP523\A0044289.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP523\A0044300.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP523\A0044396.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP523\A0044401.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP524\A0044404.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP524\A0044416.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP524\A0044423.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP524\A0044429.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP524\A0044434.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP524\A0044437.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP524\A0044438.exe -> Trojan.Stervis.c -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP524\A0044447.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP524\A0044454.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP524\A0044455.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP524\A0044456.exe -> Trojan.Stervis.c -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP524\A0044457.dll -> Trojan.Agent.db -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP524\A0044463.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP524\A0044526.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP524\A0044529.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP524\A0045538.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP524\A0045539.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP524\A0045544.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP524\A0045550.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP524\A0045557.exe -> Trojan.Stervis.c -> Cleaned with backup
C:\WINDOWS\qejskzzbgk.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\systb.dll -> Spyware.ImiBar.d -> Cleaned with backup
C:\WINDOWS\SYSTEM32\tepkxx.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\tdtb.exe -> Trojan.Imiserv.c -> Cleaned with backup
C:\WINDOWS\wupdt.exe -> TrojanDownloader.Intexp.c -> Cleaned with backup


::Report End

Let me know what else I need to remove or change.

Thanks,

Michelle
  • 0

#9
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
How badly do you want to clean your system?

What I mean is I would like you to run another scan which you run overnight and send me the results. We usually find some lurking critters in that log. You don't have to, just an offer.


Trevuren
  • 0

#10
Tulip14

Tulip14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Sorry, I had to go early last night. But sure, I'll give an overnight scan a try. I can do it tonight and send the results when it's finished.

Let me know,

Tulip

By the way, I have not had Aurora pop-ups today - or really any other problem. My computer used to freeze periodically while online and while doing other functions, but I haven't see that at all today. Thanks - I appreciate it.

Edited by Tulip14, 28 June 2005 - 07:41 AM.

  • 0

Advertisements


#11
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Im glad you chose that option. I like to know that the people I help are TOTALLY clean when we say goodbye.


Trevuren
  • 0

#12
Tulip14

Tulip14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Which scan do you want me to do?

Tulip
  • 0

#13
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Boy do I ever feel foolish now :tazz: I was looking for a "blush" smiley

I need you to download MWav to a convenient location.

This scan might take around 3+ hours to finish when set to scan everything.
I need you to run MWav by double-clicking on mwav.exe. This scan only produces a report, it doesn't clean your system. I will analyze the report and recommend a course of action depending on the results.

Put a check next to the below items before scanning:
  • Memory
  • Startup Folders
  • Drive - All Local Drives
  • Folder - then click "browse" to change the directory to C: (default is C:\Windows)
  • Registry
  • System Folders
  • Services
  • Include Sub-Directory
  • Scan All Files
Please make sure ALL of these are checked, then press the Scan button. This typically will take hours to complete.

**NOTE*** Sometimes MWav will pause and it appears to be finished, but it isn't done. Just let it run until it says it's complete.

On the bottom portion of the window, you will see the lower panel where MWav is listing "infected items", please highlight everything in that lower panel and copy them by holding CTRL + C then paste it here. The whole log will be extremely BIG so there is no way to post the log. I just need the infected items list.

Regards,

Trevuren

  • 0

#14
Tulip14

Tulip14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Okay, finished. Here's the list:

File C:\Documents and Settings\Michelle Nichole\Desktop\Nailfix\Process.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
File C:\Documents and Settings\Michelle Nichole\Desktop\Nailfix.zip tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
Object "Lycos Sidesearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "BetterInternet Adware" found in File System! Action Taken: No Action Taken.
Object "DyFuCA Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Quicken Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "BTGrab Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "farmmext Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "farmmext Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "iSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaAccX.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "%JavaDir%\QTJava.zip". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\MSXML3A.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxwma.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{00014C0D-B007-4448-B89B-4EC3E857961D}" refers to invalid object "C:\Program Files\America Online 8.0\media\cddbcontrol.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0083AA80-357D-11D4-876E-CA5F65139036}" refers to invalid object "C:\MAGIX\mm7_demo\hhvrend2.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}" refers to invalid object "C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1167C47F-01F9-4C08-8564-1D6C9BAAFB60}" refers to invalid object "C:\Program Files\America Online 8.0\media\pathfinder.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}" refers to invalid object "C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}" refers to invalid object "C:\WINDOWS\systb.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1EFD6A40-3999-11CF-9150-00AA0059F70D}" refers to invalid object "E:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{205D2DFB-BBAD-4DC4-A0BB-CDA12A1639CE}" refers to invalid object "C:\Program Files\America Online 8.0\media\phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{22803C10-1FD3-11D5-BE64-001083023C0D}" refers to invalid object "C:\Program Files\America Online 8.0\g2p.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78d5-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 8.0\media\cddbcontrol.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78df-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 8.0\media\cddbcontrol.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e0-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 8.0\media\cddbcontrol.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e1-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 8.0\media\cddbcontrol.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e2-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 8.0\media\cddbcontrol.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}" refers to invalid object "C:\WINDOWS\system32\MSWINSCK.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}" refers to invalid object "C:\WINDOWS\system32\MSWINSCK.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{250B0184-3052-4EFB-AAA7-24429B8C0627}" refers to invalid object "C:\Program Files\America Online 8.0\CTABridge.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3775D2E0-7C5D-11CF-899E-00AA00688B10}" refers to invalid object "E:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4E97BE17-3300-4A4F-B380-5988DD771F1F}" refers to invalid object "C:\Program Files\America Online 8.0\media\ares.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5696745A-F3BD-11D4-8A1D-001083023C0D}" refers to invalid object "C:\Program Files\America Online 8.0\IE_NDS.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5788DAE8-4B72-4BE6-89A0-1E6123E4CBC2}" refers to invalid object "C:\Program Files\America Online 8.0\media\cerberus.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5B2D374F-B988-481F-BF09-3626AA4B7F8F}" refers to invalid object "C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~1\EzVCD.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{639A19DD-1D97-4A6E-A0D1-01E04FED563F}" refers to invalid object "C:\Program Files\America Online 8.0\media\phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6833E600-F6D8-11D4-8A1F-001083023C0D}" refers to invalid object "C:\Program Files\America Online 8.0\IE_NDS.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6EDA439D-F7C7-11d4-8A20-001083023C0D}" refers to invalid object "C:\Program Files\America Online 8.0\IE_NDS.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{75D44B92-DCAF-43f3-A7D1-91041F34E719}" refers to invalid object "C:\Program Files\Common Files\aol\Flasha.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7C9688C3-7279-474D-ABA5-A632373D2CDB}" refers to invalid object "C:\Program Files\America Online 8.0\media\phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7D24FC1F-750E-4f0c-B0B2-F029D6F3D22B}" refers to invalid object "C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~1\EzVCD.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7DA06D40-54A0-11CF-A521-0080C77A7786}" refers to invalid object "C:\WINDOWS\system32\TABCTL32.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9EFBF860-5685-11D3-AA3D-00C04F4C5275}" refers to invalid object "cdooff.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A105BD70-BF56-4D10-BC91-41C88321F47C}" refers to invalid object "C:\Program Files\America Online 8.0\media\phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AD6BF5C0-7B88-11D5-A5DE-444553540000}" refers to invalid object "C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\BMPCapture.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AED456C4-4866-4420-863F-35767EBED514}" refers to invalid object "C:\Program Files\America Online 8.0\media\phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B4F80028-5714-4B7B-B9B1-5748B204799A}" refers to invalid object "C:\Program Files\America Online 8.0\media\phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B9F3009B-976B-41C4-A992-229DCCF3367C}" refers to invalid object "C:\Program Files\America Online 8.0\media\axtrack.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c4-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 8.0\media\cddbcontrol.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c5-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 8.0\media\cddbcontrol.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c6-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 8.0\media\cddbcontrol.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c7-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 8.0\media\cddbcontrol.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c8-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 8.0\media\cddbcontrol.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}" refers to invalid object "C:\WINDOWS\system32\TABCTL32.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}" refers to invalid object "C:\Program Files\Common Files\aol\Flasha.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C1145551-A454-11D4-9020-00D0B7239081}" refers to invalid object "C:\Program Files\Common Files\aol\Flasha.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C1A8AF25-1257-101B-8FB0-0020AF039CA3}" refers to invalid object "E:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7}" refers to invalid object "C:\WINDOWS\systb.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D42AB085-7E24-460f-9BFB-9ADE542A81B9}" refers to invalid object "C:\MAGIX\mm7_demo\mxvisuals.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D465B936-C361-4417-9AC5-35167066F84B}" refers to invalid object "C:\Program Files\America Online 8.0\media\phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D9F99C6B-A3A6-11D4-AF64-444553546170}" refers to invalid object "C:\Program Files\America Online 8.0\media\phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DF0E9111-01DF-11D5-BA23-001083780941}" refers to invalid object "C:\Program Files\America Online 8.0\CalPrinting.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}" refers to invalid object "C:\WINDOWS\systb.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E3852604-B619-11d6-94EC-00047521F020}" refers to invalid object "C:\Program Files\America Online 8.0\media\nmpxchat\nmpxchat.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E5151CBE-F61D-11D4-BA21-001083780941}" refers to invalid object "C:\Program Files\America Online 8.0\CalPrinting.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E769AC40-7735-11D2-8B7B-9D5958F45120}" refers to invalid object "C:\MAGIX\mm7_demo\wavdest.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C}" refers to invalid object "C:\WINDOWS\system32\ntsvc.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E981D791-F499-4837-A483-5AB22F1C548F}" refers to invalid object "C:\Program Files\America Online 8.0\media\phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EB511AE4-87FE-4EFB-91A3-428B2F2601F7}" refers to invalid object "C:\Program Files\America Online 8.0\media\phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EEE78591-FE22-11D0-8BEF-0060081841DE}" refers to invalid object "C:\WINDOWS\system32\XVoice.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EEE78592-FE22-11D0-8BEF-0060081841DE}" refers to invalid object "C:\WINDOWS\system32\XVoice.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}" refers to invalid object "C:\WINDOWS\systb.dll". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\AOLCoach.TrainerOCXCtrl" refers to invalid object "{E04EAE82-14Ad-41CB-BF5A-45556ABB8347}". Action Taken: No Action Taken.
Entry "HKCR\AOLCoach.TrainerOCXCtrl.1" refers to invalid object "{E04EAE82-14Ad-41CB-BF5A-45556ABB8347}". Action Taken: No Action Taken.
Entry "HKCR\AOLCoach.TrainerOCXCtrl.9" refers to invalid object "{E04EAE82-14Ad-41CB-BF5A-45556ABB8347}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\McAfee.com.PrivacyService.PingObj" refers to invalid object "{F5ECBD5C-7286-4f88-AA32-CD39773BE82B}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.
Entry "HKCR\TwaintecDll.TwaintecDllObj" refers to invalid object "{000020DD-C72E-4113-AF77-DD56626C6C42}". Action Taken: No Action Taken.
Entry "HKCR\Wbho.Band" refers to invalid object "{01F44A8A-8C97-4325-A378-76E68DC4AB2E}". Action Taken: No Action Taken.
Entry "HKCR\Wbho.Band.1" refers to invalid object "{01F44A8A-8C97-4325-A378-76E68DC4AB2E}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
File C:\WINDOWS\iaphzrp.exe tagged as "not-a-virus:AdWare.BetterInternet.c". Action Taken: No Action Taken.
File C:\WINDOWS\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\DOCUME~1\MICHEL~1\LOCALS~1\TEMPOR~1\Content.IE5\8DI7W16Z\Nailfix[1]\Nailfix\Process.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
File C:\DOCUME~1\MICHEL~1\LOCALS~1\TEMPOR~1\Content.IE5\8DI7W16Z\Nailfix[1].zip tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
File C:\DOCUME~1\MICHEL~1\LOCALS~1\TEMPOR~1\Content.IE5\NY53ZAF4\Nailfix[1]\Nailfix\Process.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer.zip infected by "Password-protected-EXE" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B540001.VBN infected by "Trojan-Dropper.Win32.Delf.z" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B540003.VBN infected by "Trojan-Downloader.Win32.Agent.ae" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Michelle Nichole\Desktop\Nailfix\Process.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
File C:\Documents and Settings\Michelle Nichole\Desktop\Nailfix.zip tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
File C:\Documents and Settings\Michelle Nichole\Local Settings\Temporary Internet Files\Content.IE5\8DI7W16Z\Nailfix[1]\Nailfix\Process.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
File C:\Documents and Settings\Michelle Nichole\Local Settings\Temporary Internet Files\Content.IE5\8DI7W16Z\Nailfix[1].zip tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
File C:\Documents and Settings\Michelle Nichole\Local Settings\Temporary Internet Files\Content.IE5\NY53ZAF4\Nailfix[1]\Nailfix\Process.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
File C:\MAGIX\ms7_deLuxe\uninstall.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Lavasoft\Ad-Aware SE Personal\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\MBKWBar\MBKWBar.exe tagged as "not-a-virus:AdWare.ToolBar.MBKWBar.a". Action Taken: No Action Taken.
File C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\CM\CMInstall.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\mmz\pd_DellDJ_CM_Driver_Verbose_1.00.0020.mmz tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\TDM\TDMInstall.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\MUSICMATCH\MUSICMATCH Update\TDM\TDMInstall.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP501\A0032734.exe tagged as "not-a-virus:AdWare.BetterInternet.c". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP501\A0033770.exe tagged as "not-a-virus:AdWare.BetterInternet.c". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP523\A0043934.exe tagged as "not-a-virus:AdWare.BetterInternet.c". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP524\A0045553.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP524\A0045558.exe infected by "Trojan.Win32.Small.cy" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP524\A0045559.exe tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP524\A0045560.dll tagged as "not-a-virus:AdWare.ToolBar.ImiBar.d". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP524\A0045561.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP524\A0045562.exe tagged as "not-a-virus:AdWare.ToolBar.ImiBar.d". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP524\A0045563.exe infected by "Trojan-Downloader.Win32.Intexp.c" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\iaphzrp.exe tagged as "not-a-virus:AdWare.BetterInternet.c". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer.zip infected by "Password-protected-EXE" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B540001.VBN infected by "Trojan-Dropper.Win32.Delf.z" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B540003.VBN infected by "Trojan-Downloader.Win32.Agent.ae" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Michelle Nichole\Desktop\Nailfix\Process.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
File C:\Documents and Settings\Michelle Nichole\Desktop\Nailfix.zip tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
File C:\Documents and Settings\Michelle Nichole\Local Settings\Temporary Internet Files\Content.IE5\8DI7W16Z\Nailfix[1]\Nailfix\Process.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
File C:\Documents and Settings\Michelle Nichole\Local Settings\Temporary Internet Files\Content.IE5\8DI7W16Z\Nailfix[1].zip tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
File C:\Documents and Settings\Michelle Nichole\Local Settings\Temporary Internet Files\Content.IE5\NY53ZAF4\Nailfix[1]\Nailfix\Process.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
File C:\MAGIX\ms7_deLuxe\uninstall.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Lavasoft\Ad-Aware SE Personal\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\MBKWBar\MBKWBar.exe tagged as "not-a-virus:AdWare.ToolBar.MBKWBar.a". Action Taken: No Action Taken.
File C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\CM\CMInstall.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\mmz\pd_DellDJ_CM_Driver_Verbose_1.00.0020.mmz tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\TDM\TDMInstall.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\MUSICMATCH\MUSICMATCH Update\TDM\TDMInstall.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP501\A0032734.exe tagged as "not-a-virus:AdWare.BetterInternet.c". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP501\A0033770.exe tagged as "not-a-virus:AdWare.BetterInternet.c". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP523\A0043934.exe tagged as "not-a-virus:AdWare.BetterInternet.c". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP524\A0045553.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP524\A0045558.exe infected by "Trojan.Win32.Small.cy" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP524\A0045559.exe tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP524\A0045560.dll tagged as "not-a-virus:AdWare.ToolBar.ImiBar.d". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP524\A0045561.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP524\A0045562.exe tagged as "not-a-virus:AdWare.ToolBar.ImiBar.d". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP524\A0045563.exe infected by "Trojan-Downloader.Win32.Intexp.c" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\iaphzrp.exe tagged as "not-a-virus:AdWare.BetterInternet.c". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Thanks,

Tulip
  • 0

#15
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Most of the items in the list will be taken care of in our final cleanup procedures.

To help clean up the rest,
  • Download, install, update, configure, and run Ad-Aware SE Personal 1.06.
    • Download Ad-Aware SE Personal 1.06:
    • Install Ad-Aware SE Personal 1.06:
      • Double-click on aawsepersonal.exe to install the program.
      • Follow the default settings for installation.
      • After the program has finished installing uncheck the "Perform a full system scan now", "Update definition file now", and "Open the help file now" boxes.
    • Update Ad-Aware SE Personal 1.06:
      • Double-click the Ad-Aware SE Personal icon on your desktop.
      • Click "Check for updates now" then click "Connect".
      • It will check for any updates. If any are found click "OK" to download and install the updates. Once it has finished click "Finish".
    • Configure Ad-Aware SE Personal 1.06:
      • Click on the Gear button at the top of the window.
      • Click "General" on the left hand side to display the General Settings box.
        • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
        • "Automatically save logfile"
        • "Automatically quarantine objects prior to removal"
        • "Safe Mode (always request confirmation)"
        • "Prompt to update outdated definitions" - change to 7 days from the default 14.
    • Click "Scanning" on the left hand side to display the Scan Settings box.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
      • "Scan within archives"
      • "Select drives & folders to scan" - select your hard drive(s).
      • "Scan active processes"
      • "Scan registry"
      • "Deep-scan registry"
      • "Scan my IE favorites for banned URLs"
      • "Scan my Hosts file"
    • Click "Advanced" on the left hand side to display the Advanced Settings box.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
      • "Move deleted files to Recycle Bin"
      • "Include additional object information"
      • "Include negligible objects information"
      • "Include environment information"
    • Click "Defaults" on the left hand side to display the Default Settings box.
      • Make sure these items have your preferred settings in them.:
      • "Default homepage"
      • "Default searchpage"
    • Click "Tweak" on the left hand side to display the Tweak Settings box.
      • Click the + (plus) sign next to the Log Files section. This will expand the section.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
        • "Include basic Ad-Aware settings in log file"
        • "Include additional Ad-Aware settings in log file"
        • "Include reference summary in log file"
        • "Include alternate data stream details in log file"
      • Click the + (plus) sign next to the Scanning Engine section. This will expand the section.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
        • "Unload recognized processes & modules during scan"
        • "Scan registry for all users instead of current user only"
        • "Obtain command line of scanned processes"
      • Click the + (plus) sign next to the Cleaning Engine section. This will expand the section.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
        • "Always try to unload modules before deletion"
        • "During removal, unload Explorer and IE if necessary"
        • "Let Windows remove files in use at next reboot"
        • "Delete quarantined objects after restoring"
    • Once you are done with these settings, click "Proceed" to save them.
    • This will take you back to the main screen.
  • Run Ad-Aware SE Personal 1.06:
    • Click the "Start" button.
    • Uncheck the "Search for negligible risk entries" entry.
    • Choose the "Use custom scanning options" scan mode.
    • Click the "Next" button.
    • Ad-Aware will begin to scan for malware residing on your computer.
    • Allow the scan to finish.
    • Right-click on any entry in the list and click "Select All" to select the whole list.
    • Click "Next" and choose "OK" at the prompt to quarantine and remove the objects.
REBOOT your system

Post a fresh HJT log

We should now be ready for final cleanup procedures.

Regards,

Trevuren

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP