Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Various Trojans - Aurora and others


  • Please log in to reply

#1
burke3797

burke3797

    Member

  • Member
  • PipPip
  • 18 posts
:tazz:
Please try to give me some help as I have a group of 11 yr olds coming Friday night and I would love to have computer access - TIA

Logfile of HijackThis v1.99.1
Scan saved at 8:53:08 PM, on 8/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
c:\windows\system32\gubdhoj.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\ctfmon.exe
C:\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\Osaka.EXE
C:\WINDOWS\TEMP\Mshtml2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Bucket Class - {00000001-C003-4A2F-9142-7CB1D78DE6C1} - C:\WINDOWS\tct101.dll
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: SDWin32 Class - {530AE353-E6CB-4367-A65E-BA6C56FEF3D0} - C:\WINDOWS\System32\ugchs.dll
O2 - BHO: LANBridge Class - {71D1708F-973D-4600-AF01-AD86688403AE} - C:\WINDOWS\System32\omwemwqm.dll
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\System32\nsh636.dll
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [jugt] C:\WINDOWS\System32\jbcur\jugt.exe
O4 - HKLM\..\Run: [lgjuj] C:\WINDOWS\System32\tryc\lgjuj.exe
O4 - HKLM\..\Run: [deaj] C:\WINDOWS\System32\qaemfm\deaj.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [xor] C:\WINDOWS\System32\xor\svchost.exe
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKLM\..\Run: [aehaug] C:\WINDOWS\System32\fcdrxm\aehaug.exe
O4 - HKLM\..\Run: [dccsvax] C:\WINDOWS\System32\oikhvyb\dccsvax.exe
O4 - HKLM\..\Run: [bhqgvsnt] C:\WINDOWS\System32\sbcqmlqx\bhqgvsnt.exe
O4 - HKLM\..\Run: [Sysnet] C:\DOCUME~1\Pat\LOCALS~1\Temp\sysnet.exe
O4 - HKLM\..\Run: [gxuydll] C:\WINDOWS\gxuydll.EXE
O4 - HKLM\..\Run: [gxuyenc] C:\WINDOWS\gxuyenc.EXE
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\sxs4gg.exe reg_run
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [ltwud] C:\WINDOWS\System32\ugofe\ltwud.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [ttupt] C:\WINDOWS\ttupt.exe
O4 - HKLM\..\Run: [lanbrup] C:\WINDOWS\System32\lanbrup.exe
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\System32\PSof1.exe
O4 - HKLM\..\Run: [rutuens] C:\WINDOWS\System32\vvobvl\rutuens.exe
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [msresearch] C:\WINDOWS\msresearch.exe
O4 - HKLM\..\Run: [1ditt8md] C:\WINDOWS\System32\1ditt8md.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Hfzyyj.exe
O4 - HKLM\..\Run: [sp2update] C:\windows\sp2update.exe
O4 - HKLM\..\Run: [dnam] C:\WINDOWS\system32\d140113.a.Stub.EXE
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\System32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [745ddf5d3d68] C:\WINDOWS\System32\BATMETER.exe
O4 - HKLM\..\Run: [spcsik] C:\WINDOWS\System32\ngnuy\spcsik.exe
O4 - HKLM\..\Run: [hgdpofl] C:\WINDOWS\System32\faanbnnu\hgdpofl.exe
O4 - HKLM\..\Run: [snikhp] C:\WINDOWS\System32\mljhhud\snikhp.exe
O4 - HKLM\..\Run: [wqcxaxpn] C:\WINDOWS\System32\ogaeiqcr\wqcxaxpn.exe
O4 - HKLM\..\Run: [ywlgqcnq] C:\WINDOWS\System32\ismbqylb\ywlgqcnq.exe
O4 - HKLM\..\Run: [tatsew] C:\WINDOWS\System32\wsqr\tatsew.exe
O4 - HKLM\..\Run: [wchfyqfu] C:\WINDOWS\System32\poujhw\wchfyqfu.exe
O4 - HKLM\..\Run: [lblcd] C:\WINDOWS\System32\oititu\lblcd.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Nkjjmy.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [icagzzf] c:\windows\system32\gubdhoj.exe r
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [CMAPP] "C:\Program Files\CMAPP\Client\cmappclient.exe"
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - ms-its:mhtml:file://c:\nosunex.mht!http://daemonlinks.n...ysb_regular.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - ms-its:mhtml:file://c:\nosunet.mht!http://daemonlinks.n...m::/website.ocx
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures05.ai...AIM.9.5.1.8.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...387/mcfscan.cab
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\mfxml3a.dll
O21 - SSODL: eplrr - {97DEAE3A-B66E-4D1D-964C-BFAFDF22DA30} - C:\WINDOWS\System32\eplrr3.dll
O21 - SSODL: Web Event Logger - {7CFBACFF-EE01-1231-ABDD-416592E5D639} - C:\WINDOWS\System32\Pcojcf32.dll
O23 - Service: bhqgvsntsbcqmlqx - Unknown owner - C:\WINDOWS\System32\sbcqmlqx\bhqgvsnt.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\UnlhbgAA\command.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: dccsvaxoikhvyb - Unknown owner - C:\WINDOWS\System32\oikhvyb\dccsvax.exe
O23 - Service: deajqaemfm - Unknown owner - C:\WINDOWS\System32\qaemfm\deaj.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: lblcdoititu - Unknown owner - C:\WINDOWS\System32\oititu\lblcd.exe
O23 - Service: ltwudugofe - Unknown owner - C:\WINDOWS\System32\ugofe\ltwud.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: rutuensvvobvl - Unknown owner - C:\WINDOWS\System32\vvobvl\rutuens.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: tatsewwsqr - Unknown owner - C:\WINDOWS\System32\wsqr\tatsew.exe
O23 - Service: ukyytvamnvkou - Unknown owner - C:\WINDOWS\System32\mnvkou\ukyytva.exe
O23 - Service: Windows VisFx Components - Unknown owner - C:\WINDOWS\cvrssvc.exe
  • 0

Advertisements


#2
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hi burke3797 and Welcome to GeekstoGo!

We will have to do alot of work in a little bit of time to get this PC fully functional by Friday!

Start by following the directions in this link!
http://forums.subrat...?showtopic=3466

Make sure to follow the directions to the T and this will get us going!

Once the Scan is Complete,allow Kaspersky to function fully so you will have a little protection until we get ya cleaned up!
  • 0

#3
burke3797

burke3797

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
:tazz:

Thanks for the quick resposne. Since I am at work now and not at home with the infected computer I will have to do this later today. Could you include some of the secondary steps after running the suggested software to prgress me further along?

Thanks in advance
  • 0

#4
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Sure I can but there will be a bit of OverKill to it!

In this next Step,some of these may not exist,so just deal with the ones you can find!

Click Start-> Run-> Type in Services.msc and Click OK!

Scroll that list and locate these entries

Command Service
System Startup Service
Web Event Logger
Windows VisFx Components
bhqgvsntsbcqmlqx
dccsvaxoikhvyb
deajqaemfm
lblcdoititu
ltwudugofe
rutuensvvobvl
tatsewwsqr
ukyytvamnvkou


Right Click each entry you find that mayches Exactly and Select Properties-> Click Stop-> Go up and change the Startup Type to Disabled!

Click Apply-> OK and Exit the Services Page!


Download LQfix
http://users.pandora...atchy/LQfix.exe

Double Click LQfix.exe-> Click Install-> Open and Double Click on ClickThis.bat

Let it Run-> When prompted to reboot-> Do So!


Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/


Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.


Download and Install
CleanUp!

Open and Run CleanUp-> When Prompted to log off-> Restart in Safe Mode!


Now I want you to run Ewido almost identical to the way you ran Kaspersky!

Restart in Safe Mode and Open Ewido but dont run it yet!

Open the Task Manager and Kill any of these processes that may be running!

Mshtml2.exe
Osaka.EXE
gubdhoj.exe
HelpSvc.exe
rundll32.exe
Explorer.exe



You know what will happen when Explorer.exe is killed!

Run the Ewido Scan-> Clean everything it finds-> Click the tab to Save a Report!


Restart Normal and Download Pocket KillBox from here:
http://www.atribune....llBox_beta_.exe

Highlight the list below and press Ctrl+C to Copy!

C:\WINDOWS\Nail.exe
C:\WINDOWS\tct101.dll
C:\WINDOWS\cfgmgr52.dll
C:\WINDOWS\dsr.dll
C:\WINDOWS\ttupt.exe
C:\WINDOWS\UnlhbgAA\command.exe
C:\WINDOWS\UnlhbgAA
C:\Windows\System32\gubdhoj.exe
C:\WINDOWS\System32\mfxml3a.dll
C:\WINDOWS\System32\eplrr3.dll
C:\WINDOWS\System32\Pcojcf32.dll
C:\WINDOWS\System32\ugchs.dll
C:\WINDOWS\System32\omwemwqm.dll
C:\WINDOWS\System32\nsh636.dll
C:\WINDOWS\System32\jbcur\jugt.exe
C:\WINDOWS\System32\jbcur
C:\WINDOWS\System32\tryc\lgjuj.exe
C:\WINDOWS\System32\tryc
C:\WINDOWS\System32\qaemfm\deaj.exe
C:\WINDOWS\System32\qaemfm
C:\WINDOWS\System32\xor\svchost.exe
C:\WINDOWS\System32\xor
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\System32\fcdrxm\aehaug.exe
C:\WINDOWS\System32\fcdrxm
C:\WINDOWS\System32\oikhvyb\dccsvax.exe
C:\WINDOWS\System32\oikhvyb
C:\WINDOWS\System32\sbcqmlqx\bhqgvsnt.exe
C:\WINDOWS\System32\sbcqmlqx
C:\DOCUME~1\Pat\LOCALS~1\Temp\sysnet.exe
C:\WINDOWS\gxuydll.EXE
C:\WINDOWS\gxuyenc.EXE
C:\WINDOWS\System32\sxs4gg.exe reg_run
C:\WINDOWS\dinst.exe
C:\WINDOWS\System32\ugofe\ltwud.exe
C:\WINDOWS\System32\ugofe
C:\WINDOWS\cfgmgr52.dll
C:\WINDOWS\System32\exp.exe
C:\WINDOWS\System32\wintask.exe
C:\WINDOWS\System32\AUNPS2.DLL
C:\WINDOWS\System32\lanbrup.exe
C:\WINDOWS\System32\PSof1.exe
C:\WINDOWS\System32\vvobvl\rutuens.exe
C:\WINDOWS\System32\vvobvl
C:\WINDOWS\etb
C:\WINDOWS\msresearch.exe
C:\WINDOWS\System32\1ditt8md.exe
C:\WINDOWS\System32\Hfzyyj.exe
C:\windows\sp2update.exe
C:\WINDOWS\system32\d140113.a.Stub.EXE
C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
C:\WINDOWS\System32\nsvsvc
C:\WINDOWS\System32\vidctrl\vidctrl.exe
C:\WINDOWS\System32\vidctrl
C:\WINDOWS\System32\BATMETER.exe
C:\WINDOWS\System32\ngnuy\spcsik.exe
C:\WINDOWS\System32\ngnuy
C:\WINDOWS\System32\faanbnnu\hgdpofl.exe
C:\WINDOWS\System32\faanbnnu
C:\WINDOWS\System32\mljhhud\snikhp.exe
C:\WINDOWS\System32\mljhhud
C:\WINDOWS\System32\ogaeiqcr\wqcxaxpn.exe
C:\WINDOWS\System32\ogaeiqcr
C:\WINDOWS\System32\ismbqylb\ywlgqcnq.exe
C:\WINDOWS\System32\ismbqylb
C:\WINDOWS\System32\wsqr\tatsew.exe
C:\WINDOWS\System32\wsqr
C:\WINDOWS\System32\poujhw\wchfyqfu.exe
C:\WINDOWS\System32\poujhw
C:\WINDOWS\System32\oititu\lblcd.exe
C:\WINDOWS\System32\oititu
C:\WINDOWS\System32\Nkjjmy.exe
C:\Program Files\CMAPP\Client\cmappclient.exe
C:\Program Files\CMAPP\Client
C:\Program Files\CMAPP
C:\Program Files\Cas\Client\casclient.exe
C:\Program Files\Cas\Client
C:\Program Files\Cas
C:\Program Files\E2G\IeBHOs.dll
C:\Program Files\E2G
C:\Program Files\SurfAccuracy\SAcc.exe
C:\Program Files\SurfAccuracy


Open Pocket Killbox-> Click File-> Click Paste from Clipboard!

Place a tick by Delete on Reboot-> Click the Red Circle to Delete!

Click Yes to the Prompts that follow and let Killbox Reboot the PC!


Once Restarted-> Last lets get a hefty Reg Cleaner and move out all dead registry entries!

RegSupreme Pro
http://majorgeeks.co..._Pro_d4256.html

Once downloaded and launched,Click Yes to Update the Cache-> Click "Registry Cleaner"-> Click "Aggresive" and "Start"-> Fix everything it finds-> Name the Backup it creates and Save it somewhere safe!

Once all thats Completed,post back with a fresh HijackThis log and lets see whats leftover!

Edited by Cretemonster, 25 August 2005 - 06:10 PM.

  • 0

#5
burke3797

burke3797

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Thank you so much for all your help - this computer won't let me open the kav file - it states that "previous installaiton was not completed. For successful installlation you must restart your computer." I have tried relaoding it many times without success including different directories????

Please help
  • 0

#6
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hmmm,Kav wont load or Ewido Wont load?

Either way use as much of the Instructions as you can and post a fresh HijackThis log!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP