• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
rpalmer2

ABout:Blank Hijacked with abrdvd.exe? Remove?

4 posts in this topic

I've run Spy Sweeper numerous times, and Cool WWW, CWS-AboutBlank, CWS sp.html hijack, and abrdvd.exe keep returning. I ran HiJackThis, and this is my log file:

 

Logfile of HijackThis v1.98.0

Scan saved at 8:29:03 AM, on 6/30/2004

Platform: Windows 2000 SP3 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\MS\SMS\CORE\BIN\CLISVCL.EXE

C:\Win32App\SQLLIB\bin\db2jds.exe

C:\Win32App\SQLLIB\bin\db2sec.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\WINNT\system32\regsvc.exe

C:\Program Files\RoboSource Control\RoboSourceControlNetServer.exe

C:\WINNT\system32\MSTask.exe

C:\win32app\RSAKeon\system\sdlss.exe

c:\program files\microsoft enterprise instrumentation\bin\trace service\tracesessionmanager.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\mspmspsv.exe

C:\WINNT\MS\SMS\CLICOMP\RemCtrl\Wuser32.exe

C:\WINNT\Explorer.EXE

C:\WINNT\System32\qttask.exe

C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE

C:\PROGRA~1\IOMEGA~1\directcd.exe

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\win32app\RSAKeon\System\SDTray.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\WINNT\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe

C:\Win32App\IBM\IMNNQ\imnsvdem.exe

C:\Win32App\IBM\IMNNQ\HTTPDL.exe

C:\win32app\MSOffice\Office\1033\msoffice.exe

C:\WINNT\abrdvd.exe

C:\WINNT\MS\SMS\clicomp\apa\Bin\smsapm32.exe

C:\HJT\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dstcustomercenter

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dstcustomercenter

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dstcustomercenter

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by DST Systems, Inc.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://internet-help:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://internet-help:8080

F0 - system.ini: Shell=

F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,

N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.kctv.com/Global/category.asp?C=5540&nav=1Pua"); (C:\Program Files\Netscape\Users\rhpalmer\prefs.js)

O1 - Hosts: 198.176.184.113 xtfinancialtrans.dstsystems.net

O1 - Hosts: 198.176.184.114 xtfinancialtrans1.dstsystems.net

O1 - Hosts: 198.176.184.115 xtfinancialtranstest.dstsystems.net

O1 - Hosts: 198.176.184.116 xtfinancialtranstest1.dstsystems.net

O2 - BHO: (no name) - {0227A798-A034-4992-8A40-8D4A7A31D58E} - C:\WINNT\system32\hglkk.dll (file missing)

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [QuickTime Task] C:\WINNT\System32\qttask.exe

O4 - HKLM\..\Run: [sMS Application Launcher] C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE

O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\IOMEGA~1\directcd.exe

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [RSA SDTray] "C:\win32app\RSAKeon\\System\SDTray.exe"

O4 - HKLM\..\Run: [abrdvd] C:\WINNT\abrdvd.exe

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - Startup: Drempels Desktop.lnk = C:\WINNT\drempels.exe

O4 - Startup: Lotus Notes.lnk = C:\win32app\Notes\notes.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\win32app\MSOffice\Office\OSA9.EXE

O4 - Global Startup: Start HTML Search Server.lnk = C:\win32app\SQLLIB\bin\db2nq.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O10 - Unknown file in Winsock LSP: c:\win32app\rsakeon\system\mlr.dll

O10 - Unknown file in Winsock LSP: c:\win32app\rsakeon\system\mlr.dll

O14 - IERESET.INF: START_PAGE_URL=http://dstcustomercenter

O16 - DPF: SortListControl - http://jcwg:8120/tba/tba-t/controls/sortlistcontrol.cab

O16 - DPF: SysMgmt - http://jcwg:8100/tba/tba-t/controls/sysmgmt.cab

O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://dstquickplace.dstsystems.com/qp2.cab

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v43/yacscom.cab

O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/downlo...19105/flash.cab

O16 - DPF: {3181F4C5-D556-436F-ACE7-416C1AFCBB73} (DST TreeView Control) - http://jcwg:8100/tba/tba-t/controls/DSTTREEVW.cab

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {38481807-CA0E-42D2-BF39-B33AF135CC4D} - http://dst-proxy1.dstsystems.com:8080/Issu...cts%2Focget.dll

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/10ba2a205546f821c205/...ip/RdxIE601.cab

O16 - DPF: {6765706A-0000-0010-8000-00AA00389B71} - http://dst-proxy1.dstsystems.com:8080/Issu...cts%2Focget.dll

O16 - DPF: {731918D2-517A-47E2-886A-3BC1380C591D} - http://webpdp.gator.com/v3/download/pdpplu...094_hd3ptdm.cab

O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181/chaincast/proxy/CCMP.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield Setup Player) - http://dst_scm_web/DimPC_C/isetup.cab

O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000} - http://www.blowsearch.com/TB/The_Ultimate_...er_Enhancer.exe

O16 - DPF: {A51DEDCD-20F7-11D4-98A5-00C0CA130748} (Tintel Class) - http://exe.dialer.tintel.nl/tcw.cab

O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk DWF Viewer Control) - http://www.autodesk.com/global/expressview...ViewerSetup.cab

O16 - DPF: {CBBD92B0-CFC7-43E6-B70B-A660B6BF6FFC} (DST ListView Control) - http://jcwg:8100/tba/tba-t/controls/DSTLISTVW.cab

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup145.cab

O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggerne...oaderSigned.cab

O16 - DPF: {F5078F32-C551-11D3-89B9-0000F81FE221} (XML DOM Document 3.0) - http://jcwg:8100/tba/tba-t/controls/msxml3.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.dstsystems.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.dstsystems.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad.dstsystems.com

 

What should I do next? Thanks in advance.

Share this post


Link to post
Share on other sites

Due to the time passed ...

  1. HijackThis ... (Download again as you are running an older version)
    • Double click on "My Computer" to open it.
    • Double click on the local "C-Drive" to open it.
    • Click on "File" => "New Folder" and name it HJT. i.e. The folder will be C:\HJT.
    • Please download HijackThis from any of the following locations:

[*]Install/Unzip it into C:\HJT.

[*]Only run HijackThis from C:\HJT\HijackThis.exe. That way we can ensure that we have the backup files available in the event that they are needed.

[*]Run HijackThis, click on scan and wait for the scan to finish.

[*]The "Scan" button will change to "Save Log", click on it and simply press "Save" on the window that will appear.

[*]Notepad will open with a copy of the log.

  • Click on "Edit" => "Select All".
  • Click on "Edit" => "Copy". This will copy the contents of the Notepad instance to the clipboard.

[*]Please post your entire log here for analysis.

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.98.2

Scan saved at 11:37:55 AM, on 9/13/2004

Platform: Windows 2000 SP3 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\MS\SMS\CORE\BIN\CLISVCL.EXE

C:\Win32App\SQLLIB\bin\db2jds.exe

C:\Win32App\SQLLIB\bin\db2sec.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\win32app\RSAKeon\system\sdlss.exe

c:\program files\microsoft enterprise instrumentation\bin\trace service\tracesessionmanager.exe

C:\WINNT\MS\SMS\clicomp\apa\Bin\smsapm32.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\mspmspsv.exe

C:\WINNT\MS\SMS\CLICOMP\RemCtrl\Wuser32.exe

C:\WINNT\MS\SMS\clicomp\sinv\sinv32.exe

C:\WINNT\Explorer.EXE

C:\WINNT\System32\qttask.exe

C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE

C:\PROGRA~1\IOMEGA~1\directcd.exe

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\win32app\RSAKeon\System\SDTray.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINNT\system32\spool\DRIVERS\W32X86\2\RPDFLchr.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\WINNT\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe

C:\win32app\MSOffice\Office\1033\msoffice.exe

C:\Win32App\IBM\IMNNQ\HTTPDL.exe

C:\win32app\Notes\NLNOTES.EXE

C:\Win32App\IBM\IMNNQ\imnsvdem.exe

C:\WINNT\system32\taskmgr.exe

C:\win32app\Notes\ntaskldr.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\HJT\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dstcustomercenter

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dstcustomercenter

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dstcustomercenter

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by DST Systems, Inc.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://internet-help:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://internet-help:8080

N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.kctv.com/Global/category.asp?C=5540&nav=1Pua"); (C:\Program Files\Netscape\Users\rhpalmer\prefs.js)

O1 - Hosts: 198.176.184.113 xtfinancialtrans.dstsystems.net

O1 - Hosts: 198.176.184.114 xtfinancialtrans1.dstsystems.net

O1 - Hosts: 198.176.184.115 xtfinancialtranstest.dstsystems.net

O1 - Hosts: 198.176.184.116 xtfinancialtranstest1.dstsystems.net

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [QuickTime Task] C:\WINNT\System32\qttask.exe

O4 - HKLM\..\Run: [sMS Application Launcher] C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE

O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\IOMEGA~1\directcd.exe

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [RSA SDTray] "C:\win32app\RSAKeon\\System\SDTray.exe"

O4 - HKLM\..\Run: [abrdvd] C:\WINNT\abrdvd.exe

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [RoboPDF] C:\WINNT\system32\spool\DRIVERS\W32X86\2\RPDFLchr.exe

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - Startup: Lotus Notes.lnk = C:\win32app\Notes\notes.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\win32app\MSOffice\Office\OSA9.EXE

O4 - Global Startup: Start HTML Search Server.lnk = C:\win32app\SQLLIB\bin\db2nq.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O10 - Unknown file in Winsock LSP: c:\win32app\rsakeon\system\mlr.dll

O10 - Unknown file in Winsock LSP: c:\win32app\rsakeon\system\mlr.dll

O14 - IERESET.INF: START_PAGE_URL=http://dstcustomercenter

O16 - DPF: SortListControl - http://jcwg:8120/tba/tba-t/controls/sortlistcontrol.cab

O16 - DPF: SysMgmt - http://jcwg:8100/tba/tba-t/controls/sysmgmt.cab

O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://dstquickplace.dstsystems.com/qp2.cab

O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v43/yacscom.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll

O16 - DPF: {3181F4C5-D556-436F-ACE7-416C1AFCBB73} (DST TreeView Control) - http://jcwg:8100/tba/tba-t/controls/DSTTREEVW.cab

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {38481807-CA0E-42D2-BF39-B33AF135CC4D} - http://dst-proxy1.dstsystems.com:8080/Issu...cts%2Focget.dll

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/10ba2a205546f821c205/...ip/RdxIE601.cab

O16 - DPF: {6765706A-0000-0010-8000-00AA00389B71} - http://dst-proxy1.dstsystems.com:8080/Issu...cts%2Focget.dll

O16 - DPF: {731918D2-517A-47E2-886A-3BC1380C591D} - http://webpdp.gator.com/v3/download/pdpplu...094_hd3ptdm.cab

O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181/chaincast/proxy/CCMP.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield Setup Player) - http://dst_scm_web/DimPC_C/isetup.cab

O16 - DPF: {A51DEDCD-20F7-11D4-98A5-00C0CA130748} (Tintel Class) - http://exe.dialer.tintel.nl/tcw.cab

O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk DWF Viewer Control) - http://www.autodesk.com/global/expressview...ViewerSetup.cab

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab

O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_3us.cab

O16 - DPF: {CBBD92B0-CFC7-43E6-B70B-A660B6BF6FFC} (DST ListView Control) - http://jcwg:8100/tba/tba-t/controls/DSTLISTVW.cab

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup145.cab

O16 - DPF: {F5078F32-C551-11D3-89B9-0000F81FE221} (XML DOM Document 3.0) - http://jcwg:8100/tba/tba-t/controls/msxml3.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.dstsystems.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.dstsystems.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad.dstsystems.com

Share this post


Link to post
Share on other sites

Run Ad-Aware with the latest update.

  1. Download the latest version of Ad-Aware (Ad-Aware SE Build 1.04) from here.
  2. If you have a previous version of Ad-Aware installed, during the installation of the new version you will be prompted to uninstall or keep the older version - be sure to uninstall the previous version.
  3. After installing Ad-aware, you will be prompted to update the program and run a full scan. De-select all boxes so that it does not run.
  4. Manually run "Ad-Aware SE Personal" and from the main screen Click on "Check for Updates Now".
  5. Once the definitions have been updated:
  6. Reconfigure Ad-Aware for Full Scan as per the following instructions:
    • Launch the program, and click on the Gear at the top of the start screen.
    • Under General Settings the following boxes should all be checked off: (Checked will be indicated by a green circle with a check mark in it, Un-Checked is a red circle with an X in it. If it is greyed out, those features are only available in the retail version.)
      • "Automatically save logfile"
      • Automatically quarantine objects prior to removal"
      • Safe Mode (always request confirmation)
      • Prompt to update outdated confirmation) - Change to 7 days.

[*]Click the "Scanning" button (On the left side).

[*]Under Drives & Folders, select "Scan within Archives"

[*]Click "Click here to select Drives + folders" and select your installed hard drives.

[*]Under Memory & Registry, select all options.

[*]Click the "Advanced" button (On the left hand side).

[*]Under "Shell Integration", select "Move deleted files to Recycle Bin".

[*]Under "Log-file detail", select all options.

[*]Click on the "Defaults" button on the left.

[*]Type in the full url of what you want as your default homepage and searchpage e.g. http://www.google.com.

[*]Click the "Tweak" button (Again, on the left hand side).

[*]Expand "Scanning Engine" by clicking on the "+" (Plus) symbol) and select the following:

  • "Unload recognized processes during scanning."
  • "Obtain command line of scanned processes"
  • "Scan registry for all users instead of current user only"

[*]Under "Cleaning Engine", select the following:

  • "Automatically try to unregister objects prior to deletion."
  • "During removal, unload explorer and IE if necessary"
  • "Let Windows remove files in use at next reboot."
  • "Delete quarrantined objects after restoring"

[*]Click on "Safety Settings" and select "Write-protect system files after repair (Hosts file, etc)"

[*]Click on "Proceed" to save these Preferences.

[*]Click on the "Scan Now" button on the left.

[*]Under "Select Scan Mode, be sure to select "Use Custom Scanning Options".

[*]Close all programs except ad-aware.

[*]Click on "Next" in the bottom right corner to start the scan.

[*]Run the Ad-Aware scan and allow it to remove everything it finds and then REBOOT - Even if not prompted to.

[*]After you log back in, Ad-Aware may run to finalize the scan and remove any locked files that it may of found. Allow it to finish.

After that, please go to Microsoft Windows Update and download all critical updates for your system. This is imperative.

 

Once that is done, post an updated HijackThis log.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0