Jump to content


Photo

Searchweb2.com/passthrought


  • Please log in to reply
9 replies to this topic

#1 piechbi

piechbi

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 16 June 2004 - 04:16 AM

Can someone please look at my log file ?
I can't get rid of searchweb2

Logfile of HijackThis v1.97.7
Scan saved at 7:10:20, on 16/06/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\PROGRA~1\UPLOAD~1\Data flap bend.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ipml386.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Sony\OpenMG Jukebox\Omgtray.exe
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\WINDOWS\System32\PryV.exe
C:\WINDOWS\System32\CcexSa1m.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Mise ā jour XP\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {265AC87B-2268-7E24-81B3-20C0598DA43A} - C:\PROGRA~1\Procbolt\Wave Bore.dll
O2 - BHO: (no name) - {A8CD02AD-5849-4879-B3DA-F1909D46336A} - C:\WINDOWS\System32\dbcanca.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MAIL COAL - {05181416-BC80-E4AC-5814-466EEB04BE70} - C:\PROGRA~1\Procbolt\Wave Bore.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [2TNJ2862J5BEHB] C:\WINDOWS\System32\YtaxK.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [The Skip] C:\PROGRA~1\UPLOAD~1\Data flap bend.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [AutoLoaderoFrr1INkdIaP] "C:\WINDOWS\System32\icmddi.exe" /PC="AM.ALGX" /HideUninstall /HideDir
O4 - HKLM\..\Run: [os8X36Q] icmddi.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [roboex32] C:\WINDOWS\System32\roboex32.exe
O4 - HKCU\..\Run: [ZBr7RWcmi] ipml386.exe
O4 - Startup: Microsoft Outlook.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: OpenMG Jukebox Startup.lnk = C:\Program Files\Sony\OpenMG Jukebox\Omgtray.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Fichiers communs\GMT\GMT.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Organise-notes (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.micros...tes/ieawsdc.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {91BE8DAC-957E-416C-B735-E2B63CDB915B} - http://www.myemessen...etupProject.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8019.2995833333
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab

Thanks for your help

#2 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Global Moderator
  • PipPipPipPipPip
  • 5,365 posts

Posted 16 June 2004 - 08:16 AM

Hi,
You have too many issues to "fix" with just HijackThis.

Uninstall Peper Trojan
http://mjc1.com/file...ts/drpeper.html
Note: make sure you are online when run, then reboot.
Then run it a 2nd time and reboot.


Next: Run both of these, reboot after each.

http://lop.com/toolbar_uninstall.exe
http://lop.com/new_uninstall.exe

Next: Uninstall "Messenger Plus! 2" via Add Remove
Note: that's what installed the C2Media\LOP toolbars, etc.

After the above ...

Download: SpyBot-Search & Destroy 1.3
http://majorgeeks.co...wnload2471.html

Open SpyBot, click "Search for Updates"
Then run a scan, "fix" everything marked in red and reboot.

After the above ...

Important!
Your system is severly out of date!
Visit Windows Update and install all the "Critical Updates"
http://v4.windowsupd.../en/default.asp

After the above, rescan with HijackThis and post a fresh log ...
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#3 piechbi

piechbi

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 16 June 2004 - 05:23 PM

Here is the "fresh" log
I had a problem with the SP1 update of XP
Impossible to install it.

Logfile of HijackThis v1.97.7
Scan saved at 0:21:11, on 17/06/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\MISEĀJ~1\Spyware\PPMemCheck.exe
C:\MISEĀJ~1\Spyware\PPControl.exe
C:\MISEĀJ~1\Spyware\CookiePatrol.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ipml386.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Sony\OpenMG Jukebox\Omgtray.exe
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
C:\WINDOWS\System32\Sohjz4dq.exe
C:\WINDOWS\System32\Hsff.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Mise ā jour XP\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Mise ā jour XP\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [AutoLoaderoFrr1INkdIaP] "C:\WINDOWS\System32\icmddi.exe" /PC="AM.ALGX" /HideUninstall /HideDir
O4 - HKLM\..\Run: [os8X36Q] icmddi.exe
O4 - HKLM\..\Run: [2TNJ2862J5BEHB] C:\WINDOWS\System32\JrhLsOv.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\MISEĀJ~1\Spyware\PPMemCheck.exe
O4 - HKLM\..\Run: [Spyware X-terminator Control Center] C:\MISEĀJ~1\Spyware\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\MISEĀJ~1\Spyware\CookiePatrol.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [roboex32] C:\WINDOWS\System32\roboex32.exe
O4 - HKCU\..\Run: [ZBr7RWcmi] ipml386.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: OpenMG Jukebox Startup.lnk = C:\Program Files\Sony\OpenMG Jukebox\Omgtray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Organise-notes (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.micros...tes/ieawsdc.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {91BE8DAC-957E-416C-B735-E2B63CDB915B} - http://www.myemessen...etupProject.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8019.2995833333
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F06176C-78E7-444D-BFEF-D3CD41FED68C}: NameServer = 62.235.14.4 62.235.13.199

I wait for your comments

#4 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Global Moderator
  • PipPipPipPipPip
  • 5,365 posts

Posted 16 June 2004 - 07:25 PM

Hi,

I had a problem with the SP1 update of XP Impossible to install it.

Why? what problem?

[Step 2]

Download following tool to delete the (Peper trojan) files themselves:
http://mjc1.com/file...pertobackup.exe

Double-click "drpepertobackup.exe" it will self extract to C:\

Then reboot, on restart, restart in Safe Mode (see "How To" below)

In Safe Mode navigate to:

C:\drpeper\Find backup and Delete Peper files.vbs

Doubleclick the "Find backup and Delete Peper files.vbs" file.

Note: If your Antivirus is running a scriptblocker, when you run "Find backup and Delete Peper files.vbs" file, you will recieve an alert warning you that the script is running. "Allow" the script to run.

On the first prompt copy and paste:

Sohjz4dq.exe (then Click Ok)

On the second, paste:

JrhLsOv.exe (then Click Ok)

It will find all the peper files and delete them. Also it makes backups in the same folder. It will open a text file (Peper.txt) with a list of all files deleted.

When finished go to the C:\drpeper folder and locate the peper.txt file. Copy and paste the list from the Peper.txt file here , along with another Hijack This log.
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#5 piechbi

piechbi

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 17 June 2004 - 04:55 PM

Good evening,

Her is the pepper.txt

17/06/2004 21:24:23
C:\WINDOWS\SYSTEM32\HkiX3S.exe
C:\WINDOWS\SYSTEM32\Rgo6Jd19.exe
C:\WINDOWS\SYSTEM32\PtiWzi.exe
C:\WINDOWS\SYSTEM32\Sohjz4dq.exe
C:\WINDOWS\SYSTEM32\BlvD339.exe
C:\WINDOWS\SYSTEM32\Odktr.exe
C:\WINDOWS\SYSTEM32\KsoyX.exe
C:\WINDOWS\SYSTEM32\TafqW2m.exe
C:\WINDOWS\SYSTEM32\Kdf46BY.exe
C:\WINDOWS\SYSTEM32\Cagg2O.exe
C:\WINDOWS\SYSTEM32\YjiWR6u0.exe
C:\WINDOWS\SYSTEM32\Hsff.exe
C:\WINDOWS\SYSTEM32\EgtIq4.exe
C:\WINDOWS\SYSTEM32\OrpePzlc.exe
C:\WINDOWS\SYSTEM32\Ajgw.exe
C:\WINDOWS\SYSTEM32\CcexSa1m.exe
C:\WINDOWS\SYSTEM32\Xtl5.exe
C:\WINDOWS\SYSTEM32\PryV.exe
17/06/2004 21:25:07
C:\WINDOWS\SYSTEM32\Srohe2Nf.exe
C:\WINDOWS\SYSTEM32\Dyf0o5.exe
C:\WINDOWS\SYSTEM32\Jel38T2.exe
C:\WINDOWS\SYSTEM32\Pyr0w1A.exe
C:\WINDOWS\SYSTEM32\VchsYQop.exe
C:\WINDOWS\SYSTEM32\LysXhe2.exe
C:\WINDOWS\SYSTEM32\Eah1q5.exe
C:\WINDOWS\SYSTEM32\Cnta.exe
C:\WINDOWS\SYSTEM32\Gbi2s6.exe
C:\WINDOWS\SYSTEM32\JrhLsOv.exe


And the new HJT log

Logfile of HijackThis v1.97.7
Scan saved at 21:57:35, on 17/06/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\MISEĀJ~1\Spyware\PPMemCheck.exe
C:\MISEĀJ~1\Spyware\PPControl.exe
C:\MISEĀJ~1\Spyware\CookiePatrol.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ipml386.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Sony\OpenMG Jukebox\Omgtray.exe
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
C:\Mise ā jour XP\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Mise ā jour XP\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [AutoLoaderoFrr1INkdIaP] "C:\WINDOWS\System32\icmddi.exe" /PC="AM.ALGX" /HideUninstall /HideDir
O4 - HKLM\..\Run: [os8X36Q] icmddi.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\MISEĀJ~1\Spyware\PPMemCheck.exe
O4 - HKLM\..\Run: [Spyware X-terminator Control Center] C:\MISEĀJ~1\Spyware\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\MISEĀJ~1\Spyware\CookiePatrol.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [roboex32] C:\WINDOWS\System32\roboex32.exe
O4 - HKCU\..\Run: [ZBr7RWcmi] ipml386.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: OpenMG Jukebox Startup.lnk = C:\Program Files\Sony\OpenMG Jukebox\Omgtray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Organise-notes (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.micros...tes/ieawsdc.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {91BE8DAC-957E-416C-B735-E2B63CDB915B} - http://www.myemessen...etupProject.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8019.2995833333
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F06176C-78E7-444D-BFEF-D3CD41FED68C}: NameServer = 62.235.14.4 62.235.13.199

Thanks in advance

It seems to be better...

#6 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Global Moderator
  • PipPipPipPipPip
  • 5,365 posts

Posted 17 June 2004 - 07:59 PM

Hi,
First thing to do is ...

Reconfigure Windows Explorer to show Hidden Files:
Open the Windows Explorer Folder Options - View [tab]:

Scroll down to the "Files and Folders" section.
Select: "Display the contents of system folders".

Scroll down to the "Hidden Files and Folders" section.
Select: "Show hidden files and folders", Ok the prompt
Uncheck: "Hide file extensions for known file types"
Uncheck: "Hide protected operating system files" Ok the Prompt, click Apply

Click the "Apply to all Folders" button. Close Windows Explorer.

Next:

Close all open windows, except for HijackThis place a check in each of the following:
Then click "Fix checked".

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [AutoLoaderoFrr1INkdIaP] "C:\WINDOWS\System32\icmddi.exe" /PC="AM.ALGX" /HideUninstall /HideDir
O4 - HKLM\..\Run: [os8X36Q] icmddi.exe
O4 - HKCU\..\Run: [ZBr7RWcmi] ipml386.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab


Then reboot, on restart, restart in Safe Mode (see "How To" below)

Start | Run (type) "%temp%" (no quotes)
Completely delete the entire contents of that "temp" folder.

Open Windows Explorer locate and delete the following:

C:\WINDOWS\System32\ipml386.exe <--this file
C:\WINDOWS\System32\icmddi.exe <--this file

After the above, reboot, rescan with HijackThis and post a fresh log ...
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#7 piechbi

piechbi

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 18 June 2004 - 03:43 AM

Hi,

Open Windows Explorer locate and delete the following:

C:\WINDOWS\System32\icmddi.exe <--this file

icmddi.exe doesn't exist anymore in C:\WINDOWS\System32.

Here is the fresh log :

Logfile of HijackThis v1.97.7
Scan saved at 10:38:36, on 18/06/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\MISEĀJ~1\Spyware\PPMemCheck.exe
C:\MISEĀJ~1\Spyware\PPControl.exe
C:\MISEĀJ~1\Spyware\CookiePatrol.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Sony\OpenMG Jukebox\Omgtray.exe
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
C:\Mise ā jour XP\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Mise ā jour XP\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\MISEĀJ~1\Spyware\PPMemCheck.exe
O4 - HKLM\..\Run: [Spyware X-terminator Control Center] C:\MISEĀJ~1\Spyware\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\MISEĀJ~1\Spyware\CookiePatrol.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [roboex32] C:\WINDOWS\System32\roboex32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: OpenMG Jukebox Startup.lnk = C:\Program Files\Sony\OpenMG Jukebox\Omgtray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Organise-notes (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.micros...tes/ieawsdc.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {91BE8DAC-957E-416C-B735-E2B63CDB915B} - http://www.myemessen...etupProject.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8019.2995833333
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab

Other things to do ?

Thanks

#8 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Global Moderator
  • PipPipPipPipPip
  • 5,365 posts

Posted 18 June 2004 - 05:56 AM

Hi,

Other things to do ?

"Flush System Restore" (see "How To" below)
Basically turn off System Restore, reboot, run a full (updated) McAfee scan, reboot and turn System Restore back on and create a new Restore Point.

Disabling System Restore (McAfee article)

How To: Scan for unwanted programs (McAfee article)

You still need to visit Windows Update and install all the "Critical Updates" :wave:
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#9 piechbi

piechbi

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 21 June 2004 - 04:42 PM

Still there...

Logfile of HijackThis v1.97.7
Scan saved at 23:40:54, on 21/06/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\MISEĀJ~1\Spyware\PPMemCheck.exe
C:\MISEĀJ~1\Spyware\PPControl.exe
C:\MISEĀJ~1\Spyware\CookiePatrol.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Sony\OpenMG Jukebox\Omgtray.exe
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Mise ā jour XP\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Philippe\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Philippe\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Philippe\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Philippe\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Philippe\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Philippe\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {44280817-71C5-42B3-AA94-C5853C7D1C3E} - C:\WINDOWS\System32\lkigc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Mise ā jour XP\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\MISEĀJ~1\Spyware\PPMemCheck.exe
O4 - HKLM\..\Run: [Spyware X-terminator Control Center] C:\MISEĀJ~1\Spyware\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\MISEĀJ~1\Spyware\CookiePatrol.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [roboex32] C:\WINDOWS\System32\roboex32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: OpenMG Jukebox Startup.lnk = C:\Program Files\Sony\OpenMG Jukebox\Omgtray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.micros...tes/ieawsdc.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {91BE8DAC-957E-416C-B735-E2B63CDB915B} - http://www.myemessen...etupProject.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8019.2995833333
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F06176C-78E7-444D-BFEF-D3CD41FED68C}: NameServer = 62.235.14.4 62.235.13.199

Arrgh...

#10 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Global Moderator
  • PipPipPipPipPip
  • 5,365 posts

Posted 21 June 2004 - 07:32 PM

Hi,

Still there...

No it is not ... previous you had c2Media\LOP and the Peper trojan. Now you have Coolwebsearch (trojan) infection, and why? because it targets unpatched machines, for which you still have not done ...


Create a StartupList log:
Run HijackThis, click the "Config" button
Click the "Misc Tools" button
Select both options "List minor ...", and "List empty ..."
Click the "Generate StartupList log" button
(generates "startuplist.txt") paste that in your next post.

After the above ...

Download > CWShredder v1.58.0
Unzip but do not run it yet ...

Download the latest version of Ad-Aware:
http://www.lavasoft....ftware/adaware/
Note: install and update it, but do not run it yet.

After installing AAW, and before running the program.

Reconfigure Ad-Aware for Full Scan:
Please update the reference file following the instructions here:
http://www.lavahelp....dref/index.html

Launch the program, and click on the Gear at the top of the start screen.

Click the "Scanning" button.
Under Drives & Folders, select "Scan within Archives".
Click "Click here to select Drives + folders" and select your installed hard drives.

Under Memory & Registry, select all options.
Click the "Advanced" button. Under "Log-file detail", select all options.

Click the "Tweaks" button.
Under "Scanning Engine", select the following:
"Include additional Ad-aware settings in logfile" and
"Unload recognized processes during scanning."
Under "Cleaning Engine", select the following:
"Let Windows remove files in use after reboot."
Click on 'Proceed' to save these Preferences.
Please make sure that you activate IN-DEPTH scanning before you proceed.
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button