Tech Support banner

Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
1 Posts
Discussion Starter #1
Hey Guys/Gals,

My systems been running kind of slow and I've been receiving thise pesky oinaderserver pop ups....

I've included my Hijackthis and Pandascan report.

Logfile of HijackThis v1.99.1
Scan saved at 6:53:05 PM, on 4/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\??plorer.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sydneyroosters.com.au
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sydneyroosters.com.au
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: ICOOExternal Class - {0519A9C9-064A-4cbc-BC47-D0EACD581477} - C:\Program Files\ICOO Loader\addons\icooue.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ICOODManager Class - {465A59EC-20E5-4fca-A38A-E5EC3C480218} - C:\Program Files\ICOO Loader\addons\icoou.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7BA7118C-F540-FFEB-1A33-D8380039909E} - C:\WINDOWS\system32\vxhhacz.dll
O2 - BHO: (no name) - {7BA7118F-F534-F9EE-1A35-D838713B909B} - C:\WINDOWS\system32\vxhhacz.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Pnda] C:\WINDOWS\system32\??plorer.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.3.1.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124699906375
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

======================================================


Incident Status Location

Adware:Adware/KeenValue No disinfected C:\WINDOWS\system32\vxhhacz.dll
Adware:adware/ncase No disinfected C:\TEMP\salmau.dat
Adware:adware/toprebates No disinfected C:\TEMP\WebRebates_Auto_InstallSilent_Asia.exe
Spyware:spyware/betterinet No disinfected C:\WINDOWS\INF\satmat.inf
Adware:adware/twain-tech No disinfected C:\WINDOWS\satmat.ini
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shoos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-109b2d52-5646e9c1.class
Adware:Adware/CWS No disinfected C:\Documents and Settings\Shoos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-6fd9f626-163f1a62.class
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shoos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-6ac6da25-5b3a7269.class
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shoos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-1f8b980f-589e6741.RB0[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shoos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-3c0efa2b-48f13a04.RB0[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shoos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-5157872c-4296df77.RB0[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shoos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-5157872c-4296df77.RB0[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shoos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-5157872c-4296df77.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shoos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-51b26348-7a15a78c.RB0[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shoos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-6198e311-30bb7201.RB0[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shoos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-7dbaf4a8-58a97a58.RB0[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shoos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1543c252-30269236.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shoos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1543c252-30269236.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shoos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1543c252-30269236.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shoos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1543c252-30269236.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shoos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1f8050ce-2932f615.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shoos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1f8050ce-2932f615.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shoos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1f8050ce-2932f615.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shoos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1f8050ce-2932f615.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shoos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-5b3646cb-608d4d05.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shoos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-5b3646cb-608d4d05.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shoos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-5b3646cb-608d4d05.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shoos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-5b3646cb-608d4d05.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shoos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-7555d8ef-4960975c.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shoos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-7555d8ef-4960975c.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shoos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-7555d8ef-4960975c.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shoos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-7555d8ef-4960975c.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shoos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-7ca79178-48673b56.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shoos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-7ca79178-48673b56.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shoos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-7ca79178-48673b56.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shoos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-7ca79178-48673b56.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shoos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jar-7271642a-4ed30116.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shoos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv659.jar-576b1f2-63c19935.zip[Matrix.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shoos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv659.jar-576b1f2-63c19935.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shoos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv659.jar-576b1f2-63c19935.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Shoos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv659.jar-576b1f2-63c19935.zip[Parser.class]
Adware:Adware/PurityScan No disinfected C:\Documents and Settings\Shoos\Local Settings\Temporary Internet Files\Content.IE5\B74ERMNX\!update-2795[1].0000
Spyware:Spyware/BetterInet No disinfected C:\Documents and Settings\Steve\Local Settings\Temp\satmat.inf
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Steve\Local Settings\Temp\satmat.ini
Adware:Adware/PurityScan No disinfected C:\Program Files\rdso\eetu.exe
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\INF\satmat.inf
Adware:Adware/IPInsight No disinfected C:\WINDOWS\satmat.ini
Adware:Adware/KeenValue No disinfected C:\WINDOWS\SYSTEM32\vxhhacz.dll


Cheers, Ryan....
 

·
Administrator
Joined
·
4,870 Posts
Hello and welcome to TSF

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. If necessary, please ask any questions before proceeding with the procedures below.
_________________________________________________

Download, install,and update Ewido Security Suite
  • Install Ewido Security Suite
  • Launch Ewido, there will be a big E icon on your desktop which you must double-click.
  • The program will prompt you to update so you need to click the OK button
  • The program will take you to the main screen
You must update Ewido with the latest definition files.
  • On the left hand side of the main screen click Update
  • Click on Start
The update will start and a progress bar will show the updates being installed. After the updates are installed, exit Ewido
_________________________________________________

Please download Cleanup! or use this (Alternate Link) if the main link does not work and install it. You will use this later.
_________________________________________________

Open Hijack This and click on Config > Misc Tools

Open the process manager and select the following:-
  • C:\WINDOWS\system32\??plorer.exe

Click Kill process (If it still exists)
_________________________________________________

Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)
  • O2 - BHO: ICOOExternal Class - {0519A9C9-064A-4cbc-BC47-D0EACD581477} - C:\Program Files\ICOO Loader\addons\icooue.dll
    O2 - BHO: ICOODManager Class - {465A59EC-20E5-4fca-A38A-E5EC3C480218} - C:\Program Files\ICOO Loader\addons\icoou.dll
    O2 - BHO: (no name) - {7BA7118C-F540-FFEB-1A33-D8380039909E} - C:\WINDOWS\system32\vxhhacz.dll
    O2 - BHO: (no name) - {7BA7118F-F534-F9EE-1A35-D838713B909B} - C:\WINDOWS\system32\vxhhacz.dll
    O4 - HKCU\..\Run: [Pnda] C:\WINDOWS\system32\??plorer.exe
_________________________________________________

Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears).
_________________________________________________

Uninstall the following programs, if present, using Control Panel > Add/Remove Programs:
  • PurityScan - If it still exists on your system
    ICOO Loader
_________________________________________________

If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools > Folder Options > View tab.
  • Check - Show hidden files and folder
  • Uncheck - Hide file extensions for known types
  • Uncheck - Hide protected operating system files

Click Yes to confirm and then click OK
_________________________________________________

Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.
  • C:\Program Files\ICOO Loader
    C:\WINDOWS\system32\vxhhacz.dll
    C:\WINDOWS\system32\??plorer.exe
_________________________________________________

Run Ewido:
  • Click [Scanner]
  • Click [Complete System Scan] to begin scanning.
  • Click [OK] when prompted to clean files
  • With the first file it prompts to clean, select the option - Perform action on all infections. Choose clean then click [OK].
  • Once finished, click the [Save report] button and save the report to your desktop.
Close Ewido
_________________________________________________

Open Cleanup! by double-clicking the icon on your desktop (or from Start > All Programs). Set the program up as follows:

Click Options
Move the slider button down to Custom CleanUp!

Check the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Uncheck the following :
  • Scan local drives for temporary files

*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will need to use another utility.

Click OK, Press the CleanUp! button to start the program and reboot your system in Normal Mode when prompted.
_________________________________________________


Reboot your system in normal Mode.
_________________________________________________

Please do another online scan at Panda ActiveScan.

Use the free to use active scan link in the right hand corner.

  1. Click on the Scan your PC button & a pop up window shall appear. *Ensure that your pop up blocker doesn't block it*
  2. Click On Next
  3. Enter your e-mail address & click Send. *It will begin downloading Panda's ActiveX controls which are about 8MB in size*
  4. In the next window, & checkmark the following:
    • Disinfect automatically
    • Scan compressed files
    • Scan e-mail files
    • Detect unknown viruses (Heuristic)
    • Detect spyware
  5. Begin the scan by selecting All My Computer

    You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.

  6. If it finds any malware, it will offer you a report. Click on See report
  7. Then click Save report
_________________________________________________

Paste the results of the Ewido Scan and Panda Scan here together with a new HiJack This log.
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top