Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack Log - after everything else attempted


  • This topic is locked This topic is locked
22 replies to this topic

#1 Huggie Smiles

Huggie Smiles

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 12 July 2004 - 04:25 PM

Hi all

I am running IE6 on XP.

I am recieving pop up ads that ocour when IE is being used - and occasianlly when IE is not open.

these include ad's from: adsspecific.com, nuker.com, pcsecuritysheild.com, 888.com etc etc

I have updated all of the following and run them:

Spybot
Adaware
Mcaffee virus scan
cwshredder

they have not solved the problem.

I have run the latest hijack this and the log is detailed below. I cannot seem to find anything malicious. ANy thought please:

Log for Huggie Smiles:

Logfile of HijackThis v1.98.0
Scan saved at 3:21:28 PM, on 7/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\userinit.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{1676AC09-D476-4F02-8A28-7A2146C8E77D}: NameServer = 128.135.5.5,128.135.12.73
O17 - HKLM\System\CS1\Services\Tcpip\..\{1676AC09-D476-4F02-8A28-7A2146C8E77D}: NameServer = 128.135.5.5,128.135.12.73
O17 - HKLM\System\CS2\Services\Tcpip\..\{1676AC09-D476-4F02-8A28-7A2146C8E77D}: NameServer = 128.135.5.5,128.135.12.73

BC AdBot (Login to Remove)

 


m

#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,389 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:20 AM

Posted 12 July 2004 - 04:40 PM

I agree with you. Everything looks good. You did a good job cleaning it on your own.

Now that you are clean, please follow this simple step and use the following programs:

Visit http://www.windowsupdate.com regularly. This will ensure that you have the latest patches for your operating system installed. If there are new updates to install, install all the critical updates, reboot and revisit the site until there are no more critical updates.

I would strongly advise you download and install SpywareBlaster

Tutorials and download locations for each programs can be found below. They will help to prevent a lot of future reinfections.

Using SpywareBlaster to protect your web browser

#3 Huggie Smiles

Huggie Smiles
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 13 July 2004 - 07:30 AM

I agree with you. Everything looks good. You did a good job cleaning it on your own.

Now that you are clean, please follow this simple step and use the following programs:

Visit http://www.windowsupdate.com regularly. This will ensure that you have the latest patches for your operating system installed. If there are new updates to install, install all the critical updates, reboot and revisit the site until there are no more critical updates.

I would strongly advise you download and install SpywareBlaster

Tutorials and download locations for each programs can be found below. They will help to prevent a lot of future reinfections.

Using SpywareBlaster to protect your web browser

thanks! BUT....

after doing all that I'm still infected with pop up ad's!

I am recieving pop up ads that ocour when IE is being used - and occasianlly when IE is not open.

these include ad's from: adsspecific.com, nuker.com, pcsecuritysheild.com, 888.com etc etc

any idea's please

#4 Huggie Smiles

Huggie Smiles
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 13 July 2004 - 09:06 AM

I agree with you.  Everything looks good.  You did a good job cleaning it on your own.

Now that you are clean, please follow this simple step and use the following programs:

Visit http://www.windowsupdate.com regularly.  This will ensure that you have the latest patches for your operating system installed.  If there are new updates to install, install all the critical updates, reboot and revisit the site until there are no more critical updates.

I would strongly advise you download and install SpywareBlaster

Tutorials and download locations for each programs can be found below. They will help to prevent a lot of future reinfections.

Using SpywareBlaster to protect your web browser

thanks! BUT....

after doing all that I'm still infected with pop up ad's!

I am recieving pop up ads that ocour when IE is being used - and occasianlly when IE is not open.

these include ad's from: adsspecific.com, nuker.com, pcsecuritysheild.com, 888.com etc etc

any idea's please

I manages to stop some of the ads and they often contain the line:

c.qckjmp.com does this help at all?

(google didn't provide much help in the removal of this)

#5 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:20 AM

Posted 13 July 2004 - 09:16 AM

Hi Huggie.
Sounds like you may have VX2 installed. To find out, do this:

Download VX2Finder from this link:
http://download.broadbandmedic.com/VX2Finder(126).exe

Run Vx2Finder and click on the Click to find VX2.BetterInternet button.

Click the Make Log button.

Save the log some place convenient like My Documents. Copy and paste the contents of the log into your next repy here.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#6 Huggie Smiles

Huggie Smiles
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 13 July 2004 - 10:22 AM

Hi Huggie.
Sounds like you may have VX2 installed. To find out, do this:

Download VX2Finder from this link:
http://download.broadbandmedic.com/VX2Finder(126).exe

Run Vx2Finder and click on the Click to find VX2.BetterInternet button.

Click the Make Log button.

Save the log some place convenient like My Documents. Copy and paste the contents of the log into your next repy here.

Hi

The VX2 appears to be at least part of the problem. Todays update of adaware found a bunch too.

from the tool highlighted above - there are two files that come up on each reboot - one file can always be removed and one cannot so far be removed:

the latest log is:

Log for VX2.BetterInternet File Finder (msg126)

Files Found---
C:\WINDOWS\System32\AkVAPI32.DLL

Additional Files---

Keys Under Notify---crypt32chain
Keys Under Notify---cryptnet
Keys Under Notify---cscdll
Keys Under Notify---igfxcui
Keys Under Notify---ScCertProp
Keys Under Notify---Schedule
Keys Under Notify---sclgntfy
Keys Under Notify---SensLogn
Keys Under Notify---termsrv
Keys Under Notify---wlballoon


Guardian Key--- is called:

User Agent String---
{DA4F5416-8596-4C70-9F8D-FD894DDD64CD}




a google search for AkVAPI32.DLL revealed nothing - but my system says its a system file.

Any use? what next?

thanks to all for the help

#7 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:20 AM

Posted 13 July 2004 - 10:39 AM

OK, we're going to use VX2Finder to delete those files and should eliminate VX2 from your system completely if all goes well. Follow these instructions exactly:

Sign off and stay off the internet until the entire following procedure is complete.

Open VX2Finder and click on the Click to find VX2.BetterInternet button.

Put checkmarks by each file found.

Then select the Delete these files button.

You will be left with notice about one file to be deleted on reboot.
It will ask to reboot on deletion of the last file and you should let that happen (Reboot).

After rebooting back into Windows:

Open VX2Finder again and click on these buttons in the right pane (you may have to click the Click to find VX2.BetterInternet for these to be active):

User Agent$
Guardian.reg
Restore Policy

Exit and reboot.

Run Vx2Finder once more and click on the Click to find VX2.BetterInternet button.
Then click Make Log .
Post it here with a fresh HijackThis log please.

Also let us know if you encounter any problems along the way. VX2 is constantly updating into different versions. This new one doesn't use the Guardian key like the former one did, so if the Guardian.reg button is grayed out, don't worry about it.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#8 Huggie Smiles

Huggie Smiles
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 13 July 2004 - 10:56 AM

Hi

thanks - permantely connected thru work - so will have to wait for IS to turn up - maybe (!)

I cannot start xp prof in safe mode either - just tried that.


as a small update - I have now found smileycentral loaded in programs - undetected by anything (!) - :thumbsup:

theres prob a link somewhere on here - i have a look!

thanks - i'll keep you posted - unless you have other suggestions for the immediate time being.

#9 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:20 AM

Posted 13 July 2004 - 11:21 AM

Can you not just unplug from the net without causing problems reconnecting? Will it get you in trouble with your boss? Don't want to get you fired or anything and sorry about my ignorance, but I'm on dialup at home and don't have experience with your situation.

And don't worry about Smiley Central just now. Speedbar, the toolbar that comes along with SC comes bundled with several apps, mostly P2P, but it's fairly benign and hasn't been known to cause popups. You can go to Add/Remove programs to uninstall it and we'll clean up the remnants later with HJT.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#10 Huggie Smiles

Huggie Smiles
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 13 July 2004 - 11:26 AM

Can you not just unplug from the net without causing problems reconnecting? Will it get you in trouble with your boss? Don't want to get you fired or anything and sorry about my ignorance, but I'm on dialup at home and don't have experience with your situation.

And don't worry about Smiley Central just now. Speedbar, the toolbar that comes along with SC comes bundled with several apps, mostly P2P, but it's fairly benign and hasn't been known to cause popups. You can go to Add/Remove programs to uninstall it and we'll clean up the remnants later with HJT.

ummm???? its a university line ; to my knowledge there is no way to start the machine without the net being on. but I'm checking

as for smiley central - add/remove programs does not delete it -its possible its just left over froma previous attempt?

really appreciate your assistance!

#11 Huggie Smiles

Huggie Smiles
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 13 July 2004 - 02:33 PM

Can you not just unplug from the net without causing problems reconnecting?  Will it get you in trouble with your boss?  Don't want to get you fired or anything and sorry about my ignorance, but I'm on dialup at home and don't have experience with your situation.

And don't worry about Smiley Central just now.  Speedbar, the toolbar that comes along with SC comes bundled with several apps, mostly P2P, but it's fairly benign and hasn't been known to cause popups.  You can go to Add/Remove programs to uninstall it and we'll clean up the remnants later with HJT.

ummm???? its a university line ; to my knowledge there is no way to start the machine without the net being on. but I'm checking

as for smiley central - add/remove programs does not delete it -its possible its just left over froma previous attempt?

really appreciate your assistance!

ok - got off line eventually. SO...

Here is the vx2 log - the file named C:\WINDOWS\System32\AkVAPI32.DLL is always there - I cann't delete this!
the other one can be deleted.

Log for VX2.BetterInternet File Finder (msg126)

Files Found---
C:\WINDOWS\System32\AhTXPRXY.DLL
C:\WINDOWS\System32\AkVAPI32.DLL

Additional Files---

Keys Under Notify---crypt32chain
Keys Under Notify---cryptnet
Keys Under Notify---cscdll
Keys Under Notify---igfxcui
Keys Under Notify---ScCertProp
Keys Under Notify---Schedule
Keys Under Notify---sclgntfy
Keys Under Notify---SensLogn
Keys Under Notify---termsrv
Keys Under Notify---wlballoon


Guardian Key--- is called:

User Agent String---
{DA4F5416-8596-4C70-9F8D-FD894DDD64CD}


and here is the hjt log fyi (i don't think its any different)




so I'm still left with file C:\WINDOWS\System32\AkVAPI32.DLL

bastards!



any further help appreciated.

#12 Huggie Smiles

Huggie Smiles
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 13 July 2004 - 02:35 PM

oops forgot hjt log: here it is:

Logfile of HijackThis v1.98.0
Scan saved at 2:30:15 PM, on 7/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\jsalt\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{1676AC09-D476-4F02-8A28-7A2146C8E77D}: NameServer = 128.135.5.5,128.135.12.73
O17 - HKLM\System\CS1\Services\Tcpip\..\{1676AC09-D476-4F02-8A28-7A2146C8E77D}: NameServer = 128.135.5.5,128.135.12.73
O17 - HKLM\System\CS2\Services\Tcpip\..\{1676AC09-D476-4F02-8A28-7A2146C8E77D}: NameServer = 128.135.5.5,128.135.12.73

#13 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:20 AM

Posted 13 July 2004 - 03:28 PM

Hmmm. Are you sure you went thru the entire procedure while you were offline? In other words, you put checks in the boxes by the files, and rebooted to delete the last one? And it wasn't deleted on reboot? Can you confirm for me that you did all that? I'm just trying to understand exactly what happened.

There are other ways to be rid of this thing, but VX2Finder is the easiest and most effective. Until I hear back from you I'll check my sources and see if something has changed.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#14 Huggie Smiles

Huggie Smiles
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 13 July 2004 - 03:40 PM

Hmmm. Are you sure you went thru the entire procedure while you were offline? In other words, you put checks in the boxes by the files, and rebooted to delete the last one? And it wasn't deleted on reboot? Can you confirm for me that you did all that? I'm just trying to understand exactly what happened.

There are other ways to be rid of this thing, but VX2Finder is the easiest and most effective. Until I hear back from you I'll check my sources and see if something has changed.

yep all offline. I printed out your instructions and foolowed them exact. the gurdian option was not availble as you suggested it may not be.

The lan line was pulled from the back of the computer and I could not get online - so I was definetely off line!

thanks

#15 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:20 AM

Posted 13 July 2004 - 04:45 PM

OK, let's try this. It may or may not work.

You mentioned running AdAware. It now has a plug-in to remove VX2.

1. Be sure to update the reference file. The most recent is 01R332 12.07.2004.

2. Reconfigure Ad-Aware for Full Scan as per the following instructions:

* Launch the program, and click on the Gear at the top of the start screen.
* Click the "Scanning" button (On the left side).
* Under Drives & Folders, select "Scan within Archives" (Checked will be indicated by a green circle with a check mark in it, Un-Checked is a red circle with an X in it. If it is greyed out, those features are only available in the retail version.)
* Click "Click here to select Drives + folders" and select your installed hard drives.
* Under Memory & Registry, select all options.
* Click the "Advanced" button (On the left hand side).
* Under "Log-file detail", select all options.
* Click the "Tweak" button (Again, on the left hand side).
* Expand "Scanning Engine" by clicking on the "+" (Plus) symbol and select the following:
o "Include additional Ad-aware settings in logfile"
o "Unload recognized processes during scanning."
* Under "Cleaning Engine", select the following:
o "Automatically try to unregister objects prior to deletion."
o "Let Windows remove files in use after reboot."
* Click on "Proceed" to save these Preferences.
* Click on the "Scan Now" button on the left.
* Under "Select Scan Mode, be sure to select "Use Custom Scanning Options".
* Select "Activate in-Depth scan".

3. Install and run the VX2 Cleaner plug-in

Close Ad-Aware 6.
Download the free VX2 Cleaner here.
Install the VX2 Cleaner.
Start Ad-Aware and click on "Plug-ins".
Select the VX2 Cleaner plug-in and click "Run Plugin".
Select "Clean System".
Reboot your computer.
Scan your computer with Ad-Aware.
Remove any VX2 objects detected.
Reboot your computer again.
Run another scan to make sure the files have been removed from your computer.

4. When through with AdAware open VX2Finder and click the "Find" button again.

5a. If you still have files in the "Files Found---" section:
Make another log and post it here.

5b. If the files there are gone
Click the last three buttons that are available:
User Agent$
Guardian.reg
Restore Policy

Then close VX2Finder, open it again, click Find... then Make Log and post it here.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users