Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Home Computer Hijack


  • This topic is locked This topic is locked
19 replies to this topic

#1 stewdaddy

stewdaddy

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 01 September 2006 - 06:15 PM

Runs fine, then will just stop and start to lag and lock up and frezzes.
I have just found it is pretty much my mouse just frezzing, if i unplug and re plug my mouse in
it starts working againbut this can be for a very short time, 1-2mins.
Then after that the omputer will start to freeze up.
Please help

Logfile of HijackThis v1.99.1
Scan saved at 10:49:34 AM, on 9/2/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD1BE494-1166-47F7-BC6C-20E8AB840525}: NameServer = 202.27.158.40,202.27.156.72
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: winabt32 - winabt32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSVCCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

Edited by stewdaddy, 02 September 2006 - 03:35 PM.


BC AdBot (Login to Remove)

 


#2 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:17 AM

Posted 08 September 2006 - 12:33 PM

Hello stewdaddy, and welcome to BleepingComputer. I will be handling your log to help you get cleaned up.

Please take note of the following:
1. I will start working on your malware issues, this may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. The process is not instant. Please continue to review my answers until I tell you your machine is clean.
4. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.
5. Please reply to this thread. Do not start a new topic.

Please give me some time to look over your log and I will get back to you as soon as possible.

Thanks,

htv8
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#3 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:17 AM

Posted 08 September 2006 - 02:18 PM

IMPORTANT
Your log shows that you are seriously behind on Windows updates. It is essential that you update your Windows version with Windows XP Service Pack 1a before we continue to help you as the infections could reoccur.

Visit Microsoft's Windows XP Service Pack 1a download site and download and install the update for SP 1a. When it prompts you to reboot, do so.
NOTE: Please do not install Windows XP Service Pack 2 yet, because this can cause troubles if installed on an infected PC.

IMPORTANT
It is important that your computer has an antivirus software running on your machine.
Your log doesn't show an antivirus software running. This is somewhat suicidal in today's digital world. If you have disabled your antivirus software, please re-enable it.
You need to install an antivirus program as soon as you can and run a complete scan of the computer. Please download and install one of these good (and free) products:
- Antivir
- Avast Free
- AVG Free
- Bitdefender Free

Install one of these products and then run a full scan. Let it quarantine/delete anything it finds. Let me know if there is anything that it reports but can not remove.
NOTE: Never install more than one antivirus program on your system. Several together can give problems and decrease the reliability of it seriously.


Now scan with HijackThis again and post a new HijackThis log.
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#4 stewdaddy

stewdaddy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 09 September 2006 - 06:46 AM

Logfile of HijackThis v1.99.1
Scan saved at 11:44:59 PM, on 9/9/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\System32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Sygate\SPF\smc.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\System32\devldr32.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\MSN Messenger\msnmsgr.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
G:\Program Files\RealVNC\VNC4\WinVNC4.exe
G:\WINDOWS\System32\svchost.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
G:\Program Files\Mozilla Firefox\firefox.exe
G:\Program Files\Skype\Phone\Skype.exe
G:\Documents and Settings\kilburn\Desktop\HijackThis.exe

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] G:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [msnmsgr] "G:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Windows Live Search - res://G:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://G:\Program Files\Windows Live Toolbar\Components\en-nz\msntabres.dll.mui/229?6c8bd08e35424961bc8b4099cd910ef0
O8 - Extra context menu item: Open in new foreground tab - res://G:\Program Files\Windows Live Toolbar\Components\en-nz\msntabres.dll.mui/230?6c8bd08e35424961bc8b4099cd910ef0
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - G:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - G:\WINDOWS\web\related.htm
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - G:\Program Files\Sygate\SPF\smc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - G:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

#5 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:17 AM

Posted 09 September 2006 - 11:36 AM

Did you try to update your Windows XP with SP1a? Your log still does not show Windows XP Service Pack 1a installed. Do you have a reason to not update your Windows version?
Do you know if your Windows XP version is legit?
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#6 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:17 AM

Posted 09 September 2006 - 12:10 PM

One more question: did you post the HijackThis log from the same computer, or is it possible that you posted this one from another PC?
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#7 stewdaddy

stewdaddy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 10 September 2006 - 02:11 AM

Same Pc
Fully updated!

Logfile of HijackThis v1.99.1
Scan saved at 7:09:07 PM, on 9/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

#8 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:17 AM

Posted 10 September 2006 - 02:41 AM

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step #1
Please download ewido anti-spyware from the link below and save it to your Desktop.
Download ewido anti-spyware v4.0

Once downloaded, locate the icon on your Desktop and double-click on it to launch the setup program. Follow the on-screen instructions to install ewido anti-spyware.

Before running ewido anti-spyware, it is mandatory that you update its definition files. Follow these instructions to update the program:
1. Start ewido anti-spyware.
2. Click the Update icon at the top of the screen. On the newly presented screen, click the button labelled "Start Update". The update process will start.
3. Once the update has completed, select the Scanner icon at the top of the screen, followed by clicking the Settings tab.
4. In the newly presented screen, click on the link named "Recommended actions" and then select the Quarantine option.
5. Under Reports, select the radio button labelled "Automatically generate report after every scan". Unselect the checkbox labelled "Only if threats were found".
6. Close ewido anti-spyware.

Now reboot your computer into Safe Mode. Restart your computer and gently tap the F8 key repeatedly on your keyboard while starting up until you are presented with a new menu in which you can select the option for Safe Mode using the arrow keys on your keyboard.
For more information on how to boot your computer into Safe Mode, see this reference: How to start Windows into Safe Mode.

When in Safe Mode, please follow these instructions to run ewido anti-spyware:
1. Close all windows so that you have nothing open and lauch ewido-anti-spyware by double-clicking the icon on your Desktop.
2. Click the Scanner icon at the top of the screen and select the Scan tab.
3. Click on the "Complete System Scan" icon and ewido will begin the scanning process. Be patient as this may take some time.
IMPORTANT: Do not open any other windows or programs while ewido anti-spyware is scanning, it may interfere with the scanning proccess.
4. When the scan has finished, ewido will list any infections found on the left-hand side. It should automatically set the recommended action to Quarantine.
5. Click the Apply all actions button. ewido will display "All actions have been applied" on the right-hand side.
6. Click on the button labelled "Save Report", followed by pressing the "Save Report As" button. This will create a text file. Make sure you know where to find this file again.
7. Close ewido anti-spyware.

Please post the entire contents of the saved text file in your next reply.

Step #2
Please run these two free online virus scanners and make sure they are set to clean automatically:
- Trend Micro's HouseCall online virus scan
- Panda Software: Antivirus ActiveScan

You should try to delete any files that these scanners are unable to clean. Then let me know if its working better and what the scans found.

Step #3
Please download Silent Runners.zip from the download link below and save it to your Desktop.
Download Silent Runners.zip

Once it is downloaded, extract the ZIP file to a new folder on your Desktop. Run the Silent Runners.vbs file inside it by double-clicking on it.
NOTE: If your antivirus has a script blocker, you will get a warning asking if you want to allow Silent Runners.vbs to run. This script is not malicious so please allow it.

Once launched, you will receive a prompt: "Skip supplementary searches?". Click the No button. A text file will appear in the Silent Runners folder. Silent Runners is not done yet, so please let it run. (It won't appear to be doing anything)! Once you receive the "All Done!" prompt, open the text file and include the entire contents of that text file in your next reply as well.

Step #4
Scan with HijackThis again and post a new HijackThis log. (Do not forget to include the ewido anti-spyware text file and the Sillent Runners text file in your next reply).
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#9 stewdaddy

stewdaddy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 10 September 2006 - 04:57 AM

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:48:57 PM 9/10/2006

+ Scan result:



:mozilla.40:C:\Documents and Settings\Stewy\Application Data\Mozilla\Firefox\Profiles\2c3liphz.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.51:C:\Documents and Settings\Stewy\Application Data\Mozilla\Firefox\Profiles\2c3liphz.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Stewy\Cookies\stewy@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Stewy\Cookies\stewy@microsoftwlmessengermkt.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Stewy\Cookies\stewy@as-us.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
:mozilla.19:C:\Documents and Settings\Stewy\Application Data\Mozilla\Firefox\Profiles\2c3liphz.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.20:C:\Documents and Settings\Stewy\Application Data\Mozilla\Firefox\Profiles\2c3liphz.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.21:C:\Documents and Settings\Stewy\Application Data\Mozilla\Firefox\Profiles\2c3liphz.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.55:C:\Documents and Settings\Stewy\Application Data\Mozilla\Firefox\Profiles\2c3liphz.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.56:C:\Documents and Settings\Stewy\Application Data\Mozilla\Firefox\Profiles\2c3liphz.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.57:C:\Documents and Settings\Stewy\Application Data\Mozilla\Firefox\Profiles\2c3liphz.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.59:C:\Documents and Settings\Stewy\Application Data\Mozilla\Firefox\Profiles\2c3liphz.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Stewy\Cookies\stewy@trafficmp[1].txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.22:C:\Documents and Settings\Stewy\Application Data\Mozilla\Firefox\Profiles\2c3liphz.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Stewy\Cookies\stewy@zedo[1].txt -> TrackingCookie.Zedo : No action taken.


::Report end


"Silent Runners.vbs", revision 48, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SmcService" = "C:\PROGRA~1\Sygate\SPF\smc.exe -startgui" ["Sygate Technologies, Inc."]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"ATICCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"" [null data]
"!ewido" = ""C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {HKLM...CLSID} = "AVG7 Find Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"
-> {HKLM...CLSID} = "ShellLink for Application References"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References"
-> {HKLM...CLSID} = "Shell Icon Handler for Application References"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "My Sharing Folders"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll" [MS]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Bliss.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
AVG E-mail Scanner, AVGEMS, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]
Messenger Sharing USN Journal Reader service, usnsvc, "C:\WINDOWS\system32\svchost.exe -k usnsvc" {"C:\Program Files\MSN Messenger\usnsvc.dll" [MS]}
Sygate Personal Firewall, SmcService, "C:\Program Files\Sygate\SPF\smc.exe" ["Sygate Technologies, Inc."]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 3 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 8 seconds.
---------- (total run time: 31 seconds)


Logfile of HijackThis v1.99.1
Scan saved at 9:55:22 PM, on 9/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

#10 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:17 AM

Posted 10 September 2006 - 12:18 PM

Please rescan with ewido anti-spyware and follow the instructions I posted so that it quarantines all that it found. (You probably forgot to tell ewido what to do with the bad files).
Do not forget to click the button labelled "Apply all actions" once the scan is finished, otherwise the bad files won't get removed. So please follow my instructions carefully and make sure you set the settings just as written. Once finished, please post the ewido log as a reply to this post, together with a new HijackThis log.
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#11 stewdaddy

stewdaddy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 12 September 2006 - 03:00 AM

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:57:13 PM 9/12/2006

+ Scan result:



:mozilla.40:C:\Documents and Settings\Stewy\Application Data\Mozilla\Firefox\Profiles\2c3liphz.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.41:C:\Documents and Settings\Stewy\Application Data\Mozilla\Firefox\Profiles\2c3liphz.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.69:C:\Documents and Settings\Stewy\Application Data\Mozilla\Firefox\Profiles\2c3liphz.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.34:C:\Documents and Settings\Stewy\Application Data\Mozilla\Firefox\Profiles\2c3liphz.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.35:C:\Documents and Settings\Stewy\Application Data\Mozilla\Firefox\Profiles\2c3liphz.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.36:C:\Documents and Settings\Stewy\Application Data\Mozilla\Firefox\Profiles\2c3liphz.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.37:C:\Documents and Settings\Stewy\Application Data\Mozilla\Firefox\Profiles\2c3liphz.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.73:C:\Documents and Settings\Stewy\Application Data\Mozilla\Firefox\Profiles\2c3liphz.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.74:C:\Documents and Settings\Stewy\Application Data\Mozilla\Firefox\Profiles\2c3liphz.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.75:C:\Documents and Settings\Stewy\Application Data\Mozilla\Firefox\Profiles\2c3liphz.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Stewy\Cookies\stewy@questionmarket[1].txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.77:C:\Documents and Settings\Stewy\Application Data\Mozilla\Firefox\Profiles\2c3liphz.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.39:C:\Documents and Settings\Stewy\Application Data\Mozilla\Firefox\Profiles\2c3liphz.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.


::Report end


Logfile of HijackThis v1.99.1
Scan saved at 7:58:32 PM, on 9/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

#12 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:17 AM

Posted 12 September 2006 - 09:28 AM

Please print out or copy this page to Notepad as you are not able to connect to the Internet when in Safe Mode. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step #1
Please download ATF Cleaner from the link below, but do not use the program yet.
Download ATF Cleaner

Reboot your computer into Safe Mode. Restart your computer and gently tap the F8 key repeatedly on your keyboard while starting up until you are presented with a new menu in which you can select the option for Safe Mode using the arrow keys on your keyboard.
For more information on how to boot your computer into Safe Mode, see this reference: How to start Windows into Safe Mode.

When in Safe Mode, follow these instructions to run ATF Cleaner:
1. Double-click ATF-Cleaner.exe to run the program.
2. Click once on the Main tab at the top of the screen and put a checkmark in the radiobutton labelled "Select All".
3. Then click on the button labelled "Empty Selected".

If you use the Mozilla Firefox browser, please follow these instructions as well:
1. Click once on the Firefox tab at the top of the screen and put a checkmark in the radiobutton labelled "Select All".
2. Then click on the button labelled "Empty Selected". NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser, please follow these instructions as well:
1. Click once on the Opera tab at the top of the screen and put a checkmark in the radiobutton labelled "Select All".
2. Then click on the button labelled "Empty Selected". NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Now click the Exit button on the Main tab to exit the program.

Step #2
Your ewido anti-spyware log still shows that the program did not quarantine all that it found. Please follow these instructions carefully (in Safe Mode) so that it scans and quarantines all the bad files:
1. Close all windows so that you have nothing open and lauch ewido-anti-spyware by double-clicking the icon on your Desktop.
2. Click the Scanner icon at the top of the screen and select the Scan tab.
3. Click on the "Complete System Scan" icon and ewido will begin the scanning process. Be patient as this may take some time.
IMPORTANT: Do not open any other windows or programs while ewido anti-spyware is scanning, it may interfere with the scanning proccess.
4. When the scan has finished, ewido will list any infections found on the left-hand side. It should automatically set the recommended action to Quarantine.
NOTE: If ewido does not automatically set the recommended action to Quarantine, please click on Recommended Action and set it there.
5. Click the "Apply all actions" button. ewido will display "All actions have been applied" on the right-hand side.
6. Click on the button labelled "Save Report", followed by pressing the "Save Report As" button. This will create a text file. Make sure you know where to find this file again.
7. Close ewido anti-spyware and reboot your computer to boot back into normal mode.

Once finished, please post the entire contents of the saved text file in your next reply.

Step #3
Scan with HijackThis again and post a new HijackThis log. Please let me know how your computer is running now.
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#13 stewdaddy

stewdaddy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 13 September 2006 - 09:15 PM

I did not get to do this last night on my computer, i will have a go when i get home tonight, it seemed ok for a bit but now is locking up, by that i mean the mouse and keyboard both stop working.
And if i click on my computer or right click properties, those windows just sit there and stay onto of everything as you are browsing, or doing anything on the computer.

Will do the instructions in the previous post tonight.
Cheers stew

#14 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:17 AM

Posted 16 September 2006 - 01:15 AM

OK. Please let me know how it goes.
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#15 stewdaddy

stewdaddy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 22 September 2006 - 07:28 AM

Everytime i get close to doing those things the computer locks up????
and starts slowing and locks the programs that are scanning half way through etc
This is in both normal and safe mode,




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users