Help with my spyware problem with HiJackThis log

Forums: Computers
Email this Topic • Print this Page

I have a pretty good virus checker, f-secure. And i stupidly downloaded a music downloader called Morpheus as well. Downloaded one song and a windows pop up came up saying my computer had spyware. since then my internets been slow and im worried someone is pinching my personal details etc... ive tried removing morpheus but the uninstall is not working ( a blank window comes up ), then ive tried searching for the file (supposidly the spyware was a part of P2P networking watever that is!). I tried to delete that but it sed the file was in use! argh!! ive scanned it with spybot and adaware! no luck! please help, ive had absolutley brilliant help from ABLE2KNOW before, and im sure (and hope) i will get brilliant help again! thanks sheo_mac

I was recommened to do a HijackThis scan before so here is my current results to that scan...

Logfile of HijackThis v1.99.1
Scan saved at 11:45:36, on 03/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BBC News alerts\skinkers.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\HJT\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\uk.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BBC News alerts] C:\Program Files\BBC News alerts\skinkers.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE

Confused

Help would be so greatly appreciated! thanks

Topic Stats
Top Replies
Link to this Topic

Type: Discussion • Score: 1 • Views: 4,644 • Replies: 21

No top replies

I wont give you the speech about p2p seems you undertsand it now and it was explained to you in your other topic Very Happy

Yep they're there paly as day but I would like ti see an uninstall list before we get started please,

Start HijackThis
Click on the Config button
Click on the Misc Tools button
Click on the Open Uninstall Manager button.
You can click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into this topic please,

0 Replies

Here is the Uninstall list...thanks!!

Ad-Aware SE Personal
Adobe Photoshop 7.0
Adobe Photoshop 7.0.1
Adobe Reader 6.0
Alchemist version 0.5.1
Audacity 1.2.4
AviSynth 2.5
BBC News alerts (remove only)
BlueSoleil
broadband medic
Championship Manager 99-00
CleanUp!
dBpowerAMP Music Converter
Disney's Magic Artist Studio
DivX
DivX Player
DivX Web Player
EPSON CardMonitor
EPSON PhotoQuicker3.5
EPSON PhotoStarter3.1
EPSON Print CD
EPSON PRINT Image Framer Tool2.1
EPSON Printer Software
ESPR300 Reference Guide
ESPR300 Software Guide
ESPR300 Standalone Guide
FIFA 2005
FinePixViewer Ver.4.0
F-Secure Anti-Virus Client Security - Automatic Update Agent
F-Secure Anti-Virus Client Security - E-Mail Scanning
F-Secure Anti-Virus Client Security - Internet Shield
F-Secure Anti-Virus Client Security - Virus & Spy Protection
FUJIFILM USB Driver
High Definition Audio Driver Package - KB835221
HijackThis 1.99.1
ImageMixer VCD for FinePix
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_04
M318B Digital Video Camera
Macromedia Flash Player 8
Macromedia Shockwave Player
MAGIX music studio generation 6
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft 3D Movie Maker 1.0
Microsoft Office Standard Edition 2003
Microsoft Office XP Professional with FrontPage
Microsoft Publisher 2002
Microsoft Works 7.0
MicroStaff WINASPI NT
Morpheus 5.1 (remove only)
Mozilla Firefox (1.0.6)
MSN Messenger 7.5
Network Play System (Patching)
n-Track Studio 4
P2P Networking
Packard Bell Toolbar 1.0
Panda ActiveScan
Paradise Poker
PIF DESIGNER2.1
Power Tab Editor 1.7
PPLive 1.1.0.7
PSP Video 9 1.74
QuickTime
RAW FILE CONVERTER LE
Realtek High Definition Audio Driver
RegistryFix v5.5
ScanToWeb
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Sonic MyDVD
Sonic RecordNow!
SP2 Connection Patcher
SP2 Connection Patcher
Spybot - Search & Destroy 1.4
SpywareBlaster v3.4
Synacast Plug-in 1.1.0.7
The Sims Livin' it up
The Sims Unleashed
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Virtual Makeover Beauty Sampler
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Yahoo! Messenger

0 Replies

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll

Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Java 2 Runtime Environment, SE v1.4.2_04
Morpheus 5.1 (remove only)
P2P Networking
Paradise Poker <-- These type of programs usual come bundled with crapware, if you installed it and want to contiue using it leave it alone
RegistryFix v5.5 <-- another program usually bundled, if you installed it leave it alone

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\WINDOWS\system32\P2P Networking
C:\Program Files\RXToolBar

After that, Reboot .

Please go HERE to run Panda's ActiveScan

Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Post back a fresh HJT log as well please

0 Replies

Just watching, following along here - looks to me as though you've got a handle on this one, Don (and good to see you back at work :wink: ) ...

I think the PandaScan report might be real useful on this one - just a suspicion - and it'll be interesting to see the next HJT log

A question for you, Don, if you don't mind my asking - howcome no EWIDO scan & log?

0 Replies

When i rebooted in safe mode, it wasnt allowing me to remove morpheus ( a blank window came up and nothing loaded ) , also it would not let me remove "Java 2 Runtime Environment, SE v1.4.2_04" ( an error msg came up ).
but here is the active scan results....

Incident Status Location

Potentially unwanted tool:application/need2find Not disinfected c:\program files\Need2Find
Spyware:spyware/rxtoolbar Not disinfected Windows Registry
Spyware:spyware/virtumonde Not disinfected Windows Registry
Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\SHONA\Cookies\[email protected][2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\SHONA\Cookies\[email protected][2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\SHONA\Cookies\shona@burstnet[1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\SHONA\Cookies\[email protected][1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\SHONA\Desktop\VundoFix.exe[process.exe]
Adware:Adware/YieldManager Not disinfected C:\Documents and Settings\SHONA\Local Settings\Temporary Internet Files\Content.IE5\W9AZC12R\rmtag3[1].js
Hacktool:HackTool/EvID Not disinfected C:\Program Files\Common Files\Synacast\SynaLive\EvID4226Patch.exe
Hacktool:HackTool/EvID Not disinfected C:\Program Files\PPLive TV\SynaLiveSetup.exe[EvID4226Patch.exe]
Spyware:Cookie/Xmts Not disinfected C:\RECYCLER\S-1-5-21-554923394-3531886996-2642605419-1006\Dc129.txt
Spyware:Cookie/2o7 Not disinfected C:\RECYCLER\S-1-5-21-554923394-3531886996-2642605419-1006\Dc15.txt
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\S-1-5-21-554923394-3531886996-2642605419-1006\Dc22.txt
Spyware:Cookie/Belnk Not disinfected C:\RECYCLER\S-1-5-21-554923394-3531886996-2642605419-1006\Dc33.txt
Spyware:Cookie/Enhance Not disinfected C:\RECYCLER\S-1-5-21-554923394-3531886996-2642605419-1006\Dc35.txt
Spyware:Cookie/Belnk Not disinfected C:\RECYCLER\S-1-5-21-554923394-3531886996-2642605419-1006\Dc40.txt
Spyware:Cookie/2o7 Not disinfected C:\RECYCLER\S-1-5-21-554923394-3531886996-2642605419-1006\Dc73.txt
Spyware:Cookie/Mysearch Not disinfected C:\RECYCLER\S-1-5-21-554923394-3531886996-2642605419-1006\Dc77.txt
Spyware:Cookie/Rn11 Not disinfected C:\RECYCLER\S-1-5-21-554923394-3531886996-2642605419-1006\Dc87.txt
Spyware:Cookie/Toplist Not disinfected C:\RECYCLER\S-1-5-21-554923394-3531886996-2642605419-1006\Dc94.txt
Potentially unwanted tool:Application/P2PNetworking Not disinfected C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll
Potentially unwanted tool:Application/RealSpy Not disinfected C:\WINDOWS\system32\actskn45.ocx
Potentially unwanted tool:Application/P2PNetworking Not disinfected C:\WINDOWS\system32\P2P Networking v126.cpl
................

And here is the new Hijack this log...

Logfile of HijackThis v1.99.1
Scan saved at 12:47:19, on 04/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BBC News alerts\skinkers.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\HJT\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\uk.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BBC News alerts] C:\Program Files\BBC News alerts\skinkers.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE

0 Replies

Hang in there, sheo; Don'll be along pretty soon to get you sorted out, I'm sure. The logs you just posted show me pretty much what I expected to see, and I know Don's gonna see the same stuff ... and he's usually easier on folks than I am; he puts you through fewer steps than I tend to prefer, but gets the job done just fine though*.

(* Note to Don: sorta Mr. Green

)

0 Replies

thanks i really appriciated the help!!! Very Happy

0 Replies

appreciate***

0 Replies

LOL Timber's gonna love this Laughing

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click [b]ATF-Cleaner.exe[/b] to run the program. Under [b]Main[/b] choose: [b]Select All[/b] Click the [b]Empty Selected[/b] button. If you use Firefox browser

Click [b]Firefox[/b] at the top and choose: [b]Select All[/b] Click the [b]Empty Selected[/b] button. [b]NOTE:[/b] If you would like to keep your saved passwords, please click [b]No[/b] at the prompt. If you use Opera browser

Click [b]Opera[/b] at the top and choose: [b]Select All[/b] Click the [b]Empty Selected[/b] button. [b]NOTE:[/b] If you would like to keep your saved passwords, please click [b]No[/b] at the prompt. Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Next
Check spybot for updates and run a scan and have it fix all it finds in red,

Reboot your computer,

Next
Please download ewido security suite it is a trial version of the program.

Install ewido security suite
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
Launch ewido, there should be an icon on your desktop double-click it.
The program will now go to the main screen

You will need to update ewido to the latest definition files.

On the left hand side of the main screen click update
Then click on Start Update

The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:

Click on scanner
Click on Complete System Scan and the scan will begin.
While the scan is in progress you will be prompted to clean files, click OK
When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop.

Now close ewido security suite.

Post back the log from Ewido please

0 Replies

Don77 wrote:

LOL Timber's gonna love this

G'mornin' Don ... that's all I'm gonna say Mr. Green

0 Replies

spybot did not let me run its updates, but i still went ahead with the scan, then the ewido scan did not let me update either, saying i needed an internet connection to do so, is this something to do with the problem?
i will go ahead with the scan anyway...without the updates Confused

0 Replies

Here is the ewido scan report, but i couldnt use updates....

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 18:41:43, 04/06/2006
+ Report-Checksum: 914E046E

+ Scan result:

HKLM\SOFTWARE\AKSoft -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} -> Trojan.Conhook.c : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461C-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Cleaned with backup
HKU\S-1-5-21-554923394-3531886996-2642605419-1007\Software\Igor V. Gunko -> Adware.HyperBar : Cleaned with backup
HKU\S-1-5-21-554923394-3531886996-2642605419-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{364B6276-C6C1-40B6-A6D7-6C48871FD707} -> Adware.Accoona : Cleaned with backup
HKU\S-1-5-21-554923394-3531886996-2642605419-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9068A414-3AF9-4F79-AF1C-E6EA415BAF52} -> Adware.Vundo : Cleaned with backup
HKU\S-1-5-21-554923394-3531886996-2642605419-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{364B6276-C6C1-40B6-A6D7-6C48871FD707} -> Adware.Accoona : Cleaned with backup
HKU\S-1-5-21-554923394-3531886996-2642605419-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461C-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Cleaned with backup
HKU\S-1-5-21-554923394-3531886996-2642605419-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9068A414-3AF9-4F79-AF1C-E6EA415BAF52} -> Adware.Vundo : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461C-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Cleaned with backup
C:\Documents and Settings\SHONA\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\SHONA\Cookies\shona@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\RECYCLER\S-1-5-21-554923394-3531886996-2642605419-1006\Dc15.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\S-1-5-21-554923394-3531886996-2642605419-1006\Dc22.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\S-1-5-21-554923394-3531886996-2642605419-1006\Dc23.txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-554923394-3531886996-2642605419-1006\Dc35.txt -> TrackingCookie.Enhance : Cleaned with backup
C:\RECYCLER\S-1-5-21-554923394-3531886996-2642605419-1006\Dc38.txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\RECYCLER\S-1-5-21-554923394-3531886996-2642605419-1006\Dc73.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\S-1-5-21-554923394-3531886996-2642605419-1006\Dc78.txt -> TrackingCookie.Need2find : Cleaned with backup
C:\RECYCLER\S-1-5-21-554923394-3531886996-2642605419-1006\Dc93.txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\RECYCLER\S-1-5-21-554923394-3531886996-2642605419-1006\Dc96.txt -> TrackingCookie.Clickzs : Cleaned with backup

::Report End

0 Replies

please help!!! Confused

0 Replies

anyone there? Sad

0 Replies

Dunno what happened to Don - he's usually pretty good about staying on toppa help requests. Anyhow, if ya wanna take the effort, you can try my procedure - its tedious, but it works -

timber wrote:

The following proceedure is an up-to-date, integrated series of steps designed to preliminarily clean your system (though it is quite likely some cleanup will remain to be done after the first runthrough, which is why the follow-up logs and reports are requested) and to harden it against future infestations. It should be implemented in the order and manner listed. Its tedious, nit-picky, and time-consuming, but it is proven safe, effective, and reliable. Getting rid of yuckware is much more hassle than getting it in the first place, and taking the time and effort to prevent it once you've managed to get rid of it is time and effort well invested.

If you choose to give this method a shot, you should print out these instructions, as the proceedure will require that your machine be offline for several of the steps. Be certain you understand what to do, and how and in what order to do it. If you're unsure of, or have trouble with, anything here, please ask before going on. Also, if any of the supplied links don't work, please let me know.

If you already have installed any of the applications or tools listed below, please uninstall your version, download a fresh version, install, update, and configure as described below.

Again - Print out and fully understand these intructions, and gather all listed downloads before begining

First, gather the downloads and perform the installations and updates as recommended. Just download, install, update and configure these applications, DO NOT RUN ANY OF THEM YET, unless specifically directed otherwise.

Configure Windows Explorer to Show All Files

Be certain you have the latest version of HiJackThis, and that it is installed to a folder of its own either in your Programs file or directly on your root drive (the drive on which Windows is installed, usually "Drive C:\"). If you have already installed HiJackThis, be certain its in its own correctly placed folder, not a user-specific, temporary or desktop folder (to place HJT in its own folder, open Windows Explorer - Windows key + E - locate and select your root drive, the drive on which Windows is installed, and open that folder, right-clicking anywhere in that folder's blank space, select "New">"Folder", name the new folder "HJT", then download and extract, or if you already have the latest version somewhere else move, HJT into that folder). Launch the application, then, from its splash screen, choose "Miscellaneous Tools", or from the main start page, select "Config", then select "Search for updates online", confirm, and be sure your's is the latest version. Don't run a scan or fix anything yet. When running HiJackThis to scan or fix things, run it from its own folder, WITH NO OTHER BROWSERS, WINDOWS, FILESHARING, EMAIL, OR MESSAGING APPLICATIONS OPEN OR RUNNING

Go to Windows Update and check to make certain there are no outstanding Service Packs or High-Priority Updates for your operating system and/or Internet Explorer.

Run the online version of the Microsoft Windows Malicious Software Removal Tool.

Download, install, and update Windows Defender (Beta 2) (this is the successor to Microsoft Antispyware). Be sure to read, understand, and follow the download, installation, and update instructions available on the download page. Do not run the application's scan yet, just download, install, and update it.

Download, install, and update Ewido Anti-malware (the successor to Ewido Security Suite). Again, read, understand, and follow the download, installation, and update instructions available on the download page, and don't run the application's scan yet, just download, install, and update it. Note: when installing/configuring the trial version, do not select the automatic update or real-time protection options.

Download, install, and update Ad-Aware SE Personal. Just install and update it (when the program has installed, click the blue-green "Planet" icon, second from the right at the top of the screen, to run the auto-update function, and follow the prompts to update the application); don't run a scan yet.

When it has updated, click on the orange-ish "Gear Icon" (second-from the left at the top right-hand side of the window) to open the Ad-Aware configuration utility.

Under the "General" tab, all radio buttons should be green; if not, click to activate them.

Click the "Scanning" bar at the left of the page. Under "Drivers, Folders & Files", only the "Scan within archives" button should be green. Under "Memory & Registry", all buttons should be green.

Click the "Advanced" bar. Under "Shell Integration", "Move deleted files to Recycle Bin" should be green, and its your call whether you want to add "Scan with Ad-Aware to Explorer".

Under "Logfile Detail Level", all 3 buttons should be green.

Under "Alternate Data Streams", both buttons should be red.

Skip the "Startup", "Default", and "Interface" bars for now.

Click the "Tweak" bar. Click the plus-sign to open "Scanning Engine". "Unload recognized processes ... ", "Obtain command line ... ", and ""Scan registry for all users ... " should be green, "Run scan as background ...", "Ignore spanned files ...", and "Use permanent ... " may be left red.

Click to open "Cleaning Engine". The first 5 buttons should be green ("Automatically check ...", "Always try ...", "During removal ... ", "Let Windows remove ... ", and "Delete quarantined ..."} should be green, the remaining 3 ("Suppress warning ...", "Suppress progress ..." and "Disable manual ...") should be red.

Skip the remaining bars, click "Proceed", then close Ad-Aware WITHOUT RUNNING A SCAN.

With Ad-Aware closed, download LavaSoft's VX2 Cleaner Plugin, and install it per instructions found on the download page. read the instructions carefully so you'll know how to run the plugin when required. Do not run it, or Ad-Aware SE Personal, yet; just exit back to your desktop.

Download LSP-Fix. Just download it to a convenient-to-find place on your machine (A suitably named new folder your desktop is fine for now); it may or may not be needed, but if it is needed, you'll want to find it easily. Sometimes removal of yuckware will result in your not being able to connect to the internet. If this happens, LSP-Fix should take care of the problem. Be sure to read and understand (good idea to print out) the application's DOCUMENTATION so you know what to do if it becomes necessary.

Download, install, and update Spybot S&D. Just install and update it (when it installs, the program will give you the option to "Download all updates" - let it do so), don't run it yet.

When it installs, the program will give you the option to "Download all updates" - let it do so. It will also step you through a Restore Point/Registry Backup process - follow through with each step Spybot wants you to do when it first installs.

When the program has been installed and updated, select "Immunize", click the green "+" plus-sign symbol at the top of the page to install Spybot's immunization, and follow any prompts.

On that same page, click to place a checkmark in the "Browser Helper to block bad downloads ..." button, then, from the dropdown below that, select "Block all bad pages silently".

At the top left of the main page, click "Mode", then select "Advanced"

Click "Tools", and make sure everything in the right-hand panel EXCEPT "View Report" and "Bug Report" is checkmarked.

Select "Resident" and on that page's right-hand panel, make sure only "Resident SD Helper" is checked, do not activate "Tea Timer"

NOTE: DO NOT SELECT Spybot S&D's "TeaTimer" option at this time; its still sorta buggy, especially with WinXP.

Click "Hosts File", and at the top of that page's right-hand panel, click the green "+" plus-sign to install Spybot S&D's HOSTS list.

Next, click "Settings", then in that page's right-hand panel, select "File Sets"; everything in he right-hand panel under "Spybot - Search and Dstroy" should be checkmarked. "Usage Tracking" is optional and non-critical, but I recommend you select it too; doing so will help keep your machine free of Temporary File clutter.

Click "Ignore Products", and in that page's right-hand panel, under the "All Products" tab, make sure NOTHING is checked

When the configuration has been completed, just close Spybot S&D without running a scan yet.

Download CWShredder, and unzip it to your desktop, but don't run it yet.

Download, install, and update CCleaner[/i][/u] per the instructions on the download page. Just download, install, and update it, don't do anything with it yet; we'll be using it a a few times later in this process.

Download, install, and update Javacool Software's SpyWareBlaster. When the update has completed, select "Enable all protection", and exit back to your desktop. SpywareBlaster does not need to be running for its protection to be active, but you should should launch it at least weekly to check for updates. Read the FAQ HERE

Download the latest version of McAfee/AVERT Stinger - read and understand the instructions for running it, but don't run it yet, just download it to a convenient-to-find location such as an appropriately named folder on your desktop.

Update your own resident anti-virus application, but do not run a scan with it yet; just update it and close the application.

Now, per the instructions for your own resident antivirus and other security/privacy software, and with no other browsers or chat, messaging, or email clients open or running, DISABLE your resident anti-virus and other security/privacy software, then immediately go to TrendMicro HouseCall Free Online Scan and, per the instructions, run the free scan-and-clean process. If when it has finished, it reports it detected but did not remove something, please make careful, exact verbatim note of the item(s) reported - save it to report back here when the time comes.

When you have completed the TrendMicro scan-and-clean, locate and launch CCleaner, and have it run a full cleanup only (do not do anything with "Issues" or "Tools" at this time).

When that has completed, reboot your machine, and, with your resident antivirus and other security/privacy software disabled and no other browsers or chat, messaging, or email clients open or running, go to Panda Free Online Scan, and run the free online scan-and-clean available there. Please save the report it will generate when it has completed; we'll want to see that when the time comes.

IMPORTANT: DISABLE ANY OTHER ANTIVIRUS YOU MAY HAVE ON YOUR MACHINE BEFORE RUNNING ANY OF THE ONLINE SCANS. Also, if you have any popup blocking, adblocking, or actively running antispyware application, disable those as well; they can interfere with online virus scans. Should an online scan report it has detected something it cannot repair or remove, please copy the exact message received, being sure to note the entire name and path of any file mentioned, and save it to post here at the appropriate time.

When that has been done, locate and launch CCleaner once more, again running a full scan-and-clean only.

When that has completed, Boot Into Safe Mode. The following steps are to be carried out in safe mode until the series is completed, and you are advised to reboot normally. If at any time during the process you do reboot, boot back into safemode before proceding with the next step.

Locate and launch Stinger; have it scan-and-clean your system per its instructions. When it has completed, reboot into Safe Mode and run it again. Do not reboot.

While in Safe Mode, locate and launch your own resident antivirus and run a full system scan-and-clean with it. When that has completed, do not reboot.

Next, while still in Safe Mode, locate, launch, and run CWShredder. Select "Fix" and let it run to completion. When it has completed, regardless what it reports, run it in its "Fix Mode" again. Do not reboot.

When that has completed, and while in Safe Mode, locate and launch Ewido Anti-malware, and run a full system scan-and-clean. Have it "Fix" whatever it finds. Please save the report it will generate when it has completed; we will want to see that when the time comes.

When that has completed, and while in Safe Mode, locate and launch Windows Defender, and run a full system scan-and clean with it, having it "Fix" whatever it finds. Again, when it has completed, and while in safe mode, run it a second time.

When that has completed, locate and launch Ad-Aware SE, select and run the VX2 Cleaner Plugin per instructions. When the plugin has completed, run it again. Now, again without rebooting, or if you have rebooted, while running in Safe Mode, run a full-system scan-and-clean with Ad-Aware SE, directing it to remove everything it finds. Once again, without rebooting, run a second full-system scan-and-clean with Ad-Aware SE.

Following the second run of Ad-Aware SE, locate and launch CCleaner once more, and again run a full scan-and-cleanup only.

Now, reboot normally, but DO NOT ALLOW YOUR MACHINE TO CONNECT TO THE INTERNET. If necessary, physically disconnect the cable between your machine and your internet access device or shut off your Wireless Gateway.

When your machine has rebooted, and not connected to the internet, be certain your own resident anti-virus and any other security/privacy software is disabled, then run full system scan and clean proceedures with, in this order:

CWShredder

Ewido Anti-malware (Note: Again please save the report generated when the application has completed)

Windows Defender

Ad-Aware SE (Note: Please also run Ad-Aware SE's VX2 Cleaner pluigin once more as well)

Spybot S&D (Note: Have Spybot S&D "Fix" everything it reports found which it lists in RED, items listed in GREEN are non-critical and your call)

CCleaner

Now, reboot normally once more, and without allowing your machine to connect to the internet, locate and launch HiJackThis. Before running a scan, please have it generate a Startup List by going to the "Miscellaneous Tools" page, placing a checkmark in each of the 2 boxes next to the "Generate StartupList Log" button, then click the button and save the generated report. When that has completed, WITH NO OTHER BROWSERS, WINDOWS, FILESHARING, EMAIL, OR MESSAGING APPLICATIONS OPEN OR RUNNING, click the "Back" button, and have HiJackThis run a scan-and-save-log only - DO NOT "FIX" anything yet.

When that has completed, make sure your resident anti-virus and other security/privacy software are enabled, connect to the internet, navigate back to this thread, and post

The Panda ActiveScan Report

Both the 1st and 2nd Ewido Anti-Malware reports

Any error messages or "Could not remove" reports you may have encountered, if any - please report these verbatim, exactly as they appeared.

The HiJackThis StartupList Log

The HiJackThis Scan Log

You may find it convenient to click "Turn on email updates" down at the bottom right of this page; doing so will cause a notification to be sent to the address you registered with A2K whenever this topic receives a reply.

0 Replies

sheomac did you try to update in safe mode? that may be the reason updates did not run.
Timber is around someplace and don is often busy so be patient it may take a day.
May I suggest you also post another hijack this log from after the ewido and spybot scans this will help show what remains after those programs have done what they were supposed to do.

Don Timber If I am intrefering please tell me to butt out.

EDIT I see timber is ahead of me as usual sheo mac follow timbers instructions they do work well I can vouch for that I had a similar problem with morpheous.

0 Replies

thanks dadpad and timberlandko! i will try those things, i will try anything!! thanks agen! Smile

0 Replies

So sorry,
My son gaduated high school this week and it turned into a whirl wind Shocked

My eyes are a bit sore from the lack of sleep ( ahh the things we do for our kids :wink: )

sheo_mac
Did you try and manually update Ewido ?

0 Replies

ahh its okay Smile

congrats to your son!
i dont know how 2 manually update! Confused

0 Replies

Help with my spyware problem with HiJackThis log

Related Topics

Quick Links

My Account

able2know