Please help???? - Free Antivirus Forum

Please help????

BullGuard Antivirus Forum > Virus > Virus Questions > Please help????

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

zeebu
New Member

Date Joined May 2006
Total Posts : 3

Posted 5-23-2006 2:05 (GMT +1)

ok so i dont know a whole lot about computers but im not too bad with them, i stupidly let my nortan run out, and of course i got hit with what i think is a virus.

my screen keeps freezing up then the screen will go black and its fine again, only this happens constantly.

please can someone offer some advice on what is the problem and if there is anything i can do before i can afford to get it fixed and update my security

thanks heaps

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 16319

Posted 5-23-2006 5:14 (GMT +1)

Hi zeebu

I suggest You post a logfile -

1. Download Hijackthis http://castlecops.com/downloads-file-328.html.
To Desktop

2. Unzip it in a permanent folder of your choice, such as C:\HJT\. To create this specific folder on your hard drive: Double click the 'My Computer' icon on your desktop, then under the category hard disk drives: double click Local Disk:, then select file->New -> Folder and name it HJT. Alternatively,you may navigate to the directory of your choice, create a new folder in the same way, and save it there.

3. Next right-click on the HijackThis! Zip file and 'extract all' to the new folder you just created.

To obtain your Reference HijackThis Log:

1. Double click the HijackThis.exe inside to folder to run the program.

2. Choose the "Do a system scan and save a log file." option to perform your scan.

3. HijackThis will analyze your system, and automatically open a notepad textfile containing the HijackThis log when the scan is finished.

Open the text files containing the logs with a text editor and click Edit -> Select All, followed by Edit -> Copy.
From within the browser window and with the message body text box selected, click Edit -> Paste.

Post hijackthis log here

Regards - Touch idea

Please start your own thread by clicking the new topic button. Do NOT post your problem in someone elses thread.

Do not PM me with logfiles. They will be deleted

Before posting a log

zeebu
New Member

Date Joined May 2006
Total Posts : 3

Posted 5-23-2006 12:43 (GMT +1)

i hope i did it right, sorry if i didnt and thanks heaps for helping... i appreciate it heaps..... :-)

logfile of HijackThis v1.99.1
Scan saved at 10:51:45 PM, on 25/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\VVSN\VVSN.exe
C:\Program Files\CashBack\bin\cashback.exe
C:\Program Files\NaviSearch\bin\nls.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DeskAd Service\DeskAdServ.exe
C:\temp\salm.exe
C:\Program Files\DeskAd Service\DeskAdKeep.exe
C:\WINDOWS\system32\SahAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MediaGateway\MediaGateway.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\tanya crough\Application Data\acao.exe
C:\WINDOWS\System32\jtfrhpl.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://thesearchmall.com/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://thesearchmall.com/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://thesearchmall.com/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optusnet.com.au/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://thesearchmall.com/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer from OptusNet
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ohb - {0AEE4D0C-4B38-4196-AE32-70ACE5656647} - C:\WINDOWS\System32\winsrm32.dll (file missing)
O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - (no file)
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: (no name) - {4AF01821-9A11-27C7-D707-64550DA8704F} - C:\WINDOWS\System32\xqbp.dll
O2 - BHO: Habbo Toolbar - {4E7BD74F-2B8D-469E-C0FF-FD63B697BB35} - C:\PROGRA~1\habbobar\habbobar.dll
O2 - BHO: SponsorAdulto Class - {511F9316-771B-4953-A268-1C36DA667FE9} - C:\WINDOWS\SPONSO~1.DLL
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem302.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\Program Files\Bargain Buddy\bin2\apuc.dll (file missing)
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {6EF3AE25-5A7D-40C2-9B44-9ED0068621C0} - (no file)
O3 - Toolbar: TheSearchMall.com Bar - {4B8F38C7-62FC-4762-B9A0-27E63F768167} - C:\WINDOWS\System32\winsrm32.dll (file missing)
O3 - Toolbar: Habbo Toolbar - {4E7BD74F-2B8D-469E-C0FF-FD63B697BB35} - C:\PROGRA~1\habbobar\habbobar.dll
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\TANYAC~1\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [zmrmver] C:\WINDOWS\zmrmver.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\system32\SahAgent.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
O4 - HKCU\..\Run: [LOSVietnam.exe] C:\DOWNLO~1\LOSVIE~1.EXE /r
O4 - HKCU\..\Run: [WormsArmageddon.exe] C:\DOCUME~1\TANYAC~1\Desktop\WORMSA~1.EXE /r
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1057.dll,InstantAccess
O4 - HKCU\..\Run: [Osus] C:\Documents and Settings\tanya crough\Application Data\acao.exe
O4 - HKCU\..\Run: [Mqdszb] C:\WINDOWS\System32\jtfrhpl.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Check For Dope Wars Updates.lnk = C:\Program Files\Dopewars\WiseUpdt.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm185
O8 - Extra context menu item: Ebates - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {7F241C00-DAB6-11d5-AAA8-0001028DF1BC} - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm (file missing) (HKCU)
O10 - Hijacked Internet access by New.Net
O14 - IERESET.INF: START_PAGE_URL=http://www.optusnet.com.au/
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.i-lookup.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.vladzone.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.netpaloffers.net/NetpalOffers/DMO1/sHtdntStnk.cab
O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_cracks.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTInc/ie/bridge-c11.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
O16 - DPF: {26D73573-F1B3-48C9-A989-E6CE071957A1} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1057_XP.cab
O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1048_pack_XP.cab
O16 - DPF: {41D13E9A-BB94-402A-8502-AFA78526B63D} (iiittt Class) - http://www.thesearchmall.com/toolbar/winsrm32.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_5_EN_XP.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Seekmo/ie/bridge-c32.cab
O16 - DPF: {94F5DCB7-816C-4B94-A2C1-856C6E323C5B} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_4_EN_XP.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/ClickYesToContinue/bridge-c1.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://217.73.66.1/minidialler/mddl/AU/910002_adultplex.weg1_.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {D7B59209-0ED9-4986-BD4A-527BE836C6B2} - http://akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1048_XP.cab
O16 - DPF: {DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C} (NSUpdateLiteCtrl Class) - http://204.177.92.201/quickdl/proclaim/NSupd9x.cab
O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} (MoneyTree Dialer) - http://cdn.climaxbucks.com/mt/dialers/fc/UniDist.CAB
O16 - DPF: {FC87A650-207D-4392-A6A1-82ADBC56FA64} (MultiDist) - http://xbs.mtree.com/mt/dialers/fc/MultiDistFC.CAB
O16 - DPF: {FE1A240F-B247-4E06-A600-30E28F5AF3A0} - http://toolbar2.i-lookup.com/toolbar2/windec32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1AEABF8-5C9E-4F16-8089-6EEB1977C863}: NameServer = 203.2.75.132 198.142.0.51
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 16319

Posted 5-23-2006 1:15 (GMT +1)

You´ve done it right , but you have certainly got some infections smilewinkgrin

Please download free Ewido: http://www.spywarefri.dk/downloads1/ewido-setup.exe

When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
From the main Ewido screen, click on update in the left menu, then click the Start update button.
After the update finishes, the status bar at the bottom will display "Update successful"

Exit Ewido. DO NOT run a scan yet.

Ewido is a free trial product for 14 days.

Download Free Trial of Spysweeper

http://www.spywarefri.dk/downloads1/ssf...793616.exe
http://www.spywarefri.dk/downloads1/ssfsetup972_1837793616.exe

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)
You will be prompted to check for updated definitions, please do so.
Update Program, if necessary

(This may take several minutes)

Download and install: http://www.filehippo.com/download_ccleaner/

For a basic version of CCleaner with no Yahoo Toolbar, select the second or third install option as follows:

Even if you selected Option 2 or 3, if you do not want the Yahoo Toolbar installed:

Uncheck "Add CCleaner Yahoo! Toolbar", as it is checked by default during CCleaner Setup

Download the Hoster from here:

Unzip on your Computer
http://www.funkytoad.com/download/hoster.zip
Press 'Restore Original Hosts' and press 'OK'
Exit Program.
Note: if you were using a custom Hosts file you will need to replace any of those entries yourself

Download these::

Lspfix:

http://danborg.org/spy/Newnet/LSPfix.exe
http://www.bleepingcomputer.com/forums/index.php?showtutorial=59 <<Tutorial.

Run LspFix
Click on New.Net on the left window and click on the arrow pointing to the right. Click Finish and follow the prompts

Trusted Zone removal:
Right click http://mvps.org/winhelp2002/DelDomains.inf and select Save As to download WinHelp2002's DelDomains.inf.
Please save the file somewhere you can find it like on the desktop.
To run the inf file, right click on it and select Install.

Go to Start - Control Panel - Add-Remove Programs
Remove the following if found or any variation:

New.Net Domains
habbobar
CashBack
BullsEye Network
MediaGateway
DeskAd Service
Internet Optimizer
NaviSearch

Reboot into Safe Mode by tapping F8 after the BIOS has loaded.
The Windows Advanced Options Menu appears.
Ensure that the Safe mode option is selected.
Press Enter. The computer then begins to start in Safe mode.

Delete the following files or folders (delete item in bold). Please do not be concerned if
any of the items are not found as they may have been automatically removed by actions I had
you take earlier in the cleaning process.

Open Ccleaner.

1. Before first use, check under Options, Advanced, and UNCHECK "Only delete files in Windows Temp folder older than 48 hours".

2. A pop up box will appear advising this process will permanently delete files from your system.

3. Then select the items you wish to clean up.

In the Windows Tab:

Clean all entries in the "Internet Explorer". If you prefer to keep your cookies, uncheck the Cookies entry. Deleting cookies will require re-entry of user names and passwords on next visit to sites that require users log in.

Clean all the entries in the "Windows Explorer" section.

Clean all entries in the "System" section.

Clean all entries in the "Advanced" section.

Clean any others that you choose.

In the Applications Tab:

Clean all (optionally, except cookies) in the Firefox/Mozilla section if you use it.

Clean all in the Opera section if you use it.

Clean Sun Java in the Internet Section.

Clean any others that you choose.

4. Then click the "Run Cleaner" button and it will scan and clean your system. Click exit.

Run Spysweeper:
Click on "Options > Sweep Options" and check "Sweep all Folders on Selected drives". Check "Local Disc C".
Under What to Sweep: check all of the boxes except Sweep Contents of Compressed Files and do not Sweep Systemrestore Folder.

Click on Sweep and allow it to fully scan your system.

When the sweep has finished, click "Remove". Click "Select All" and then "Next".

Exit Spy Sweeper.

Run full scan with Ewido

Click on scanner
Click on Complete System Scan and the scan will begin.
While the scan is in progress you will be prompted to clean files, click OK
When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.

Once the scan has completed, click on the button located on the bottom of the screen named - Save report
Save the report .txt file to your desktop.

Close ewido security suite.

Then reboot normally. Run this scanner: http://www.spywareguide.com/onlinescan.php

Post fresh log from hijackthis and log from Ewido

Regards - Touch idea

Please start your own thread by clicking the new topic button. Do NOT post your problem in someone elses thread.

Do not PM me with logfiles. They will be deleted

Before posting a log

zeebu
New Member

Date Joined May 2006
Total Posts : 3

Posted 5-23-2006 1:28 (GMT +1)

hi thanks

ok so u will have to give me a while for that one, is it ok if i have any questions about any of it i ask...?

i feel as though i might be taking on something a bit big but i definetly want to give it a go.... i hope u can bear with me as u have been a great help so far

thanks again

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 16319

Posted 5-23-2006 1:47 (GMT +1)

Just use the time You need, and feel free to ask smile

Regards - Touch idea

Please start your own thread by clicking the new topic button. Do NOT post your problem in someone elses thread.

Do not PM me with logfiles. They will be deleted

Before posting a log

Forum Information

Currently it is Saturday, November 21, 2009 10:30 AM (GMT +1)
There are a total of 73.028 posts in 17.116 threads.
In the last 3 days there were 14 new threads and 68 reply posts. View Active Threads