Hi tayspen,
Thank you very much for your help. I followed the steps exactly as you have described. HJT system scan with the 6 items checked ran successfully, and the log is inserted below. However, Ewido ran for almost 2 hours in safe mode, when the following message appeared (there were no other programs running):
ewido 4.0 Exception
Something bad happened in the application.
Error diagostic file saved to
'c:\Program Files\ewido anti-spyware 4.0\ewido.err'
Ewido then closed down. The contents of the ewido.err file is enclosed after the HJT log below.
======== 1. HJT Log ===========================
Logfile of HijackThis v1.99.1
Scan saved at 4:47:10 PM, on 20/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files_Shareware\ProShowGold\ScsiAccess.exe
C:\Program Files_Shareware\Alcohol\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files_Shareware\Alarm\AlarmMonitor.exe
C:\Program Files_Shareware\Alarm\Alarm Tray.exe
C:\WINDOWS\explorer.exe
C:\Program Files_Misc\HiJackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
https://secure.izone.net.au/infinity/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = H L Kwok
N1 - Netscape 4: user_pref("browser.startup.homepage", "
http://home.netscape.com/"); (C:\Program Files\Netscape\Users\default\prefs.js)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files_Shareware\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files_Shareware\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: XBTB09580 - {E9CFF983-9580-4d74-A7BD-FBF10BB2672A} - C:\PROGRA~2\WORDRE~1\WORDRE~1.DLL (file missing)
O3 - Toolbar: WordReferenceFrEn - {5776A2BC-D803-47F6-9DC0-8344DB8D604C} - C:\Program Files_Shareware\WordReferenceFrEn\wordreferenceFrEn.dll (file missing)
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~2\TEXTAL~1\TAForIE.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Microsoft Office 97 Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: =>Anglais - http:\\wordreference.com\fr\en\j\0300.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: k<p>t: &Download && Keep Links - res://C:\Program Files_Shareware\keepoint\KPTSAVE.DLL/DownloadLink.htm
O8 - Extra context menu item: k<p>t: &Download && Keep this Link - res://C:\Program Files_Shareware\keepoint\KPTSAVE.DLL/DownloadOneLink.htm
O8 - Extra context menu item: k<p>t: Keep &Link(s) Only - res://C:\Program Files_Shareware\keepoint\KPTSAVE.DLL/KeepLink.htm
O8 - Extra context menu item: k<p>t: Keep &Page - res://C:\Program Files_Shareware\keepoint\KPTSAVE.DLL/SavePage.htm
O8 - Extra context menu item: k<p>t: Keep Pa&ge+ - res://C:\Program Files_Shareware\keepoint\KPTSAVE.DLL/SavePagePlus.htm
O8 - Extra context menu item: k<p>t: Keep this &Link - res://C:\Program Files_Shareware\keepoint\KPTSAVE.DLL/KeepOneLink.htm
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files_Shareware\Omnipage15\PDFConverter3\IEShellExt.dll /100
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files_Shareware\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {40A8CADD-1707-4556-B644-420AB075B737} - C:\Program Files_Shareware\Flash & Pics Control\fpc.exe (HKCU)
O9 - Extra 'Tools' menuitem: Flash && Pics Control - {40A8CADD-1707-4556-B644-420AB075B737} - C:\Program Files_Shareware\Flash & Pics Control\fpc.exe (HKCU)
O12 - Plugin for .edf: C:\Program Files\Internet Explorer\PLUGINS\NPInfotl.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=https://secure.izone.net.au/infinity/
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) -
http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.co...?1093696491078
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsof...?1122029476546
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} -
http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {AD08A333-609E-11D3-950C-008098601567} -
http://wordreference.com/Install/fren2.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) -
http://lg.home.microsoft.com/search/...chsettings.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Talking Alarm Clock user logon monitor (AlarmClockMonitor) - Cinnamon Software Inc. - C:\Program Files_Shareware\Alarm\AlarmMonitor.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: MediaMax XL Service (MediaMaxXLService) - Unknown owner - C:\Program Files_Shareware\MediaMaxXL\MediaMaxXLService.exe (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files_Shareware\ProShowGold\ScsiAccess.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files_Shareware\Alcohol\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
====== 2. ewido.err contents =======================
//==<ewido anti-spyware 4.0>===================================
Exception code: C0000005 ACCESS_VIOLATION
Fault address: 7C911E58 01:00010E58 C:\WINDOWS\system32\ntdll.dll
Module Date: 08/04/2004 17:56:36
File Version of C:\WINDOWS\system32\ntdll.dll: 5.1.2600.2180
Exception Date: 09/20/2006 19:48:27
File Version of C:\Program Files\ewido anti-spyware 4.0\ewido.exe: 4.0.0.172
MiniDump Information Saved to C:\Program Files\ewido anti-spyware 4.0\ewido.dmp
Registers:
EAX:04B4DFE8
EBX:00FF0000
ECX:04B6BFE8
EDX:00FF0198
ESI:04B4DFE0
EDI:04B4E000
CS:EIP:001B:7C911E58
SS:ESP:0023:03C7635C EBP:03C76368
DS:0023 ES:0023 FS:003B GS:0000
Flags:00010246
Intel specific method
Call stack:
Address Frame Param 0 Param 1 Param 2 Param 3 Logical addr Module
7C911E58 03C76368 04B6BFE8 04B4E000 03C76394 00000000 0001:00010E58 C:\WINDOWS\system32\ntdll.dll
7C918251 03C763A0 05FF0000 00008008 00000000 00008000 0001:00017251 C:\WINDOWS\system32\ntdll.dll
7C911C76 03C765D0 00FF0000 00000000 00008000 00000000 0001:00010C76 C:\WINDOWS\system32\ntdll.dll
10047009 03C7660C 00008000 10047056 00008000 00000000 0001:00046009 C:\Program Files\ewido anti-spyware 4.0\engine.dll
1004702B 03C77678 00001858 03C79C50 00000001 00000001 0001:0004602B C:\Program Files\ewido anti-spyware 4.0\engine.dll
ImageHelp specific method
Call stack:
Address Frame Param 0 Param 1 Param 2 Param 3 Symbol/Logical address
7C911E58 03C76368 04B6BFE8 04B4E000 03C76394 00000000 RtlInitializeCriticalSection+32B
7C918251 03C763A0 05FF0000 00008008 00000000 00008000 RtlReAllocateHeap+854
7C911C76 03C765D0 00FF0000 00000000 00008000 00000000 RtlInitializeCriticalSection+149
10047009 03C7660C 00008000 10047056 00008000 00000000 0001:00046009 C:\Program Files\ewido anti-spyware 4.0\engine.dll
1004702B 03C77678 00001858 03C79C50 00000001 00000001 0001:0004602B C:\Program Files\ewido anti-spyware 4.0\engine.dll
1001ED28 001B7718 001ACF38 00001000 00000000 0018D7D0 InitEngine+E668
001ACF38 000017E0 00000000 00000000 00000000 00000000 <module file name get failed with error 0 for module 00150000>
Loaded Modules:
Base Size Module
00400000 609000 4.00.0000.0172 C:\Program Files\ewido anti-spyware 4.0\ewido.exe
7C900000 0B0000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
7C800000 0F4000 5.01.2600.2945 C:\WINDOWS\system32\kernel32.dll
76BF0000 00B000 5.01.2600.2180 C:\WINDOWS\system32\PSAPI.DLL
10000000 0E3000 4.00.0000.0172 C:\Program Files\ewido anti-spyware 4.0\engine.dll
77F60000 076000 6.00.2900.2937 C:\WINDOWS\system32\SHLWAPI.dll
77DD0000 09B000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
77E70000 091000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
77F10000 047000 5.01.2600.2818 C:\WINDOWS\system32\GDI32.dll
77D40000 090000 5.01.2600.2622 C:\WINDOWS\system32\USER32.dll
77C10000 058000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
71AB0000 017000 5.01.2600.2180 C:\WINDOWS\system32\WS2_32.dll
71AA0000 008000 5.01.2600.2180 C:\WINDOWS\system32\WS2HELP.dll
76B40000 02D000 5.01.2600.2180 C:\WINDOWS\system32\WINMM.dll
7C9C0000 815000 6.00.2900.2951 C:\WINDOWS\system32\SHELL32.dll
76380000 005000 5.01.2600.2180 C:\WINDOWS\system32\MSIMG32.dll
763B0000 049000 6.00.2900.2180 C:\WINDOWS\system32\comdlg32.dll
773D0000 102000 6.00.2900.2180 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll
774E0000 13D000 5.01.2600.2726 C:\WINDOWS\system32\ole32.dll
71AD0000 009000 5.01.2600.2180 C:\WINDOWS\system32\WSOCK32.dll
76D60000 019000 5.01.2600.2912 C:\WINDOWS\system32\iphlpapi.dll
77C00000 008000 5.01.2600.2180 C:\WINDOWS\system32\VERSION.dll
76390000 01D000 5.01.2600.2180 C:\WINDOWS\system32\IMM32.DLL
629C0000 009000 5.01.2600.2180 C:\WINDOWS\system32\LPK.DLL
74D90000 06B000 1.420.2600.2180 C:\WINDOWS\system32\USP10.dll
755C0000 02E000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
5AD70000 038000 6.00.2900.2180 C:\WINDOWS\system32\UxTheme.dll
77B40000 022000 5.01.2600.2180 C:\WINDOWS\system32\appHelp.dll
76FD0000 07F000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
77050000 0C5000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
77120000 08C000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
77A20000 054000 5.01.2600.2180 C:\WINDOWS\System32\cscui.dll
76600000 01D000 5.01.2600.2180 C:\WINDOWS\System32\CSCDLL.dll
77920000 0F3000 5.01.2600.2180 C:\WINDOWS\system32\SETUPAPI.dll
76980000 008000 5.01.2600.2751 C:\WINDOWS\system32\LINKINFO.dll
76990000 025000 5.01.2600.2180 C:\WINDOWS\system32\ntshrui.dll
76B20000 011000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
5B860000 054000 5.01.2600.2952 C:\WINDOWS\system32\NETAPI32.dll
769C0000 0B3000 5.01.2600.2180 C:\WINDOWS\system32\USERENV.dll
71A50000 03F000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
662B0000 058000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
71A90000 008000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
59A60000 0A1000 5.01.2600.2180 C:\WINDOWS\system32\DBGHELP.DLL
================================================
I hope you can make some sense with the info.
Thanks again,
haeleong
Marked Solved 
Offline 
