Please help a computer novice :)

Question

Nicki 0 Newbie Poster

18 Years Ago

Hi i'm a newbie ;)

I've joined many forum's tryin to get help but not had any luck, so finger's crossed someone on here might be able to help.
Ok sorry if this turn's into an essay but but i want to make it simple for any advice!!
I brought this computer off someone a few month's ago, it was almost new when i got it off them so it DID run like a dream.
I installed AD Aware and Spyware SD which i did run almost everyday, the last few week's my pc has been running really, really slow, i've had load's of pop up's (i've never had any before)
I tried running my spyware and ad aware programe's but for some reason they no longer will run, i get an error saying window's has encountered an error and need's to close.
I've uninstalled them seein as they no longer work so i don't have any spyware programe now.
Also the other day i was browsin the net and i again got the error (windows error, window's need's to shut)
I got the grey box where it give's you the option to send an error report, this i did and was then advised to go to window's live safety centre, whre i then did a free virus scan, it found 1 virus and approx 5000 infected file's.
It then gave me the option to fix these problem's but that won't work either, it just say's not responding.
I've tried the scan several time's but never get no luck.

I've not this pc long and it dosen't have any virus protection on it, i have been tryin to get some but was'nt sure which to get, i'm assuming it's to late now tho and i have a virus? i really hope someone can help before my almost new pc die's :sad:
I really am new to pc's and the internet so if ya can help please explain in dumb people's language :o
The reason i haven't tried to fix this problem by myself is cos i've already broke 4 (yes 4) tower's tryin to sort problem's out by myself cos i hate askin for help but this time i'm bein extra careful.
Sorry again for the essay and the terrible spelling!!!

Thank's for any help in advance, it really is very much appreciated :cheesy:

windows-virus

3 Contributors
17 Replies
417 Views
1 Month Discussion Span
Latest Post 18 Years Ago Latest Post by Nicki

All 17 Replies

shortLived 1 Newbie Poster

18 Years Ago

I think the best option would be a clean reinstall of windows. This is not the easiest but you could do it your self if you have a version of windows available. Which operating system do you have?
I got an old computer from a friend and when I scanned it with Norton it found 47 adware files. I was lucky to be able to remove them all but eventually did a reinstall because it was running so slow.
I like using Norton System works. I like using Norton's "Fire wall" which will be included. You can also get their Internet Security application. These are almost given away at Office Max in September. You can also get them cheap if you purchase Turbo-Tax which will give you a discount on Norton products.
Randy

DMR 152 Wombat At Large

18 Years Ago

Hi Nicki, welcome to DaniWeb :)

We can probably get your system cleaned up without a reinstall or costly repair shop fees; to start with, please do the following:

Download the (free) HijackThis utility:

Once downloaded, follow these instructions to install and run the program:

Create a folder for HJT outside of any Temp/Temporary folders and move/extract HijackThis to that folder now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...".
Save the log in the folder you created for HijackThis; the saved file will be named "hijackthis.log". Open the log file with Windows Notepad, and cut-n-paste the entire contents of the Notepad file here.

The log contents will tell us a lot about what "nasties" have crept into your system, and once we analyse the log we can tell you what to do from there.

DMR 152 Wombat At Large

18 Years Ago

OK- There are actually no indications of malicious infections in your HJT log, although that's not necessarilly an indication that your system is infection-free.

1. In terms of antivirus software, I'd recommend downlaoding and installing AVG Anti-Virus; the program is very good, is updated very regularly, and it doesn't put anywhere near as much of a load on your system as does Norton or McAfee. The version of AVG that I linked to is totally free for personal use.

2. In terms of spyware detection and removal, Ad Aware and SpyBot unfortunately really just aren't keeping up with many of the nastier infections out there right now, but there are alternatives.
If possible, try these general detection and removal procedures and let us know the results:

A) Please visit at least two of the following sites for an online virus scan:

BitDefender Free Online Virus Scan
http://www.bitdefender.com/scan/licence.php
Make sure you tick AutoClean under Scan Options.

Panda ActiveScan
http://www.pandasoftware.com/active...n_principal.htm
Make sure you tick Disinfect automatically under Scan Options.

Housecall at TrendMicro
http://housecall60.trendmicro.com/e...orp.asp?id=scan
Make sure you tick Auto Clean.

eTrust Antivirus Web Scanner
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

Also run this online trojan scanner

TrojanScan

B) You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.

> Download and install the following utilities:

CCleaner - www.ccleaner.com
Webroot Spy Sweeper (14 day free trial) - http://www.webroot.com/shoppingcart...4011&vcode=DT02
Microsoft Anti-Spyware beta - http://www.microsoft.com/downloads/...&displaylang=en
ewido Anti-malware (14 day free trial) - http://www.ewido.net/en/download/

- Open Spy Sweeper, click on "Options", and then click on "Update Definitions" under the Program Options tab. Do not run a scan yet; just close the program once the update completes.

- Open ewido. In the main screen, click "Update" and click "Start Update". After the update process completes, exit from Ewido.

- Open MS Antispyware beta. Make sure the "AntiSpyware Autoupdater" feature is enabled, and that it has downloaded the most current antispyware updates. Close the program after you've verified this.

- Open AVG and make sure that it has the most current virus definitions installed. Again- don't scan yet, just close the program once it's updated.

> Reboot into Safe Mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up) and:

Open CCleaner.
- Go to Options-> Advanced: Uncheck "Only delete files in Windows Temp folders older than 48 hours"
- Go to Options>CustomFolders>Add Folder>Navigate to these folders (click on bold file once and hit OK) :
* C:\Windows\Temp
* C:\Windows\Prefetch
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ (This will delete all your cached internet content including cookies.)
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp
* C:\Documents and Settings\<any other user's Profile>\Local Settings\Temporary Internet Files
* C:\Documents and Settings\<Any other user's Profile>\Local Settings\Temp
* C:\Documents and Settings\<Your Profile>\Cookies
* C:\Documents and Settings\<Any other users Profile>\Cookies
Hit OK

- In left pane, scroll down to "Advanced, Custom Folders", put a check in Custom Folders

- Click on Run Cleaner

It may take a while for the program to perform its cleaning, so be patient. Close the program when it has finished.

- Run AVG, MS Antispyware, and ewido; have the programs fix all malicious items they find.

When ewido finds the first malicious object on your system, it will ask you if it should clean it. When it asks this, put a checkmark in the lower left corner of the box that says "Perform action on all infections", then choose clean and click OK.
Save the log file that ewido will create after it finishes scanning; you'll be including that log in your next post here.

- Run Spy Sweeper.
* Under the Sweep Options tab, select ALL options under 'What to Sweep'.
* Click the "Sweep" icon and then "Start" to begin scanning.
*When the scan completes, click Next to automatically quarantine all detected items.
*Click the Results icon, select Session Log, and then click Save to File. Save the scan results to your desktop and close Spy Sweeper.

> Empty your Recycle Bin, reboot normally, run HijackThis again, and post the new log. Also post the logs that ewido and Spy Sweeper generated.

DMR 152 Wombat At Large

18 Years Ago

Wow thankyou soo much for ya help, i'll do all this tonight when i've got time and give you an update!!

You're welcome; post the results when you can and we'll take it from there.

i will defo be recomendin this site to everyone!!!

Uh-oh! More HijackThis logs to digest.... joy. [img]http://www.stevewolfonline.com/Downloads/DMR/Visuals/eek3.gif[/img]

DMR 152 Wombat At Large

18 Years Ago

I did everythin you told me to do apart from download the virus protection which i will do tomorrow, hopefully i did them right, if it look's like i did somethin wrong just say and i'll start again.

Looks good, although I would like to have seen the ewido log. I'm not sure what happened with the cut-n-paste problem there, but it's no biggie.
Get the anti-virus on there as soon as possible, though!

There are two "loose ends" in your HijackThis log that should be fixed. Run HJT again, put a check mark in the box to the left of the following entries, and then click the "Fix checked" button. Close HJT once it completes the fixes:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

What do i do next and do i keep all this stuff i downloaded to my computer?

* Uninstall Webroot SpySweeper, as it will stop working entirely after the 14 day trial period expires.
* Keep MS Antispyware installed; it provides pretty good "real-time" protection for your system.
* I'd keep ediwo also; it's a very good anti-spyware program. Although its automatic update and auto-protect features will expire after the trial period, the main program can still be used to scan and clean your system; you'll just need to update it manually before scanning.
* I'd keep CCleaner as well; it's a good idea to run a program like that every once in a while just to clean out old/unused files that accumulate over time.

Sorry about all that stuff ive just kindly given you to read

Don't be sorry- posting all of that info was a Good Thing; the more we have to go on the better.

i bet people like me just drive ya crazy don't they :rolleyes: :lol:

Are you kidding? We live for this stuff. (Now if we could only get paid for it as well... :mrgreen: )

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Nicki 0 Newbie Poster · Answer 1 · 2006-02-01T22:02:54+00:00

Nicki 0 Newbie Poster

18 Years Ago

Anyone???? :cry:

Nicki 0 Newbie Poster · Answer 2 · 2006-02-01T22:14:19+00:00

Thankyou for the reply, i don't fancy removin window's myself i'm too dumb lol anyway the person i got my computer off said they didn't get a window's disc with it so i couldn't reinstall even if i wanted to.
Isn't there a simple way of sorting my computer with a virus scan or somethin? or is it not that simple?

Nicki 0 Newbie Poster · Answer 3 · 2006-02-02T03:49:06+00:00

Anyone else have any advice? if not i think i'll just take it to a shop!!

Nicki 0 Newbie Poster · Answer 4 · 2006-02-02T05:41:52+00:00

Logfile of HijackThis v1.99.1
Scan saved at 23:37:31, on 01/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Benji\Desktop\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase3401.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136916354046
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

Hope i've done this right

Nicki 0 Newbie Poster · Answer 5 · 2006-02-02T17:01:46+00:00

Wow thankyou soo much for ya help, i'll do all this tonight when i've got time and give you an update!!

Very, very helpfull site, i will defo be recomendin this site to everyone!!!

Nicki 0 Newbie Poster · Answer 6 · 2006-02-03T04:50:09+00:00

right....this has took me hour's and i'm now ready to throw this computer out of the nearest window lol so i do hope i did everythin right!!!

first i did the free virus scans, no idea if you wwanted the results but i posted them anyway just incase...

BITDEFENDER ONLINE SCAN

Identified Viruses : 2
Infected Files : 4994
Suspect Files : 0
Warnings : 0
Disinfected Files : 0
Deleted Files : 4994

TREND MICRO HOUSE CALL

Virus scan : 1 high risk virus detected (associated virus name JS WONKA.B)
Trojan/worm check : No worm/trojan house detected
Spyware check : 73 low risk spyware programs detected
Microsoft vulnerability check : 1 medium risk detected (IN ASP.NET)

ETRUST ANTIVIRUS SCANNER

2 Viruses were detected...
FILE=mchmrt.dll INFECTION=win32.propo (cannot delete)
FILE=ws2xm/3r.exe INFECTION= win32.propo (deleted)

PANDA ACTIVE SAN

Virus : 0
Spyware : 161
Hacking tools and potentially unwanted tools : 0
Tools : 0
Dialers : 0
Secrurity Risks : 0
Suspicious Files : 0
Jokes : 0

TROJAN SCANNER

1 Malware detected
FILENAME : c:\windows\system32\navshext1.dll
DIAGNOSIS : Adaware.win32.chem.a

i did all the scans so i could make sure i got at least one right lol

Nicki 0 Newbie Poster · Answer 7 · 2006-02-03T04:56:04+00:00

SPY SWEEPER LOG

********
22:10: | Start of Session, 02 February 2006 |
22:10: Spy Sweeper started
22:10: Sweep initiated using definitions version 556
22:10: Starting Memory Sweep
22:11: Memory Sweep Complete, Elapsed Time: 00:00:57
22:11: Starting Registry Sweep
22:11: Found Adware: whenu save
22:11: HKCR\acm.acmfactory\ (5 subtraces) (ID = 773927)
22:11: HKCR\acm.acmfactory.1\ (3 subtraces) (ID = 773933)
22:11: HKCR\clsid\{a9aae1ab-9688-42c5-86f5-c12f6b9015ad}\ (12 subtraces) (ID = 773937)
22:11: HKCR\typelib\{df901432-1b9f-4f5b-9e56-301c553f9095}\ (9 subtraces) (ID = 773950)
22:11: HKCR\appid\acm.dll\ (1 subtraces) (ID = 773960)
22:11: HKLM\software\classes\acm.acmfactory\ (5 subtraces) (ID = 773964)
22:11: HKLM\software\classes\acm.acmfactory.1\ (3 subtraces) (ID = 773970)
22:11: HKLM\software\classes\appid\{127df9b4-d75d-44a6-af78-8c3a8ceb03db}\ (1 subtraces) (ID = 773976)
22:11: HKLM\software\classes\clsid\{a9aae1ab-9688-42c5-86f5-c12f6b9015ad}\ (12 subtraces) (ID = 773979)
22:11: HKLM\software\classes\typelib\{df901432-1b9f-4f5b-9e56-301c553f9095}\ (9 subtraces) (ID = 773992)
22:11: Found Adware: systemprocess
22:11: HKLM\software\microsoft\windows\currentversion\uninstall\startup\ (2 subtraces) (ID = 860412)
22:11: HKU\WRSS_Profile_S-1-5-21-442178787-4249630143-1500455194-1007\software\system process\ (1 subtraces) (ID = 860389)
22:11: HKU\WRSS_Profile_S-1-5-21-442178787-4249630143-1500455194-1007\software\system process\ || lastptime (ID = 860390)
22:11: Registry Sweep Complete, Elapsed Time:00:00:13
22:11: Starting Cookie Sweep
22:11: Found Spy Cookie: 64.62.232 cookie
22:11: [email]benji@64.62.232[2].txt[/email] (ID = 1987)
22:11: [email]benji@64.62.232[3].txt[/email] (ID = 1987)
22:11: Found Spy Cookie: 888 cookie
22:11: [email]benji@888[1].txt[/email] (ID = 2019)
22:11: [email]benji@888[2].txt[/email] (ID = 2019)
22:11: Found Spy Cookie: websponsors cookie
22:11: [email]benji@a.websponsors[2].txt[/email] (ID = 3665)
22:11: Found Spy Cookie: aa cookie
22:11: [email]benji@aa[2].txt[/email] (ID = 2029)
22:11: Found Spy Cookie: about cookie
22:11: [email]benji@about[1].txt[/email] (ID = 2037)
22:11: Found Spy Cookie: adknowledge cookie
22:11: [email]benji@adknowledge[1].txt[/email] (ID = 2072)
22:11: Found Spy Cookie: adlegend cookie
22:11: [email]benji@adlegend[1].txt[/email] (ID = 2074)
22:11: Found Spy Cookie: hbmediapro cookie
22:11: [email]benji@adopt.hbmediapro[2].txt[/email] (ID = 2768)
22:11: Found Spy Cookie: hotbar cookie
22:11: [email]benji@adopt.hotbar[2].txt[/email] (ID = 4207)
22:11: Found Spy Cookie: sharewareonline cookie
22:11: [email]benji@adserver.sharewareonline[1].txt[/email] (ID = 3366)
22:11: Found Spy Cookie: apmebf cookie
22:11: [email]benji@apmebf[1].txt[/email] (ID = 2229)
22:11: Found Spy Cookie: aptimus cookie
22:11: [email]benji@aptimus[1].txt[/email] (ID = 2233)
22:11: Found Spy Cookie: belnk cookie
22:11: [email]benji@ath.belnk[1].txt[/email] (ID = 2293)
22:11: Found Spy Cookie: atwola cookie
22:11: [email]benji@atwola[1].txt[/email] (ID = 2255)
22:11: Found Spy Cookie: azjmp cookie
22:11: [email]benji@azjmp[1].txt[/email] (ID = 2270)
22:11: Found Spy Cookie: a cookie
22:11: [email]benji@a[1].txt[/email] (ID = 2027)
22:11: Found Spy Cookie: bannerspace cookie
22:11: [email]benji@bannerspace[1].txt[/email] (ID = 2284)
22:11: [email]benji@beauty.about[1].txt[/email] (ID = 2038)
22:11: [email]benji@belnk[1].txt[/email] (ID = 2292)
22:11: Found Spy Cookie: bizrate cookie
22:11: [email]benji@bizrate[1].txt[/email] (ID = 2308)
22:11: Found Spy Cookie: bravenet cookie
22:11: [email]benji@bravenet[1].txt[/email] (ID = 2322)
22:11: Found Spy Cookie: gostats cookie
22:11: [email]benji@c3.gostats[1].txt[/email] (ID = 2748)
22:11: Found Spy Cookie: cassava cookie
22:11: [email]benji@cassava[1].txt[/email] (ID = 2362)
22:11: Found Spy Cookie: ccbill cookie
22:11: [email]benji@ccbill[2].txt[/email] (ID = 2369)
22:11: [email]benji@chineseculture.about[2].txt[/email] (ID = 2038)
22:11: [email]benji@compnetworking.about[1].txt[/email] (ID = 2038)
22:11: Found Spy Cookie: go.com cookie
22:11: [email]benji@disney.go[1].txt[/email] (ID = 2729)
22:11: [email]benji@dist.belnk[1].txt[/email] (ID = 2293)
22:11: Found Spy Cookie: adbureau cookie
22:11: [email]benji@etype.adbureau[2].txt[/email] (ID = 2060)
22:11: Found Spy Cookie: exitexchange cookie
22:11: [email]benji@exitexchange[1].txt[/email] (ID = 2633)
22:11: Found Spy Cookie: fortunecity cookie
22:11: [email]benji@fortunecity[2].txt[/email] (ID = 2686)
22:11: [email]benji@forums.go[1].txt[/email] (ID = 2729)
22:11: Found Spy Cookie: gamespy cookie
22:11: [email]benji@gamespy[1].txt[/email] (ID = 2719)
22:11: [email]benji@gostats[2].txt[/email] (ID = 2747)
22:11: [email]benji@go[2].txt[/email] (ID = 2728)
22:11: Found Spy Cookie: screensavers.com cookie
22:11: [email]benji@i.screensavers[2].txt[/email] (ID = 3298)
22:11: Found Spy Cookie: domainsponsor cookie
22:11: [email]benji@landing.domainsponsor[2].txt[/email] (ID = 2535)
22:11: [email]benji@math.about[1].txt[/email] (ID = 2038)
22:11: Found Spy Cookie: maxserving cookie
22:11: [email]benji@maxserving[1].txt[/email] (ID = 2966)
22:11: [email]benji@network.aptimus[2].txt[/email] (ID = 2235)
22:11: Found Spy Cookie: partypoker cookie
22:11: [email]benji@partypoker[1].txt[/email] (ID = 3111)
22:11: Found Spy Cookie: passion cookie
22:11: [email]benji@passion[1].txt[/email] (ID = 3113)
22:11: [email]benji@pregnancy.about[2].txt[/email] (ID = 2038)
22:11: Found Spy Cookie: realmedia cookie
22:11: [email]benji@realmedia[2].txt[/email] (ID = 3235)
22:11: [email]benji@register.go[1].txt[/email] (ID = 2729)
22:11: Found Spy Cookie: rn11 cookie
22:11: [email]benji@rn11[2].txt[/email] (ID = 3261)
22:11: Found Spy Cookie: seeq cookie
22:11: [email]benji@seeq[1].txt[/email] (ID = 3331)
22:11: Found Spy Cookie: dealtime cookie
22:11: [email]benji@stat.dealtime[2].txt[/email] (ID = 2506)
22:11: Found Spy Cookie: reliablestats cookie
22:11: [email]benji@stats1.reliablestats[2].txt[/email] (ID = 3254)
22:11: Found Spy Cookie: tickle cookie
22:11: [email]benji@tickle[1].txt[/email] (ID = 3529)
22:11: Found Spy Cookie: toplist cookie
22:11: [email]benji@toplist[2].txt[/email] (ID = 3557)
22:11: Found Spy Cookie: tripod cookie
22:11: [email]benji@tripod[1].txt[/email] (ID = 3591)
22:11: [email]benji@umstreet.adbureau[2].txt[/email] (ID = 2060)
22:11: Found Spy Cookie: webpower cookie
22:11: [email]benji@webpower[1].txt[/email] (ID = 3660)
22:11: [email]benji@www.888[1].txt[/email] (ID = 2020)
22:11: [email]benji@www.screensavers[1].txt[/email] (ID = 3298)
22:11: [email]benji@www48.seeq[1].txt[/email] (ID = 3332)
22:11: Found Spy Cookie: xiti cookie
22:11: [email]benji@xiti[1].txt[/email] (ID = 3717)
22:11: Found Spy Cookie: zedo cookie
22:11: [email]benji@zedo[2].txt[/email] (ID = 3762)
22:11: Cookie Sweep Complete, Elapsed Time: 00:00:05
22:11: Starting File Sweep
22:12: Found System Monitor: cybervizion keylogger
22:12: _isreg32.dll (ID = 163284)
22:13: Found Adware: apropos
22:13: wingenerics.dll (ID = 50187)
22:13: ustart.exe (ID = 161346)
22:17: File Sweep Complete, Elapsed Time: 00:05:18
22:17: Full Sweep has completed. Elapsed time 00:06:39
22:17: Traces Found: 140
22:18: Removal process initiated
22:18: Quarantining All Traces: whenu save
22:18: Quarantining All Traces: systemprocess
22:19: Quarantining All Traces: 64.62.232 cookie
22:19: Quarantining All Traces: 888 cookie
22:19: Quarantining All Traces: websponsors cookie
22:19: Quarantining All Traces: aa cookie
22:19: Quarantining All Traces: about cookie
22:19: Quarantining All Traces: adknowledge cookie
22:19: Quarantining All Traces: adlegend cookie
22:19: Quarantining All Traces: hbmediapro cookie
22:19: Quarantining All Traces: hotbar cookie
22:19: Quarantining All Traces: sharewareonline cookie
22:19: Quarantining All Traces: apmebf cookie
22:19: Quarantining All Traces: aptimus cookie
22:19: Quarantining All Traces: belnk cookie
22:19: Quarantining All Traces: atwola cookie
22:19: Quarantining All Traces: azjmp cookie
22:19: Quarantining All Traces: a cookie
22:19: Quarantining All Traces: bannerspace cookie
22:19: Quarantining All Traces: bizrate cookie
22:19: Quarantining All Traces: bravenet cookie
22:19: Quarantining All Traces: gostats cookie
22:19: Quarantining All Traces: cassava cookie
22:19: Quarantining All Traces: ccbill cookie
22:19: Quarantining All Traces: go.com cookie
22:19: Quarantining All Traces: adbureau cookie
22:19: Quarantining All Traces: exitexchange cookie
22:19: Quarantining All Traces: fortunecity cookie
22:19: Quarantining All Traces: gamespy cookie
22:19: Quarantining All Traces: screensavers.com cookie
22:19: Quarantining All Traces: domainsponsor cookie
22:19: Quarantining All Traces: maxserving cookie
22:19: Quarantining All Traces: partypoker cookie
22:19: Quarantining All Traces: passion cookie
22:19: Quarantining All Traces: realmedia cookie
22:19: Quarantining All Traces: rn11 cookie
22:19: Quarantining All Traces: seeq cookie
22:19: Quarantining All Traces: dealtime cookie
22:19: Quarantining All Traces: reliablestats cookie
22:19: Quarantining All Traces: tickle cookie
22:19: Quarantining All Traces: toplist cookie
22:19: Quarantining All Traces: tripod cookie
22:19: Quarantining All Traces: webpower cookie
22:19: Quarantining All Traces: xiti cookie
22:19: Quarantining All Traces: zedo cookie
22:19: Quarantining All Traces: cybervizion keylogger
22:19: Quarantining All Traces: apropos
22:19: Removal process completed. Elapsed time 00:00:44
********
22:09: | Start of Session, 02 February 2006 |
22:09: Spy Sweeper started
22:09: Program Version 4.5.9 (Build 709) Using Spyware Definitions 556
22:10: | End of Session, 02 February 2006 |

I'm not sure how to post the Ewido log cos it won't let me copy it to paste it here.

Nicki 0 Newbie Poster · Answer 8 · 2006-02-03T04:57:49+00:00

new hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 22:29:00, on 02/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Benji\Desktop\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase3401.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136916354046
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

Nicki 0 Newbie Poster · Answer 9 · 2006-02-03T05:00:25+00:00

I did everythin you told me to do apart from download the virus protection which i will do tomorrow, hopefully i did them right, if it look's like i did somethin wrong just say and i'll start again.

What do i do next and do i keep all this stuff i downloaded to my computer?

Woo Hoo i've been on the net now for about 20 mins and not one pop up and its runnin lots faster, looks like im gettin there thanks to you :D

Sorry about all that stuff ive just kindly given you to read, i bet people like me just drive ya crazy don't they :rolleyes: :lol:

Nicki 0 Newbie Poster · Answer 10 · 2006-02-21T03:06:11+00:00

lol ye you should defo get paid!!!
Sorry i just vanished my internet went down for some strange reason, ill finish doin what ya told me to do tomorrow now that im back up and runnin :)

DMR 152 Wombat At Large Team Colleague · Answer 11 · 2006-02-21T08:40:24+00:00

OK- get the anti-virus installed ASAP, and be sure to let us know if you notice any further problems. :)

Nicki 0 Newbie Poster · Answer 12 · 2006-03-14T16:13:13+00:00

ok i've done everythin now, big massive thankyou for ya help, i appreciate it lots.

Mega site!!!! :)

Please help a computer novice :)

Recommended Answers Collapse Answers

All 17 Replies

Recommended Answers