Karl`s PC Help Forums

Not a valid....BUG help plz
MTM - 26-12-2007 at 14:56

Hi all, I hope someone can help me. I've been a getting the "This is not a valid...." message for quite a while now and would appreciate help with how to remove this bug/virus from my pc. I started the follwoing scan with a free download online:

Wednesday, December 26, 2007 2:51:19 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/12/2007
Kaspersky Anti-Virus database records: 494133


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target Critical Areas
C:WINDOWS
C:DOCUME~1MARTIN~1LOCALS~1Temp

Scan Statistics
Total number of scanned objects 23125
Number of viruses found 3
Number of infected objects 8
Number of suspicious objects 0
Duration of the scan process 00:26:02

Infected Object Name Virus Name Last Action
C:WINDOWSDebugPASSWD.LOG Object is locked skipped

C:WINDOWSModemLog_Smart Link 56K Modem.txt Object is locked skipped

C:WINDOWSRegistration{02D4B3F1-FD88-11D1-960D-00805FC79235}.{430F1C1F-F730-4B95-84ED-CB24D9DF10C3}.crmlog Object is locked skipped

C:WINDOWSSchedLgU.Txt Object is locked skipped

C:WINDOWSSoftwareDistributionDataStoreDataStore.edb Object is locked skipped

C:WINDOWSSoftwareDistributionDataStoreLogsedb.log Object is locked skipped

C:WINDOWSSoftwareDistributionDataStoreLogstmp.edb Object is locked skipped

C:WINDOWSSoftwareDistributionEventCache{DDE4DC89-FAE4-40B2-9856-03F0AE61E2E0}.bin Object is locked skipped

C:WINDOWSSoftwareDistributionReportingEvents.log Object is locked skipped

C:WINDOWSSti_Trace.log Object is locked skipped

C:WINDOWSsystem32CatRoot2edb.log Object is locked skipped

C:WINDOWSsystem32CatRoot2tmp.edb Object is locked skipped

C:WINDOWSsystem32configAppEvent.Evt Object is locked skipped

C:WINDOWSsystem32configDEFAULT Object is locked skipped

C:WINDOWSsystem32configdefault.LOG Object is locked skipped

C:WINDOWSsystem32configMedia Ce.evt Object is locked skipped

C:WINDOWSsystem32configSAM Object is locked skipped

C:WINDOWSsystem32configSAM.LOG Object is locked skipped

C:WINDOWSsystem32configSecEvent.Evt Object is locked skipped

C:WINDOWSsystem32configSECURITY Object is locked skipped

C:WINDOWSsystem32configSECURITY.LOG Object is locked skipped

C:WINDOWSsystem32configSOFTWARE Object is locked skipped

C:WINDOWSsystem32configsoftware.LOG Object is locked skipped

C:WINDOWSsystem32configSysEvent.Evt Object is locked skipped

C:WINDOWSsystem32configSYSTEM Object is locked skipped

C:WINDOWSsystem32configsystem.LOG Object is locked skipped

C:WINDOWSsystem32configsystemprofileLocal SettingsTempbar.0MWSSRCSP.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:WINDOWSsystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE537NDGC2Ehelp[1].htm Infected: Exploit.VBS.Phel.a skipped

C:WINDOWSsystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE56DK5KHE3help[1].htm Infected: Exploit.VBS.Phel.a skipped

C:WINDOWSsystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE56DK5KHE3wbk37.tmp Infected: Exploit.VBS.Phel.i skipped

C:WINDOWSsystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE5M6F1EDG9help[1].htm Infected: Exploit.VBS.Phel.a skipped

C:WINDOWSsystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE5YBGLAPQLhelp[1].htm Infected: Exploit.VBS.Phel.a skipped

C:WINDOWSsystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE5YBGLAPQLwbk39.tmp Infected: Exploit.VBS.Phel.i skipped

C:WINDOWSsystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE5YBGLAPQLwbk3B.tmp Infected: Exploit.VBS.Phel.i skipped

C:WINDOWSsystem32h323log.txt Object is locked skipped

Scan was interrupted by user!


Daz - 27-12-2007 at 01:13

Click HERE to see instructions on posting a Hijack This log which will help our resident expert advise you further...

It might also be advisable to allow an online scan, like you started above, to complete...

Kaspersky is a very well respected site so you should be able trust it's results. It can be a long process, but it is important to let it complete...

Another recommended site is Trend's online scanner.... Available HERE


Pancake - 27-12-2007 at 04:29

Please download the http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe]OTMoveIt by OldTimer

Save it to your desktop.

Please double-click OTMoveIt.exe to run it

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):



Quote:

C:WINDOWSsystem32configsystemprofileLocal SettingsTempbar.0MWSSRCSP.EXE




Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.

Click the red Moveit! button.

Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

================================================

Empty your temp internet files.....



1) Open Internet Explorer and click on Tools
2) Click on Internet Options
3) On the General Tab, in the middle of the screen, click on Delete Files
4) You may also want to check the box "Delete all offline content"
5) Click on OK and wait for the hourglass icon to stop after it deletes the temporary internet files
6) You can now click on Delete Cookies and click OK to delete cookies that websites have placed on your hard drive.

To clear the Internet History in IE:

1) Open Internet Explorer and click on Tools
2) Click on Internet Options
3) On the General Tab, in the middle of the screen, click on Clear History
4) Click OK

To clean up other temporary files on your computer:

1) Click Start, Programs (or All Programs), Accessories, System Tools, Disk Cleanup
2) Choose the correct drive usually C:
3) Check the boxes in the list and delete the files


scholar - 27-12-2007 at 04:53

MTM, welcome!waveysmiley

Pancake is the expert to which Daz referred. Follow his advice in every detail, and you will be fine.:D

I hope you'll look around here and make some posts in whatever areas interest you. We are mostly a friendly, helpful group, of great diversity. You are the only one who can bring your experience, your sense of humor, and your viewpoint to our group. Whether about computers, or pets, or discussion, or light-hearted chat, we'll be glad to hear what you have to say. Many of us came with a computer problem, originally, made some posts and some friends, and stayed.waveysmiley


MTM - 27-12-2007 at 10:40

Thanks to all of you - I'm going to try and do what Pancake has advised.

Cheers


Martin


MTM - 27-12-2007 at 10:56

I was convinced that was going to work! I did what you said Pancake so what I'll do is create another Kaspersky log and let it complete this time and hopefully you can help further.

ps. I know it didn't work because I always get the error message when I start up AOL. I closed it down and started it up again and the message reappeared. Will do the log now.


Martin


MTM - 27-12-2007 at 10:58

Ok - scan is underway - I selected 'critical areas' which is where the above problems were found previously.


MTM - 27-12-2007 at 12:24

There you go guys, hope you can help me further.


Thursday, December 27, 2007 12:23:07 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 27/12/2007
Kaspersky Anti-Virus database records: 496390


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target Critical Areas
C:WINDOWS
C:DOCUME~1MARTIN~1LOCALS~1Temp

Scan Statistics
Total number of scanned objects 33998
Number of viruses found 3
Number of infected objects 8
Number of suspicious objects 0
Duration of the scan process 00:24:33

Infected Object Name Virus Name Last Action
C:WINDOWSDebugPASSWD.LOG Object is locked skipped

C:WINDOWSModemLog_Smart Link 56K Modem.txt Object is locked skipped

C:WINDOWSRegistration{02D4B3F1-FD88-11D1-960D-00805FC79235}.{7C9FDDA3-8070-498D-9DCC-679A9EFCEBBD}.crmlog Object is locked skipped

C:WINDOWSSchedLgU.Txt Object is locked skipped

C:WINDOWSSoftwareDistributionEventCache{D313885D-DA03-44E7-954D-E682C4BA4DDB}.bin Object is locked skipped

C:WINDOWSSoftwareDistributionReportingEvents.log Object is locked skipped

C:WINDOWSSti_Trace.log Object is locked skipped

C:WINDOWSsystem32configAppEvent.Evt Object is locked skipped

C:WINDOWSsystem32configDEFAULT Object is locked skipped

C:WINDOWSsystem32configdefault.LOG Object is locked skipped

C:WINDOWSsystem32configInternet.evt Object is locked skipped

C:WINDOWSsystem32configMedia Ce.evt Object is locked skipped

C:WINDOWSsystem32configSAM Object is locked skipped

C:WINDOWSsystem32configSAM.LOG Object is locked skipped

C:WINDOWSsystem32configSecEvent.Evt Object is locked skipped

C:WINDOWSsystem32configSECURITY Object is locked skipped

C:WINDOWSsystem32configSECURITY.LOG Object is locked skipped

C:WINDOWSsystem32configSOFTWARE Object is locked skipped

C:WINDOWSsystem32configsoftware.LOG Object is locked skipped

C:WINDOWSsystem32configSysEvent.Evt Object is locked skipped

C:WINDOWSsystem32configSYSTEM Object is locked skipped

C:WINDOWSsystem32configsystem.LOG Object is locked skipped

C:WINDOWSsystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE537NDGC2Ehelp[1].htm Infected: Exploit.VBS.Phel.a skipped

C:WINDOWSsystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE56DK5KHE3help[1].htm Infected: Exploit.VBS.Phel.a skipped

C:WINDOWSsystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE56DK5KHE3wbk37.tmp Infected: Exploit.VBS.Phel.i skipped

C:WINDOWSsystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE5M6F1EDG9help[1].htm Infected: Exploit.VBS.Phel.a skipped

C:WINDOWSsystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE5YBGLAPQLhelp[1].htm Infected: Exploit.VBS.Phel.a skipped

C:WINDOWSsystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE5YBGLAPQLwbk39.tmp Infected: Exploit.VBS.Phel.i skipped

C:WINDOWSsystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE5YBGLAPQLwbk3B.tmp Infected: Exploit.VBS.Phel.i skipped

C:WINDOWSsystem32h323log.txt Object is locked skipped

C:WINDOWSsystem32wbemRepositoryFSINDEX.BTR Object is locked skipped

C:WINDOWSsystem32wbemRepositoryFSINDEX.MAP Object is locked skipped

C:WINDOWSsystem32wbemRepositoryFSMAPPING.VER Object is locked skipped

C:WINDOWSsystem32wbemRepositoryFSMAPPING1.MAP Object is locked skipped

C:WINDOWSsystem32wbemRepositoryFSMAPPING2.MAP Object is locked skipped

C:WINDOWSsystem32wbemRepositoryFSOBJECTS.DATA Object is locked skipped

C:WINDOWSsystem32wbemRepositoryFSOBJECTS.MAP Object is locked skipped

C:WINDOWSwiadebug.log Object is locked skipped

C:WINDOWSwiaservc.log Object is locked skipped

C:WINDOWSWindowsUpdate.log Object is locked skipped

C:DOCUME~1MARTIN~1LOCALS~1Tempbar.0MWSSRCSP.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:DOCUME~1MARTIN~1LOCALS~1Temp~DF75FB.tmp Object is locked skipped

Scan process completed.


MTM - 27-12-2007 at 12:25

just to add - I notice from the above that some of the infected files are Temp Internet - I definately cleared my tem folder before running this but to no avail obviously.


Pancake - 28-12-2007 at 00:47

First off what you now need to do is turn off your System Restore,reboot,turn it back on and creat a new restore point.

1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Select the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore. Leave it to remove files...

Turn on System Restore
To turn on System Restore, follow these steps: 1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.

=================================

Please download http://swandog46.geekstogo.com/avenger.zipThe Avenger to your Desktop and unzip it.

Copy all the text contained in the code box below ( including the words "files to delete" ) by highlighting it and right clicking and selecting "Copy"


Quote:

Files to delete:
C:WINDOWSsystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE537NDGC2Ehelp[1].htm
C:WINDOWSsystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE56DK5KHE3help[1].htm
C:WINDOWSsystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE56DK5KHE3wbk37.tmp C:WINDOWSsystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE5M6F1EDG9help[1].htm
C:WINDOWSsystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE5YBGLAPQLhelp[1].htm
C:WINDOWSsystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE5YBGLAPQLwbk39.tmp
C:WINDOWSsystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE5YBGLAPQLwbk3B.tmp
C:WINDOWSsystem32h323log.txt
C:DOCUME~1MARTIN~1LOCALS~1Tempbar.0MWSSRCSP.EXE
C:DOCUME~1MARTIN~1LOCALS~1Temp~DF75FB.tmp





Now, start The Avenger program by clicking on its icon on your desktop. Look under "Script file to execute" and click on "Input Script Manually". Next click on the Magnifying Glass icon and a blank dialogue box will open called "View/Edit script". Position your mouse inside the box, rightclick and choose Paste. All the text above in the code box should now appear there. Click Done and click on the Green Light to begin execution of the script. Answer "Yes" twice when prompted.

The Avenger will restart your computer. (if the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)

When you have rebooted, a black command window briefly opens on your desktop, this is normal. A logfile will be created that records all actions that The Avenger performed. This log file is saved to C:avenger.txt. The deleted files will be backed up and saved to C:avengerbackup.zip.

Once your computer has rebooted, please post back the contents of C:avenger.txt, a new Hijack This log.


MTM - 28-12-2007 at 13:13

Many thanks - I've done what you have said although I should let you know that I am still getting the same 'This is not a...' error message when I start up AOL. It appears 2 or 3 times before I can dial up AOL and requires me to 'x' each message each time.

This avenger log automatically appeared in notepad when my system was rebooted:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
RegistryMachineSystemCurrentControlSetServicesbprcmhoa

*******************

Script file located at: ??C:Program Filesahgukvcc.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:Avenger

*******************

Beginning to process script file:

File C:WINDOWSsystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE537NDGC2Ehelp[1].htm deleted successfully.
File C:WINDOWSsystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE56DK5KHE3help[1].htm deleted successfully.


Could not open file C:WINDOWSsystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE56DK5KHE3wbk37.tmp C:WINDOWSsystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE5M6F1EDG9help[1].htm for deletion
Deletion of file C:WINDOWSsystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE56DK5KHE3wbk37.tmp C:WINDOWSsystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE5M6F1EDG9help[1].htm failed!

Could not process line:
C:WINDOWSsystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE56DK5KHE3wbk37.tmp C:WINDOWSsystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE5M6F1EDG9help[1].htm
Status: 0xc0000033

File C:WINDOWSsystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE5YBGLAPQLhelp[1].htm deleted successfully.
File C:WINDOWSsystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE5YBGLAPQLwbk39.tmp deleted successfully.
File C:WINDOWSsystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE5YBGLAPQLwbk3B.tmp deleted successfully.
File C:WINDOWSsystem32h323log.txt deleted successfully.
File C:DOCUME~1MARTIN~1LOCALS~1Tempbar.0MWSSRCSP.EXE deleted successfully.


File C:DOCUME~1MARTIN~1LOCALS~1Temp~DF75FB.tmp not found!
Deletion of file C:DOCUME~1MARTIN~1LOCALS~1Temp~DF75FB.tmp failed!

Could not process line:
C:DOCUME~1MARTIN~1LOCALS~1Temp~DF75FB.tmp
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.


MTM - 28-12-2007 at 13:14

Is there anything more you can do for me Pancake?


LSemmens - 28-12-2007 at 13:25

Pancake is based in OZ, Martin, so he may now be in bed, as should I, you may need to wait a little for his response. Welcome to KF, BTW.


Pancake - 28-12-2007 at 21:15

Do a good cleanup and that should have you finished..

Download and scan with CCleaner from http://www.ccleaner.com/downloadbuilds.asp

1. Starting with v1.27.260, http://www.ccleaner.com/downloadbuilds.asp installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free Basic or Slim versions instead of the Standard Build.

2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

3. Then select the items you wish to clean up.

In the Windows Tab:
Clean all entries in the "Internet Explorer" section except Cookies.
Clean all the entries in the "Windows Explorer" section.
Clean all entries in the "System" section.
Clean all entries in the "Advanced" section.
Clean any others that you choose.

In the Applications Tab:
Clean all except cookies in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.
Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.
__________________


MTM - 29-12-2007 at 17:51

Many thanks LSemmens.

Thanks once again Pancake. I've done the above and will now attempt to close AOL and restart it again to see if I still get the error message.


MTM - 29-12-2007 at 18:44

Here's the latest scan:

Saturday, December 29, 2007 6:43:19 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/12/2007
Kaspersky Anti-Virus database records: 499999


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target Critical Areas
C:WINDOWS
C:DOCUME~1MARTIN~1LOCALS~1Temp

Scan Statistics
Total number of scanned objects 23995
Number of viruses found 2
Number of infected objects 2
Number of suspicious objects 0
Duration of the scan process 00:22:21

Infected Object Name Virus Name Last Action
C:WINDOWSDebugPASSWD.LOG Object is locked skipped

C:WINDOWSModemLog_Smart Link 56K Modem.txt Object is locked skipped

C:WINDOWSRegistration{02D4B3F1-FD88-11D1-960D-00805FC79235}.{B1F7DA45-178D-4CC6-9680-D173C2E4C53F}.crmlog Object is locked skipped

C:WINDOWSSchedLgU.Txt Object is locked skipped

C:WINDOWSSoftwareDistributionReportingEvents.log Object is locked skipped

C:WINDOWSSti_Trace.log Object is locked skipped

C:WINDOWSsystem32configAppEvent.Evt Object is locked skipped

C:WINDOWSsystem32configDEFAULT Object is locked skipped

C:WINDOWSsystem32configdefault.LOG Object is locked skipped

C:WINDOWSsystem32configInternet.evt Object is locked skipped

C:WINDOWSsystem32configMedia Ce.evt Object is locked skipped

C:WINDOWSsystem32configSAM Object is locked skipped

C:WINDOWSsystem32configSAM.LOG Object is locked skipped

C:WINDOWSsystem32configSecEvent.Evt Object is locked skipped

C:WINDOWSsystem32configSECURITY Object is locked skipped

C:WINDOWSsystem32configSECURITY.LOG Object is locked skipped

C:WINDOWSsystem32configSOFTWARE Object is locked skipped

C:WINDOWSsystem32configsoftware.LOG Object is locked skipped

C:WINDOWSsystem32configSysEvent.Evt Object is locked skipped

C:WINDOWSsystem32configSYSTEM Object is locked skipped

C:WINDOWSsystem32configsystem.LOG Object is locked skipped

C:WINDOWSsystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE56DK5KHE3wbk37.tmp Infected: Exploit.VBS.Phel.i skipped

C:WINDOWSsystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE5M6F1EDG9help[1].htm Infected: Exploit.VBS.Phel.a skipped

C:WINDOWSsystem32h323log.txt Object is locked skipped

C:WINDOWSsystem32wbemRepositoryFSINDEX.BTR Object is locked skipped

C:WINDOWSsystem32wbemRepositoryFSINDEX.MAP Object is locked skipped

C:WINDOWSsystem32wbemRepositoryFSMAPPING.VER Object is locked skipped

C:WINDOWSsystem32wbemRepositoryFSMAPPING1.MAP Object is locked skipped

C:WINDOWSsystem32wbemRepositoryFSMAPPING2.MAP Object is locked skipped

C:WINDOWSsystem32wbemRepositoryFSOBJECTS.DATA Object is locked skipped

C:WINDOWSsystem32wbemRepositoryFSOBJECTS.MAP Object is locked skipped

C:WINDOWSwiadebug.log Object is locked skipped

C:WINDOWSwiaservc.log Object is locked skipped

C:WINDOWSWindowsUpdate.log Object is locked skipped

C:DOCUME~1MARTIN~1LOCALS~1Tempfla51E.tmp Object is locked skipped

C:DOCUME~1MARTIN~1LOCALS~1Temp~DFEB20.tmp Object is locked skipped

Scan process completed.

Have I got any option left?


Martin


Pancake - 29-12-2007 at 22:35

You dont have any major problems but I would like to see the Exploit cleaned out.


First download ewido anti-spyware from HERE http://www.ewido.net/en/download/ and save that file to your desktop.
This is a 30 day trial of the program

Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run ewido and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"

Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:

Launch ewido-anti-spyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
ewido will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Next select the "Reports" icon at the top.
Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan.


MTM - 30-12-2007 at 22:39

Hi Pancake - I did the scan and everything you said but for some reason there was no report to be saved once the scan was complete - I double checked that I did everything you said and that I checked/unchecked the correct boxes but there was no report to save at the end.


Pancake - 30-12-2007 at 23:27

Odd....I would have liked to see if it fixed anything....Are things running any better.???


MTM - 3-1-2008 at 10:25

Hi Pancake - sorry fo my delay in posting back. I've been away for a couple of days.

Unfortunately, I still get the error message popping up on my screen 2 or 3 times before I can run AOL. Is there anything I can do to get rid of this?


Thanks again for all your help thus far.


Martin


LSemmens - 3-1-2008 at 11:43

If Pancake gives you the "all clear" now, which, I suspect, may be the case. A repair of your Windoze instal may be in order. Before you try it, though, try ewido again, and wait for Pancake's clearance. Can you give us the exact wording of the message.


Pancake - 3-1-2008 at 21:41

Can you run and post a new HJT log please.I will have another look.Can you tell me exactly what the error msg says.