[sumodeluxe]

here is a log

[joe5]

Hya sumodeluxe.




Before fixing things with HijackThis Please Do the Following:

Show hidden files and folders:

For XP:

1. On the Tools menu in Windows Explorer, click Folder Options.
2. Click the View tab.
3. Under Hidden files and folders, click Show hidden files and folders.
4. If you see a warning message, click Yes.
5. Click Apply.
6. Click OK.

Disable System Restore to prevent re-infection.
(If you have/use it. You can turn it back on when youre PC is clean).

How to disable system restore:

WinXP.

1. Click the Start button.
2. Right-click My Computer, and then click Properties.
3. On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.

Please download CCleaner


Download Ewido Security Suite

• Install Ewido Security Suite.
• When installing, under Additional Options uncheck Install background guard and Install scan via context menu
• Launch Ewido, there should be a big "E" icon on your desktop, double-click it.
• The program will prompt you to update click the "OK" button
• The program will now go to the main screen
• You will need to update Ewido to the latest definition files.
• On the left hand side of the main screen click update
• Click on Start
• The update will start and a progress bar will show the updates being installed.*
• After the updates are installed, exit ewido , don't run a scan yet.

Then boot in safemode (hit f8 when booting up) and uninstall "WildTangent" in "add and remove programs".

Then fix these with hjt:

O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

Then delete these files in bold:
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\WildTangent


and run Ccleaner.

Then still in safemode run Ewido:

Close all open windows/programs/folders and then run Ewido.* Have nothing else open while ewido performs its scan!

• Click on Scanner , Settings
• Under "How to scan" all boxes should be selected
• Under "Possibly unwanted software" all boxes should be selected
• Under "What to scan" select scan every file
• Click OK, Complete system scan
• Let the program scan the machine
• If ewido finds anything, it will pop up a notification.*

NOTE:* We have been finding some cases of false positives with the new version of Ewido, so you need to step through the fixes one-by-one.* If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, AOL, pcAnywhere and the game "Risk" have been flagged.* In particular, watch for alerts that have the word "Heuristic" in them - if you recognize the file name as "friendly," these may actually be false positives) select "none" as the action.*

DO NOT check "Perform action with all infections."* If you are unsure of an entry, select "none" for the time being.* We will see that in the log when you post it later and let you know if ewido needs to be run again.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report.

Click Save report. Save the report to your desktop, exit ewido


NOTE:

If during your scan Ewido "crashes" or "hangs", please try scanning again. Before running the scan, click on 'Scanner' (the 3rd bar from the top on the left) and Choose 'Settings'. Uncheck 'Scan in NTFS Alternate Data Streams' as this can cause problems in overly infected systems. Click 'OK' and run a new scan.


Then please post a new HijackThis log and the Ewido log by attaching them to a post.


Also i see you have the Messengr service running if you dont use it then i would disable it:

Please download Shoot The Messenger
Download and run the small (22 kbyte) "ShootTheMessenger.exe" utility. It will display the current status of your system's Messenger Service. The button near the bottom of its window will allow you to set the service to whichever state ? running or disabled ? that you desire.
If, for any reason, you should ever choose to re-enable the Windows Messenger Service, simply re-run ShootTheMessenger to do so.

[sumodeluxe]

I dont have acess to this computer again till monday after thanksgiving. I will run those applications and Post new logs. I keep forgetting about the show all files but I will be sure to do on my next log wich will be in a few hours.

[sumodeluxe]

I still do not have access to this pc at this time hopfully i will around the first of the month. When i get access I will post new logs. Thanks agen for your help.

[joe5]

No prob. And she doesn't have to worry , its not really nasty stuff on there.