For the past couple of weeks my computer has been running slow. I ran Spy Sweeper prior to finding this forum and found a trojan. I fixed that with Spy Sweeper. Then I found this site and followed the directions for the prework. Here are the logs from all of that.

Thank you.

Julie

Attached Files

	cc log.txt (83.1 KB, 2 views)
	Spy Sweeper Session Log.txt (6.7 KB, 2 views)
	hijackthis.log (7.8 KB, 4 views)

I'd like to see an AVG log, so if you could do the following for now, and then post the log back, that would be fantastic. Please be sure to post another hjt log, run AFTER the AVG log, and also, be sure to move the hjt program form it's current temporary file to a more permanent file, such as c:\hjt\hjt.exe. When we run temp cleaners, they clean out ALL the stuff in temp files, so there is a good chance that hjt and it's rollups would be toast as well.

First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program

1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
3. On the main screen select the icon "Update" then select the "Update now" link.
   • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
6. Under "Reports"
   • Select "Automatically generate report after every scan"
   • Un-Select "Only if threats were found"

Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
   IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
   Once the scan is complete do the following:
5. If you have any infections you will prompted, then select "Apply all actions"
6. Next select the "Reports" icon at the top.
7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
8. Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

Thanks!

v

Thank you for the response. I hope I was able to fix the hjt program correctly. If not please let me know and I will try it again. Here is the AVG Anti Spyware log along with the hijackthis log. Again thank you for all your help.

Attached Files

	Report-Scan-20070320-095449 avg spy.txt (6.8 KB, 1 views)
	hijackthis.log (7.3 KB, 1 views)

Hey jas, thanks for getting those two logs to me. First, please right-click on start, and choose Explore. Click on Tools, Folder Options, and then View. Make sure that there is a tic next to Display contents of System Folders, Show Hidden Files and Folders is selected, and Hide known file extensions is not selected. Now close Explorer.

Please download from my signature: CCleaner, Housecall, and SpySweeper. Update SpySweeper, andCCleaner.

Now boot into Safe Mode. To learn how to do that, go to Getting into Windows Safe Mode. Run CCleaner, make sure that all options are selected, including Advanced. Answer OK or Yes to all warnings. Click on Analyze, then Run Cleaner. Repeat this until either no further files appear, or the same files reappear and cannot be cleaned. If you have files that cannot be cleaned, navigate to the location, right-click on the file and choose Properties. Click on the Security Tab, and Advanced button. Give yourself full ownership of the file, and then manually delete. If you cannot manually delete any file, please note that to post back here.

Now run Spy Sweeper, under Options, Sweep, make sure that all available options under Custom Sweep are selected. Run a full system scan, and let it quarantine everything that it finds. Make sure to save the log to post back here.

Go ahead and open hijackthis, close all other applications/browsers, and click on ‘perform system scan only’. Place a tick next to the following and click ‘fix checked’.

R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [Checkit] C:\WINDOWS\checkit.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: PowerPanel.lnk = ?

Next, while still in safe mode, navigate to and delete the following file:

C:\WINDOWS\tcpip32.exe

Reboot into normal mode, and post another hjt for me to take a gander at.

Thanks,

v

Hi V,

I went into safe mode and ran CCleaner, Spy Sweeper and fixed the applications per the previous post in hijackthis. Here are the new logs below.

Thank you for all your help.

jas

Attached Files

	hijackthis 3-21.txt (6.3 KB, 2 views)
	Spy Sweeper Session Log.txt (13.1 KB, 2 views)

looks like you ran the hijackthis in safe mode. Could you boot into normal mode and post one from there, please?

also looks like spysweeper found and quarantined a few nasties for us.....

thanks!

v

Hi V,

Sorry about that. Here is the Hijackthis in normal mode. Yes, sweeper seemed to find another trojan. I hope this takes care of it.

Thanks

jas

Attached Files

hijackthis 3-21.txt (7.0 KB, 2 views)