Member Panel

joe5

Maybe it is a good idea to have a look for mal-ware problems , maybe that is the problem.

Can you follow the instructions in the "Prework" link below , and then post the 2 resulting log files from it?

FyawurX

hijackthis.log

Is that all i need to do? You said 2 log files, if i follow the rest of the instructions will i get the other one?

Cheers,
FyawurX

FyawurX

hijackthis.log

The 'Scan report_20051111.txt' is too big to attach. Is it possible i could email it to you?

Cheers,
FyawurX

joe5 · 12:08 PM

You can leave the Ewido log for now , i'll ask you abit later to run another Ewido scan and the log from that scan should be alot smaller and possible to post it.

Before using HijackThis Please Do the Following:

Show hidden files and folders:

For XP:

On the Tools menu in Windows Explorer, click Folder Options.
Click the View tab.
Under Hidden files and folders, click Show hidden files and folders.
If you see a warning message, click Yes.
Click Apply.
Click OK.

Disable System Restore to prevent re-infection.
(If you have/use it. You can turn it back on when youre PC is clean).

How to disable system restore:

WinXP.

Click the Start button.
Right-click My Computer, and then click Properties.
On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.

Please download CCleaner

Download the Hoster from here.

Download and unzip BFU.zip from here.
Run the program and click the Web button as shown by the blue arrow below:

Use this URL to copy into the address bar of the Download script window:
http://metallica.geekstogo.com/p2pnetwork.bfu
Execute the script by clicking the Execute button.

Then go to add and remove programs and uninstall "BullsEye Network" there.

Now boot in safemode (hit f8 when booting up) and fix these with hjt:
(if still present)

O4 - HKLM\..\Run: [p2pnetwork] p2pnetwork.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\RunServices: [p2pnetwork] p2pnetwork.exe
O4 - HKCU\..\Run: [p2pnetwork] p2pnetwork.exe
O4 - HKCU\..\RunServices: [p2pnetwork] p2pnetwork.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shockwave.com/pub/otoy/OTOYAX.cab

Then delete the files in bold (if still present) and then run Ccleaner.

Now start Hoster and press "Restore Original Hosts" and press "OK". Exit Program. This will restore the original Hosts file.

Now run a new Ewido scan and post the log from it and also a new hjt log please.