Program running constantly in background!!

K

Keego

New Member
Hi I created a thread in the laptop forum but i think this is the right place for it. As the title says i have some sort of program or something constantly running in the background of my laptop. As soon as i turn it on the hard drive is flashing and the hour glass is constantly flashing beside the cursor. I find that it slows down the computer a small bit not too much. Iv done the hijack this test and here are my results. I dont understand them I hope someone here can and it would be greatly appreciated!!.

Logfile of HijackThis v1.99.1
Scan saved at 22:03:04, on 28/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\winlog.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
 
Run Hijackthis and select "Do a system scan only", place a check by the following entries.

O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe

Close all open windows and browsers, and hit "Fix Checked".

Delete this file.

C:\WINDOWS\system32\winlog.exe

Reboot and post a new Hijackthis log, and say how things are now.
 
Thanks...You know your stuff..Ill do that but wont get it done till tonight so ill post again tomorrow when i do that..Thanks again
 
Hey Im back with my results and the hour glass is still going alongside the cursor...Im getting worried its a bigger problem than i think, is it??? Anyhow heres my latest hijackthis log......
I also did ctrl-alt-delete and was told that a alg.exe which is running is unusual but he didnt know what to do with it. You know anything about this?? Thanks again! Oh i also tried to delete C:\WINDOWS\system32\winlogon.exe but it wouldnt let me.....



Logfile of HijackThis v1.99.1
Scan saved at 20:54:14, on 01/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
 
I couldnt find winlog.exe but its gone from the log report isnt it?? i searched the computer and it was gone. Ill do that scan asap.
 
It's gone from the log but that doesn't mean it's not still there.


[*]Please download the Killbox.

[*]Unzip it to the desktop but do NOT run it yet.

[*]Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

[*]Once in Safe Mode, please run Killbox.

[*]Click "Delete on Reboot".

[*]Paste the following into the top "Full Path of File to Delete" box.

C:\WINDOWS\System32\winlog.exe


[*]Click the red-and-white "Delete File".

[*]Click "Yes" at the Delete on Reboot prompt.

[*]Click "No" at the Pending Operations prompt.

Then restart the computer and post the results of the Activescan.
 
Ok..Iv spent ages doing this on me 35.2kbps dial up...:-( Here is the result of the panda active scan..To me its not good at all but i think the viruses are gone now???Ill do the other thing you said tomorrow cause its 11.30pm now here no time.. Thanks..

Incident Status Location

Adware:adware/dollarrevenue Not disinfected C:\WINDOWS\drsmartload2.dat
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Paul Keegan\Cookies\paul [email protected][1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Paul Keegan\Cookies\paul [email protected][2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Paul Keegan\Cookies\paul keegan@belnk[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Paul Keegan\Cookies\paul keegan@com[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Paul Keegan\Cookies\paul [email protected][2].txt
Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\Paul Keegan\Cookies\paul [email protected][1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Paul Keegan\Cookies\paul keegan@rn11[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Paul Keegan\Cookies\paul keegan@tribalfusion[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Paul Keegan\Cookies\paul [email protected][1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Paul Keegan\Cookies\paul [email protected][2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Paul Keegan\Cookies\paul keegan@belnk[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Paul Keegan\Cookies\paul keegan@com[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Paul Keegan\Cookies\paul [email protected][2].txt
Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\Paul Keegan\Cookies\paul [email protected][1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Paul Keegan\Cookies\paul keegan@rn11[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Paul Keegan\Cookies\paul keegan@tribalfusion[1].txt
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Paul Keegan\Shared\PSP - Winning Eleven 9 [USA] [www GamesTorrents com].zip[Setup.exe]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Paul Keegan\Shared\[Full Version] mini games for sony psp.zip[setup.exe]
Adware:Adware/DollarRevenue Not disinfected C:\install.exe
Virus:Trj/Gaodrop.A Disinfected C:\Program Files\outlook\outlook.exe
Virus:Trj/Gaodrop.A Disinfected C:\Program Files\outlook\p.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Program Files\outlook\v.tmp
Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\gimmygames.exe
Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\gimmygames9.exe
Virus:W32/Gaobot.MFM.worm Disinfected C:\WINDOWS\system32\winlog.exe
Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\winsysban7.exe
Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\winsysban9.exe
Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\winsysupd7.exe
Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\winsysupd9.exe
 
Not related to Kevin are you? :D

Looks like you're in the UK, I'm getting sleepy as well, I'll get back to you in the morning.
 
I did the killbox thing but it didnt ask me this ***Click "No" at the Pending Operations prompt.*** It just came up with something about pending operations and only option was to click ok!! then it didnt restart itself i had to do it..I dont think ill be able to do another active scan cause it takes couple hours to do!!! any more ideas???I wonder wat the fcuk is up?
 
Download: CCleaner (freeware)
http://www.majorgeeks.com/download4191.html
Once installed, run CCleaner click the Windows [tab]
Select the following:
cleaner.gif

Next: click Options click the Advancedtab.
Uncheck: "Only delete files older than 48 hrs.", click Ok
Then click Run Cleaner (bottom right) then Exit

1) Open Notepad and copy these instructions to a new document. Save it somewhere convenient for use in safemode.

2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

3) Once in Safe Mode, please run Killbox.

4) Select "Delete on Reboot".

5) Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\install.exe
C:\WINDOWS\drsmartload2.dat
C:\WINDOWS\gimmygames.exe
C:\WINDOWS\gimmygames9.exe
C:\WINDOWS\winsysban7.exe
C:\WINDOWS\winsysban9.exe
C:\WINDOWS\winsysupd7.exe
C:\WINDOWS\winsysupd9.exe
C:\Documents and Settings\Paul Keegan\Shared\[Full Version] mini games for sony psp.zip

6) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

7) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

Then reboot to normal mode, and say how things are now.
 
Did the ccleaner thing and no luck!! still happening...Then i downloaded spyware doctor and it found this...
Details of the selected infection are shown below. This infection can be detected and cleaned using Spyware Doctor.

Name: Winsys Hijacker
Risk Level: high
Description: Winsys Hijacker hijacks Internet Explorer homepage, monitors users browsing habits and displays pop-up advertisements when executed.
Type: Adware Hijacker Trojan
Also known as: Trojan-Clicker.Win32.VB.kc Trojan.Win32.StartPage.ahg
Removal: This infection can be removed using Spyware Doctor.

I think it deleted it but still didnt stop the hour glass...So im lost completely and worried..my laptops only 1 month old too!!!!!
 
Did you do the killbox as well?

Download the trial version of Spy Sweeper from Here

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.

When the sweep has finished, click Remove. Click Select All and then Next

Exit Spy Sweeper.

Reboot and see how things are.
 
yea did killbox...that trojan that spy doctor found isnt deleted actually you have to buy spy doc to delete it...Will spy sweeper delete it, you think??
 
Spysweeper's better, so yes. :)

Edit: Looking at it again, if Spysweeper doesn't get it, I know something that will.
 
Last edited:
spy sweeper got rid of 3 things but dont think it picked up the winsys hijacker thing cause i didnt see it listed just 2 other high threat things and 1 low threat thing..It deleted them but the hour glass is still going and no end in sight.
 
Download the following tool to your desktop:

FixO.exe

Doubleclick FixO.exe and choose install.
This will create a new folder on your desktop called FixO
Open the folder and doubleclick FixO.bat

It will generate a log afterwards. Copy and paste the contents of that log together with a new HijackThis log.
 
You must log in or register to reply here.
Back
Top