183 replies to this topic

[kaminikij]

ok off to download. By the way its not spyware blaster. Its spyware gaurd. It was in the start menu but its not there now. When I attempted to uninstall it tells me it cant because the program is running

[LDTate]

It's running in the back ground. You can do ALT/CTRL/DEL and end the process for it.

[kaminikij]

Ok got it . Ewido found nothing. Should I download cwshredder and run in safe mode?

[LDTate]

Sure

[kaminikij]

when I type in msconfig in run it tells me the program is responding. Same when I reboot or shut done, I think its the ms config

[kaminikij]

Do you really want to know? Cw shredder removed cws.msconfig. When iran the issues in ccleaner the 3 issues were spyblaster.exe and spywareguard.exe and ewido.exe. I did not remove the issues. would deleting mess up the programs? Its also difficult to use the keyboard. Right now I am gonna have a good cry and unplug the computer. We will see how it starts in the morning. Again thanks for hanging in there with me. Goodnight

Edited by kaminikij, 05 October 2005 - 09:48 PM.

[LDTate]

ccleaner the 3 issues were spyblaster.exe and
spywareguard.exe and ewido.exe. I did not remove the issues Those are oK.

Post a new HJT log please.

[kaminikij]

here it is. this morning when I turned on my computer I decided to try IE. It didnt take me to the adelphia start page but to msn.com. I rebooted and it took me to adelphia. Went into the control panel to see if my start page was set to adelphia and the IE icon is gone. Also in my documents and settings the history and temp folders are gone. I ran cwshredder again and it removed cws.msconfig. also cant see any of the files in windows.Here is the log

Logfile of HijackThis v1.99.1
Scan saved at 10:42:28 AM, on 10/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\John\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adelphia.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = adelphia.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

another thing I noticed was remember yesterday when I said when I search for msconig.exe I found 3 I can now only find 2. One in service pack and one in pchealth. I did not delete anything but the file that said old so one file is missing?

Edited by kaminikij, 06 October 2005 - 04:02 PM.

[LDTate]

Also in my documents and settings the history and temp folders are gone.

I think they are just hidden. can you see a folder Local settings under your name? history and temp are listed in there, but should be hidden.

IE icon is gone

Can you click Start> All programs and see the IE Icon? If so, right click on it and select Send to> Desktop create shortcut.


I can't remember if we did this or not.

Backup your Registry...
- Press "CTRL - ALT - DEL" keys all at the same time to start "Task Manager"
- In the Task Manager window click on "File", then from the drop-down menu select "New Task (Run...)"
- In the "Create New Task" window enter\type "regedit" (without quotes)
- Once Regedit opens click on the FILE menu and select Export
- Save the file as backup. Save the file somewhere you will remember and not delete.
IMPORTANT: make sure to set the export range to ALL



click Start>Run and type regedit tap enter key.


Regedit will open. Make sure My Computer is highlighted. At the top of the window click edit> Find> then copy and paste the following into the window.

cws.msconfig

Then click find now.
When you find the entry right click on it and select delete, answer ok at the prompt.
Next, press "F3" to continue searching, if another instance is found, repeat the above steps, until you see the "completed searching" message.

[kaminikij]

Ok Put the icon on desktop. After the rest will i get back online Ok? should I be in safe mode?

Edited by kaminikij, 06 October 2005 - 04:32 PM.

[LDTate]

Nothing I posted would stop you from getting online. Please don't delete, move or fix anything without asking.

[kaminikij]

done. Finds nothing. You didnt say if I should do this in safe mode or does it matter. I didnt

[LDTate]

done. Finds nothing. You didnt say if I should do this in safe mode or does it matter. I didnt

You did it right.

when the cws.msconfig is found, does it show the location of it?

[kaminikij]

do you mean when cwshredder finds it ? That shows nothing. Just deletes it

[LDTate]

Is cwshredder the only one finding it?