Hi,death2mess

I forgot to add after you do all of the above here is
what i need you to do right away make sure you do it
change all passwords you used before. one of the items

you had was a bad Trojan that not only was it on the
PC but it would pickup anything that you typed
so don't play around change all passwords

HGD

i am at work so i cant check at the moment but when i run ewido it seems that the files it asks me to clean are all sort of like this "c:\...\...RP33\A0048881.ax". they seem to always be in RPxx and are just a series of numbers starting with A00... all are different types of spyware and trojans. if i dont check to perform same for all when it asks if it wants me to clean it then hundreds will come up. eventually it will say the file is in an archive and cannot be cleaned do i want to delete all delete or ignore. after that is when ewido stops running.

i was also wondering about the files that i put in the avg virus vault. are these files i need that are infected and need to be cleaned? or should i just delete them? also alot of these files resemble the ones that ewido is coming up with. is it just scanning the avg vault?

should i be concerned that ewido won't finish?

i can be more specific about the files and locations of both the ewido results and the avg virus vault later if you need me to be. let me know.


thanks for all the help.

i stopped system restore and restarted it to clear certain files and then ran ewido again. it still came up with a lot of things but not as many as before. it seems the files in teh RPxx files didnt come up this time so i guess they were in the system restore. this time there wasnt a message about not being able to fix something but it still didn't finish. the files it did find were all in C:\WINNT and files in that file. the message it gives is "securitysuite.exe has encountered a problem and needs to close. We are sorry for the inconvenience. If you were in the middle of something the information you were working on might be lost." the last file ewido scanned when this message popped up was C:\WINNT\system32\uimfre.exe. is there something i should do about this? why does it come up with infected files everytime i run it? none of the other programs are showing infected files. anyway i stopped a bunch of startup programs too. i dont know if you need a new log but i figured id post one anyway. thanks for all of the help. thank god for this site and people like you.

Logfile of HijackThis v1.99.1
Scan saved at 11:44:25 PM, on 6/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\HijackThis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.gateway.net
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.ht m (file missing) (HKCU)
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://webmail.relianceinsurance.com/iNotes.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1118110995070
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)

Hi,death2mess

Ok as far as the logfile i don't see anything but do this here
run ewido & AVG from Safe Mode but first see if you can clean
AVG virus vault then run a full system scan with both

& let us know what happens if anything

Make sure you can view hidden and system files: Instructions here


Then Boot to safe mode: Instructions here

HGD

ok everything seems good. i removed ewido ran ccleaner redowloaded ewido cleared the system restore and ran avg and ewido in safe mode. ewido found 7 more things and cleaned them it finally finished. i went back to normal mode and ran it again. it found 6 more things but they were obviously the restore points from some of the things that it just cleaned. then i ran everything again and everything comes up clean and finishes. thanks so much for the help. i cahnged all password that i used on this computer and i will tell my friend to change all of hers when i give this computer back to her. thank god i dont have to spend all of my nights fixing this anymore. between family and friends who know nothing about computers and think that i do i may see you soon. no offense but i hope not. thanks so much again.