Sponsored By

therock247uk

Members
  • Content Count

    960
  • Joined

  • Last visited

Posts posted by therock247uk


  1. 1. Make sure your PC is set to show all hidden files and folders go here for instructions on how to do this. http://pchowtos.co.uk/index.php?page=tutor...tion=view&id=34

    2. Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

    3. While in safemode open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

    O4 - HKLM\..\Run: [batSrv] C:\WINDOWS\batserv2.exe

    4. Delete the files. (if present)

    C:\WINDOWS\batserv2.exe

    5. Reboot and post a new Hijackthis log here in a reply.


  2. Please download ewido anti-malware it is a trial version of the program.

    • Install ewido security suite
    • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    • Launch ewido, there should be an icon on your desktop double-click it.
    • The program will now go to the main screen

    You will need to update ewido to the latest definition files.

    • On the left hand side of the main screen click update
    • Then click on Start Update

    The update will start and a progress bar will show the updates being installed.

    If you are having problems with the updater, you can use this link to manually update ewido.

    ewido manual updates

    Download CWShredder here to its own folder.

    Download about:buster by RubbeRDuckY Here.

    Update CWShredder

    * Open CWShredder and click I AGREE

    * Click Check For Update

    * Close CWShredder

    Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

    Open Ewido again

    • Click on scanner
    • Click on Complete System Scan and the scan will begin.
    • While the scan is in progress you will be prompted to clean files, click OK
    • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
    • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
    • Click Save report.
    • Save the report .txt file to your desktop.

    Now close ewido anti-malware.

    Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

    Please run about:buster by RubbeRDuckY:

    • Click Begin Removal.
    • Click Yes to allow it to shutdown explorer.exe.
    • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
    • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
    • Reboot your computer into safe mode again

    Run about:buster again following the same instructions as above, this time without the restart at the end

    Download http://osc.geekstogo.com/cwsserviceremove.reg run it it will ask to merge into the registery say yes.

    Post the about:buster log, CWShredder results, Ewido restults and a New Hijackthis log here in a reply.


  3. Download win32delfkil.exe.

    Save it on your desktop.

    Double click on win32delfkil.exe and install it. This creates a new folder on your desktop: win32delfkil.

    Close all windows, open the win32delfkil folder and double click on fix.bat.

    The computer will reboot automatically.

    Post the contents of the logfile c\windelf.txt, along with a new hijackhislog.

    Because of the "browsela" key, you need to shut down the computer. Don't do this in the normal way by using start - shut down, but use the power button.


  4. Your log is clean :)

    Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

    • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
    • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
    • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
    • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

    To protect yourself further:

    • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
    • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
    • Google Toolbar <= Get the free google toolbar to help stop pop up windows.

    I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.


  5. 1. Make sure your PC is set to show all hidden files and folders go here for instructions on how to do this. http://pchowtos.co.uk/index.php?page=tutor...tion=view&id=34

    2. Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

    3. While in safemode open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s

    R3 - URLSearchHook: (no name) - {7D95A55D-13CF-116C-ED13-6B2315B9C6EC} - C:\WINDOWS\System32\opowii.dll

    O2 - BHO: (no name) - {7D95A55D-13CF-116C-ED13-6B2315B9C6EC} - C:\WINDOWS\System32\opowii.dll

    O4 - HKCU\..\Run: [Aoat] "C:\Program Files\itrs\oprs.exe" -vt ndrv

    4. Delete the folders. (if present)

    C:\Program Files\itrs

    5. Delete the files. (if present)

    C:\WINDOWS\System32\opowii.dll

    6. Reboot and post a new Hijackthis log here in a reply.


  6. You put the wrong paths in vundofix. copy and paste them next time.

    Please print these instructions out for use in Safe Mode.

    Please download VundoFix.exe to your desktop.

    • Double-click VundoFix.exe to extract the files
    • This will create a VundoFix folder on your desktop.
    • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
    • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
    • You will first be presented with a warning.
      It should look like this
      VundoFix V2.15 by Atri
      By using VundoFix you agree that you are doing so at your own risk
      Press enter to continue....
    • At this point press enter one time.
    • Next you will see:
      Please Type in the filepath as instructed by the forum staff
      and then press enter:
    • At this point please type the following file path (make sure to enter it exactly as below!):
      • C:\WINDOWS\system32\ddcyx.dll

      [*]Press Enter to continue with the fix.

      [*] Next you will see:

      Please type in the second filepath as instructed by the forum

      staff then press enter:

      [*]At this point please type the following file path (make sure to enter it exactly as below!):

      • C:\WINDOWS\system32\xycdd.*

      [*]Press Enter to continue with the fix.

      [*]The fix will run then HijackThis will open, if it does not open automatically please open it manually.

      [*]In HiJackThis, please place a check next to the following items and click FIX CHECKED:

      • O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\ddcyx.dll
        O20 - Winlogon Notify: ddcyx - C:\WINDOWS\system32\ddcyx.dll

      [*]After you have fixed these items, close Hijackthis.

      [*]Press enter to exit the program then manually reboot your computer.

      [*]Once your machine reboots please continue with the instructions below.

    Download and install CleanUp!

    Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).

    Set the program up as follows:

    Click "Options..."

    Move the arrow down to "Custom CleanUp!"

    Put a check next to the following (Make sure nothing else is checked!):

    • Empty Recycle Bins
    • Delete Cookies
    • Delete Prefetch files
    • Cleanup! All Users

    Click OK

    Press the CleanUp! button to start the program.

    It may ask you to reboot at the end, click NO.

    Then, please run this online virus scan: ActiveScan

    Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.


  7. Please print these instructions out for use in Safe Mode.

    Please download VundoFix.exe to your desktop.

    • Double-click VundoFix.exe to extract the files
    • This will create a VundoFix folder on your desktop.
    • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
    • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
    • You will first be presented with a warning.
      It should look like this
      VundoFix V2.15 by Atri
      By using VundoFix you agree that you are doing so at your own risk
      Press enter to continue....
    • At this point press enter one time.
    • Next you will see:
      Please Type in the filepath as instructed by the forum staff
      and then press enter:
    • At this point please type the following file path (make sure to enter it exactly as below!):
      • C:\WINDOWS\system32\ddcyx.dll

      [*]Press Enter to continue with the fix.

      [*] Next you will see:

      Please type in the second filepath as instructed by the forum

      staff then press enter:

      [*]At this point please type the following file path (make sure to enter it exactly as below!):

      • C:\WINDOWS\system32\xycdd.*

      [*]Press Enter to continue with the fix.

      [*]The fix will run then HijackThis will open, if it does not open automatically please open it manually.

      [*]In HiJackThis, please place a check next to the following items and click FIX CHECKED:

      • O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\ddcyx.dll
        O20 - Winlogon Notify: ddcyx - C:\WINDOWS\system32\ddcyx.dll

      [*]After you have fixed these items, close Hijackthis.

      [*]Press enter to exit the program then manually reboot your computer.

      [*]Once your machine reboots please continue with the instructions below.

    Download and install CleanUp!

    Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).

    Set the program up as follows:

    Click "Options..."

    Move the arrow down to "Custom CleanUp!"

    Put a check next to the following (Make sure nothing else is checked!):

    • Empty Recycle Bins
    • Delete Cookies
    • Delete Prefetch files
    • Cleanup! All Users

    Click OK

    Press the CleanUp! button to start the program.

    It may ask you to reboot at the end, click NO.

    Then, please run this online virus scan: ActiveScan

    Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.


  8. Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

    • Click the Free Trial link under to "SpySweeper" to download the program.
    • Install it. Once the program is installed, it will open.
    • It will prompt you to update to the latest definitions, click Yes.
    • Once the definitions are installed, click Options on the left side.
    • Click the Sweep Options tab.
    • Under What to Sweep please put a check next to the following:

      • Sweep Memory
      • Sweep Registry
      • Sweep Cookies
      • Sweep All User Accounts
      • Enable Direct Disk Sweeping
      • Sweep Contents of Compressed Files
      • Sweep for Rootkits
      • Please UNCHECK Do not Sweep System Restore Folder.

      [*]Click Sweep Now on the left side.

      [*]Click the Start button.

      [*]When it's done scanning, click the Next button.

      [*]Make sure everything has a check next to it, then click the Next button.

      [*]It will remove all of the items found.

      [*]Click Session Log in the upper right corner, copy everything in that window.

      [*]Click the Summary tab and click Finish.

      [*]Paste the contents of the session log you copied into your next reply.


  9. Please print these instructions out for use in Safe Mode.

    Please download VundoFix.exe to your desktop.

    • Double-click VundoFix.exe to extract the files
    • This will create a VundoFix folder on your desktop.
    • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
    • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
    • You will first be presented with a warning.
      It should look like this
      VundoFix V2.15 by Atri
      By using VundoFix you agree that you are doing so at your own risk
      Press enter to continue....
    • At this point press enter one time.
    • Next you will see:
      Please Type in the filepath as instructed by the forum staff
      and then press enter:
    • At this point please type the following file path (make sure to enter it exactly as below!):
      • C:\WINNT\system32\awtst.dll

      [*]Press Enter to continue with the fix.

      [*] Next you will see:

      Please type in the second filepath as instructed by the forum

      staff then press enter:

      [*]At this point please type the following file path (make sure to enter it exactly as below!):

      • C:\WINNT\system32\tstwa.*

      [*]Press Enter to continue with the fix.

      [*]The fix will run then HijackThis will open, if it does not open automatically please open it manually.

      [*]In HiJackThis, please place a check next to the following items and click FIX CHECKED:

      • R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
        O2 - BHO: ATLDistrib Object - {3FE36807-69ED-45D1-B9BE-85C0E3F75B6A} - C:\WINNT\system32\awtst.dll
        O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
        O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
        O20 - Winlogon Notify: awtst - C:\WINNT\system32\awtst.dll

      [*]After you have fixed these items, close Hijackthis.

      [*]Press enter to exit the program then manually reboot your computer.

      [*]Once your machine reboots please continue with the instructions below.

    Download and install CleanUp!

    Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).

    Set the program up as follows:

    Click "Options..."

    Move the arrow down to "Custom CleanUp!"

    Put a check next to the following (Make sure nothing else is checked!):

    • Empty Recycle Bins
    • Delete Cookies
    • Delete Prefetch files
    • Cleanup! All Users

    Click OK

    Press the CleanUp! button to start the program.

    It may ask you to reboot at the end, click NO.

    Then, please run this online virus scan: ActiveScan

    Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.


  10. Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

    Open Ewido again

    • Click on scanner
    • Click on Complete System Scan and the scan will begin.
    • While the scan is in progress you will be prompted to clean files, click OK
    • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
    • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
    • Click Save report.
    • Save the report .txt file to your desktop.

    Now close ewido security suite.

    Reboot and Post the report Ewido made and a new Hijackthis log here in a reply.


  11. Your log is clean :)

    Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

    • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
    • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
    • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
    • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

    To protect yourself further:

    • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
    • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
    • Google Toolbar <= Get the free google toolbar to help stop pop up windows.

    I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.


  12. 1. Make sure your PC is set to show all hidden files and folders go here for instructions on how to do this. http://pchowtos.co.uk/index.php?page=tutor...tion=view&id=34

    2. Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

    3. While in safemode open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

    O4 - HKLM\..\Run: [syszk.exe] C:\WINNT\system32\syszk.exe

    4. Delete the files. (if present)

    C:\WINNT\system32\syszk.exe

    5. Reboot and post a new Hijackthis log here in a reply.


  13. 1.

    Download about:buster by RubbeRDuckY Here.

    Save the file somewhere you will remember like to the Desktop.

    Please run about:buster by RubbeRDuckY:

    • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
    • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
    • Click "OK" at the prompt with instructions.
    • Click "Update" and then "Check For Update" to begin the update process.
    • If any updates exist please download them by clicking "Download Update" then click the X to close that window.
    • Boot into safemode again
    • Open About:buster again
    • Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
    • Click Yes to allow it to shutdown explorer.exe.
    • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
    • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.

    2. Reboot back into normal mode and download http://osc.geekstogo.com/cwsserviceremove.reg run it it will ask to merge into the registery say yes.

    3. Download and run http://cwshredder.net/bin/CWShredder.exe click fix.

    4. Then post the about:buster log and a new Hijackthis log here in a reply.


  14. 1. Make sure your PC is set to show all hidden files and folders go here for instructions on how to do this. http://pchowtos.co.uk/index.php?page=tutor...tion=view&id=34

    2. Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

    3. While in safemode open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\axoyd.dll/sp.html#34154

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\axoyd.dll/sp.html#34154

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\axoyd.dll/sp.html#34154

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\axoyd.dll/sp.html#34154

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\axoyd.dll/sp.html#34154

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\axoyd.dll/sp.html#34154

    R3 - Default URLSearchHook is missing

    O2 - BHO: Class - {CC16D1AD-6F80-3BC9-9B93-0118DF795C9A} - C:\WINNT\system32\syszk.dll

    O4 - HKLM\..\Run: [syszk.exe] C:\WINNT\system32\syszk.exe

    O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINNT\appnc.exe

    4. Delete the files. (if present)

    C:\WINNT\axoyd.dll

    C:\WINNT\system32\syszk.dll

    C:\WINNT\system32\syszk.exe

    C:\WINNT\appnc.exe

    5. Reboot and post a new Hijackthis log here in a reply.


  15. Download smitRem.exe and save the file to your desktop.

    Double click on the file to extract it to it's own folder on the desktop.

    Place a shortcut to Panda ActiveScan on your desktop.

    Please download the trial version of Ewido Security Suite here:

    http://www.ewido.net/en/download/

    Please read Ewido Setup Instructions

    Install it, and update the definitions to the newest files. Do NOT run a scan yet.

    If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:

    Ad-Aware SE Setup

    Don't run it yet!

    Next, please reboot your computer in SafeMode by doing the following:

    1. Restart your computer
    2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    3. Instead of Windows loading as normal, a menu should appear
    4. Select the first option, to run Windows in Safe Mode.

    Now scan with HJT and place a checkmark next to each of the following items and click FIX CHECKED:

    ===================================================

    O2 - BHO: HomepageBHO - {3e9b951e-6f72-431b-82cf-4a9fbf2f53bc} - C:\WINDOWS\System32\hpE4A3.tmp

    ===================================================

    Close HiJackThis.

    Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.

    Wait for the tool to complete and disk cleanup to finish.

    The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

    Open Ad-aware and do a full scan. Remove all it finds.

    Run Ewido:

    • Click on scanner
    • Click on Complete System Scan and the scan will begin.
    • NOTE: During some scans with ewido it is finding cases of false positives.
    • You will need to step through the process of cleaning files one-by-one.
    • If ewido detects a file you KNOW to be legitimate, select none as the action.
    • DO NOT select "Perform action on all infections"
    • If you are unsure of any entry found select none for now.
    • When the scan is finished, click the Save report button at the bottom of the screen.
    • Save the report to your desktop

    Close Ewido

    Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

    Reboot back into Windows and click the Panda ActiveScan shortcut.

    - Once you are on the Panda site click the Scan your PC button

    - A new window will open...click the Check Now button

    - Enter your Country

    - Enter your State/Province

    - Enter your e-mail address and click send

    - Select either Home User or Company

    - Click the big Scan Now button

    - If it wants to install an ActiveX component allow it

    - It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)

    - When download is complete, click on Local Disks to start the scan

    - When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

    Post the contents of the Panda scan report, along with a new HijackThis Log, the contents of smitfiles.txt and the Ewido Log by using Add Reply.

    Let us know if any problems persist.


  16. Please download ewido security suite it is a trial version of the program.

    • Install ewido security suite
    • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    • Launch ewido, there should be an icon on your desktop double-click it.
    • The program will now go to the main screen

    You will need to update ewido to the latest definition files.

    • On the left hand side of the main screen click update
    • Then click on Start Update

    The update will start and a progress bar will show the updates being installed.

    If you are having problems with the updater, you can use this link to manually update ewido.

    ewido manual updates

    Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

    Open Ewido again

    • Click on scanner
    • Click on Complete System Scan and the scan will begin.
    • While the scan is in progress you will be prompted to clean files, click OK
    • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
    • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
    • Click Save report.
    • Save the report .txt file to your desktop.

    Now close ewido security suite.

    Reboot and Post the report Ewido made and a new Hijackthis log here in a reply.