Computer infected after Windows reinstall

[PF_PLAYER]

Hi.
some days ago, i decide to format my pc, and when the windows starts the first time, i installed the internet modem and some drivers, and de avg antispyware and avast, and other anti spyware, and i do the updates.
So, some minutes later, appear some virus like a message box saying that my computer is infected, and say to click in the icon to instal a program... and if i rebot the pc and do a scan i can see that my pc is infected with a lot of virus (http://xs313.xs.to/xs313/07136/help.PNG), so i do a lot of scans in safe mode with adware se, avast, and avg antispyware, and they detect the virus, and they remove them, but when i start the pc again i can see that i have the virus again.

some problems: sometimes i can not open the task manager, regedit...
make my internet conection crazy,
message saying that my pc is infected with a icon in windows bar

I have formated my pc a lot of times but is not working.

today i formated my pc again and i do this steps: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
now the pc looks good, but i still have some problems, like the internet conection that some times is good but other times is slow.
and avast sometimes say that have stopped a trojan, and if i do a scan, he detect some trojans...



sorry for my bad english

 

[howard_hopkinso]

Hello and welcome to Techspot.

It appears you`re not running any firewall software. This is a huge security risk and may well be why your system keeps getting infected.

Download and install one of the free firewall programmes below.

Zonealarm or Kerio free firewall programmes.

Your AVG Antispyware log says no action has been taken for any of the results. This is because you didn`t tell AVG Antispyware to quarantine the results. See HERE for instructions.

Now do the following.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

Live Messanger
MSN Live Messanger

Close the services window.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

livemsgr.exe
msnlivexp.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O4 - HKLM\..\Run: [Live Messanger] livemsgr.exe

O4 - HKLM\..\Run: [MSN Live Messanger] msnlivexp.exe

O4 - HKLM\..\RunServices: [Live Messanger] livemsgr.exe

O4 - HKLM\..\RunServices: [MSN Live Messanger] msnlivexp.exe

O4 - HKCU\..\Run: [Live Messanger] livemsgr.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{E0AEB2DF-4BD9-4061-B577-D7E9628A6956}: NameServer = 212.55.154.174<Only fix this if it doesn`t belong to your ISP.

O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll (file missing)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

livemsgr.exe
msnlivexp.exe<Search your system for these files and delete all instances found.

Reboot into normal mode and rehide your protected OS files.

Post a fresh HJT log as well as another AVG Antispyware log.

Regards Howard :wave: :wave:

This thread is for the use of PF_PLAYER only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[kitty500cat]

Never mind this post, go ahead Howard.

 

[PF_PLAYER]

i try to download the firewall but, the mozilla closes every time i open the kerio site, so i formated the pc again today, and i do that you say me to do.

 

[howard_hopkinso]

Please post a fresh HJT log from normal mode.

Regards Howard

This thread is for the use of PF_PLAYER only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[PF_PLAYER]

hijackthis.log

 

[howard_hopkinso]

Your HJT log is clean.

It appears you`re running a completely unpatched version of windows. This is a huge security risk.

Run Windows updates and install at least service pack 1 and preferably service pack 2.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of PF_PLAYER only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.