Spyware attack messed my desktop "Help"

I'm afraid I can't do this procedure cuz I no longer have the windows CD, I'm currently using xp professional and the only CD I have is the home edition! so I don't think I can use it, right?

Can I live with that messed up desktop, or it could infect or damage other running processes?

Anyways thank you very much Mr. Howard for everything I don't know how I would've survived this without you! you taught me so much this past week and I greatly appreciate it! so thank you soooo much.

Take care.

my view is. you have had problem after problem, and as soon as one is fixed, another reveals itself. its probably best to save what you can onto disc, and format! until you can upgrade to xp pro, i am sure its far better and less stressful to work with home edition. don't you?

You`re right, you can`t run a Windows repair of XP pro with a Windows Home cd.

I must say, I agree with tomrca, maybe you should bite the bullet and after backing up your important data, reformat and reinstall from scratch.

I`m sorry I wasn`t able to solve your problem.

Regards Howard

This thread is for the use of Candy_girl only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

I figured formatting was the only way!

I'll try to though!

What are you talking about? you saved my computer and my life for that matter! I seriously would've died from panic if it wasn't for you. so I thank you sincerely Mr. Howard.

Take care.

Thankyou very much for you kind words.

I get very disappointed, if I can`t fix a problem and end up having to advise someone to reformat.

Hopefully once you`re done formatting etc, you won`t have anymore virus/spyware problems. However, if you do, please post in this thread.

Good luck.

Regards Howard

This thread is for the use of Candy_girl only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

You're very welcome! that's the least I could do!

Don't feel bad, even if we didn't solve the problem you still taught me loads of stuff I never knew before I feel smart because of you, now that's something right?!

I will don't worry!

Thank you very much.

Take care.

your right there, he's good at what he does, and nice bloke to boot!!

Hello remember me?

This time, I don't have a serious problem or anything but I was just scanning with hijackthis and I saw some weird object in the logfile.

The one that says bonjour something, I don't believe it's a valid program or something, right?

And as for my weird desktop problem, well it's still there! I'm sorry I couldn't format cause well, it will cost me too much.

Have HJT fix the following.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)

Other than the above, your HJT log is clean. However, you`re running an outdated version of HJT, see HERE for the latest version and post a fresh HJT log as per the instructions.

Regards Howard

This thread is for the use of Candy_girl only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

EDIT: whoops howard got to you first. I'll let him deal with this.

oh... if only i've seen what mr howard posted

bcuz now i got another problem. After i did like the previous poster told me and that is to delete all dll's in the log of "LSP-FIX", after i restarted the pc the windows firewall (security system) got disabled and everytime i try to enable it, it automatically disables it self so it resulted in having completley no access to the internet at all (not even by dial up)

should i just do what's on the lsp site that is to repair winsock file ?
Help please.

Yes, try repairing the winsock file and see if that helps. Then, post a fresh updated version of HJT as requested in my last post.

Regards Howard

This thread is for the use of Candy_girl only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

It worked! I finally got my connection back.

Thank you so much for everything, Mr. Howard.

I attached you the new log file

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

regperf.exe
dcomcfg.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\Policies\Explorer\Run: [wininet.dll] regperf.exe

O4 - HKLM\..\Policies\Explorer\Run: [dcomcfg.exe] dcomcfg.exe

O22 - SharedTaskScheduler: ecosystems - {af3fd9a8-1287-4159-9212-9a5b4494af70} - (no file)

O22 - SharedTaskScheduler: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - (no file)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

regperf.exe
dcomcfg.exe

Search your system for the above files and delete all instances found.

Reboot into normal mode and rehide your protected OS files.

Post a fresh HJT log.

Regards Howard

This thread is for the use of Candy_girl only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

Something wrong with my internet connection!

Ok, so today I restarted my computer and suddenly my connection isn't functioning right, sometimes I can access all sites and sometimes I can only access google.

And I was just checking my network places, I found this this located there;

Here's a screen shot of it; (see attachment)

Since I'm on LAN, I asked the man who has the router, if he installed any new routers or something, and he said no, and everything is still the same.

Could someone have possibly, installed this on my PC, or something? cuz the connection is acting really weird, it doesn't want me to access Yahoo, just google. I got here miraculously, through refreshing dozens of times.

Here's my hjackthis report, maybe there's something there!

Thanx in advance.

Hi,

Have HijackThis fix these entries:
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
Fix the O17 entries if you do not recognise the domain to be from your ISP.
O22 - SharedTaskScheduler: ecosystems - {af3fd9a8-1287-4159-9212-9a5b4494af70} - (no file)
O22 - SharedTaskScheduler: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - (no file)

I require you to post your AVG Antispyware and ComboFix logs in your next reply please. Please also run AVG Anti Rootkit via Step 11 of the instructions HERE. Let me know the results of the scan.

Regards,
Your friendly momok =)

This thread is for the use of Candy_girl only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

Hi, remember me?

Ok, so since yesterday my connection has been acting really weird - the pages don't fully load, msn disconnects, I can't download anything off rapidshare (it always tells me that my IP address is already downloading that file, which I'm not)

I connect to the internet via a USB modem. And up until yesterday everything was going fine.

I ran CCleaner and hijackthis (I've attached my logfile)

Please help!

hi candy girl.
yes there some problems there. go to the forum http://www.techspot.com/vb/topic58138.html follow the instructions, you may also cws shredder. unles you live in egypt there are a couple of IP's that need to be looked at.

Yes, I do live in Egypt. How did you know?

Yeah, I won't delete those IP items on my hijackthis!

no dont delete them. the IP address tells where it is from