TaskMnger, Commnd Prompt, Registry, and other things not working

[maness112002]

Just recently all of these things have stopped working. i did have a virus on my computer and I deleted it through my Ez Antivirus, but somehow it is still on the computer. I keep getting this popping up as well, Kazaa Processld "2184" File "C:/Windows/system32/p2pnetworking.exe", I have never had Kazza on my computer. I keep getting ride of it, but it's always back on my computer. Whatever is going on is also interfering with my internet as well, I might have internet and the next minute it shows that I don't even have internet. I also bought Sims 2 and installed it on my computer and it said installation completed and I ran the program but it never came on. I know that something has attached itself and is messing up my comnputer. Please haelp asap. I have been in a slow labor for a few days and I will be going to the hospital tomorrow or Sunday to give birth. I plan on taking my computer to help pass time and I would love to be able to play Sims. I'll attached my latest scans.

 

[howard_hopkinso]

Your system is infected with several nasties.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the AVG Antirootkit scan.

Regards Howard

This thread is for the use of maness112002 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[maness112002]

comnputer problems

I finished all the steps, it took almost 24 hrs, everything ran so slow, which is not normal. Hope this will help you to help me fix the problems.

 

[howard_hopkinso]

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

userinit.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: (no name) - {31EDB69A-2555-59F7-226D-75B26C6D8B96} - (no file)

O2 - BHO: (no name) - {31EEB692-7756-5FD7-7361-0FB21D6E84CE} - (no file)

O2 - BHO: (no name) - {38B8B695-2253-08A3-776D-75B26C6D8B96} - (no file)

O2 - BHO: (no name) - {39EDEC9B-740E-08A7-246D-75B26C6D8B96} - (no file)

O2 - BHO: (no name) - {3BE8EE92-2253-08A4-776D-75B26C6D8BC5} - (no file)

O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\ICROSO~1\userinit.exe" -vt yazb

O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://www.help.rr.com/Foundrysdccommon/download/tgctlar.cab

O16 - DPF: {0645D7F3-C20E-4E0B-A545-557527497C0B} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1d/www.nielsennetpanel.com/netmeter4_6/NetMete r_preinstaller_activex_en_4.70.21.0_MEGAPANEL_USA.cab

O16 - DPF: {8401528F-C7D8-446D-8A01-F8DA9491FBB1} (DcaDiagCtrl Class) - http://www.consumerinput.com.edgesuite.net/bot/BotCtrl.cab

O16 - DPF: {87587503-20F0-4FF5-8DA3-0116C4C03FDC} (vmLaunch Class) - http://www.vibephone.com/vm/vmdata/download/1007-RoadRunner/vmLauncher.cab

Fix all 018 Protocol: entries.

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\WINDOWS\ICROSO~1<Delete the entire folder.

Reboot into normal mode and rehide your protected OS files.

Post a fresh HJT log and let me know how your system is running.

Regards Howard

This thread is for the use of maness112002 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[maness112002]

stiill problems

Windows is still taking a while to start up. I keep getting the same message while Windows is starting, Generic Host Process for Win32 Services has encountered a problem and will shut down. I use the firewall that is already on my computer, and even it doesn't work properly all the time. I'm also having problems still with the internet, I have to reset the modem everytime I want to get on and some times it takes several tries. How can I fix the registry problems, when Dell diddn't send me the Windows XP cd that was suppose to come with my computer.

 

[howard_hopkinso]

Post a fresh HJT log as requested.

Regards Howard

This thread is for the use of maness112002 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[maness112002]

HJT log

I also forgot to meantion that the computer doesn't always read that I even have a sound card. I did go to Dell and reinstall some of the programs.

 

[howard_hopkinso]

Your HJT log looks clean. However, you need to rename the HijackThis.exe file as per the instructions in this thread HERE, then post a fresh HJT log.

Regards Howard

This thread is for the use of maness112002 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[maness112002]

computer acting up again

My computer keeps giving my Win32, iexplorer, and a few other error messages. I haven't been getting on the internet as much since the last incident. I have kept the programs on my computer from last time and I continue using them. I'm still having problems with my computer reading the sound cound, I even reinstall it from Dell's website and it works and them in the middle of me using Real are even playing a game I get an error message saying that I have no sound device istalled on the computer, I go and check and there is a sound device istalled on the computer. What is the world is going on with my computer. HELP me please.

 

[howard_hopkinso]

Please post fresh AVG Antispyware, Combofix and HJT logs.

Regards Howard

This thread is for the use of maness112002 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[maness112002]

here are the logs

Here are the log files.

 

[howard_hopkinso]

You`re running an outdated version of HijackThis. See HERE for the latest version.

I`d like you to have some files checked out over at Jotti`s.

Please visit this link http://virusscan.jotti.org/
* Click the Browse... button
* Navigate to the following file C:\WINDOWS\system32\gdf.bat
* Click Open
* Then do the same for the following files. C:\WINDOWS\system32\yyd.bat and C:\WINDOWS\system32\taskkill.exe
* Please let me know the results.

1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

2. Download the attached avengerscript.txt and save it to your desktop

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by double clicking on its icon on your desktop.

Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the file you have just downloaded, click on it and press open
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh HJT log.

Regards Howard

This thread is for the use of maness112002 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[maness112002]

New logs

Here are the new logs that I have ran.

 

[howard_hopkinso]

I`d like you to have some files checked out over at Jotti`s.

Please visit this link http://virusscan.jotti.org/
* Click the Browse... button
* Navigate to the following file C:\WINDOWS\system32\gdf.bat
* Click Open
* Then do the same for the following files. C:\WINDOWS\system32\yyd.bat and C:\WINDOWS\system32\taskkill.exe
* Please let me know the results.

You haven`t told me what the results were for the Jotti scan. Please do so in your next reply.

Your HJT log is clean.

Regards Howard

This thread is for the use of maness112002 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[maness112002]

Jotti Scan

Sorry I knew I had forgoten something.

The gbt.bat was ok, but the yyd.bat came back with one something found. It read Norman Virus found BAT?Smalltroj.MKK. The taskkill.exe said it could not run the process, it said there may be a firewall or a piece of malware prohibiting me from uploading the file.

 

[howard_hopkinso]

Ok, run the Avenger again, but use the script file below and post the Avenger log.

Regards Howard

This thread is for the use of maness112002 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[maness112002]

New scan

Here is the report for the new scan.

 

[howard_hopkinso]

That`s fine mate.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of maness112002 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[maness112002]

My mom's computer has been having alot of the same problems as mine was. But, her computer takes forever to load and sometimes even freezes and will pop up all these error messages. I followed the same directions that I used for my computer. Can you take a look at the log's that I saved for my mom's computer and let me know if anything is there and it shouldn't. Thank you.

 

[howard_hopkinso]

Your mom has an awful lot of junk running and that`s one of the reasons it`s so slow.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Delete all files in AVG Antispyware quarantine.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

SearchSafe

Close control panel.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O3 - Toolbar: SearchSafe - {51CE7A05-9C90-433b-8BEC-73973997F6F2} - C:\Program Files\SearchSafe\searchsafe.dll

O4 - HKLM\..\Run: [BellSouthAlertManager.exe] C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe

O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no file)

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://pbells.broadjump.com/wizlet/BellSouth53/static/controls/WebflowActiveXIn staller_3-0-0.cab

O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iWonPMSetup_12_1,0,2,5.exe

O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/Coupons.cab

O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab

O16 - DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B} (Download Class) - http://expressit.broderbund.com/plugin/Download.cab

O16 - DPF: {CAFECAFE-0013-0001-0013-ABCDEFABCDEF} (JInitiator 1.3.1.13) - https://star.state.tn.us/jinitiator/jinit.exe

O16 - DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF} (JInitiator 1.3.1.28) -

O16 - DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} - http://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActive XInstaller_4-2-0.cab

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\SearchSafe<Delete the entire folder.

Reboot into normal mode and rehide your protected OS files.

Go HERE and follow the instructions for speeding up your moms computer.

Post a fresh HJT log when done.

Regards Howard

This thread is for the use of maness112002 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[maness112002]

Hi again. I have been working on my friends computer. It has been running really slow, she has things going on she doesn't understasnd. So I decided to run the same programs I ran on my computers and my mom's. I am attaching the log files, so if you can look over them and tell me what I can do to fix her computer, that would be great, thanks.

 

[howard_hopkinso]

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZUxdm082YYUS

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -

O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/GSK/Coupons.cab

O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://www.sonypictures.com/games/bewitched/main.cab

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\VundoFix Backups
C:\Qoobox

Reboot into normal mode and rehide your protected OS files.

Go HERE and follow the instructions in Step6/step9/Step11/Step12.

Post a fresh HJT log as well as an AVG Antispyware log.

Let me know the results of the Panda Antirootkit scan.

Regards Howard

This thread is for the use of maness112002 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[maness112002]

I have been having some problems with my new computer. I did everything as instructed to do before, except this time alot of the stuff would not download are just not work. I am attaching the log files I was able to get, the AVG Spyware and AVG Anitrootkit were two of the non working items.