Hey, helping a friend wiht her computer, ran the scans and including some other info for help.

Attached Files

	mbam-log-2008-10-08 (14-55-51).txt (4.2 KB, 1 views)
	mbam-log-2009-02-05 (18-49-05).txt (856 Bytes, 1 views)
	mbam-log-2009-02-28 (15-02-50).txt (857 Bytes, 1 views)
	mbam-log-2009-08-30 (16-22-36).txt (913 Bytes, 2 views)
	mbam-log-2009-08-30 (16-22-10).txt (892 Bytes, 2 views)

These are just malware bytes scans...
I'll assume you are having trouble with malware,
In that case, you should follow this,
http://www.techspot.com/vb/topic58138.html
And post all the logs when complete.
We'll do our best from there.

some more logs

The registry were things that the Ccleaner found problems with in the registry cleaner. Also is there a way to get a log of all the programs that are in the msconfig:Startup that i can show you guys and get some help on things to get rid of.

Thanks for any help you can give.
Chronus

PS:
Sorry, last time i posted the person asked for all the previous logs and so i thought i would get them all in now instead of when i get back.

Attached Files

	SUPERAntiSpyware Scan Log - 08-30-2009 - 18-04-53.log (465 Bytes, 3 views)
	hijackthis.log (14.6 KB, 4 views)
	registry.txt (98.5 KB, 2 views)

And yes, i did complete the 8 steps before posting any of the logs.

THe following should be removed using HiJackthis!

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: (no name) - {C378F1A7-F2D3-46BB-95F5-58979019EDB7} - (no file)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

Download and install this, http://technet.microsoft.com/en-us/s.../bb896653.aspx, open it and click save as in the file menu, post the log file, between that and the hijack log, we should be able to eliiminate quite a bit.

kk fresh hijack this and other log

Attached Files

	hijackthis aug 30b.txt (14.2 KB, 3 views)
	Procexp.txt (3.6 KB, 2 views)

I don't know if you'd be interested in these, but after i did the scans you recommended i did a scan with spybot search and destroy and these are what is in the log folder, it fixed 13 things. (this was before the fixes with the hijack this and the explorer)

Attached Files

	Checks.090830-2009.log (1.2 KB, 2 views)
	Checks.090830-2023.txt (3.2 KB, 3 views)
	Fixes.090830-2049.txt (3.2 KB, 3 views)

This is only "sorta" spyware. There are a couple processes initiated by Realtek Audio, it phones home, but isn't harmful, At least I'm guessing that, if it's in the "Realtek" program folder, it's good. You can disable this from running at startup with the Spybot S&D that's already installed on the machine. Use Spybot in "advanced" mode , expand "tools" then click on "system startup", every process running at startup is explained, and can be shut down. The eliminates the need to run "msconfig" to control startup programs and processes.

The "wild tangent" is a big problem ands needs to be fixed.

In the future, (after the cleanup), you should either use CCleaner, or configure Firefox to eliminate the "tracking cookies" The CCleaner finds them almost instantly, rather than doing lengthy scans with an anti-spyware program. Firefox will dump the cookies upon exiting the program when correctly configured. Thus; "tools" > "options" > "privacy", then set keep cookies "until I close Forefox" and you can also set "clear history when I close Firefox". It's almost like you were never there, but be prepared to renter your password at Techspot when you return.

That one is a legit BHO, relating to Microsoft Money.

What did you use to research those entries strategic?

This one is part of the AVG antivirus, even though it says 'no file' it doesn't necessarily mean just that.

You are getting them to remove legit files

O4 - HKLM\..\Run: [NI.UGA6P_0001_N122M2210] "C:\DOCUME~1\Owner\LOCALS~1\Temp\install_en.exe"

Looks very suspicious in your last Hijackthis log. Legitimate programs generally do not run from a Temp folder.

You should remove that entry using Hijackthis - place a check on the item and allow hijackthis to remove it.

Hope that helps.
Zyldar

Multiple antivirus programs, Foistware, P2P> all will cause vulnerabilities and malware.


Zydlar, you don't have a user remove an entry because "Looks very suspicious in your last Hijackthis log." You find out what it is-then act appropriately.

That's a good point. The program can be disabled using MSConfig or you can backup the registry entry first prior to removing it. If you later determine that you need the program running on bootup, you can simply re-enable it using MSConfig.

If you need details on backing up the Registry or using MSConfig, please leave a post here.

Hope that helps.
Zyldar

Ok, i'm geting so much information. so can one person tell me what to do.

Also, is there anything i can do about periodic lag spikes that kills anything that is running at the time, or am i SOL?

Yes, you can get rid of the malware. This requires an orderly process, with the programs laid out, followed by the logs which are then reviewed.

There are no trained malware helpers on TechSpot at this time. And it gets pretty hard on someone with a problem to be given a lot of different suggestions!

See Tech-101. Follow the steps in the preliminary removal, post the logs. They will be reviewed by trained malware helpers.

I am very sorry for your frustration.

Its alright, I've been getting excellent help from here for years now and i greatly appreciate it. I'm also in the prosses of updating drivers right now as well as a game crashed the computer at a specific point. but that for a different topic. I'll take a look at the tech-101 when i get the chance, thanks.