Virus And Spyware Troubles Please Help

Ok I need HELP Really bad Bitdefender is not helping me My dad gave this copy of the new bitdefender that came in the mail to me to put on my laptop and the program is having problems it's not getting rid of any of my viruses my computer is going really slow like it's a 166 mhz my task manger has been disable somehow and i can get it back. the laptop is suffer major lag when do anything even when not on the internet. My explorer.exe for windows crashes a lot so i am unable to get to my programs bitdefender keeps saying a virus has infected your computer but it was stop and quarantined but it keeps coming back and when i run a scan it says the computer is fine but those alerts keep poping up saying my computer is protected why isn't bitdefender working to stop the viruses please help me with this problem it is becoming unbearable. here are some of the virus name that i know of there are many more infecting my computer because i get alerts every 2 seconds.


Trojan.downloader.VBS.BL


many diffrent Trojan.Vundo.'s


Downloader Zlob HBK


Downloader Zlob HVG


PLEASE HELP ME ANYONE WHO CAN FIX MY PROBLEM I'm Pulling out me hair here please help me

Comments

  • Download Hijackthis from this link. Install, Run it and do a System Scan with Log and post it on your next reply.

  • Logfile of Trend Micro HijackThis v2.0.2


    Scan saved at 7:43:46 AM, on 4/13/2008


    Platform: Windows XP SP2 (WinNT 5.01.2600)


    MSIE: Internet Explorer v7.00 (7.00.6000.16640)


    Boot mode: Normal


    Running processes:


    C:\WINDOWS\System32\smss.exe


    C:\WINDOWS\system32\winlogon.exe


    C:\WINDOWS\system32\services.exe


    C:\WINDOWS\system32\lsass.exe


    C:\WINDOWS\system32\svchost.exe


    C:\Program Files\Windows Defender\MsMpEng.exe


    C:\WINDOWS\System32\svchost.exe


    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe


    C:\Program Files\Alwil Software\Avast4\ashServ.exe


    C:\WINDOWS\system32\spoolsv.exe


    C:\WINDOWS\system32\svchost.exe


    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe


    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe


    C:\WINDOWS\system32\ctfmon.exe


    C:\WINDOWS\system32\igfxtray.exe


    C:\WINDOWS\system32\hkcmd.exe


    C:\WINDOWS\AGRSMMSG.exe


    C:\Program Files\Apoint2K\Apoint.exe


    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe


    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe


    C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe


    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe


    C:\Program Files\Windows Defender\MSASCui.exe


    C:\Program Files\Apoint2K\Apntex.exe


    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe


    C:\Program Files\HPQ\SHARED\HPQWMI.exe


    C:\Program Files\Windows Live\Messenger\usnsvc.exe


    C:\Program Files\Alwil Software\Avast4\ashSimpl.exe


    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe


    C:\WINDOWS\explorer.exe


    C:\Program Files\Mozilla Firefox\firefox.exe


    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896


    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080


    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local


    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll


    O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll


    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll (file missing)


    O3 - Toolbar: (no name) - {C1F8FB79-B761-498B-AACE-AEDC997D1C3D} - (no file)


    O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe


    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe


    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe


    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe


    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"


    O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r


    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime


    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start


    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe


    O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"


    O4 - HKLM\..\Run: [ChangeResolution] C:\hp\bin\ChangeResolution.exe


    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe


    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe


    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide


    O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray


    O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe


    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe


    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe


    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background


    O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"


    O4 - HKLM\..\Policies\Explorer\Run: [z10P6vgY0q] C:\Documents and Settings\All Users\Application Data\mlgfulkp\gpuzifkr.exe


    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe


    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE


    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000


    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll


    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll


    O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll


    O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll


    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL


    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)


    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)


    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop


    O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/...ad/tgctlins.cab


    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab


    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.jetsetpoker.com/setup.exe


    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab


    O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll


    O21 - SSODL: qdnkewfa - {4D72D2F8-0A6A-4C37-A8B9-2E2CD91D1403} - C:\WINDOWS\qdnkewfa.dll


    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe


    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe


    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe


    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe


    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe


    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe


    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe


    O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)


    --


    End of file - 7837 bytes


    I got rid of bit defender and my computer started running faster an put avast pro 4.8 i think bitdefender was part of the problem with the virues also i know i had a virus that was disabling the task manger after i did some research. The Bit defender encyclopedia is missing a lot of virus's. I was able to go to the reg and re enable the task manger i also had to delete bitdefender from the reg since it would delete for the os i think i still have virus but not sure i have been spending all my time since Saturday trying to fix this. I think i have made head room if you see anything in the log your help would be greatly appreciated as im sick of dealing with these viruses


    Thank you

  • Ok I need HELP Really bad Bitdefender is not helping me My dad gave this copy of the new bitdefender that came in the mail to me to put on my laptop and the program is having problems it's not getting rid of any of my viruses my computer is going really slow like it's a 166 mhz my task manger has been disable somehow and i can get it back. the laptop is suffer major lag when do anything even when not on the internet. My explorer.exe for windows crashes a lot so i am unable to get to my programs bitdefender keeps saying a virus has infected your computer but it was stop and quarantined but it keeps coming back and when i run a scan it says the computer is fine but those alerts keep poping up saying my computer is protected why isn't bitdefender working to stop the viruses please help me with this problem it is becoming unbearable. here are some of the virus name that i know of there are many more infecting my computer because i get alerts every 2 seconds.


    Trojan.downloader.VBS.BL


    many diffrent Trojan.Vundo.'s


    Downloader Zlob HBK


    Downloader Zlob HVG


    PLEASE HELP ME ANYONE WHO CAN FIX MY PROBLEM I'm Pulling out me hair here please help me


    I picked up Trojan Vundo.dvs The computer was blinking badly when I got it. I restored the computer to the day before and it is working fine. It can not be this easy, the virus most still be in my computer.

  • Run Hijackthis again, check and fix the following:


    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080


    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local


    O3 - Toolbar: (no name) - {C1F8FB79-B761-498B-AACE-AEDC997D1C3D} - (no file)


    O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll


    O4 - HKLM\..\Policies\Explorer\Run: [z10P6vgY0q] C:\Documents and Settings\All Users\Application Data\mlgfulkp\gpuzifkr.exe


    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)


    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)


    O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll


    O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll


    O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll


    O21 - SSODL: qdnkewfa - {4D72D2F8-0A6A-4C37-A8B9-2E2CD91D1403} - C:\WINDOWS\qdnkewfa.dll


    O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

  • Kage
    edited April 2008

    I ran highjackthis again here the new log tell me if you see anything and thanks for your help.


    Logfile of Trend Micro HijackThis v2.0.2


    Scan saved at 5:07:39 PM, on 4/13/2008


    Platform: Windows XP SP2 (WinNT 5.01.2600)


    MSIE: Internet Explorer v7.00 (7.00.6000.16640)


    Boot mode: Normal


    Running processes:


    C:\WINDOWS\System32\smss.exe


    C:\WINDOWS\system32\winlogon.exe


    C:\WINDOWS\system32\services.exe


    C:\WINDOWS\system32\lsass.exe


    C:\WINDOWS\system32\svchost.exe


    C:\Program Files\Windows Defender\MsMpEng.exe


    C:\WINDOWS\System32\svchost.exe


    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe


    C:\Program Files\Alwil Software\Avast4\ashServ.exe


    C:\WINDOWS\system32\spoolsv.exe


    C:\WINDOWS\system32\svchost.exe


    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe


    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe


    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe


    C:\WINDOWS\Explorer.EXE


    C:\WINDOWS\system32\ctfmon.exe


    C:\WINDOWS\system32\igfxtray.exe


    C:\WINDOWS\system32\hkcmd.exe


    C:\WINDOWS\AGRSMMSG.exe


    C:\Program Files\Apoint2K\Apoint.exe


    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe


    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe


    C:\Program Files\QuickTime\QTTask.exe


    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe


    C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe


    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe


    C:\Program Files\Windows Defender\MSASCui.exe


    C:\Program Files\Apoint2K\Apntex.exe


    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


    C:\WINDOWS\system32\rundll32.exe


    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe


    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe


    C:\Program Files\DNA\btdna.exe


    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe


    C:\Program Files\HPQ\SHARED\HPQWMI.exe


    C:\Program Files\Windows Live\Messenger\usnsvc.exe


    C:\PROGRA~1\Mozilla Firefox\firefox.exe


    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896


    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll


    O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll


    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll (file missing)


    O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe


    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe


    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe


    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe


    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"


    O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r


    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime


    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start


    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe


    O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"


    O4 - HKLM\..\Run: [ChangeResolution] C:\hp\bin\ChangeResolution.exe


    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe


    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe


    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide


    O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray


    O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe


    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe


    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe


    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background


    O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"


    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe


    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE


    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000


    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll


    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll


    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL


    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop


    O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/...ad/tgctlins.cab


    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab


    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.jetsetpoker.com/setup.exe


    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab


    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe


    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe


    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe


    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe


    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe


    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe


    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe


    O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm


    --


    End of file - 6888 bytes


    I'm pretty sure that O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm is a trojan or malware agent but it keeps coming back i gonna see if i can delete it then run a new scan


    Edit: ran new highjackthis


    Logfile of Trend Micro HijackThis v2.0.2


    Scan saved at 5:19:41 PM, on 4/13/2008


    Platform: Windows XP SP2 (WinNT 5.01.2600)


    MSIE: Internet Explorer v7.00 (7.00.6000.16640)


    Boot mode: Normal


    Running processes:


    C:\WINDOWS\System32\smss.exe


    C:\WINDOWS\system32\winlogon.exe


    C:\WINDOWS\system32\services.exe


    C:\WINDOWS\system32\lsass.exe


    C:\WINDOWS\system32\svchost.exe


    C:\Program Files\Windows Defender\MsMpEng.exe


    C:\WINDOWS\System32\svchost.exe


    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe


    C:\Program Files\Alwil Software\Avast4\ashServ.exe


    C:\WINDOWS\system32\spoolsv.exe


    C:\WINDOWS\system32\svchost.exe


    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe


    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe


    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe


    C:\WINDOWS\Explorer.EXE


    C:\WINDOWS\system32\ctfmon.exe


    C:\WINDOWS\system32\igfxtray.exe


    C:\WINDOWS\system32\hkcmd.exe


    C:\WINDOWS\AGRSMMSG.exe


    C:\Program Files\Apoint2K\Apoint.exe


    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe


    C:\Program Files\QuickTime\QTTask.exe


    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe


    C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe


    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe


    C:\Program Files\Windows Defender\MSASCui.exe


    C:\Program Files\Apoint2K\Apntex.exe


    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


    C:\WINDOWS\system32\rundll32.exe


    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe


    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe


    C:\Program Files\DNA\btdna.exe


    C:\Program Files\HPQ\SHARED\HPQWMI.exe


    C:\Program Files\Windows Live\Messenger\usnsvc.exe


    C:\PROGRA~1\Mozilla Firefox\firefox.exe


    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896


    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll


    O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll


    O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe


    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe


    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe


    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe


    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"


    O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r


    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime


    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start


    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe


    O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"


    O4 - HKLM\..\Run: [ChangeResolution] C:\hp\bin\ChangeResolution.exe


    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe


    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe


    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide


    O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray


    O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe


    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe


    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe


    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background


    O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"


    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe


    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE


    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000


    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll


    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll


    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL


    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop


    O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/...ad/tgctlins.cab


    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab


    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.jetsetpoker.com/setup.exe


    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab


    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe


    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe


    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe


    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe


    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe


    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe


    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe


    --


    End of file - 6402 bytes


    here's the newest log and thanks for all your help it is greatlyappreciated chesda your help is superb the computer already starting to run faster thanks and if you see anything in the new log tell me. Thanks Again

  • Chesda
    edited April 2008

    Thats good to hear your PC is running faster now.


    I analyzed your logs and it appears WOT.dll keeps coming back. This is a type of malware that hangs itself onto your web browser.


    Follow these steps to get rid of it:

    • Start -> All Programs -> Accessories -> System Tools -> Open Internet Explorer (Without Add-Ons)
    • Tools menu - > Internet Options -> Programs tab -> Manage Add Ons
    • Search and find wot.dll in the files column and delete
    • Run Hijackthis and fix WOT.dll.


    If the above does not work, locate C:\Program Files\WOT and delete the contents inside and fix it on Hijackthis.


    Other than the WOT.dll entry, your log seems fine.


    So could you please do another deep system scan and let it delete what it detects. Also, it would be helpful if you state what are the problems with your computer and are there still pop ups alerting you have a virus?