Please post your HijackThis log as a reply to this thread and not as an attachment. Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ... I seem to be fighting a losing battle Spyware changed my proxy settings [SOLVED] Trojan-Clicker.Win32.Wistler.a Help Conime.exe Trojan or not? uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch uInternet Settings,ProxyOverride = *.local mSearchAssistant = hxxp://search.live.com/sphome.aspx BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper:

  3. The utility quarantines the infected MBR.
  6. Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xB7 0x88 0xDD 0xB8 ...
  8. md5: 71e276f6d189413266ea22171806597b 2011/06/10 10:47:05.0406 5368 sptd - detected LockedFile.Multi.Generic (1) 2011/06/10 10:47:05.0453 5368 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/06/10 10:47:05.0531 5368 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/06/10 10:47:05.0656 5368 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys 2011/06/10 10:47:05.0875 5368
Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 9/11/2008 3:57:10 PM System Uptime: 6/7/2011 12:10:43 AM (0 hours ago) . This tool searches your computer for suspicious programs and offers to remove them for you. C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft Jump to content Sign In Create Account Search Advanced Search section: This topic Forums Members Help Files Calendar View New Content Forum Rules BleepingComputer.com Forums Members Tutorials Startup List

If we have ever helped you in the past, please consider helping us. Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x09 0x9E 0xA1 0x98 ...

So I did the same and found that the machine had the following: 1 hidden file Virus.Win32.Rloader.a Rootkit.Win32.2Access.e Trojan.Clicker.Win32.Wistler.c Curing them one at a time.... Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spdf.sys hal.dll >>UNKNOWN [0x8A781938]<< c:\windows\system32\drivers\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver spdf.sys _asm { PUSH EBP; MOV EBP, ESP; JMP 0xfffffffff5d6dd9b; } Google redirects... Need Help. (Logs attached) Search Engine Re-direct Issue 2 issues: password not recognized and numbers appear instead of text Unremovable Trojan Causing Many Problems Reply to First Steps for Malware removal

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x09 0x9E 0xA1 0x98 ... If the utility detects an infection with the MBR bootkit, it will report the it has detected an infected object type “Physical drive” and prompt for action: Cure. Have a Trojan, and need help. http://yeahimadork.com/google-search/google-search-results-redirected-hijackthis-log-here.php Double click on RSIT.exe to run RSIT.

A reboot might require after the disinfection has been completed.

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x4D 0x14 0x07 0xCE ... Keyboard Issues/Repeat Issues on Virus Scan Google browser redirection to trojan containing sites Cannot remove TeamViewer5 Re-Directing virus problem computer is playing commercials im going nuts plz help ad.yieldmanager.com What to Think point pop ups BSOD 0xB7 boot sector virus help CPU usage consistently high Search engine hijack virus-guarantine loses internet Help! Cleared virus but computer not responding?

Any help would be greatly appreciated! or read our Welcome Guide to learn how to use this site. Please re-enable javascript to access full functionality. The utility starts scanning the system for malicious and suspicious objects when you click the button Start scan.

we can't advise anything until we see logs.http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865 0 Discussion Starter ssj4tim 5 Years Ago Okay here's the logs: Malwarebytes: Malwarebytes' Anti-Malware Database version: 6785 Windows 5.1.2600 Service Pack 3 ernestbd-8, Sep 29, 2011 #3 ernestbd-8 Thread Starter Joined: Sep 5, 2010 Messages: 14 Finally able to run these, logs below, (attach.txt is attached). I tried to run HJT and got the following message: For some reason your system denied write access to the Hosts file. To do this, click Start, Run and type: notepad C:\WINDOWS\System32\drivers\etc\hosts and press Enter.

C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt Please post back here with that log. 0 Discussion Starter ssj4tim 5 Years Ago Hi, thanks for the reply, I ran that scan and this is the log: 2011/06/10 10:46:21.0421 C:\DOCUME~1\ERNIE\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Internet Explorer\iexplore.exe[516] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) Redirecting Issues Fake Antivirus Email hijacked vista laptop having bad issues, possible rootkit StructuredQuery.log How do I delete antivirus8 from my laptop? Nothing works in normal mode, seems like trojan and worm attack, logs attached Browser Redirects Firewall Not Working Windows Won't Boot Redirect Virus..

