i really need help! i have used all kinds of virus programs, tools, etc, as well as adware and spyware. i have all kinds of processes running, many of which look suspicious. i find viruses, and then i can’t get rid of them. any suggestions???
kitkatkagy
Welcome to the forum.
Please help us help you.
What version of Avast! are you using
What vps version?
What OS?
What exactly is the error message? (If you are getting one.)
etc. etc.
thanks so much!!! i think i am answering your questions right!!!
avast 4.1 home
vps 0436-4as
i just downloading it all yesterday and keep checking for updates.
i run xp.
it always finds viruses, but will say not able to access.
i just used the hijacker thing, and then checked it with the online checker, and fixed some stuff that way. any other ideas?
kitkatkagy,
it always finds viruses, but will say not able to access.Avast! can't access files when they are in use by the system. To get rid of them, you need to run a Boot time (F8) scan. Click on Shortcuts For ALL in my signature for many helpful links. Let us know how you make out.
thanks so much for your help, i had already been checking out your shortcuts!!!
i will run bootscan asap.
i also noticed when i ran hjt, then checked the results on line, it indicated that most were ok, however some looked suspicious to me particularily the one with lsass in it!) any suggestions on that? i have inserted them below for tyou to see.
thanks.
Logfile of HijackThis v1.98.2
Scan saved at 5:22:15 PM, on 04/09/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\BRMFRSMG.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\taskmgr32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cleanmgr.exe
C:\Documents and Settings\Kathy\Desktop\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.com/NewsStand/EdmontonSun
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.com/NewsStand/EdmontonSun
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM..\Run: [VTPreset] VTPreset.exe
O4 - HKLM..\Run: [Cryptographic Service] C:\WINDOWS\System32\zefsxie.exe
O4 - HKLM..\Run: [Task Manager] C:\WINDOWS\SYSTEM32\taskmgr32.exe 1
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKCU..\Run: [SpySweeper] “C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe” /0
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
Log is looking good except for a few things
Any idea what these are? If not, disable system restore, reboot and remove them. If after removing something stops working let us know.
O4 - HKLM..\Run: [Cryptographic Service] C:\WINDOWS\System32\zefsxie.exe
C:\WINDOWS\System32\BRMFRSMG.EXE
When you have removed them, run a boottime scan and see if the problem is solved.
And you need to do www.Windowsupdate.com
(especially your IE is not uptodate…)