most of the pop-ups are advertising antivirus pro 2006... when i went on the internet, i got 2 little pop ups and 3 whole-screen pop ups advertising the antivirus

I dont see anymore problems in youre log but let Ewido have a go at it:


And do you have the SP2 popup blocker enabled?

In an I.E. window: tools>internet options>privacy

ok i wasnt able to do the scan in safemode because i needed to do something things in regular mode and the scan takes over 2 hours..so here is the scan and hjt log...i will run the scan tomorrow as well in safe mode and post the results...heres this so far:

Old log deleted.

This looks really bad

here is the hjt, the other reply was too long



Old log deleted.

I really apreciate all the help joe5 and the pchf team

Youre hjt log still looks clean , but the Ewido log shows it had problems deleting a PSguard infection.
Also it looks like you didn't turn of system restore , there are alot of infected files in there and you really should disable that to prevent reinfection untill youre clean:


WinXP.

1. Click the Start button.
2. Right-click My Computer, and then click Properties.
3. On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.

Then run Spysweeper to get rid of the PSguard infection:


Download and scan with Spysweeper from:
http://www.webroot.com/consumer/products/spysweeper (the trial link is on the right)


Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)
You will be prompted to check for updated definitions, please do so.
Click on "Options" > "Sweep Options" and check "Sweep all Folders on Selected drives".
Check "Local Disc C" and under "What to Sweep", check every box.
Click on "Sweep" and allow it to fully scan your system.
When the sweep has finished, click "Remove" to remove any items found.
Exit SpySweeper and reboot your computer.

NOTE: After Spysweeper has finishined and removed any items found, it is important that you exit and reboot your computer right away to ensure the infection is fully removed.

Also download and run these two:

http://www.bleepingcomputer.com/files/reg/smitfraud.reg

http://noahdfear.geekstogo.com/click...click.php?id=1


Then run Ewido again and post the log please.

sorry about the long wait

here is my ewido log from safe mode, as well as my new hjt log. There are two main problems right now. One, is that i get pop ups every time i go on the internet...right when i click it (home page is google) i get a pop up, and it is like a circut of different pop ups...they are all the same, just different ones, at different times. every couple minutes a pop up shows. The weird thing is that they act like web pages...it isnt just a little window in front of the web page im on, it has its own window, and i can click on it at the bottom of my screen where that "start" button is. They usually take up the whole screen and it slows down the computer when they are open. Sometimes i even get pop ups when im not on the internet. The second problem is that when i type a web adress in the adress bar at the top and hit enter, nothing happens...no loading bar at the bottom, no hourglass, its like i didnt hit enter at all. BUT, it will go to the website after a minute or two. However it goes there even if im on a different site. For example, i type in www.pchelpforum.com in the adress bar, hit enter, and nothing happens, so i just randomly decide to go to ebay, so i type it into the google search engine bar, hit enter, see the ebay hyper link, click it and look around on the site...after about 2 minutes, it will transfer me to www.pchelpforum.com after ive been looked at many different pages on ebay...its like the search in the beginning got saved, and transfered me after a certain amount of time, no matter where i was on the internet...this happens evertime...sorry about the long explanation...anyway here is my ewido and hijackthis log....


I also tried going into the registry manually and tried delteting the value HKLM\SOFTWARE\ShudderLTD and it says " Cannot delete ShudderLTD: Error while deleting key."


thankyou for all your help!

-Brent

Attached Files

hjt.log (6.3 KB, 0 views)

Im afraid it is still a PSguard infection on there , im gona repeat some things but if you follow these instructions then it should be gone , and you don't have to delete things manuall from the registry.

Did you also run Spysweeper and thoose other 2 files i posted?





Please download CCleaner
http://www.ccleaner.com/ccdownload.asp

Download Smitrem to your desktop
http://noahdfear.geekstogo.com/click...click.php?id=1

Run the installer and then press Start to Extract the
files to the desktop, Do not run it yet.

Download the trial version of Ewido Security Suite here

http://www.ewido.net/en/download/

Install ewido.

During the installation, under "Additional Options"
uncheck "Install background guard" and "Install scan via
context menu".
Launch ewido
On the left side of the main screen click update
Click on Start and let it update.
DO NOT run a scan yet.

Reboot into safe mode (Reboot and keep tapping F8 then
choose safe mode from the list)

Run SmitRem:

Open the SmitRem folder and double click the "RunThis.bat"
file to start the tool , Follow the prompts on
screen. Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of the drive that you ran the batch file on, eg; Local Disk C: or partition where your operating system is installed.

Please attach this log to your next reply



Next Run Ewido:

Under "How to scan" all boxes should be selected
Under "Possibly unwanted software" all boxes should be selected
Under "What to scan" select scan every file
Click OK, Complete system scan
Let the program scan the machine

NOTE:* We have been finding some cases of false
positives with the new version of Ewido, so you need to step through
the fixes one-by-one.* If Ewido finds something that you KNOW
is legitimate (for example, parts of AVG Antivirus, AOL, pcAnywhere
and the game "Risk" have been flagged.* In particular, watch for alerts
that have the word "Heuristic" in them - if you recognize the file name
as "friendly," these may actually be false positives) select "none" as the action.*

DO NOT check "Perform action with all infections."* If you are
unsure of an entry, select "none" for the time being.* We will see that
in the log when you post it later and let you know if ewido needs to be run again.

Once the scan has completed, there will be a button located on the bottom
of the screen named Save report.

Click Save report. Save the report to your desktop, exit ewido


Note:

If during your scan Ewido "crashes" or "hangs", please try scanning again.
Before running the scan, click on 'Scanner' (the 3rd bar from the top on the left)
and Choose 'Settings'. Uncheck 'Scan in NTFS Alternate Data Streams' as this can
cause problems in overly infected systems. Click 'OK' and run a new scan.

Then run Ccleaner to finish.

Finally reboot back into normal mode

You will need to reload your wallpaper as the SmitRem
tool will reset it, you can do this by right clicking
desktop and choosing properties, First check Theme and
set it to Windows XP then click the Desktop tab and
choose the one you want to use and press apply,

Now please post the Ewido log , the smitrem log (C:\smitfiles.txt) and a
new hijackthis log.