For some strange reason I can't use the task manager. Once I bring it up and try to access different programs under the processes tab nothing happens. The portion of the window that shows the tasks is browned out for some reason instead of the normal white background. Here is a link to a screenshot that I took.

http://img463.imageshack.us/img463/6...lockout1ev.png

Added to that, a lot of strange programs that I have never seen before keep requesting internet access. It seems like a totally new one is requesting access ever time I start windows. Here are some examples of file that I spotted.

C:\Program Files\qspiqj.exe
C:\WINDOWS\system32\tlgnbihispz.exe
C:\WINDOWS\system32\acecfd.exe
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
C:\abyacou.exe
C:\WINDOWS\system32\nuwkbqfchknm.exe

rdxsfaytnrfxx.exe

Can help me..........please?

Attached Files

	hijackthis.log (6.5 KB, 2 views)
	Spy Sweeper Session Log.txt (3.1 KB, 0 views)

Hi PC Love & Hate,

Welcome to the PC Help Forum.

Could you please run through the instructions in the prework link in my signature and post both logs?

This is just our standard way of saying 'hi' to any malware that might be hanging out on your drives.

Our security guys are out getting new cans of RAID and will be able to help you out when they come online.

But I did follow the instruction from the prework link and posted both my HiJackThis! log and my Spy Sweeper log before creating this topic. Did I attach it wrong?

Attached Files

	hijackthis.log (6.5 KB, 1 views)
	Spy Sweeper Session Log.txt (3.1 KB, 1 views)
	Scan report_20060523.txt.txt (952 Bytes, 1 views)

Hya PC L&H.

I think double_a_ron overlooked the attached logs somehow.

First run Ewido again and let it fix what it finds this time , then boot in safemode (hit f8 when booting up) and then fix these with hjt:

Manually delete the files in bold , reboot , and post a new hjt log please.

Finally, some progress. I am now able to access the processes in task manger. The bad news, I was unable to do the following -

Find the following while running HJT in safe mode:
O4 - HKLM\..\Run: [_`UP_Z] C:\WINDOWS\system32\kidtr.exe
O4 - HKLM\..\RunServices: [_`UP_Z] C:\WINDOWS\system32\kidtr.exe

Delete the following files:
O4 - HKLM\..\Run: [_`UP_Z] C:\WINDOWS\system32\kidtr.exe
O4 - HKLM\..\Run: [mhhJaNg[n^uN] C:\WINDOWS\system32\acecfd.exe
(I was unable to find them in the system32 folder with hidden folders option turned on.)

I attached the new HJT log file.

Attached Files

hijackthisb.log (6.4 KB, 1 views)

Looks like Ewido already took care of that kidtr.exe worm , and to make sure the other file is gone:

- Open HijackThis, click Open the Misc Toos section, then click Delete a file on bootup
- a window will open
- Type or copy/paste in the window: C:\WINDOWS\system32\acecfd.exe
- Click Open
- A prompt will appear advising you that the file will be deleted and asking if you want to reboot now
- Click Yes
- Your computer will now reboot.

Do you still have any problems with youre pc?

Everthing looks like it's back to normal. I can now access the task manager and no strange programs ask for internet access upon startup. I just have some follow up questions.

I'm still seeing a record of some strange programs in the program control tab of Zone Alarm. Can I delete them from Zone Alarm and use the HijackThis "Delete a file on bootup" feature to make sure that they are removed from the system?

Are my files safe? I have them on another partition (D), I just need to make sure that they are unaffected before I back them up.