Ok I'm new so I'm going to explain this the best i can then i will post the hijack this log file...please help if you can


I look at my processes that are running and i see WEIRD .exe files running under system32 and "john"...files are like jkhsfjhd.exe tixxixr.exe (these are examples...every time i reboot they CHANGE NAMES) I then restart in safe mode....run all the cleaners i have ranging from avast,spy bot,a-squared,spy counter, many others that i would just download to use the scan...I then find Trojans like "Virtumonde.dcc" , "Virtumonde" , "Adware.win32.virtumode.aps" , "Troj.Tiny.en". these files are all found and deleted. upon reboot i ran a scan before boot with avast and deleted more Troj.Tiny.exe files and then i continue to restart and look at processes and still see wired files like jlkhsfka.exe htlidsj.exe and then i restart and run all the things (cleaners) again and they find all the same problems that i deleted and i don't understand what keeps making these files pop back up. so here is my last option before a full reinstall.

some notes
system restore has always been shut off on my computer,so i cant just restore.

When i reboot in safe mode it says click yes to continue or no to do a system restore, if i chose yes i don't get a start button or desktop icons. I must choose NO and then not restore (no spots to restore since i shut it off) safe mode then works fine..

So the problem is not stopping the process,not deleted the Trojans i find that run these process, but finding what makes these Trojans run and stop the MAIN item then kill all the others problems after that. Again i hope i explain this well and hope you all can help in anyway.

Attached Files

	Winpatrol.txt (28.6 KB, 1 views)
	HiJAck.txt (3.8 KB, 0 views)

Welcome to PCHF - moved to HJT logs for analysis.

Em i doing something wrong? i have posted two threads and now one has responded at them at all...I look at all these other forums I see how people respond right away.....so how can i fix this?

Hi I will have a look at them for you I must have missed them

Hello Sniffer, and sorry for the delay.

I have merged one thread here, and deleted the other one. We like to keep things neat here.


Please download VundoFix.exe
to your desktop.

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please attach C:\vundofix.txt and a new HiJackThis log in your new reply.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.

thanks but i found another fix, i was reading other threads and found a program called SUPERantispyware. This program detected the hack like others but it also deleted it!!! YEAH! thanks for your help.....

PS
I ran the vundoFix just in case and it came up clean . thanks again

Great. You may like to read the Prework for tips on keeping your computer clean and secure:http://www.pchelpforum.com/hijackthi...afterwork.html

Good luck, and safe surfing.