Hi, I'm having trouble getting rid of some stuff that has invaded my computer. I run my ad-aware se and my spybot often and even in safe mode but It keeps returning.
I have Avast, which I'm not sure I like too much yet, it takes all night and part of the morning to scan my computer!
Spybot has recently found deal helper, desk wizz, virtual bouncer and winsecure, which were removed. Should I purge the folder that they go into??
Adaware found a tracking cooking 2o7.net, which seems to keep coming back. Every time I open my explore folder I get several microsoft pop ups even after I remove the items that show up in the above.
Avast recently found a alwil software, and some win virus, which was moved to the virus vault....should those be deleted from there as well??
I tried to install and run hijack this, installed it to its own folder in programs but when I click on it I get an error "unexpected error" and it wont open
I'm not sure where to go from here

Thanks for reading about my U G L I E S !! lol

I can answer a part of your questions. Anti-virus and anti-syware applications will move the infections they find into quarantine, where they cannot do further damage, but can be retrieved if needed. If, after a couple of days, you do not experience any problems, then the quantined files can safely be deleted.

Tracking cookies are perhaps the least serious of problems. Most browsers will have settings that will require your permission before allowing a cookie to be set on your hard drive. If possible, review the information about the cookie and you may be able to determine the site that sets it.

Delete the current holder with HJT, and re-download it. Are you following the instructions in the HJT Preparation Guide?

Hope this helps,
Regards,
John

To add to what John said, delete your temp files. Many things reinstall from there. Go to Start -> Run and type:

%temp%

and in the resulting folder that opens, you need to set it to be able to see all items. In Windows ME, go to tools -> Folder Options and click on the View tab. Uncheck "hide protected operating system files" and check "view hidden files." For Windows 98, go to the View choice, then the View tab. Check "Show all files."

Then select all the files in the folder. (Edit - Select All) Hold down your shift key while pressing your delete key. There may be files in use that cannot be deleted. If you get a warning that a file cannot be deleted, hold down your Ctrl key and deselect it, finish deleting as many as you can. (Files in use cannot be deleted.)

If you're installing Hijack This using the .sfx version, you just save it to a folder, double-click it, tell it to unzip, then close it. The program will now be in your C:\Program Files\HijackThis folder and ready to use.

Thanks for your speedy answers!
I still cannot get hijack this to work
I downloaded it to my desktop, unzipped it to its own folder but when I double click I still get a pop up
saying "unexpected error"

I did my temp files and cookies
not sure what else to try with hijack to get it to work
after running adaware se yet again, tons of stuff was found

Herk I'm sure has nothing but the best intentions, but he should add that what he is suggesting is altering the redigstry, and any mistake...typo...could result in serious damage to your operating system. Be very careful.

No - I didn't say anything about altering the registry. I recommended changing folder options, which does not involve opening the registry. I should point out, however, that when you delete an icon from your desktop, install a new program, change your wallpaper, or most anything you do with your computer, you're altering the settings in the registry.

What I was suggesting was a way to remove temp files, since that's folder where many viruses and other malware start to infect your computer from. And if the file that seriously needs to be removed before it can reinfect and do damage is either a hidden file or a bogus system file, it needs to be removed. (System files, after all, are not stored in the temp folder, but in the Windows System folders for the most part.) The percent keys before and after the word "temp" are a variable, and will take you to the temp folder whichever directory it is in.

I seldom give advice that requires users to edit the registry, and if I did, I would instruct them to go to Start -> Run and type "regedit."

Yikes, I did not mean to cause an argument lol
I still cant install hijack this for some reason

Hi DeniseM

Download Microsoft:- Visual Basic 6.0 Service Pack 5 Runtime Files

http://www.microsoft.com/downloads/details...&DisplayLang=en

Now see if you can run HijackThis! without getting that error.

Have you tried to go to disk clean up in system tools? Also what about a reformat? This may be the only way to fix the problem.

You might try going into Control Panel, Add/Remove Programs to see if there is any malware such as Wintools or a searchbar that can be removed. Sometimes these will interfere with Hijackthis! running.

After installing the visual basic pack, my hijack this now works
here's my log (hope its ok to put it here since my other problems are already stated here)
Logfile of HijackThis v1.99.1
Scan saved at 2:42:04 PM, on 5/29/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADUSERMON.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\AOL COMPANION\COMPANION.EXE
C:\PROGRAM FILES\HP OFFICEJET SERIES 500\BIN\HPOSTART.EXE
C:\PROGRAM FILES\HP OFFICEJET SERIES 500\BIN\HPOJVDIX.EXE
C:\WINDOWS\SYSTEM\HPOMLCH.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\WAOL.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\SHELLMON.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\JASC SOFTWARE INC\PAINT SHOP PRO 7\PSP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT1.4\SPYBOT~1\SDHELPER.DLL (file missing)
O2 - BHO: (no name) - {4669E99F-76E7-403F-85DD-C331ED7AC148} - (no file)
O2 - BHO: (no name) - {406F1E82-3183-4C07-9BCB-355D9AF16C56} - (no file)
O2 - BHO: (no name) - {C1BA40D8-8DB8-4B9A-80FD-1425A8D56469} - C:\WINDOWS\SYSTEM\JKKKL.DLL
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunOnce: [*JKKKL] rundll32.exe C:\WINDOWS\SYSTEM\JKKKL.DLL,CreateProtectProc rerun
O4 - Startup: HP OfficeJet Series 500 StartUp.lnk = C:\Program Files\HP OfficeJet Series 500\bin\HPOstart.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab

Let me know what I should do next please

thanks again for all your help everyone

Hello DeniseM

We would like to assist you with your log but you posted in the wrong place.

Please post this log in the HijackThis Logs and Analysis Forum, not here. That is the forum used for those needing assistance by the HJT Team Experts.

I could move your thread topic over there but there have been several replies to it already. Generally the staff checks the forum for postings that have no replies as this makes it easier for them to identify those who have not been helped. If there are several responses, a team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

It may take a while to get a response because the HJT Team members are very busy. Please be patient as they are volunteers who will help you out as soon as possible.

Thanks

It sounds as if you may have what's called a "rootkit". This is a virus which puts (an) entr(y)ies into your registry. You can get various rootkit detectors (even as freeware) on the web. Just be very careful what you get as this does involve altering your registry, which can result in you having essentially an inoperable computer.

This post is more than two years old
I think they might have it fixed by now

I did flag it up http://www.bleepingcomputer.com/forums/topic137145.html
but curiosity getting the better of me ,
I wonder how they did fix it or if we will ever find out ?Antivirus is desperatenly out of date and other programs could do with an update too

And I read it through ....lol... without looking at the dates.