[Thumbtack]

I apologize for not reading all of the steps before my previous post. I have now followed those steps, but I'm having a problem...

I can upload only one of the three, required log files as an attachment (which is included here). The other two get an "invalid file" problem. All three files are of the same type and one of the disallowed files is smaller than the one that made it into this thread, so it can't be a size issue. Any idea what I'm doing wrong? Thanks.

[evilfantasy]

Are they saved as .txt files?

If you have to copy and paste them in the thread then do that.

[Thumbtack]

Okay, figured it out. Here are the other two files. As for my symptoms...

My computer will sometimes be working fine but at other times it will going into "loud, busy, thinking mode" at which time I can hear the tower thinking away as if it's downloading the entire internet. Everything I'm doing will slow to a crawl and well... I'm sure you know this old tale. I have no idea if this is simply typical computer behavour or if it's spyware doing nasty stuff. Thanks in advance for any help.

[evilfantasy]

Go to add/remove programs and uninsatll ActiveScan Antivirus (if there)


Open HijackThis and select "Do a system scan only"

Place a check mark next to:

O2 - BHO: (no name) - {11A1463D-DFDF-48F9-9DC6-C3A7613293F5} - C:\WINDOWS\System32\llog.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O20 - Winlogon Notify: yvbb01 - yvbb01.dll (file missing)
O24 - Desktop Component 0: Warning homepage - C:\WINDOWS\warnhp.html

Close all windows and click "Fix checked"


Please download Combofix by sUBs from either here or here

Save Combofix.exe to your your Desktop.

1. Double click combofix.exe & follow the prompts. (from the keyboard select 1 and press enter)
2. When finished, it will produce a log for you.
3. Attach that log in your next reply.

Note:
Do not mouseclick combofix's window while it's running. That may cause your computer to stall


Next post please attach:
combofix.txt log
New HijackThis log

[Thumbtack]

Okay, I did everything you mentioned. I didn't see ActiveScan Antivirus in the add/remove list, but I saw it in the HijackThis scan. I checked it along with the other things you told me to check, but I noticed that it was there again after I rebooted.

After the Combofix scan, I couldn't connect to the internet for some reason so I rebooted (this is the roboot I mentioned in the above paragraph) and everything seemed fine. One odd thing though, after I checked the appropriate boxes in the HijackThis scan and clicked "fix checked", my desktop wallpaper vanished. It's no big deal, but it is a bit odd.

Thanks again for all of this help.

[evilfantasy]

Download Panda Anti-Rootkit.zip

Unzip it and run the PAVARK.exe file.

Tick the box that says In depth scan and follow the on screen instructions.

Let me know the results in your reply.

PLease Note: Panda Antirootkit is not comaptible with Windows Vista.

If you are running Vista, please download the AVG Antirootkit

Run the scan and be sure to check mark the In depth scan.


Let me know if anything was found and removed.

[Thumbtack]

I downloaded Panda (I'm not using Vista) and ran the in depth scan. It found nothing at all. Am I all clean or do I have more homework to do?

[evilfantasy]

Press ctrl+alt+delete (all at once)

Click the processes tab and look for (if there) ActiveScan.exe

Right click it and choose End process


Open HijackThis and select Do a system scan only and place a check mark next to:

O4 - HKLM\..\Run: [ActiveScan Antivirus] ActiveScan.exe
O4 - HKLM\..\RunServices: [ActiveScan Antivirus] ActiveScan.exe
O4 - HKUS\S-1-5-18\..\RunServices: [ActiveScan Antivirus] ActiveScan.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunServices: [ActiveScan Antivirus] ActiveScan.exe (User 'Default user')

Close all windows and click Fix checked.


Go to Start > Run and copy and paste next command in the field:

ComboFix /u



Make sure there's a space between Combofix and /
Then hit Enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again

Read this thread Keeping yourself safe on the web

If you have any more problems let us know.