My log file uploads.

You need to run CounterSpy again and this time do not Ignore all the malware. You need to fix everything. You can ignore WeatherBug if you really feel you want it but fix the other items. Run it in normal boot mode and select Quarantine or Delete. Attach a new log that shows what you fixed.

See your other thread about BitDefender problems and the Troubleshooting link. See if you can run BitDefender and Panda now after enabling active-x

What are the below processes for?
C:\Program Files\Akrontech\enuff\ENUFF.exe
O23 - Service: ENUFF XP Service (ENXPSVC) - Akrontech - C:\WINDOWS\system32\CVSEXPSS.EXE

 

I'm not sure what you mean! It looks like everything was quarantined except for WeatherBug which you deleted. What were you referring to?

Questions:

1. What malware problems were you having that prompted you to come here?
2. Are you still having problems?
3. Is your copy of Spy Sweeper a free trial version or paid version?
4. Did you have or do you have the below software installed. Perhaps this is what Enuff Parental Control Software is using and is the reason why I see certain files in folders where they are unexpected
   • http://www.bleepingcomputer.com/startups/sdaemon.exe-4792.html
5. Did you install this Enuff software around Dec 7, 2006

Uninstall the Sunbelt CounterSpy trial since we are finished with it now! Then delete the below two folders which may be left behind by the uninstall:
C:\Documents and Settings\All Users\Application Data\Sunbelt Software
C:\Program Files\Sunbelt Software


Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

 

That's because you chose Delete!

Too much realtime protection can cause slow downs and it can make each program less effective. Since Spy Sweeper is a paid version, you should uninstall Windows Defender to avoid conflicts and the excess use of system resources.

I'm not sure what you mean! Is this still happening? If so, when? Can you get a snapshot of it?

Attach the logs if you have them.

Because of the following:

• it is only a trial that will expire and be of no use
• it will conflict with Spy Sweeper and cause excessive use of resources and slow your PC down (just like Windows Defender)
• all scanners will typically find things the others do not. This is why we run a bunch during the cleanup. Some are just scans without a true install. However CounterSpy does require and install and we normally uninstall it after we finish with it unless a user has no other realtime protection and plans to purchase it.

Is your PC still running slow? If so, when? All operations? Only when online?...... etc?

You have a few other items you can fix with HJT that are not necessary to load at startup. I list them below. The first item is only of use if you have Remote Control capability on your PC's DVD player. If you don't have a remote control, you don't need it.
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

Fixing the above with HJT will save more resources and speed up boot time and overall performance.

 

You did not answer my question about how this first PC is running now. Is it still slow?

This is a great little screen/window capture utility: FastStone Capture 5.3

All PCs on the network should be scanned. You did not have any major problems on the first PC we worked on so I don't think you need to do anything special. If you had any infections which were the kind that used network shares to spread, I would have suggested removing all PCs from the network except the one being worked on to keep things from spreading.

 

For you office PCs, you should start a new thread if it is necessary to work on them. Make sure that you indicate that it is a new PC (i.e. different than your previous thread).

Before you run BitDefender again, you may want to work thru the below to avoid having it waste your time reporting things in System Restore. Part of the below procedure will empty System Restore points that could be infected.

If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
6. If we had you run Avenger, you can delete all files related to Avenger now.
7. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
8. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
9. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

That's a generic procedure that saves me from having to type it all the time.

You did not follow the directions in step 0 of the READ ME to empty quarantines...etc and Norton NProtect (which you already noticed) which is why your log was too large to post.

Delete the files BitDefender found:
C:\Documents and Settings\All Users\Documents\Dominic\kmd171_en.exe
C:\Downloads\Downloads\Desktop-Destroyer.exe

And a few from Panda
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
c:\windows\system32\sdkjk32.exe


Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the Save as type is set to all files Once you have saved it double click it and allow it to merge with the registry.

Then follow the directions in message number 12 (even flushing system restore), and then follow ALL the directions in step 1 of the READ ME. Make sure you run CCleaner on ALL user accounts as specified. Then you can re-run BitDefender and Panda if desired.

 

You're welcome. Just attach the logs if you have anymore malware, but rememeber that does not include cookies!

 

In message number 14 a indicated that you should delete the below:
c:\windows\sdkpj32.exe

Did you have a problem deleting it?

 

These are file names that appear to be typical of an HSA hijacker but you showed no signs of an active hijacker. Please run thisAbout:Buster per the directions on the download page. Attach the log when you come back.

I'm still not sure exactly what you mean by this or when it occurs. Does it happen all the time? Does it appear over the top of all applications or is it only seen on the Desktop with nothing running? Does it happen in safe mode?

 

But it did remove some other files that could have been related. Let me know if they return. Have you completed all the steps in the How to protect link I gave you? If not, please finish them.

 

Yes they are also left over remnants from an HSA hijacker infection. Are they in the system32 folder or in the base windows folder (C:\windows)? Before you delete them, just tell me that dates on the files! This date would also be an indication of about when you had that infection.

 

List the file names for me! Are they all zero bytes in size? If not then also give the files size.


I see from your previous links that you did have an HSA hijacker at one time. Looks like a load of files were left behind but they also look benign too since that have been inactive and were zero bytes in size.

 

The below are all part of the HSA hijacker and should be deleted.
apikf.exe 5/14/05
apppei32.exe 5/14/05
appmu32.exe 5/15/05
atldr.exe 5/23/05
atlhy32.exe 5/23/05
atlvl.exe 4/18/05
crlb32.exe 5/23/05
iehj.exe 5/23/05
ielj.exe 5/16/05
ieqj.exe 5/20/05
ipac32.exe 4/26/05
ipyp.dll 5/07/05
javalt.exe 5/23/05
lbhck.dat 5/09/05
mfcbs.dll 4/29/05
netxn.exe 5/26/05
oqigx.dat 4/03/05
sysrh.exe 5/01/05
yvqct.dat 2/26/05

The ones below are not from an HSA hijacker and I'm not sure what they are from. However if they are 0 bytes in size, you also don't need these anyway so delete them too.
AUTOEXEC.POS 2/19/05
CONFIG.POS 2/19/05
MSDOS.POS 4/01/04
test 4/25/05

I cannot comment on what you are seeing in the system32 folder without seeing the file names!

 

Delete all of those except h323log.txt! I'm not sure what it is for.

 

You're welcome. Surf safely!

 

Not a malware issue. You will have to address this in the software forum.

The Administrator account is a default account on all Win XP systems. You normally only have access to it when you boot in safe mode. I say normally because a tweak can be made to the system to make it appear in normal boot mode but that is non-standard.

You said picked up?? Did they fix it? Do they still appear, if so I need exact details of what and where it is being found.

There is no perfect solution that can guarantee you will not get infected. In addition you are assuming Spybot is a realtime antispyware protector which it is not unless you enable Teatimer. In its default installation mode, Spybot is an after the fact scanner and it also has the Immunize feature which helps to add thousands of bad sites to your restricted zones to avoid having direct access to those sites. But new sites are created every hour of the day and if you access the sites anyway even though they are restricted (users can by pass this), then you are on your on.

As stated in the how to protect thread, you are the most important factor in keeping your PC clean. What you download, where you download from, how you download (i.e., P2P or torrents...etc), what you click on, what you install (especially if you do not read the license agreements or privacy statement), where you surf.....etc These are all important factors.