Unknown problems, possibly spyware

Almost every 5 minutes, my task manager says explorer is running and at one of many sites, Microsfotcorp-1 to microsoftcorp-100, master-x.com, chat.ru, 403 - Forbidden etc..
I have dont eveything advised to do before posting here. I have used Adaware SE, vx2 cleaner, ccleaner, About:buster, AVG, Nortan 2004, kill2me, Trojan Hunter, CWShredder etc.. Also did all online scans mentioned, even tried reinstalling explorer. Is there any solution? Adises from formatting.

 

Hi Naga-Minion,

If you have exhausted the Tutorial options, please send us a HijackThis Log.

Note that your HijackThis should be up-to-date (v1.98.2) and extracted to its own safe folder - C:\Program Files\HijackThis

If you need a Fresh Download of HJT, get it HERE: HijackThis 1.98.2

Also note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

Please save your HJT Log as a .txt file and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

Send us a log and we'll go from there

Best,
PP

 

Ok, attached log file.

 

Hi Naga-Minion,

Please put HijackThis in its own safe folder - C:\Program Files\HijackThis

THEN:
Run HijackThis and Check the Boxes for the following:
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O21 - SSODL: Microsoft DirectXb - {79FEACFF-FFCE-815E-A900-316290B5B738} - C:\WINDOWS\System32\Pqofen32.dll

Make sure ALL browser windows are closed when you click FIX.

Then, boot into safe mode with the viewing of hidden files Enabled and DELETE:
C:\WINDOWS\System32\Gnmjan32.exe
C:\WINDOWS\System32\Pqofen32.dll - - -> If you have trouble with this one, we'll deal with it another way.

Reboot normal. Attach a fresh log and let us know how things are working. I'll check back when I get a chance.
--------------------------------------------------------------------------

Here is info on your 021 Entry -http://www.sophos.com/virusinfo/analyses/trojpadodorl.html

Also, I am curious as to why this is running? - C:\WINDOWS\system32\cmd.exe

Best,
PP

 

So far its gone! Pqofen32.dll didn't want to be deleted at first, but Dr. Delete worked. Thanks for your help. But I dont know why C:\WINDOWS\system32\cmd.exe is running.....

 

Your log wasn't too bad. I did forget to mention that (if I remember correctly) your IE is a bit out of date - You should visit Windows Updates.

Sometimes, cmd.exe running is symptomatic of a Trojan problem. You are probably clean now, though. If you have any further problems, let us know and attach a fresh HJT Log.

You should also take a look at Chaslang's suggestions HERE:How to protect yourself from malware!

Best
PP

 

Ok, i will update soon, but also, twice now i've gotten a Buffer overrun error... why is this?

 

I do not know. I am not the best person to answer this question - You may be better served in the Software Forum.

This is a very open-ended question. There are lots of different cases where this would occur and lots of different reasons for those occurrences. Can you be more specific? Do you think it is Spyware related? How is your computer working otherwise?

Hopefully somebody more knowledgeable than I will weigh in.

Best luck,
PP