Help removing Spyware/Virus

I have been having several problems with my computer that I think are virus related. Planet nana website keeps opening, my javascript is disabled and I cannot enable it, internet explorer is slower than normal and my computer shuts down (blue screen) after using internet explorere for a couple of minutes. I have run AVG, The Cleaner, spybot and Adaware and cleaned everything out but it just comes right back again.

Last night I followed the directions on "How to: Spyware, Trojan and Virus Removal". I disabled System restore (step 1). I did not find any of the services listed in step 2. I enabled viewing of hidden files and unchecked the hide file extensions for known types (step 3). I downloaded all of the tools listed in step 4.

I performed an online scan at Trend Micro and found and deleted 4 viruses. I performed an online scan at Symantec and did not find any viruses. Both of the online scans were performed in normal mode because I could not get my computer to connect to my ISP in "safe mode with networking". I am running Windows XP home edition with SP2. I then rebooted in safe mode and ran AVERT stinger (no problems detected), CCLeaner, Ad-Aware SE (275 problems), Spybot (4 problems), CWshredder (no problems), Kill2me (no problems), about:buster (no problems) and HSRemove (no problems).

I then rebooted and went to Internet Explorer to see if I stil had the problems I was having. My javascript was enabled and I did not get the blue screen. Spyware blaster blocked a file evertime I went to MSN.com (sorry but I forgot to wrtite down the name). Internet explorer still seemed to be running very slow, but I only have dial up so that is a judgement call. After I logged off from Internet explorer and my ISP my computer made several attempts to reconnect to my ISP that were not initiated by me, so I don't think I have everthing cleaned out of my computer. I ran Hijack this and saved the log file. I am not very confident in interperating this file but it seems to me that I have a lot in my file, which further supports my feeling that my computer is not yet clean. Can someone look at my hijack this file or give me other suggestions as to what Else I can do from here?

Thanks in advance,

Bill

 

I have the HJT file from Monday, but yesterday (Tuesday) my wife attempted to use the computer, went on line and got several blue screen shutdowns. I'm not sure what else was reloaded yesterday so I will rerun all of the virus scans tonight, get a new HJT file and post it tomorrow morning.

Thanks for the help.

Bill

 

I ran through the complete "How to: Spyware, Trojan and Virus Removal" process again as I detailed in my intitail post. Everything came up clean except Spybot found 4 problems under "DSO Exploit" and Kill2me said it removed Look2me if it was present.

Attached is the hijack this log file.


Bill

 

I downloaded SpybotSD 1.3.1tx, removed the existing version of spybot using the remove programs in the control panel, and installed SpybotSD 1.3.1tx. The installation gave several errors:

SpybotSd.exe unable to locate component
This application has failed to start because framedyn.dll was not found, re-installing the application may fix this problem.

when I tried to update I got:

The external update application has been corrupted please make sure you download the "updater" update to replace it.

The external "blindman" application has been corrupted please use the update function to get it again.


I checked for and downloaded all the updates and got the following errors:

failed to load ZIPDLL.DLL
failed to load UNZDLL.DLL

after all of this I ran spybot, it said that it found no problems but it only took about 2 seconds to do the scan so I don't think it really did anything.

I uninstalled and reloaded spybot several times and always got the same result.


Since I did complete a scan with the older version of spybot is the HJT file I sent yesterday still valid? Can you look at it and see if there are any obvious problems?


Bill

 

I fixed the lines you suggested in HJT. I also reinstalled Spybot and Spybot 1.3.1tx as you suggested. When I run spybot I get an error message"Unable to locate component. This application has failed to start because framedyn.dll was not found. Re-insatlling the application may fix the problem." I reinstalled spybot a couple of times but I still get the error. Even though I get the error I am still able to run spybot. The first time I ran it I got 5 problems, 4 of which were DSO Exploit. The second time I ran it it came back clean.

I then rebooted the computer and got the message that my disk is dirty and it ran chkdsk. After that was complete my computer booted up and then immediately gave me a blue screen error "Stop: 0x0000008E(0XC0000005, 0X8054B534, 0XF86C7844, 0X00000000)". I then rebooted and everything has been working fine, no more blue screens, no more unexpected web pages opening, no more java script problems, etc., at least not yet.

Do you think I may have a hardware problem in addition to the spyware/virus I had? One other nuisance I have is that windows keeps telling me that I don't have any anti-virus software installed even though I have AVG installed. I updated AVG and ran a scan which came back clean.

I have reposted my HJT file as you requested. Please let me know if it looks OK to you.


Thanks for all of your help.
Bill

 

I had one more blue screen and once the computer just locked up. For the last few days I haven't had a problem but I expect they will probably return. Any suggestions?

Bill

 

just one

FireFox
http://www.majorgeeks.com/download.php?det=2248