HELP!!!! Somebody please read this.

Download Hijack This and extract the executable to its own directory.

Do NOT run Hijack This from the Desktop, a temp folder or choose run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

Now post a HijackThis as a .txt file attachment to your message. All running programs should be closed, including your web browser, e-mail, items in the tray, anything you can close... Close before running Hijack This!
You may want to try having no connection to the internet when running your scans (unplug cables to your PC).

 

Also I have a couple questions!
1)Where did Stinger say the virus was? I hope it was not in c:\windows\explorer.exe
2) Do you know what this is: C:\Program Files\WordWeb\wweb32.exe

 

All I new of it is that it is supposed to be a free theasaurus and dictionary. I have no idea if it is spyware or not. But usually anything like this that comes for free, comes with baggage.

 

Speedstar,

Please do not post logs inline! Always post them as attachments. You must give them a different name each time.

 

Is there a reason why you did not run the TrendMicro online scan as the tutorial requests?
Please run it?

Also do you know why this Norton Preload utility is running at startup and why it needs a file from your floppy drive?

O4 - HKLM\..\Run: [NAV Premend OEM Utility] A:\0107301.SYM\PREMEND.EXE -silent


You can fix the three below lines using HijackThis
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)

Then go to the link below and run the removal tool (FxAgentB.exe)
http://securityresponse.symantec.co...moval.tool.html

The link to the tool is in the first sentence of the above link. Instructions are there too.

Let us know how this works.

 

As Kodo said, we are looking into a couple issues like yours which are very difficult to fix. In the mean time I want you to do the following:

Download ProcessExplorer from: http://www.sysinternals.com/files/procexp9x.zip

Unzip it and now run ProcessExplorer and lets configure some options first:
Click View and select Show Lower Pane. And where it says "Lower Pane View" make sure DLL's is checked. Now click on explorer.exe. Now also under the View menu choose "Select columns" and put a check mark on "Image Path".
Now click on File and then Save As. And save the process list. Post it back here as an attachment. Also, from now on if I say to kill a process, use ProcessExplorer instead of Task Manager. Sometimes ProcessExplorer can kill things that Task Manager cannot.


To post attachments you need to click the Go Advance button under your message window. Then scroll down until you see Manage Attachments and click that button. Then click Browse... locate the file on your PC (make sure you save it to a file ending in .txt) then click the upload button. Then close the Manage Attachments window and Submit your message.

 

Yes,

I could not see anything strange. But please remember not to run programs from inside the ZIP files. You had WinRAR running ProcessExplorer from the ZIP.

Could you please download, install and run a-squared (a²) Free edition 1.2
It's free but requires an email address for registration.
Let me know if it finds anything.

Also run these and tell me the results:
TrojanScan online scan
ADS SPY - Alternate Data Streams Spy from Merijn

 

Did you try running it in safe mode? Also when running it, try shutting down all applications that you can. No browsers running and close everything that is in your tray down (even other virus applications - you can physically disconnect you PC from the internet to protect yourself while all these things are shutdown).

 

That's a rather strange amount of memory to have. Memory is pretty cheap these days and it is always good to have more. Whether it would allow you to complete scans any easier, I cannot say for sure. But make sure you disable you other virus scan application (for this current issue) otherwise for each file accessed by A2 two scans will occur, thus making it take longer.

 

Did you shut down all other application, especially virus/spyware scanners, when doing this?

Did you try these yet:
TrojanScan online scan
ADS SPY - Alternate Data Streams Spy from Merijn

Also in normal boot mode, run Ad-Aware SE and click Scan now but select Perform full system scan. Fix anything it finds (let me know if it does find anything).