I've been attacked!

about 3 hours ago, my computer blinked and the next thing I knew Microsoft Spyware started, Trend Micro started and I had warnings flashing across my screen that I was infected!! When all was said and done, I had a screen (one I did not recognize) without my saver and with a big black sign that said SPYWARE INFECTION printed in red and goes on to say"your system is infected with spyware. Windows recommends you to use a spyware removal tool to prevent loss of important data, ete......"

During the process of scanning I noticed "SpySheriff" came up on the screen and wanted me to protect my computer (I opted for NO). Anyway, I now have a major problem and don't know what to do to get my computer back!!!, get rid of this funky desktop and get rid of this spyware!

I down loaded hijackthis, Microsoft Malware Removal tool (which does not find any malware?) cwshredder and started my computer in safe mode to remove the malware but I am having no luck.....HELP!!! I'm just a simple person and need all the help I can get.

I am running in Windows XP Professional Version 2002 w/service pack 1
40 GB, AMD Duron(tm), 1.31 GHz, 448 MB of RAM.

I know it's late but I sure do need some help to get things back the way they belong!

Thanks
gcpamking

 

I did the 'please start here' and I now have my desktop back as it was, however, I get an error message when I reboot "Could not find , load or run C:/WINDOWS\INET20001\services.exe specified in the registry. Make sure it exists on the computer or remove it from registry"

What do I do with that?

Also, the computer is running much slower than before this happened, any suggestions?

Thanks
gcpamking

 

I did the 'start here' and it appears I have removed the major problem, however, when I reboot I get an error message saying C:\WINDOWS\INET20001\services.exe cannot be found in registry. Make sure it exists on the computer or remove it from the registry'

I have also refragged but I am getting a lot of pop-ups and my computer is running slow? The pop-ups are from casinos, spyware programs, registry cleaner programs, ads etc, just a lot of junk.....any suggestions re getting rid of them?

 

I went through and tried to do the Bitdefender scan, however, I cannot get it to run because it comes up with an error message that my ActiveX controls will not allow it. I followed their info as to how to correct that and it doesn't work!! When I go into tools and try to change anything re security, my program freezes. I went to Microsoft and tried to download Service Pk2 and I can't even do that!!!!!! What next???

gcpamking

 

I will try to do the Panda scan and I have the smitfiles.txt log from before and I will locate the Hijack this log from before also.....hope that helps you help me!!

gcpamking

 

Here's the smitRem log and the Hijack this log which I did after the smitRem - Hope this helps!
I had to change the hijackthis.log to a hijackthis.txt file to send......

Thanks
gcpamking

 

I sent you the files you requested, have you been able to find anything yet? My computer is going crazy w/pop ups and freezing!!!!! HELP

gcpamking

 

Well, took a couple of hours but I completed all you asked! I ran Spy Sweeper and I have attached the log, then I did Ewido per the instructions and I have attached that log and finally I ran Hijack This and again, the log is attached.

One thing did happen when I rebooted in normal - I received an "error loading" OoqwOctO.dll The specified module could not be found.

Thanks in advance,
gcpamking

 

Per your instructions I removed "Logitech Desktop Messenger" and when I did a Hijack This scan to remove the listed items, of the the 018 files were gone (I asume because you had me remove Logitech and all associated files) anyway, in answer to your question re the 015 - Trusted Zone items, yes these are part of my Realtor program which has pdf forms on it that we use.

When I clicked Fix Checked I had the following pop up immediately:
........................................................................................................
Hijack This
An unexpected error has occured at prodecure:
ModBackup_MakeBackup_MakeBackup(sItem=010-App/nit_DLLs:hdnagacc.dll) Error #5 - Invalid Procedure call or argument.

Please email me @merijn@spywareinfo.com, reporting the following:
*What you were trying to fix when the error occured, if applicable
*How you can reproduce the error
*A complete Hijack This scan log, if possible

Windows version: Windows NT5.01.2600
MSIE Version: 6.0.2800.1106
Hijack This version: 1.99.1
.......................................................................................................
It asked if I wanted to continue and I gave a yes reply and it finished it's process. SO-o-o-o-o-o-o-o-o-o-o-o-o.......what does all that mean, if anything and yes my computer seems to be running smoother and without pop-ups!

As long as I have you reading this, please advise which of all the downloaded spyware items I have should I retain???? and what are the best settings for my ActiveX in the security portion of IE options?

Thanks again, and here is the latest Hijack This log....

gcpamking

 

I forgot to mention yu had me look for and delete 3 items via Windows Explorer......could not find any of the three?????

gcpamking

 

Thanks for all you help, don't know what I would have done without you!!

gcpamking

 

Can't reboot since removing spyware??

On Jan 16th D3m3nt3d helped me remove spyware from my computer and everything appeared ok. I left town on the 17th of Jan and just returned and I appear to have lost a program and I cannot reboot - when I try the screen comes up with some info, i.e., (F2)setup (F11)boot and then lists some info, the screen remains this way for some time then goes to a totally blank screen and nothing happens?

I did try to go to F2 and of course I was able to get into the ambios but as a novice I can't figure out what should be where!!!! So, I left it and then the screen comes up which allows me to use the arrows to choose how I want to open.....I tried safe mode and again nothing happens but a blank screen, then I tried another way offered and again, the same thing happens. The only way I have been able to open is by choosing the "most recent settings that worked" mode! Then it comes up and finds 'new hardware" like my drives, storage etc......

Once there I tried to find out if anything has been changed in my absence and I even tried to use Restore (back to Jan 17th) and even this doesn't work!

HELP, I want my computer back!

gcpamking