Malware problem-need help

Well my computer is infected with various spyware, i receive many many pop-ups. But the thing i notice the most is that i'm getting two short BIOS Beeps, i don't know what they are, and they occur randomly. But mostly when i'm browsing sites. I've also gone through the READ me first page, but i might have missed somethings. However i know for sure i have hidden files off and followed that step correctly. Also i have cleared my Noton's Protected file Recycle bin, but i have yet not cleared my Windows/TEMP folder because i forgot what program you use.



EDIT: I forgot to mention, Panda scan, and Bit defender were failures, Panda scan wouldn't complete, and Bit i'm going to run it again because my internet went out during the scan while it was 3/4 the way done, but i noticed i had over 30,000 infected files, and 38 virus's.
One more thing, i also get this Win32.Alcra B message that appears on my Norton's scan, but for some reason it can't get rid of it, and the tool for Alcra B says it's not on my computer.

Thanks for all the help you guys are offering.

 

Do you have the purchased version of Spy Sweeper? If so, update your definitions and run a full sweep, afterwards atatch this log and procede with the below.

Please see the below thread on how to install and run Ewido Anti-Malware.

• Running Ewido Anti-Malware...

 

Thanks for the help, the EWIDO scan didn't find much, it only found around 70 infected files, and then it went into Norton's protected files, in which i deleted it, but for some reason it won't stop scanning the Protected files. So after the scan i clicked save report, and the stupid program shut down.

But anyway, i do have the Spy Sweeper paid version, and it is updated. And i do not find anything in the scan.

I do want to know what the BIOS beeps are, and ideas?

Thanks for the help.

 

Any tips on what i should do?

 

Please EXTRACT HijackThis from the ZIP File to a Safer location. Here's how:

To create a new folder:

• Click START > My Computer > Local Disc C: > Program Files
• Now, Right Click on an Empty Area and select New > Folder & name it HijackThis and ENTER

To Extract HijackThis:

• Now, Right Click your HijackThis ZIP File and select Extract All > Next > and browse to your newly created HijackThis Folder
• (C:\Program Files\HJT) and click Next.

After you have completed the above steps to relocate HJT, run it from the new location. Please save your HJT log as a .txt file and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

The reason HJT needs its own safe folder is so that backups will be safely preserved. That way, if a mistake is made in the removal process, the mistakenly deleted entry can be restored.

 

Alright, i did that, here's the new log file, thanks for the help.

 

Download Pocket KillBox

• Save it to your desktop or a place easy to find.
• Do not run it yet

Please look in Add/Remove Programs for the following and uninstall them if found:

Ewido

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
F3 - REG:win.ini: load=C:\WINDOWS\services.exe

O4 - HKLM\..\Run: [Services Controller] C:\WINDOWS\$NtServicePackUninstall$\services.exe

Again, make sure ALL browser windows are closed when you click FIX.

Next, run CCleaner to clean up cookies and temp files.

Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Now, Copy and Paste C:\WINDOWS\services.exe into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click NO.

Now, Copy and Paste C:\WINDOWS\$NtServicePackUninstall$\services.exe into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES and allow your PC to reboot.

• If you get an error message about Pending Operations, just reboot your computer manually.

After you complete the above, reboot and attach a fresh HJT log. Also let me know how things are running.

 

When i restart my computer, there is a problem. It happens before all the icons load up so i just see my desktop and my mouse pointer, but like i said, no taskbar, or icons appear. To get on, i have to press ok to the error message, log off my computer and then log back on.
The error i get is windows application error 0xc0000005 Press Ok to terminate.

This problem did not happen after the steps you gave me however, it started when i had 2006 Norton's installed, So any ideas on that would be great.

All the intructions you gave me went fine.

 

Are you wanting to remove Norton?

 

No, i'm going to keep it.

 

Please see the below thread on how to run WinPfind and attach the log.

• Running WinPfind by OldTimer

 

OK thanks for the quick response. Here's the log.

 

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fix.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fix.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Now, Copy and Paste C:\WINDOWS\unshred1.exe into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click NO.

Now, Copy and Paste C:\WINDOWS\IFinst27.exe into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES and allow your PC to reboot.

• If you get an error message about Pending Operations, just reboot your computer manually.

'
After you complete the above, reboot and let me know how things are running.

 

Hmm i still get the problem when i reboot, any other ideas?

 

Nevermind, reboot is working great now, thanks so much for the help, how is my computer doing with spyware?


Thanks so much for all the help you're giving me.I really appreciate it

 

Your logs are clean after the last fix, if things are running well then I recommend following the steps in the below thread.

How to Protect yourself from malware!

Surf Safely!

 

Thanks so much! But i had one other question, my Windos Defender won't work is there anyway to fix it? It gets a error message right after i want it to repair.

 

Completely uninstall it, reboot, download a fresh copy and see if that takes care of it.

Microsoft Windows Defender 1051 (Beta 2)