please help me

Ive been going crazy trying to fix my computer. It has been acting strange, and the Mcafee firewall said that ??rvices.exe was controlling up 95 % of my CPU at points. Im pretty sure the virus went on my Ipod because it stopped working The keyboard also sometimes does not work or acts weird. can anyone help me ? I read and completed the whole readme before posting. I have attached the BD and panda scan. thanks so much!

 

Welcome to MajorGeeks.com!

Please see the below threads on how to install and run Spy Sweeper and Ewido Anti-Malware. After you ran both programs, attach the logs to your next post along with a fresh HJT log from normal mode.

• Running Spy Sweeper...
  
  
• Running Ewido Security Suite ...

 

Spysweeper keeps saying it's expired, even after I uninstall and re download it. What should I do? do i really need a spysweeper log?

 

Just procede with Ewido, you can uninstall SS.

 

here's the ewido scan and fresh HJT log

 

Please look in Add/Remove Programs for the following and uninstall them if found:

Ewido

Spy Sweeper

Now, look in Task Manager (Ctrl-Alt-Del) for the following running processes and, if you see any of them, try to END them:[/FONT][/B]

tasw.exe

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm

R3 - URLSearchHook: (no name) - {DE5D6E60-D1D0-8106-D5EE-AD0FA5971BE7} - C:\WINDOWS\system32\bjdgjzmm.dll (file missing)

O2 - BHO: (no name) - {DE5D6E60-D1D0-8106-D5EE-AD0FA5971BE7} - C:\WINDOWS\system32\bjdgjzmm.dll (file missing)

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [Lien Van de Kelder] www.lienvandekelder.be.exe
O4 - HKCU\..\Run: [Hdoo] "C:\Program Files\blro\tasw.exe" -vt ndrv

Again, make sure ALL browser windows are closed when you click FIX.

Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

C:\Program Files\blro ← Delete this whole folder if it exist!

Next, run CCleaner to clean up cookies and temp files.

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

i followed your directions, and it seems better but not completely. its still acting weird. there are pop ups and a strange program keeps trying to access the net (which i've blocked) Any other suggestions? here's a new HT log. thanks!

 

Scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

O4 - HKCU\..\Run: [Ctlllrq] C:\WINDOWS\system32\??curity\wucrtupd.exe

Again, make sure ALL browser windows are closed when you click FIX.

Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

C:\WINDOWS\system32\??curity ← Delete this whole folder, the ? represents an unprintable charcter so it will look weird.!

Next, run CCleaner to clean up cookies and temp files.

After you complete the above, reboot and attach a fresh HJT log.