Hello I have had several viruses etc. but this is the worst I haver ever had. It wont let me fully install virus/trojan/etc removal software. I am getting three or four popups at a time and these little boxes pop up saying stuff like i have lost some file extensions or something like that. Next time it pops up I will post exactly what it says. When I was able to run adaware, I would erase everything and then it was all back again, It will not let me open hijackthis either. also My task mgr says it has been disabled by administrator Will someone give me a starting point please.. PS this is my work computer so I wont be back on till tomorrow Thanks Ryun

Change the name of hijackthis to analysethis and try running it again.

i think you have some serious virus.first of all you have to stop its services .type in run msconfig
after that a window opens click on services. click on "hide microsoft services" still some services are there and search in them the service associated with virus(there is some common in virus name and service name associated with it ) search that .if you do not have any idea then simply click on "disable all services".
now click on start up tab and seach for some thing different and disable it .after that use hijack this. it will work

Please follow crunchie's advice.

Hello Sorry for the long delay in posting I have followed crunchies advice and changed the name to analysethis and it worked here is my log file please advise Thanks Ryun

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:37:02 PM, on 11/10/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
c:\larc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINNT\system32\rundll32.exe
C:\Documents and Settings\administrator\Application Data\gadcom\gadcom.exe
C:\Program Files\3Com\Bluetooth\BTCM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\analysethis\analysethis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
O1 - Hosts: 207.51.48.106 s0000099
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {299B5FAC-2168-4A5D-A67D-AA4C8F8055DA} - C:\WINNT\System32\jkkJcDvU.dll
O2 - BHO: (no name) - {526BEF0D-13F6-4D83-984D-851BAA658326} - C:\WINNT\System32\ddcYqoPf.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [LarcApplication] LarcApp.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Antivirus Pro 2009] "C:\Program Files\AntivirusPro2009\AntivirusPro2009.exe" /hide
O4 - HKLM\..\Run: [b477f81d] rundll32.exe "C:\WINNT\system32\trtgrryv.dll",b
O4 - HKLM\..\Run: [brastk] brastk.exe
O4 - HKCU\..\Run: [Gool] "C:\Documents and Settings\administrator\Application Data\Gool\Gool.exe"
O4 - HKCU\..\Run: [GetModule27] C:\Program Files\GetModule\GetModule27.exe
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\administrator\Application Data\gadcom\gadcom.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Connection Manager.lnk = C:\Program Files\3Com\Bluetooth\BTCM.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1202832441468
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - AppInit_DLLs: karna.dat
O20 - Winlogon Notify: jkkJcDvU - C:\WINNT\SYSTEM32\jkkJcDvU.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ChryslerLarc - Unknown owner - c:\larc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 4770 bytes

Can you please do the following.

===============

Scan with HijackThis and then place a check next to all the following, if present:


O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {299B5FAC-2168-4A5D-A67D-AA4C8F8055DA} - C:\WINNT\System32\jkkJcDvU.dll
O2 - BHO: (no name) - {526BEF0D-13F6-4D83-984D-851BAA658326} - C:\WINNT\System32\ddcYqoPf.dll

O4 - HKLM\..\Run: [b477f81d] rundll32.exe "C:\WINNT\system32\trtgrryv.dll",b
O4 - HKLM\..\Run: [brastk] brastk.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O20 - Winlogon Notify: jkkJcDvU - C:\WINNT\SYSTEM32\jkkJcDvU.dll


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

files...

C:\WINNT\System32\jkkJcDvU.dll
C:\WINNT\System32\ddcYqoPf.dll
C:\WINNT\system32\trtgrryv.dll

Search for...

brastk.exe

...using "Start | Search...".

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear.

Select the first option to run Windows in Safe Mode hit enter.

-

Reboot.

===============

Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebyt...are_d5756.html) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Make sure that you restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Post new HJT log.

Hello, I deleted the items in hijackthis and went into safe mode and tried to delete the 3 items the first 2 (c:\winnt\system32\jkkjcdvu.dll and ddcyqopf.dll) it says cannot delete file it is being used by windows. the third one trtgrryu.dll i deleted and I found and deleted brastk.exe. I also have a red circle with a x in the middle in my tray on the right side.

still getting lots of pop ups

So do the rest of what I posted.

Tried running the Malwarebytes and it just sits there saying Preparing for the scan. I have let it sit for approx 10 min and still nothing. any ideas? Thanks Ryun