I have a very urgent problem with my pc. Whenever i try to run a virus scan to detect the problem the program closes itself. If i try to search anything with google that has the word virus in it the search window closes itself. When i try to go to any website that metions virus it closes itself. What can be casuing this. Please Help!!!

Thanks

First download Hoster from this link to your desktop http://www.funkytoad.com/hoster.htm then open it and click "restore microsoft's original host".

Then try this... Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified. You can download Hijack This at this link http://www.tomcoyote.org/hjt/ then place it into a folder of it's on, such as C:\HJT, so that back up copies can be made and not clutter your desktop or other folders and the backup copies of deleted items can be easily located if needed.

Once saved double click HijackThis.exe, and press "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its contents into the text editor at this forum.

Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.

does not work

Could you expand on does not work. Were you able to download Hoster or Ht or just what.

First thing go to Start>settings>control panel>add/remove programs and uninstall "spyware assissin". It's a rouge tool.

Then post you HT log in this thread. I see some of the problem but we need the HT log in this thread so we can keep things somewhat originized.

Here is the list of the scan items i got after running the Hijack this scan:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\WINZIP.EXE
C:\WINDOWS\SYSTEM\UPDATE.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\DOWNLOADS\MOZILLA FIREFOX\FIREFOX.EXE
C:\DOWNLOADS\BITCOMET\BITCOMET.EXE
C:\DOWNLOADS\WINZIP\WINZIP 10\WINZIP32.EXE
C:\DOWNLOADS\DOWNLOADS\SONGS\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - <default> - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\DOWNLOADS\ADOBE ACROBAT READER\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\DOWNLO~1\SPYWAR~3\SPYWAR~2\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\DOWNLO~1\SPYWAR~3\SPYWAR~2\SPYWAR~1\TOOLS\IESDSG.DLL
O2 - BHO: SysShield IE Popup Blocker - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\DOWNLOADS\DOWNLOADS\INTERNET ERASER\INTERNET ERASER\PKEXT.DLL (file missing)
O2 - BHO: LinkTracker Class - {85A77577-A8CA-41b7-AA1E-DDAD4C0B12B1} - C:\WINDOWS\SYSTEM\HLWIN.DLL
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\PROGRAM FILES\ACCOONA\ASEARCHASSIST.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ScanRegistry] scanregw.exe /scan
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrmfRmPA.exe] C:\WINDOWS\BrmfRmPA.exe -startup
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ualoqmk] C:\WINDOWS\SYSTEM\reqyxa.exe
O4 - HKLM\..\Run: [Windows] RUN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [A-ToolBar] C:\DOWNLOADS\A-TOOLBAR\A-TOOLBAR\ATOOLBAR.EXE s
O4 - HKLM\..\Run: [Zone Labs Client] C:\Downloads\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [Windows] RUN.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [Spyware Assassin v.4.0] "C:\PROGRAM FILES\SPYWARE ASSASSIN 4.0\SPYWARE ASSASSIN.EXE"
O4 - HKCU\..\Run: [HD] C:\PROGRAM FILES\HISTORYDESTROYER 3.1 TRIAL\Hd.cmd
O4 - HKCU\..\Run: [ANR] C:\DOWNLOADS\DOWNLOADS\OTHER\AUDIO NOTES RECORDER\ANR.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Brother SmartUI PopUp.lnk = C:\Program Files\Scansoft\PaperPort\PopUp\SmartUI.exe
O4 - Startup: Webshots.lnk = C:\Downloads\Webshots\Webshots\Launcher.exe
O8 - Extra context menu item: &Download with &DAP - C:\Downloads\Download Accelarator\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Downloads\Download Accelarator\DAP\dapextie2.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\DOWNLO~1\SPYWAR~3\SPYWAR~2\SPYWAR~1\TOOLS\IESDPB.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\DOWNLOADS\YAHOO MESSENGER\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\DOWNLOADS\YAHOO MESSENGER\MESSENGER\YPAGER.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {94908617-0D0A-470E-977F-7BAB6920D184} (CustomToolbar.Setup) - http://www.infocrawler.com/toolbar/Customtoolbar.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0382637e387fc1717920/netzip/RdxIE601.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v45/pool/pool.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {261EE805-4893-45A3-8E9E-AD90914CB39A} (VacPro.internazionale_98_ver11) - http://www9.advnt01.com/dialer/internazionale_98_ver11.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_6us.cab
O16 - DPF: TruePass EPF 7,0,100,717 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab

Reboot the computer into safe mode by following the directions at this link How to boot into Safe Mode

Next set the computer up to view hidden files by following the directions at this link Show Hidden Files

Run Hijack This again,close all windows except HT, place a check to the left of the following items and press "fix checked":

R3 - URLSearchHook: (no name) - <default> - (no file)

O2 - BHO: SysShield IE Popup Blocker - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\DOWNLOADS\DOWNLOADS\INTERNET ERASER\INTERNET ERASER\PKEXT.DLL (file missing)

O2 - BHO: LinkTracker Class - {85A77577-A8CA-41b7-AA1E-DDAD4C0B12B1} - C:\WINDOWS\SYSTEM\HLWIN.DLL

O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\PROGRAM FILES\ACCOONA\ASEARCHASSIST.DLL (file missing)

O4 - HKLM\..\Run: [ualoqmk] C:\WINDOWS\SYSTEM\reqyxa.exe

O4 - HKLM\..\Run: [Windows] RUN.EXE

O4 - HKCU\..\Run: [Spyware Assassin v.4.0] "C:\PROGRAM FILES\SPYWARE ASSASSIN 4.0\SPYWARE ASSASSIN.EXE"

O16 - DPF: {94908617-0D0A-470E-977F-7BAB6920D184} (CustomToolbar.Setup) - http://www.infocrawler.com/toolbar/Customtoolbar.CAB

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0382637e387fc1717920/netzip/RdxIE601.cab

O16 - DPF: {261EE805-4893-45A3-8E9E-AD90914CB39A} (VacPro.internazionale_98_ver11) - http://www9.advnt01.com/dialer/internazionale_98_ver11.CAB

Next, while still in safe mod, navigate to these file/folders and delete them if found:

C:\WINDOWS\SYSTEM\HLWIN.DLL (file)

C:\WINDOWS\SYSTEM\reqyxa.exe (file)

C:\WINDOWS\run.exe (file)

C:\WINDOWS\System\run.exe (file)

C:\PROGRAM FILES\SPYWARE ASSASSIN 4.0 (folder)

Reboot into normal mode then download and run this cleaner.Please download
http://www.atribune.org/content/view/19/2/ by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Post a new HT log