Greetings, First let me explain how I got this worm, virus, or trojan or whatever it is. There are several sites that use flash games and advertisements on those pages like yahoo. When one goes to them they automatically try and load java. Next you have this trojan called Think Power trying to get you to scan your computer for antispyware. I know this is a dummy or bogus prog. The file is actually called hotfix.exe which is the trojan. Naturally I got rid of it but thats not the prob. Somehow this trojan rewrites WScript.exe and svchost.exe. which in turn tries to constantly load explorer and connect to a Malware site. I was running Avast and it would block it but when scanning would not fix or find the problem. It also tries to shutdown svchost and then windows tries to go into DOS or classic mode. eeeeeerrrrr. Avast would tell me these two exe files were trying to go to malware sites but will only block them. I have ran Avast, Superantispyware, windows defender(which no says has a problem and cannot load), the Onelive care on microsoft site, the malware removal tool on microsoft, the TDSS rootkit killer removal tool, Norton, Macaffree, Hijackthis, NOD32, spybot, symantec fix it(for several worms), Trojan Remover, and of course the progam everyone thinks is God Maleware bytes - this prog doesn't do jack cept eat up time. Not one can find or fix the problem. Whats up with that? Out of 20 of the best progs not one can do the job? They found lil stuff like cookies but thats it really. I have followed the advice on microsft and other sites downloading all the best maleware and virus antipsyware progs and none work. Why would I pay for anything that doesn't work LOL! You feel me? This is what NOD32 from ESET shows now that I am running it which keeps blocking this site and gives me random numbers for an address or site. Z0g7yail0.com/ random letters numbers PTAmcmQ9MA = = 38x is the site it keeps blocking. thats only part of the prob. explorer keeps opening up a window to something like a walmartgift card site too. antivirus prog not block that. Last but not least is the annoying fact that this worm/virus has changed part of the text I view on web pages to ittalic but not all the text is like that. eeeerrrrrrrr. Does anyone know hat the heck is going on with my computer? cause searching the forums doesn't seem as if anyone else discusses the same probs I have. Can someone for the love of God help me kill this nasty pest that has freaking snuck its way into my computer? Please?1 person needs an answerI do too

Hi DjNasT, ·What is the version of Internet explorer you have installed on your computer?·Provide us the complete error message you receive when you try to connect to Windows update or Windows defender.·What is the service pack installed on your computer? 1. Run the fix it which will reset the security setting in internet explorer : Improve performance, safety and security in Internet Explorer:http://support.microsoft.com/mats/ie_performance_and_safety/en-us 2. Also you may follow the steps from the below link:Prevent Pop-up Ad Windows When Browsing:http://www.microsoft.com/windows/ie/ie6/using/howto/privacy/restrictedsites/stoppopups.mspx Regards:Samhrutha G S - Microsoft Support.Visit our Microsoft Answers Feedback Forum and let us know what you think.

I have windows XP, IE8, Ok for windows defender when I try and load it the error message given is 0x800106ba. Defender was given me the error message Numbers then efe or fee I think which I looked up already and the support page for error codes just says I am unable to connect to the page. I already tried all the suggested tips on the support page to fix the problem and none of them worked. I have already tried the run the fix it site too and it did not work either. I have tried a system restore several times even in safe mode. System restore just said it was unable to restore on that date. I tried 6 different dates too. I alreday have several popup blockers installed. NOD32 just keeps poping up from time to time giving me randomly blocked ip addresses trying to laod explorer to the site I mentioned in my first post. I honestly believe something has taken over my scvhost.exe and WScript.exe files and is causeing them to try and load MAlware sites. Like I mentioned earlier though none of the antispyware/virus/malware progs have found anything wrong but obviously something has put a script file or something on my computer thats messing with my registry keys or something ya know. Just non of the malware progs seem to recognize it as malware either that or it has cloned an existing file and the malware progs do not recognize it as a threat. Like I said earlier downloaded almost 20 different freaking malware progs including everything on the microsft for maleware Onelive and MSRT, tried the fix it too. Nothing has helped. As for the ittalic text for the browser I fixed that on my own. Just went and redownloaded the font file for arial and everything went back to normal. SO right now I need help figuring out how to find what is causing explorer to attempt to open my browser to a Mal site. 2 what is blocking windows defender and win update from loading or connecting to microsft and what is blocking system restore that won't allow it to complete. Thats just crazy why have a system restore if you cannot even use it LOL!.Anyways if you can please help me figure out those two problems it would be greatly appreciated. I have read something about manually fixing svchost.exe on E-How but I'm not about to go deleting that file cause I know you have to have it for windows to run. Peace!

Here is a copy of the log file from Hijackthis, and no I haven't done anything with hijackthis no fixes with the prog. Perhaps it will help IDK. Logfile of Trend Micro HijackThis v2.0.4Scan saved at 12:47:19 PM, on 12/15/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\windows\System32\smss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\system32\lsass.exeC:\windows\system32\svchost.exeC:\windows\System32\svchost.exeC:\windows\system32\svchost.exeC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\windows\Explorer.EXEC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\windows\system32\ctfmon.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\Alwil Software\Avast5\AvastUI.exeC:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\windows\System32\mshta.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\msiexec.exeC:\Program Files\Trend Micro\HiJackThis\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.comO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dllO3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dllO3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dllO4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitserviceO4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exeO4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - Global Startup: avast! Free Antivirus.lnk = C:\Program Files\Alwil Software\Avast5\AvastUI.exeO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\windows\system32\shdocvw.dllO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\windows\system32\shdocvw.dllO16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} (SOE Web Installer) - http://launch.soe.com/plugin/web/SOEWebInstaller.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dllO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cabO16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) -http://picture.vzw.com/activex/VerizonWirelessUploadControl.cabO16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLLO22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dllO23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exeO23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exeO23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exeO23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exeO23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe--End of file - 6040 bytes

Please look at my previous post. It has a log file from Hijackthis as well. TY!

Wow, looks like you've tried everthing. Time for a format and reinstall.

We do NOT interpret HJT logs in these forums.Please post any/all further follow-up in replies to your newer thread: http://social.answers.microsoft.com/Forums/en-US/InternetExplorer/thread/05f87e56-08f1-421e-be24-bcadeafef22f~Robear Dyer (PA Bear) ~ MS MVP (IE, Mail, Security, Windows & Update Services) since 2002 ~ Disclaimer: MS MVPs neither represent nor work for Microsoft