Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances

 FAQ

Author Message
skp28
Newbie

Joined: 30 Apr 2012
Last Visit: 05 May 2012
Posts: 4
Location: Overland Park, KS

Gary R
Moderator

Joined: 03 May 2005
Last Visit: 22 May 2015
Posts: 10019
Location: Yorkshire

 Posted: Wed May 02, 2012 5:09 am    Post subject: Looking over your log, back soon._________________Gary R Administrator at Malware Removal University If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Gary R
Moderator

Joined: 03 May 2005
Last Visit: 22 May 2015
Posts: 10019
Location: Yorkshire

Posted: Wed May 02, 2012 5:13 am    Post subject:

 Quote: Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a log in the "Help with spyware removal" forum and wait for help. Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.

Hi skp28

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

I'd also recommend that you create a System Restore Point that we can restore to if necessary.

• Click Start, and type Create a restore point into the Search programs and files box.
• Now click on the Create a restore point icon at the top of the find list.
• This will open a System Properties box, with the System Protection tab open ...

• Click on the Create button in the lower part of the window.
• Type Pre Malware Cleanup into the description box, then click Create.
• Windows will now create a Restore Point and notify you when finished.
• Exit any open windows.

Please observe these rules while we work:

• Perform all actions in the order given.
• If you don't know, stop and ask! Don't keep going on.
• Stick with it till you're given the all clear.
• Remember, absence of symptoms does not mean the infection is all gone.
• Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
• Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.

If you can do these things, everything should go smoothly.

• As you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator

 Quote: It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

The HJT log you've posted is from a 64 bit version of Windows 7, and HJT is not compatible with that Operating System. Please run the following scans for me please ....

If you already have a copy of OTL delete it and use this version.

• Double click OTL.exe to launch the programme.
• Check the following.

• Scan all users.
• Standard Output.
• Lop check.
• Purity check.

• Under Extra Registry section, select Use SafeList
• Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
• When finished it will produce two logs.

• OTL.txt (open on your desktop).

• Please post me both logs.

Next

• Double click on TDSSKiller.exe to launch it.

• If using Vista or Windows7, when prompted by UAC allow the prompt.

• Click on Change parameters

• Check Detect TDLFS file system
• Click OK

• Click on Start Scan
• The scan will run.
• When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
• Now click on Report to open the log file created by TDSSKiller in your root directory C:\
• DO NOT TRY TO FIX ANYTHING AT THIS POINT

Next

• Double click SecurityCheck.exe and follow the instructions inside the black box.
• When finished a Notepad document checkup.txt should open.

Summary of the logs I need from you in your next post:

• OTL.txt
• Extras.txt
• TDSSKiller log
• Checkup.txt

Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University

If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
skp28
Newbie

Joined: 30 Apr 2012
Last Visit: 05 May 2012
Posts: 4
Location: Overland Park, KS

skp28
Newbie

Joined: 30 Apr 2012
Last Visit: 05 May 2012
Posts: 4
Location: Overland Park, KS

skp28
Newbie

Joined: 30 Apr 2012
Last Visit: 05 May 2012
Posts: 4
Location: Overland Park, KS

 Posted: Wed May 02, 2012 12:56 pm    Post subject: security check Results of screen317's Security Check version 0.99.32 Windows 7 x64 (UAC is enabled) Internet Explorer 9  Antivirus/Firewall Check: Windows Firewall Enabled! avast! Free Antivirus WMI entry may not exist for antivirus; attempting automatic update.  Anti-malware/Other Utilities Check: Adobe Reader X (10.1.3) Mozilla Firefox (12.0.)  Process Check: objlist.exe by Laurent AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe End of Log`
Gary R
Moderator

Joined: 03 May 2005
Last Visit: 22 May 2015
Posts: 10019
Location: Yorkshire

 Posted: Wed May 02, 2012 2:02 pm    Post subject: I don't see the TDSSKiller log, if you've run the scan then please post the log. If you haven't yet run it, please run the scan then post the log._________________Gary R Administrator at Malware Removal University If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
skp28
Newbie

Joined: 30 Apr 2012
Last Visit: 05 May 2012
Posts: 4
Location: Overland Park, KS

Gary R
Moderator

Joined: 03 May 2005
Last Visit: 22 May 2015
Posts: 10019
Location: Yorkshire

Posted: Wed May 02, 2012 10:01 pm    Post subject:

Nothing of any real concern showing in your logs, so far it's looking like Malware is not the cause of your problems ....

• Double click OTL.exe to launch the programme.
• Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.

 Code: :OTL FF - prefs.js..browser.search.defaultenginename: "SweetIM Search" FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&crg=3.1010000.10011&q=" [2012/04/28 17:47:01 | 000,003,939 | ---- | M] () -- C:\Users\Donene\AppData\Roaming\Mozilla\Firefox\Profiles\lrjhzokt.default\searchplugins\sweetim.xml O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. :Files C:\Users\Donene\AppData\Local\{39C444FD-1FC6-4B6A-A75A-D9A0707E5103} C:\Users\Donene\AppData\Local\{01F93E30-2459-484A-91B7-C20899A7F4FC} C:\Users\Donene\AppData\Local\{4940D722-29B7-4041-BC12-714FFA98F2AC} C:\Users\Donene\AppData\Local\{3AFB6DBA-27E3-41B6-B167-FAED1DA5AB0C} C:\Users\Donene\AppData\Local\{AD35027E-9055-4515-8E8B-A645FCA52B33} :Commands [CreateRestorePoint] [EmptyFlash] [EmptyTemp] [ResetHosts]

• Click the Run Fix button.
• OTL will now process the instructions.
• When finished a box will open asking you to open the fix log, click OK.
• The fix log will open.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

• Please go HERE then click on:

 Quote: Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install. All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

• When prompted allow the Add-On/Active X to install.
• Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
• Now click on Advanced Settings and select the following:

• Scan for potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology

• Now click on:
• The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
• Now click on: (Selecting Uninstall application on close if you so wish)

Summary of the logs I need from you in your next post:

• OTL log
• E-Set log

Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University

If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Gary R
Moderator

Joined: 03 May 2005
Last Visit: 22 May 2015
Posts: 10019
Location: Yorkshire

Posted: Sat May 05, 2012 8:50 am    Post subject:

 Quote: Due to lack of response this topic is now closed. If you still need help you must open a new thread in the Help with Spyware Removal forum, post a new log, and wait for a new helper. If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations Gary R

_________________
Gary R Administrator at Malware Removal University

If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
 Display posts from previous: All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year Oldest FirstNewest First
 All times are GMT - 8 Hours Page 1 of 1