TechSpot

8-Step Removal Logs

By CreamPuff
Feb 7, 2009
Topic Status:
Not open for further replies.
  1. A couple weeks ago my internet access began getting hijacked & I couldn't download any virus removal or update software. I downloaded all these programs at work to a portable drive & installed them @ home. Here are my logs and I hope somebody out there can help me out. Thanks!
  2. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Uninstall Avast (Seeming you have Avira Antivirus installed)
    Note: You can only have one Antivirus installed at a time

    Update Avira
    Startup Malwarebytes again
    Update Malwarebytes (the update button is found on the third tab in the program's toolbar)

    Do another full scan of the Updated Malwarebytes, with Avira updated, and protecting in the background. (Pretty sure it will find more Malwares to remove)
  3. CreamPuff

    CreamPuff Newcomer, in training Topic Starter

    I uninstalled Avast, updated Avira, updated Malwarebytes (I think I had the current version though) and ran another scan with Avira running in the background. Attached are the results of this scan.
  4. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

  5. CreamPuff

    CreamPuff Newcomer, in training Topic Starter

    Alright, I ran CC, reset IE, restarted my PC and ran a Malwarebytes scan which didn't find anything.

    I didn't setup my IE tho' because I've actually changed my default browser to Mozilla since I've heard it may offer better protection, not sure if that's true but it wouldn't hurt either. Anyway I've attached a copy of my latest Mbam scan. Thanks!
  6. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Thanks I need to see the new HJT log (restart first before creating)

    Actually, download Startup Control Panel and remove any (many) not required shortcut startups (these startups just slow your computer down, and create a large HJT log, which I'd rather have reduced in size)

    Anyway, then restart, and then create a HJT log and attach it
    Also report on how it's presently going
  7. CreamPuff

    CreamPuff Newcomer, in training Topic Starter

    I downloaded SCP & disabled anything that I thought made sense to.
    I restarted the PC & ran a new HJT log.

    My PC seems to be running like it used to, no re-directs & downloading/accessing sites works like it's supposed to. Also, there's nothing I can see directly but I'm still unsure of what may be lurking in the background....
  8. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Re-open HJT and do a scan
    Place a tick next to the following two items
    Before selecting fix, close all\any Internet browsers
    Select Fix
    You can also now uninstall SuperAntiSpyware, or stop it from starting with Windows (either way is good)

    Precautionary measure:

    Download Combofix
    Lots of info on its use h e r e
    Direct download h e r e

    Save it to a location that you can easily find later (in Safe Mode) ie directly to C drive

    Restart your computer to Safe Mode (by repeatedly pressing F8 on your keyboard before Windows starts)
    Log into your Administrator account
    Locate the previously downloaded Combofix
    Double click on it to run, answering any prompts along the way
    Note: during Combofix scan (lasting up to 10mins) your Desktop and clock may reset (all normal)

    Once Combofix has finished, save the log file to be attached to a new reply
    Restart back to Normal mode, and attach the Combofix log
  9. CreamPuff

    CreamPuff Newcomer, in training Topic Starter

    I've got major issues now...

    Everything was cool after running the last HJT log. But, after installing and running Combofix in Safe Mode windows will now not boot up in Normal mode. My Vaio startup screen appears and it looks like Windows will boot like it normally does, but I get nothing. Just a blank black screen. Everything seems fine though in Safe Mode.

    I've attached the Combofix & HJT log and will now patiently await instructions.

    PS - I've tried to stop SuperAntiSpyware from starting by using Startup Control Panel, but when I restart the program starts anyway & conflicts with Combofix. Do you know of any other way of disabling SAS other than uninstalling?

    Thanks
  10. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Please do the following

    Uninstall Zone Alarm (we'll discuss Comodo as a better alternative later)
    Uninstall SuperAntiSpyware (this may be re-installed later)
    Download and run this tool: http://www.dougknox.com/xp/utils/XP_FixLogon.zip
    This utility checks for the correct GINA value in the Registry and will allow you to restore it, if its incorrect.

    Restart back to Normal mode, then provide a new HJT scan log
  11. CreamPuff

    CreamPuff Newcomer, in training Topic Starter

    Alright, I deleted superantispyware & Zone alarm & I was able to boot in Normal mode.

    Here's my latest HJT log. Thanks
     
  12. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    That's better :)

    You can also startup HJT Scan (only) again, and remove (tick and fix) these entries:
    It's looking lots cleaner
    But Combofix, I think has just updated, either way it would be wise to start it again (normal mode is fine)
    If it asks to be updated, allow it to download any updates
    Run the scan

    The only real annoying part is when it creates a log (after restart) it seems to take forever! (but wait until finished)

    Attach the Combofix log to a new reply
    Then do the following (even without my reply at that stage)

    Also do this as well:
    Clear & Reset System Restore's Cache
    Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
    * Tick on the checkbox - Turn off System Restore on all drives
    * Click Apply
    Turn it back 'On' by unticking the same checkbox & click Apply, and then OK

    Download and run KCleaner
    Default install, and then press Start on it

    Restart again

    Basically you're done at this point. But you possibly wanted a personal firewall
    My recommendation is to actually continue as you are, but if you use your computer for online banking and other very sensitive Internet work, then you may want to download Comodo free Firewall

    It would be nice to get feedback as well after all this :)
  13. CreamPuff

    CreamPuff Newcomer, in training Topic Starter

    OK, all went well during that round. Here's my ComboFix log.

    I'll perform the rest of the steps you recommended & then wait for your recommendations or I'll let you know how everything is going. Thanks!
  14. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Yep, looks good :grinthumb

    You may want to update to a more secure Hosts file
    There's lots of important info on that here: http://www.mvps.org/winhelp2002/hosts.htm
    As it's difficult to see the actual download, here it is: http://www.mvps.org/winhelp2002/hosts.zip
    Important! Windows Vista requires special instructions: http://www.mvps.org/winhelp2002/hostsvista.htm

    Simply download the hosts.zip file, extract, then run mvps.bat, then restart

    Then restart, and test browsing the Internet again :)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.