PC-AntiSpyware, yes another one

Status
Not open for further replies.
Hey y'all.

I am new to this forum and am in desperate need of help before I take my grandma's skillet and bash this computer to bits.

As so many others are experiencing, I have that lovely little pop up. Have tried all the basic spyware removal tools I have on the computer to no avail.

And yes, I see where others have had the same problem but I do also see where the person helping them warns us not to post our logs there so I am nervous about using the directions for someone else. Just what I don't need is to create more problems on this computer.

Thanks for all of your help. I know I need to post a log of some type but am not sure how to do so.

Thanks again.
Laura
 
Create an uninstall list
  • Launch Hijackthis
  • Click the Open the Misc Tools section button
  • Click the Open Uninstall Manager button.
  • Click the Save list button.
  • Attach this log into your next reply

Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please attach the log into your next reply.
  • If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Download and Install SuperAntiSpyware Free
  • Launch SuperAntiSpyware
  • Click Check for Updates and update to the latest definitions.
  • Click Scan your Computer
    • Check all boxes in the Scan Location box.
    • Check the Complete Scan radio button.
    • Click Scanning Preferences/Control Centre button.
      • Uncheck Ignore files larger than 4MB (recommended)
      • Check Scan Alternate Data Streams.
      • Click Close.
    • Click Next
  • SuperAntiSpyware will now scan your computer for infection. (This could take in excess of an hour depending on the number of files scanned)
  • When finished it will present you with a summary of its findings.
  • Click OK.
  • The Removal Screen will open.
    • Check the items in the list to mark them for Quarantine.
    • Click Next and SAS will Quarantine them.
Please send me the log.
  • Click the Preferences button.
    • Click the Statistics/Logs tab.
      • Logs are listed by date and time, click on the latest one to highlight it (at the top).
      • Click View log.
    • This will open a log page.
    • Attach the log in your next post please.
CAUTION: SuperAntiSpyware comes with a programme called Bootsafe, do not for any reason use this programme, if used on an infected computer it could render it UNBOOTABLE.

The first thing that I need you to do for me is to download and install HijackThis for me,

Highjackthis Instructions
  • Make sure you have the LATEST version of HJT (currently v2.0.2) it can be downloaded from HERE
  • Run the HijackThis Installer and it will automatically place HJT in its own folder, usually C:\Program Files\Trend Micro\HijackThis. Please don't change the directory as it is necessary to create backups.
  • After installing, the program launches automatically, select Scan now and save a log
  • After the scan is complete attach it into your reply.
Do not attempt to fix any item yet.
Do not add anything to the ignore list.
Don't use the AnalyseThis button, its findings are dangerous if misinterpreted.

Download and Run ComboFix
  • Download this file to your desktop from either of the two below listed places :

    HERE or HERE
  • Then double click combofix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Attach that log in your next reply
WARNING: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
 
Thanks for the assist, have attached logs I hope.

Thanks so much. I hope I have attached all the logs. I didn't read it correctly so I created the uninstall log from Hijackthis after I had already done some of the other stuff. I hope this didn't mess things up too badly.

I appreciate it so much that you have taken the time to work with me on this.

Please tell me what I need to do next, and I promise to follow the instructions more carefully.

Laura
 
Looking over the logs now, its going to take me a while though, one thing I will say, uninistall either Avast! or Norton, both of them are running and this does not mean twice the protection.
 
P2P Warning!

  • IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

    LimeWire

    Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
    Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation

    I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

    References for the risk of these programs can be found in these links: http://www.microsoft.com/windows/ie/community/columns/protection.mspx
    http://www.techweb.com/wire/160500554
    http://www.internetworldstats.com/articles/art053.htm
    See Clean/Infected P2P Programs here

    I would recommend that you uninstall LimeWire,Shareaza, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

    If you wish to keep it, please do not use it until your computer is cleaned.


Fix entries using HiJackThis
  • Launch HiJackThis
  • Click the Do a system scan only button
  • Put a check next to the entries listed below
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (file missing)
O3 - Toolbar: stfngdvw - {EAE50642-A7D4-487E-B6C0-E5A512BA6F88} - C:\WINDOWS\stfngdvw.dll (file missing)
O23 - Service: SAiDownloader - Intel Corporation - (no file)


  • IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
  • Click the Fix checked button and close HiJackThis
  • Reboot HijackThis if necessary

Rename HijackThis.exe to labooth1.exe by doing the following;

  • Navigate here using Windows Explorer (windows button + E) or My Computer -> Local Disk C: -> Desktop\hijackthis\HijackThis.exe[/color]
  • Right-click on the HijackThis.exe
  • Choose from the pull-down menu; "Rename"
  • And now Rename HijackThis.exe to labooth1.exe
  • When you've renamed HijackThis, open HijackThis again.
  • Take a fresh HijackThis log (click Do a system scan and save a log file)
  • Attach the fresh HijackThis log here.
 
Continuing to follow directions

Okay, hopefully I have done all you requested correctly.

Am attaching newest log.

Thank you again for taking the time to assist us folks that are not knowledgable.

Laura
 
Status
Not open for further replies.
Back