Spyware attack messed my desktop "Help"

[Candy_girl]

oh... if only i've seen what mr howard posted

bcuz now i got another problem. After i did like the previous poster told me and that is to delete all dll's in the log of "LSP-FIX", after i restarted the pc the windows firewall (security system) got disabled and everytime i try to enable it, it automatically disables it self so it resulted in having completley no access to the internet at all (not even by dial up)

should i just do what's on the lsp site that is to repair winsock file ?
Help please.

 

[howard_hopkinso]

Yes, try repairing the winsock file and see if that helps. Then, post a fresh updated version of HJT as requested in my last post.

Regards Howard

This thread is for the use of Candy_girl only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Candy_girl]

It worked! I finally got my connection back.

Thank you so much for everything, Mr. Howard.

I attached you the new log file

 

[howard_hopkinso]

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

regperf.exe
dcomcfg.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\Policies\Explorer\Run: [wininet.dll] regperf.exe

O4 - HKLM\..\Policies\Explorer\Run: [dcomcfg.exe] dcomcfg.exe

O22 - SharedTaskScheduler: ecosystems - {af3fd9a8-1287-4159-9212-9a5b4494af70} - (no file)

O22 - SharedTaskScheduler: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - (no file)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

regperf.exe
dcomcfg.exe

Search your system for the above files and delete all instances found.

Reboot into normal mode and rehide your protected OS files.

Post a fresh HJT log.

Regards Howard

This thread is for the use of Candy_girl only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Candy_girl]

Something wrong with my internet connection!

Ok, so today I restarted my computer and suddenly my connection isn't functioning right, sometimes I can access all sites and sometimes I can only access google.

And I was just checking my network places, I found this this located there;

Here's a screen shot of it; (see attachment)

Since I'm on LAN, I asked the man who has the router, if he installed any new routers or something, and he said no, and everything is still the same.

Could someone have possibly, installed this on my PC, or something? cuz the connection is acting really weird, it doesn't want me to access Yahoo, just google. I got here miraculously, through refreshing dozens of times.

Here's my hjackthis report, maybe there's something there!

Thanx in advance.

 

[momok]

Hi,

Have HijackThis fix these entries:
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
Fix the O17 entries if you do not recognise the domain to be from your ISP.
O22 - SharedTaskScheduler: ecosystems - {af3fd9a8-1287-4159-9212-9a5b4494af70} - (no file)
O22 - SharedTaskScheduler: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - (no file)

I require you to post your AVG Antispyware and ComboFix logs in your next reply please. Please also run AVG Anti Rootkit via Step 11 of the instructions HERE. Let me know the results of the scan.

Regards,
Your friendly momok =)

This thread is for the use of Candy_girl only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Candy_girl]

Hi, remember me?

Ok, so since yesterday my connection has been acting really weird - the pages don't fully load, msn disconnects, I can't download anything off rapidshare (it always tells me that my IP address is already downloading that file, which I'm not)

I connect to the internet via a USB modem. And up until yesterday everything was going fine.

I ran CCleaner and hijackthis (I've attached my logfile)

Please help!

 

[tomrca]

hi candy girl.
yes there some problems there. go to the forum https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/ follow the instructions, you may also cws shredder. unles you live in egypt there are a couple of IP's that need to be looked at.

 

[Candy_girl]

Yes, I do live in Egypt. How did you know?

Yeah, I won't delete those IP items on my hijackthis!

 

[tomrca]

no dont delete them. the IP address tells where it is from

 

[Candy_girl]

Ok, so I gotta a new problem - I use a USB drive called Speedtouch 330 to connect to the internet, ok? So since my last post mentioning how I've been experiencing connection problems, something weird have been happening outta no where this message pops up that says ;

'speedtouch, generic host error something and it needs to be closed. And it gives me these two options either to Send error report or don't send'

So if I click either or ignore it - my windows skin changes to classic. And I use Style XP.

And in order to have everything back to normal, I have to restart the computer.

I'm confused, I don't know what's wrong. I only ran CCleaner, hijackthis, AVG spyware scan, logged into safemode and deleted any suspicious item.

I attached another hijackthis report.

Please help!

 

[tomrca]

you can have hijack this fix this: O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
but before anyone can go any further up date hijack this, the present version is V2.0.2, scan showing hidden folders.
there seems to be coolwebsearch on your pc but update first.uninstall the old hjt
click hijackthis in my signature