Spyware Guard/winscenter.exe/gadcom.exe/sbnt.exe

[olekingcole001]

so, the story goes like this:

i get home from college, and my family is freaking out because neither of the home computers are working. neither had any sort of antivirus or scanning programs installed (!!!) so i immediately installed both spybot and avast. after taking a closer look at the two, i'm getting frustrated. one is too bogged down with so many programs and such, and freezes every couple of minutes. this one, i've given up on, and needs to be wiped.

the second, i have hope for -though i'm not sure why. it has the Spyware Guard/ fake Windows Security Center combo, and after a more careful look, i've also found some other little bugs, like gadcom.exe and sbnt.exe, and whatever is hijacking firefox (every time i click a link in google, it redirects me to a popup-very annoying while trying to fix this). i've sifted through several fixes other people have worked through in other forums, such as using OTScanIT (just didn't do anything when i used the fix they used) and ComboFix (windows won't even open the program).

so i've finally decided to ask for help, as i realize i'm getting nowhere. i saw some helpful replies and decided to post here, but as i went to go through the 8-step process, i could only complete half. i put an antivirus on and let it do its thing. i used ccleaner. updated java. i can disable my protection, but after that, i'm stuck. i can't open the install files for Malwarebytes' Anti-Malware, HijackThis, or SuperAntiSpyware, so i can't attach those files. tried opening up windows in safe mode to see if it would help, but came up with the black screen with the words safe mode in the corners, but nothing else loaded.

Help?

 

[kimsland]

Special case where after installing MBAM and SAS they will not update or run
Read here: https://www.techspot.com/vb/topic116603.html

 

[mflynn]

Hi okc

D/L Xclean_Micro http://www.xblock.com/download/xclean_micro.exe
No install, just run it delete all it finds decline to reboot on each item found.

Xclean will run minimized and will pop up a window if it finds anything. If it finds nothing it will exit.

Please make a note of what it found if any as it has no log.
----------------------------------------------------------------------------------------------------------------------------------------------------
Don't reboot from above continue here

Special case where after installing MBAM and SAS they will not update or run.
https://www.techspot.com/vb/post684649-3.html

Now try UPDATING mbam and sas. If they will not update but will run then run them without updates.

If they run and show removed deleted malware then try updating again and run again until clean logs.

Attach all logs for each run as they are run.

Mike

Opps Kim I didn't see your post.

 

[olekingcole001]

SWEET! so I followed the instructions regarding TDSSserv.sys, and I can now use google! and even better than that, MBAM is installed and running. HijackThis has already run, I'll attach the logfile for that, as well as MBAM and SAS in another post when they're done

on another note, I'm not sure how relevant it is, but when I started up the computer today, and I keep getting messages telling me different .exe files are corrupt (things like firefox) and it references me to the index.dat file every time (C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat)...took me 3 tries to get the computer past the microsoft load screen, and after that, it took another 3 to make it fully load without freezing after getting past to the logon screen. after fixing the TDSSserv.sys issue and restarting, computer ran diskcheck, and it seems to be all better.

also ran xclean_micro, but the only thing it really pulled up the couple of times that I ran it was W32.MSNmaker

thought I'd send a quick update, I'll post more later...thank you so much for your help guys!

and here's the other two

 

[kimsland]

-> No action taken on MBAM scan, for found issues

Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected. <========= Not Done

Please re-run Malwarebytes
Confirm updated (third tab)
Then do the above quoted message, but this time "Remove all found issues"

 

[mflynn]

You best rerun both MBAM and SAS after updating and begin removing them.

You are eat up with infestation.

Run them post logs and run them again to see if the first removals uncovered more that were hidden.

If so attach those logs and run again. Goal is a clean log.

Mike

 

[olekingcole001]

sorry it's been so long since my post, things have been crazy and i haven't found the time to work on all of this...but i went back and looked at that mbam log, and realized i saved the log BEFORE removing the items, but i did...anyways, i ran SAS again, then MBAM again (and saved the log after i removed the items), and then hijackthis...so here are the logs

 

[mflynn]

OK good job.

Both MBAM and SAS have deletions/removals.

But these are only what they saw the first run thu. They both need to be ran again to see what they missed on the first run.

But run ComboFix below first, post its log then UPDATE and run both MBAM ans SAS again.

ComboFix

NOTE: If you have had ComboFix more than a few days old delete and re-download.

Get it here: https://www.techspot.com/downloads/5587-combofix.html
Or here: http://subs.geekstogo.com/ComboFix.exe

Double click combofix.exe follow the prompts.

When finished, it will open a log.
Attach the log and a new HJT log in your next reply.

Note: Do not click combofix's window while its running. That may cause it to stall.

Mike