System Alert! Spyware problem

[neph]

Hi.. i'm new here i think my computer is infected, there's a balloon type pop-up that shows in the system tray. and i get pop-ups every 2-3 mins. it says "system alert! System has detected a number of spyware..." i nid help on this i can't remove it form my computer..

i have attached a HighjackThis Log

 

[Daveskater]

Please read this thread If your system is infected, read this before deciding whether to Clean or Format.

If you decide to clean your system, follow these instructions Virus/Spyware/Malware, preliminary removal instructions and post fresh logs as well as the result of the Panda Antirootkit scan.

I can see some pretty nasty malware in your HJT log, namely "My Web Search" in all its nasty forms.

Before following the Virus/Spyware/Malware, preliminary removal instructions (should you choose to), follow these instructions:

Have HJT fix the following entries:

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O1 - Hosts: 87.117.202.117 nprotect.roseonlinegame.com

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCYYYYYYYYPH

O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)

O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15-3.cab

O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupgames.ph/keycrypt/npkcx.cab

O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe


Now go to Control Panel > Add/Remove Programs and uninstall any programs related to this, if any are there:

My Web Search


Then go to My Computer > C:\ > Program Files and delete this folder if it is there:

MyWebSearch


Then go to C:\WINDOWS\system32\ and delete this file if it is there:

npkcsvc.exe

 

[neph]

the thread to the instructions is gone..

 

[Daveskater]

oh yeah, this is certainly a bad thing :dead:

i'll look around and see if it's moved or got a new thread number

 

[neph]

hello sir, panda antirootkit didn't find any rootkits.. here are the log files you need.

 

[evilfantasy]

Do you have Avast installed on the computer?


EDIT: The logs actually look fine, are you still having any problems?

 

[neph]

i had Avast installed recently, but i removed it and installed AntiVir instead.. ^^ i don't have any problems anymore, thanks for all the help sir Daveskater and evilfantasy.. this forum really helped me a lot, thank you all very much! =)

 

[evilfantasy]

Thanks for letting us know.

You will want to perform this step to uninstall combofix and let it clean up behind itself.

Go to Start > Run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit Enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again

Safe surfing........