Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I HAVE SPYWARE, MY COMPUTER RUNNING REALLY SLOW.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I HAVE SPYWARE, MY COMPUTER RUNNING REALLY SLOW.

Unread postby tony714 » November 6th, 2007, 4:13 pm

THIS IS MY HIJACKTHIS LOG


Logfile of HijackThis v1.99.1
Scan saved at 12:16:41 PM, on 11/6/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.exe
C:\WINNT\system32\proper.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\QuickTime\qttask.exe
C:\winnt\iexplore\iexplore.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\cmd.exe
C:\WINNT\svchost.exe
C:\WINNT\system32\wbem\csrss.exe
C:\Documents and Settings\Oscar\Desktop\Programs\Hijackthis\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINNT\system32\proper.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1888D4BA-8C81-FD13-3C52-03DA8BFFC171} - C:\Program Files\Vojqhbxx\bcgvbeph.dll
O2 - BHO: Explorer Helper - {696A82AF-3AD8-5A16-A1CA-32A59A63A863} - C:\WINNT\system\bremct32.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Flash Module - {C87FA4A3-2474-4a3f-B413-67D515905024} - rasmoesa.dll (file missing)
O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINNT\system32\bronto.dll
O2 - BHO: CBho Class - {F369DA09-FADE-44CB-987F-E2E0DEF51BCA} - C:\WINNT\system32\pgd.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Undefined] C:\WINNT\system32\winter.exe
O4 - Startup: infos.exe
O4 - Global Startup: autos.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O20 - AppInit_DLLs: C:\WINNT\system32\skuns.dat
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINNT\system32\Fkqgck32.dll (file missing)
O21 - SSODL: cyYGseGjvRl - {1CC95E99-B663-F433-3E92-CB8257FAB21E} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
tony714
Active Member
 
Posts: 1
Joined: November 6th, 2007, 3:57 pm
Location: california
Advertisement
Register to Remove

Unread postby Katana » November 10th, 2007, 5:41 pm

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D


I notice you have made a second thread here, have you posted for help at any other forums ?

You have a lot of nasties on there, is your AntiVirus updated ?


Download and Run ComboFix
  • Download Combofix from one of the two links below :

    Download 1
    Download 2
  • Then double click combofix.exe & follow the prompts.
  • When finished, it will produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
ComboFix SHOULD NOT be used without supervision
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: I HAVE SPYWARE, MY COMPUTER RUNNING REALLY SLOW.

Unread postby tonydat1ger » November 14th, 2007, 12:59 pm

THIS IS MY COMBOFIX LOG

ComboFix 07-11-08.1 - Oscar 2007-11-13 16:53:48.5 - NTFSx86 NETWORK
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.154 [GMT -8:00]
Running from: C:\Documents and Settings\Oscar\Desktop\Programs\Fix Computer\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\SecCenter

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_RUNTIME2




((((((((((((((((((((((((( Files Created from 2007-10-14 to 2007-11-14 )))))))))))))))))))))))))))))))
.

2007-11-13 16:53 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_1e0.dat
2007-11-13 16:49 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_3ec.dat
2007-11-13 16:41 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_3b8.dat
2007-11-13 16:15 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_420.dat
2007-11-13 14:01 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_368.dat
2007-11-13 10:07 <DIR> d-------- C:\WINNT\system32\uaiodtpw
2007-11-13 10:07 <DIR> d-------- C:\Program Files\Xwubfglr
2007-11-13 10:07 <DIR> d-------- C:\Program Files\Ekpsbfel
2007-11-13 08:57 51,200 --a------ C:\WINNT\NirCmd.exe
2007-11-12 08:14 156,336 --a------ C:\WINNT\dracee.exe
2007-11-12 08:13 55,808 --a------ C:\WINNT\system32\spoolv.exe
2007-11-12 08:13 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_75c.dat
2007-11-12 08:12 16,384 --a------ C:\WINNT\xlaherx.exe
2007-11-06 08:23 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_45c.dat
2007-11-06 07:54 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_4ac.dat
2007-11-02 15:05 54 --ah----- C:\aaw7boot.cmd
2007-11-02 14:05 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_268.dat
2007-11-02 13:53 4,212 ---h----- C:\WINNT\system32\zllictbl.dat
2007-11-02 13:27 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_40c.dat
2007-11-02 13:03 11,264 --a------ C:\WINNT\system32\SpOrder.dll
2007-11-02 13:01 <DIR> d-------- C:\WINNT\system32\ZoneLabs
2007-11-02 13:01 <DIR> d-a------ C:\WINNT\Internet Logs
2007-11-02 12:56 <DIR> d-------- C:\Program Files\Avira
2007-11-02 12:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-02 12:52 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-02 12:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-02 12:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-02 12:39 41,984 --a------ C:\WINNT\toozfd.exe
2007-11-02 12:35 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_814.dat
2007-11-02 12:30 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_454.dat
2007-11-02 12:23 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_14c.dat
2007-11-02 12:12 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_608.dat
2007-11-02 12:00 <DIR> d-------- C:\Program Files\devedoha
2007-11-02 11:37 <DIR> d-------- C:\WINNT\system32\msvcr61
2007-11-02 11:37 <DIR> d-------- C:\Program Files\Vojqhbxx
2007-11-02 11:37 <DIR> d-------- C:\Program Files\Ckzlenao
2007-11-02 11:37 32,256 --a------ C:\WINNT\system32\msvcr61.dll
2007-11-02 11:36 <DIR> d-------- C:\Program Files\rozqdwfm
2007-11-01 14:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-26 14:47 --------- d-----w C:\Program Files\MSN Messenger
2003-11-28 22:09 271 ---h--w C:\Program Files\desktop.ini
2003-11-28 22:09 21,952 ---h--w C:\Program Files\folder.htt
1999-12-07 12:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03E384D6-E1A7-792A-1851-0AC16EF38DE4}]
C:\Program Files\Ekpsbfel\jzsvxyrm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1888D4BA-8C81-FD13-3C52-03DA8BFFC171}]
C:\Program Files\Vojqhbxx\bcgvbeph.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{696A82AF-3AD8-5A16-A1CA-32A59A63A863}]
C:\WINNT\system\bremct32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C87FA4A3-2474-4a3f-B413-67D515905024}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DABCE839-3831-3818-AF3A-3837BCD324D2}]
C:\WINNT\system32\mskvtns.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 12:05 C:\WINNT\system32\mobsync.exe]
"vptray"="C:\Program Files\NavNT\vptray.exe" [01-09-24 07:59 ]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [02-09-10 20:26 ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06-01-20 08:29 ]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [06-01-30 08:00 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [07-09-04 15:40 ]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-08-03 11:10:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Internet Explorer"= {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINNT\system32\Fkqgck32.dll [ ]

R0 avgntmgr;avgntmgr;C:\WINNT\system32\DRIVERS\avgntmgr.sys
R1 avgntdd;avgntdd;C:\WINNT\system32\DRIVERS\avgntdd.sys
R3 usbhub20;USB 2.0 Root Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys
S3 S3chipid;S3chipid;\??\C:\WINNT\TEMP\_ISTMP1.DIR\S3chipid.sys
S3 viafilter;VIA USB Filter;C:\WINNT\system32\Drivers\viausb.sys

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-13 16:55:08
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-13 16:55:43
.
--- E O F ---



MY NEW HIJACKTHIS LOG


Logfile of HijackThis v1.99.1
Scan saved at 9:02:24 AM, on 11/14/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\mstsc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Oscar\Desktop\Programs\Hijackthis\HijackThis.exe

O2 - BHO: (no name) - {03E384D6-E1A7-792A-1851-0AC16EF38DE4} - C:\Program Files\Ekpsbfel\jzsvxyrm.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1888D4BA-8C81-FD13-3C52-03DA8BFFC171} - C:\Program Files\Vojqhbxx\bcgvbeph.dll (file missing)
O2 - BHO: Explorer Helper - {696A82AF-3AD8-5A16-A1CA-32A59A63A863} - C:\WINNT\system\bremct32.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Flash Module - {C87FA4A3-2474-4a3f-B413-67D515905024} - rasmoesa.dll (file missing)
O2 - BHO: (no name) - {DABCE839-3831-3818-AF3A-3837BCD324D2} - C:\WINNT\system32\mskvtns.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINNT\system32\Fkqgck32.dll (file missing)
O21 - SSODL: cyYGseGjvRl - {1CC95E99-B663-F433-3E92-CB8257FAB21E} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
tonydat1ger
Active Member
 
Posts: 14
Joined: August 16th, 2007, 4:40 pm

Re: I HAVE SPYWARE, MY COMPUTER RUNNING REALLY SLOW.

Unread postby Katana » November 14th, 2007, 1:44 pm

Would you care to choose one helper, rather than myself and Random Random both helping you.

http://malwareremoval.com/forum/viewtop ... 11&t=25119
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: I HAVE SPYWARE, MY COMPUTER RUNNING REALLY SLOW.

Unread postby tonydat1ger » November 14th, 2007, 2:09 pm

OH OK.CAN U HELP ME OUT.
tonydat1ger
Active Member
 
Posts: 14
Joined: August 16th, 2007, 4:40 pm

Re: I HAVE SPYWARE, MY COMPUTER RUNNING REALLY SLOW.

Unread postby Katana » November 14th, 2007, 6:34 pm

Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    File::
    C:\WINNT\system32\mskvtns.dll
    C:\WINNT\system32\Fkqgck32.dll
    C:\WINNT\dracee.exe
    C:\WINNT\system32\spoolv.exe
    C:\WINNT\system32\msvcr61.dll
    C:\WINNT\xlaherx.exe
    C:\WINNT\toozfd.exe
    C:\WINNT\system\bremct32.dll
    
    Folder::
    C:\Program Files\devedoha
    C:\WINNT\system32\msvcr61
    C:\Program Files\Vojqhbxx
    C:\Program Files\Ckzlenao
    C:\Program Files\rozqdwfm
    C:\WINNT\system32\uaiodtpw
    C:\Program Files\Xwubfglr
    C:\Program Files\Ekpsbfel
    
    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03E384D6-E1A7-792A-1851-0AC16EF38DE4}]
    
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1888D4BA-8C81-FD13-3C52-03DA8BFFC171}]
    
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{696A82AF-3AD8-5A16-A1CA-32A59A63A863}]
    
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C87FA4A3-2474-4a3f-B413-67D515905024}]
    
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DABCE839-3831-3818-AF3A-3837BCD324D2}]
    
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "^SetupICWDesktop"=-
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "Internet Explorer"=-
    

  • Save this as CFScript.txt and place it on your desktop.


    Image


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: I HAVE SPYWARE, MY COMPUTER RUNNING REALLY SLOW.

Unread postby Katana » November 21st, 2007, 2:01 pm

Do you still need any help ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: I HAVE SPYWARE, MY COMPUTER RUNNING REALLY SLOW.

Unread postby Gary R » December 4th, 2007, 11:57 am

Due to lack of response this topic is now closed.

If you are the originator of this topic, and you need it re-opened please send an email to 'admin at malwareremoval.com', including a link to this topic.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.

Gary R
User avatar
Gary R
Administrator
Administrator
 
Posts: 21774
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 31 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware