Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please help remove this spyware!!!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Please help remove this spyware!!!

Unread postby mgwells70814 » May 17th, 2010, 9:17 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:40:42 PM, on 5/17/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O1 - Hosts: 4-open-davinci.com
O1 - Hosts: securitysoftwarepayments.com
O1 - Hosts: privatesecuredpayments.com
O1 - Hosts: secure.privatesecuredpayments.com
O1 - Hosts: getantivirusplusnow.com
O1 - Hosts: secure-plus-payments.com
O1 - Hosts: http://www.getantivirusplusnow.com
O1 - Hosts: http://www.secure-plus-payments.com
O1 - Hosts: http://www.getavplusnow.com
O1 - Hosts: safebrowsing-cache.google.com
O1 - Hosts: urs.microsoft.com
O1 - Hosts: http://www.securesoftwarebill.com
O1 - Hosts: secure.paysecuresystem.com
O1 - Hosts: paysoftbillsolution.com
O1 - Hosts: protected.maxisoftwaremart.com
O1 - Hosts: http://www.google.com
O1 - Hosts: google.com
O1 - Hosts: google.com.au
O1 - Hosts: http://www.google.com.au
O1 - Hosts: google.be
O1 - Hosts: http://www.google.be
O1 - Hosts: google.com.br
O1 - Hosts: http://www.google.com.br
O1 - Hosts: google.ca
O1 - Hosts: http://www.google.ca
O1 - Hosts: google.ch
O1 - Hosts: http://www.google.ch
O1 - Hosts: google.de
O1 - Hosts: http://www.google.de
O1 - Hosts: google.dk
O1 - Hosts: http://www.google.dk
O1 - Hosts: google.fr
O1 - Hosts: http://www.google.fr
O1 - Hosts: google.ie
O1 - Hosts: http://www.google.ie
O1 - Hosts: google.it
O1 - Hosts: http://www.google.it
O1 - Hosts: google.co.jp
O1 - Hosts: http://www.google.co.jp
O1 - Hosts: google.nl
O1 - Hosts: http://www.google.nl
O1 - Hosts: google.no
O1 - Hosts: http://www.google.no
O1 - Hosts: google.co.nz
O1 - Hosts: http://www.google.co.nz
O1 - Hosts: google.pl
O1 - Hosts: http://www.google.pl
O1 - Hosts: google.se
O1 - Hosts: http://www.google.se
O1 - Hosts: google.co.uk
O1 - Hosts: http://www.google.co.uk
O1 - Hosts: google.co.za
O1 - Hosts: http://www.google-analytics.com
O1 - Hosts: http://www.bing.com
O1 - Hosts: search.yahoo.com
O1 - Hosts: http://www.search.yahoo.com
O1 - Hosts: uk.search.yahoo.com
O1 - Hosts: ca.search.yahoo.com
O1 - Hosts: de.search.yahoo.com
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: AT&T Internet Security Suite Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe
O23 - Service: AT&T Internet Security Suite AT&T Firewall (RP_FWS) - AT&T - C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe

End of file - 8914 bytes
Active Member
Posts: 1
Joined: May 17th, 2010, 8:42 pm
Register to Remove

Re: Please help remove this spyware!!!

Unread postby askey127 » May 20th, 2010, 8:30 am

Hi and welcome to Malware Removal
Sorry for the delay in answering your request.
We have had more logs than we could handle in a timely manner.

Please be aware that removing Malware is a potentially hazardous undertaking. Recent infections change often, and are specifically designed to make their removal very difficult. I will take care not to knowingly suggest courses of action that might damage your computer. However it is not possible to foresee all interactions that may happen between the software on your computer and the programs we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start. You may wish to read Microsoft's page on how to Back up your files

Please note the following guidelines:
  • The instructions being given here are for YOUR computer and system only.
  • Please DO NOT run any other tools or scans while I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible, since your Internet connection might not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If your Security Software blocks or deletes a program I ask you to use, please temporarily disable the Security software and use the program as instructed.
    Let me know afterward if you needed to do this. You can re-enable the Security software(Anti-Virus or whatever) after the program is run.
  • The logs from the tools we use can take some time to research so please be patient.
If you have any P2P file sharing programs installed (LImewire, Vuze, Azureus, Bitlord, uTorrent,etc.), I will ask you to uninstall them. They are commonly used by malware purveyors to infect your computer.
If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

If you still wish to receive help and are not receiving it elsewhere, please proceed as follows:
First, tell me anything you know about your relationship with Ecomdevel, LLC
You have pieces of CA Pestpatrol, McAfee, AT&T, AVG Free, and Authentium installed on this Machine.
They all have Antivirus applications. By having more than one, you are crippling the machine and making it LESS SECURE.
You need to have only ONE of those installed, and UNINSTALL ALL THE OTHERS.
So Choose which one to keep (make sure it's one you can update), and uninstall all the others.

When you are done, please REBOOT the machine. Then:
Post a New HiJackThis Log
Start HijackThis
Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply.
Retrieve the List of Installed programs Using HJT
Open HijackThis, click Open The Misc Tools Section. Then scroll down the list if you need to, click Open Uninstall Manager and Save List...
The List of installed programs will automatically be saved as uninstall_list.txt in your HiJackThis folder.
In addition, the list opens in Notepad so you can also save as another name in another location if you wish.
Please paste the contents into your next reply.

So, after the Removals, we will be looking for a fresh HijackThis log, and the installed programs list.
Also please tell me about Ecomdevel.
User avatar
Posts: 13901
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Please help remove this spyware!!!

Unread postby NonSuch » May 23rd, 2010, 11:23 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Posts: 27257
Joined: February 23rd, 2005, 7:08 am
Location: California

  • Similar Topics
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!

Who is online

Users browsing this forum: No registered users and 54 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware