Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please Help Me get this crap of my computer!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Please Help Me get this crap of my computer!

Unread postby mypcis2old » October 5th, 2010, 11:31 am

My old Thinkpad R52 is on the fritz again and this time I can't fix it myself. I would greatly appreciate any help you all can provide. Some malware which pretends to be antivirus software monopolizes my processor capacity and prevents any other .exe files from running. I had to boot into safe mode with networking in order to run HijackThis as the malware prevented it from running in a normal windows boot. The malware continuously opens its own "system scan" windows reporting myriad "security threats" and offering to fix them if I "activate your antivirus software now" versus "continue unprotected". I'm running symantec on the machine and despite a full scan of the entire computer, it detects no threats (symantec came with the computer.. and it is thoroughly useless). I have pasted the HijackThis log below with the uninstall log beneath that. Thanks again for your help.

ps. HijackThis says that it cannot access the hosts file to remove entries. I am assuming this is because I'm running it in safe mode. I know that I'll have to remove the entries in the hosts file manually and I know how to do that.

Logfile

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:52:56 AM, on 10/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lish\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:27811
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 http://www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 http://www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 http://www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 http://www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 89.248.160.149 http://www.google.com
O1 - Hosts: 89.248.160.149 google.com
O1 - Hosts: 89.248.160.149 google.com.au
O1 - Hosts: 89.248.160.149 http://www.google.com.au
O1 - Hosts: 89.248.160.149 google.be
O1 - Hosts: 89.248.160.149 http://www.google.be
O1 - Hosts: 89.248.160.149 google.com.br
O1 - Hosts: 89.248.160.149 http://www.google.com.br
O1 - Hosts: 89.248.160.149 google.ca
O1 - Hosts: 89.248.160.149 http://www.google.ca
O1 - Hosts: 89.248.160.149 google.ch
O1 - Hosts: 89.248.160.149 http://www.google.ch
O1 - Hosts: 89.248.160.149 google.de
O1 - Hosts: 89.248.160.149 http://www.google.de
O1 - Hosts: 89.248.160.149 google.dk
O1 - Hosts: 89.248.160.149 http://www.google.dk
O1 - Hosts: 89.248.160.149 google.fr
O1 - Hosts: 89.248.160.149 http://www.google.fr
O1 - Hosts: 89.248.160.149 google.ie
O1 - Hosts: 89.248.160.149 http://www.google.ie
O1 - Hosts: 89.248.160.149 google.it
O1 - Hosts: 89.248.160.149 http://www.google.it
O1 - Hosts: 89.248.160.149 google.co.jp
O1 - Hosts: 89.248.160.149 http://www.google.co.jp
O1 - Hosts: 89.248.160.149 google.nl
O1 - Hosts: 89.248.160.149 http://www.google.nl
O1 - Hosts: 89.248.160.149 google.no
O1 - Hosts: 89.248.160.149 http://www.google.no
O1 - Hosts: 89.248.160.149 google.co.nz
O1 - Hosts: 89.248.160.149 http://www.google.co.nz
O1 - Hosts: 89.248.160.149 google.pl
O1 - Hosts: 89.248.160.149 http://www.google.pl
O1 - Hosts: 89.248.160.149 google.se
O1 - Hosts: 89.248.160.149 http://www.google.se
O1 - Hosts: 89.248.160.149 google.co.uk
O1 - Hosts: 89.248.160.149 http://www.google.co.uk
O1 - Hosts: 89.248.160.149 google.co.za
O1 - Hosts: 89.248.160.149 http://www.google.co.za
O1 - Hosts: 89.248.160.149 http://www.google-analytics.com
O1 - Hosts: 89.248.160.149 http://www.bing.com
O1 - Hosts: 89.248.160.149 search.yahoo.com
O1 - Hosts: 89.248.160.149 http://www.search.yahoo.com
O1 - Hosts: 89.248.160.149 uk.search.yahoo.com
O1 - Hosts: 89.248.160.149 ca.search.yahoo.com
O1 - Hosts: 89.248.160.149 de.search.yahoo.com
O1 - Hosts: 89.248.160.149 fr.search.yahoo.com
O1 - Hosts: 89.248.160.149 au.search.yahoo.com
O1 - Hosts: 89.248.160.149 http://www.youtube.com
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [3FWHZQA3LT] C:\DOCUME~1\Lish\LOCALS~1\Temp\Bsq.exe
O4 - HKCU\..\Run: [qhmtvcdu] C:\DOCUME~1\Lish\LOCALS~1\Temp\xqfcnoucc\wtkbvwolanw.exe
O4 - HKCU\..\Run: [Smart Security] "C:\Documents and Settings\All Users\Application Data\7f8d79\SM7f8_302.exe" /s /d
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1400BA97-196D-4683-9170-922581464250}: NameServer = 93.188.163.74,93.188.166.109
O17 - HKLM\System\CCS\Services\Tcpip\..\{6BAF644C-5A74-4297-A512-A483A1E25148}: NameServer = 93.188.163.74,93.188.166.109
O17 - HKLM\System\CCS\Services\Tcpip\..\{E37A89AB-DD4C-4D2D-B980-47C2F037BE9E}: NameServer = 93.188.163.74,93.188.166.109
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.163.74,93.188.166.109
O17 - HKLM\System\CS1\Services\Tcpip\..\{1400BA97-196D-4683-9170-922581464250}: NameServer = 93.188.163.74,93.188.166.109
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.163.74,93.188.166.109
O17 - HKLM\System\CS2\Services\Tcpip\..\{1400BA97-196D-4683-9170-922581464250}: NameServer = 93.188.163.74,93.188.166.109
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.74,93.188.166.109
O20 - Winlogon Notify: AfsLogon - C:\Program Files\OpenAFS\Client\Program\afslogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: OpenAFS Client Service (TransarcAFSDaemon) - OpenAFS Project - C:\Program Files\OpenAFS\Client\Program\afsd_service.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 10151 bytes

Uninstall_list

µTorrent
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9
Audacity 1.2.6
Cisco Systems VPN Client 5.0.04.0300
Compatibility Pack for the 2007 Office system
DVD Shrink 3.2
FL Studio v7.0
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Intel(R) Graphics Media Accelerator Driver for Mobile
Java(TM) 6 Update 18
LAME v3.98.2 for Audacity
LiveUpdate 3.1 (Symantec Corporation)
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.19)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Essentials
neroxml
OpenAFS for Windows
PE Builder 3.1.10a
Pharos
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
SMAC 2.0
SoundMAX
SpinWorks_3
Symantec AntiVirus
System Update
ThinkPad FullScreen Magnifier
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad SATA Power Management Driver
ThinkPad UltraNav Driver
ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows XP Service Pack 3
mypcis2old
Active Member
 
Posts: 1
Joined: October 5th, 2010, 11:17 am
Advertisement
Register to Remove

Re: Please Help Me get this crap of my computer!

Unread postby Cypher » October 7th, 2010, 2:53 pm

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Read Backup Made Easy

HijackThis says that it cannot access the hosts file to remove entries. I am assuming this is because I'm running it in safe mode. I know that I'll have to remove the entries in the hosts file manually and I know how to do that.

Do not make any changes to you're system unless i tell you to do so.
If you run fixes unsupervised you could render you're PC unbootable.


Remove P2P Programs

  • I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

    µTorrent

  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Next.

Please boot into Safe Mode with Networking if you are still unable to boot to normal mode.

Next.

Please download Rkill from one of the following links and save to your Desktop:

One, Two,Three or Four

  • Double click on Rkill.
  • A command window will open then disappear upon completion, this is normal.
  • When finished, Notepad will open with a log called, "rkill.log".
  • Please copy and paste the contents of the rkill.log in your next reply.
  • The file is automatically saved... located at C:\rkill.log.
  • Please leave Rkill on the Desktop until otherwise advised.

Note: If your security software warns about Rkill, please ignore and allow the download to continue.


Next.

Malwarebytes Anti-Malware:

  • Launch the application, Check for Updates >> Perform Quick Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Next.

RSIT (Random's System Information Tool)

Please download RSIT by random/random... and save it to your desktop.
  • Double click on RSIT.exe to run it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... 2 logs files...will be produced.
  • The first one, "log.txt", << will be maximized
  • The second one, "info.txt", << will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)



Logs/Information to Post in your Next Reply

  • Malwarebytes log.
  • RSIT log.txt and info.txt contents.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Please Help Me get this crap of my computer!

Unread postby muppy03 » October 10th, 2010, 4:35 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Malware Removal forum, include a fresh HijackThis log, and wait for a new helper.

If you have been helped and wish to donate to help with the costs of this volunteer site,
please read Donations For Malware Removal
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 13 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware