Can't remove spyware

if you have used system restore then you may have reinfected yourself. time to start over, rescan and post a new hjt log.

 

I could'nt run system restore I was trying to use it so everything would go back to a point before I used combofix because after I used it the task bar and start menu changed to the old version and i can't go online and I don't know what to do to fix it. the main thing is why can't I go online.

 

mav41,
have you made any progress? your HJT log has a few suspects from what i can see....although i'm no experet on these logs.



R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredit...?p=ZKxdm021YYUS.....tool bar edit...hmmmm



I would certainly recomend doing another HJT "SCAN ONLY" and check and remove the "R3" & "08" PATHS LISTED ABOVE. NOT QUITE SURE ABOUT THE "04" i'd leave it alone 4 now.

And after that... re-boot in SAFE MODE"(tap F8 continously upon restart) and run every anti-virus, and anti-spyware program you have installed. then reboot in normal mode and check your progress/post back.

cheers

 

Why do you think I should remove those things can you please tell me what they are.


Does anybody know why i can't go online after using combofix.

 

combofix has nothing to do with your ability to get online. remove it like this:
start>run type in combofix /u
click ok there is a space after the 'x' in combofix

 

read the link in my sig

 

I'm not saying it was Combofix. When you posted the text and told me to save it on notepad and scan that with Combofix and reboot. After I did that,is when I could'nt go online and like I said before my taskbar and start menu changed. I don't know if it removed things from my PC that it was'nt supposed to remove.


I was looking at the Combofix quarantined files and I wondering if that could be causing the problems. Here they go, if somebody would take a look at them and let me know I would really appreciate it.



C:Qoobox\Quarantine\D\Autorun.inf.vir
C:Qoobox\Quarantine\C\Program Files\Internet Explorer\msimg32.dll.vir
C:Qoobox\Quarantine\C\Windows\System32\f3PSSavr.scr.vir
C:Qoobox\Quarantine\C\Windows\rs.txt.vir
C:Qoobox\Quarantine\C\Windows\dat.txt.vir

 

those item in C:Qoobox have been removed bt combofix as malware. theres nothing in there thats causing the networking problem.

right click in the task bar select properties then the start menu st the top. change back from the classic style, click apply then ok.
can you ping a webpage? start>run>type in cmd, click ok. at the prompt type in ping wwww.yahoo.com (to check your connectivity)

 

Another thing I forgot to mention was I'm not getting any sound on my PC. And it's not only the taskbar asnd start menu that changed it's also the windows. I tried changing the settings on the taskbar and start menu but they're not set to classic.


I really don't know what to do. Is there any way I can run System Restore. this is the message I get when I try to run it.



System Restore is not able to protect your computer.Please restart your computer, and then run System Restore again.

 

hi,

check to see that the service is running.

start>run and type in services.msc then click ok.

under the name column look for System Restore service

right click on it and select properties

under the general tab make sure the startup type is set to: automatic
and the service status is: started
if not change them to that, click apply then ok
reboot computer.

 

Thank You for responding.
I did what you said.System Restore was stopped and I clicked start and this message appeared.

Could not start the System Restore Service service on Local Computer.Error 1083: The executable program that this service is configured to run in does not implement the service.


Any idea what it means?

 

remove combofix if you havent yet. try running windows file checker.
start>run and type in sfc /scannowthere is a space after the c in sfc
may be prompted for the windows install cd.

 

After the Windows file checker was done scanning the window closed and nothing happened.


In your previous post,where you told me to check what services where running I checked Network connections (It's stopped) I clicked start and the same message appeared as the one when I tried starting System Restore.


What Do you think I should do now?

 

Spyware is smart enough not to erase themself in system restore, the only way to completely 100% remove this stuff is to backup your data, format your hdd, and re-install windows, that is the only way to be completely sure your computer still doesn't have junk on it.

read my sticky in my sig how to keep your pc your pc

 

it just checks for possible software overwriting any window core files.
the scan must not have found any files that where over written

actually i have never seen or dealt with that message you are getting.

it must have made reference to something other than system restore?

if you try turning off system restore, you get the same message?
you could turn it off, reboot then turn it back on and reboot. this will wipe out all previous restore points and make a new one in the computers present state.

 

No, the message does'nt appear when I turn off System Restore.System Restore is off, when I try to start it is when the message appears.

 

we kind of got side tracked-- you still have a malware issue iam sure because we never finished that part. i think this is a seperate unrelated problem. see if this link provides any help:

http://support.microsoft.com/kb/302796

 

The Malware issue is the least of my worries right now. It would be difficult to work on the Malware since I can't even go online.


Regarding the internet connection.
I go to the Control Panel and click on Internet Options and I select Connections from the tabs at the top. There is a blank box that has (Dial-up and Virtual Private Network settings)on top, like I said the box is clear, so I click on (Add) on the right side of the blank box and this message appears.


Cannot load the Remote Access Connection Manager Service.
Error 711: A configuration error on this computer is preventing this connection. For further assistance, click More Info or search Help and Support Center for this error number.


So I go to Help and Support and this appears.


Windows cannot open Help and Support because a system service is not running. To fix this problem, start the service named 'Help and Support'.



Now I go and try to do that and the Service Status says stopped so I click on start and this appears.



Could not start the Help and Support service on Local Computer.
Error 1083: The executable program that this service is configured to run in does not implement the service.


ANY IDEAS?

 

its a good thing because malware only attracts more malware.

i have no idea how to resolve your issue. it seems to be much more than just a system restore problem, we arent making any progress, and its been several days-- if it was my box i would pull off a few things then reformat/reinstall windows.

 

at least echoreply agrees with me