1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Problem Help removing malware? Made several attempts but got nowhere.

Discussion in 'Windows - Virus and spyware problems' started by wheelstb, Feb 23, 2016.

  1. wheelstb

    wheelstb Regular member

    Joined:
    Jan 15, 2007
    Messages:
    576
    Likes Received:
    0
    Trophy Points:
    26
    Stupidity got the best of me and now I have quite a bit of malware on the system. I've tried several scales with different malware removers and nothing has fully eradicated my problem.

    Here is what I've done:
    one of the infections was and instant support. I uninstalled that through the control panel. Unfortunately, I don't think I got all of it. The instructions I see online for manual removal appear to be for a slightly different piece of malware.

    There was also an infection called PC Healer or Heal PC. I don't know which. I think I was able to write with a malware scan.

    I have scanned with:
    kaspersky rescue disk-removed some things
    Emisoft Emergency Kit-it seems like it did a quick scan. I could not get it to do an in-depth scan.
    Malwarebytes-removed some things.
    Ran CCleaner.

    Here is my HijackThis Log:
    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 8:28:00 PM, on 2/23/2016
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.18205)


    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\NVIDIA Corporation\Update

    Core\NvBackend.exe
    C:\ProgramData\FLEXnet\Connect\11\agent.exe
    C:\Users\Me\AppData\Local\Google\Update

    \GoogleUpdate.exe
    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
    C:\Program Files (x86)\TomTom HOME

    2\TomTomHOMERunner.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Audible\Bin

    \AudibleDownloadHelper.exe
    C:\Program Files (x86)\Evernote\Evernote

    \EvernoteClipper.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat

    \acrotray.exe
    C:\Program Files\AVAST Software\Avast\avastui.exe
    I:\vir\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer

    \Main,Default_Page_URL =

    https://search.avira.net/#web/result?source=art&q=
    R1 - HKCU\Software\Microsoft\Internet Explorer

    \Main,Default_Search_URL =

    https://search.avira.net/#web/result?source=art&q=
    R1 - HKCU\Software\Microsoft\Internet Explorer

    \Main,Search Page =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer

    \Main,Start Page = www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer

    \Main,Default_Page_URL =

    https://search.avira.net/#web/result?source=art&q=
    R1 - HKLM\Software\Microsoft\Internet Explorer

    \Main,Default_Search_URL =

    https://search.avira.net/#web/result?source=art&q=
    R1 - HKLM\Software\Microsoft\Internet Explorer

    \Main,Search Page =

    https://search.avira.net/#web/result?source=art&q=
    R0 - HKLM\Software\Microsoft\Internet Explorer

    \Main,Start Page =

    https://us.search.yahoo.com/yhs/web?

    hspart=iry&hsimp=yhs-

    fullyhosted_003&type=wbf_secureddownload_16_08&param

    1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy

    %26cd

    %3D2XzuyEtN2Y1L1Qzu0EtD0C0ByE0E0AyCyD0F0AtCyE0D0FtAt

    N0D0Tzu0StCyDtCtAtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1Bt

    AtN1L1G1B1V1N2Y1L1Qzu2StDtCyByByD0A0D0FtGyDtCzyzytGt

    BtD0D0AtGtDyByEyBtGzz0EtCyEtBtByDtDzy0AyCzy2QtN1M1F1

    B2Z1V1N2Y1L1Qzu2StAzz0Azy0DtC0FyEtG0DyDtByDtGyE0C0F0

    AtG0ByByBzytG0DyDyC0FtD0AzyyE0Ezy0B0B2QtN0A0LzutB

    %26cr%3D1545054547%26a

    %3Dwbf_secureddownload_16_08%26os_ver%3D6.1%26os

    %3DWindows%2B7%2BHome%2BPremium
    R0 - HKLM\Software\Microsoft\Internet Explorer

    \Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer

    \Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer

    \Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer

    \Toolbar,LinksFolderName =
    O2 - BHO: Bho - {609C0837-8DD3-4F9B-AAC5-

    446F36BC0353} - C:\Program Files (x86)\Nuance

    \NaturallySpeaking13\Program\dgnriaie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-

    30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files

    (x86)\Microsoft Office

    \Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-

    D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files

    (x86)\Java\jre1.8.0_60\bin\ssv.dll
    O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-

    B0DB-499CF856608E} - C:\Program Files

    (x86)\Evernote\Evernote\EvernoteIE.dll
    O2 - BHO: Adobe Acrobat Create PDF Helper -

    {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program

    Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX

    \DC\AcroIEFavStub.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-

    8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype

    \Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044

    -A445-435b-BC74-9C25C1C588A9} - C:\Program Files

    (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-

    665D8EE6A077} - C:\Program Files (x86)\Common Files

    \Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
    O3 - Toolbar: Adobe Acrobat Create PDF Toolbar -

    {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program

    Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX

    \DC\AcroIEFavStub.dll
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows

    \RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files

    (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files

    (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:

    \Program Files (x86)\Common Files\Adobe

    \CS5ServiceManager\CS5ServiceManager.exe" -

    launchedbylogin
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files

    (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [ISUSPM] C:\ProgramData\FLEXnet

    \Connect\11\\isuspm.exe -scheduler
    O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files

    (x86)\Nuance\NaturallySpeaking13\Ereg\Ereg.exe" -r

    "C:\ProgramData\Nuance\NaturallySpeaking13\Ereg.ini"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:

    \Program Files (x86)\Adobe\Acrobat DC\Acrobat

    \Acrotray.exe"
    O4 - HKLM\..\Run: [emsisoft anti-malware] "c:

    \program files (x86)\emsisoft anti-malware

    \a2guard.exe" /d=60
    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files

    \AVAST Software\Avast\AvastUI.exe" /nogui
    O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet

    \Connect\11\ISUSPM.exe -scheduler
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program

    Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run:

    [GoogleChromeAutoLaunch_A1D915EA5DAE753EE11AF3AB6D0C

    4DBD] "C:\Program Files (x86)\Google\Chrome

    \Application\chrome.exe" --no-startup-window
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Me

    \AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files

    (x86)\Rainlendar2\Rainlendar2.exe
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files

    (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
    O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows

    \System32\StikyNot.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files

    (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program

    Files (x86)\Garmin\Express Tray\ExpressTray.exe"
    O4 - HKCU\..\Run: [Chromium] "c:\users\me\appdata

    \local\chromium\application\chrome.exe" --auto-

    launch-at-startup --profile-directory="Default" --

    restore-last-session
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%

    \Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL

    SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:

    \Windows\System32\mctadmin.exe (User 'LOCAL

    SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%

    \Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK

    SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:

    \Windows\System32\mctadmin.exe (User 'NETWORK

    SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp]

    "C:\Program Files (x86)\Garmin\Express Tray

    \ExpressTray.exe" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp]

    "C:\Program Files (x86)\Garmin\Express Tray

    \ExpressTray.exe" (User 'Default user')
    O4 - Startup: EvernoteClipper.lnk = C:\Program Files

    (x86)\Evernote\Evernote\EvernoteClipper.exe
    O4 - Global Startup: Audible Download Manager.lnk =

    C:\Program Files (x86)\Audible\Bin

    \AudibleDownloadHelper.exe
    O8 - Extra context menu item: Clip bookmark - C:

    \Program Files (x86)\Evernote\Evernote

    \EvernoteIERes\Clip.html?clipAction=0
    O8 - Extra context menu item: Clip image - C:

    \Program Files (x86)\Evernote\Evernote

    \EvernoteIERes\Clip.html?clipAction=4
    O8 - Extra context menu item: Clip selection - C:

    \Program Files (x86)\Evernote\Evernote

    \EvernoteIERes\Clip.html?clipAction=3
    O8 - Extra context menu item: Clip this page - C:

    \Program Files (x86)\Evernote\Evernote

    \EvernoteIERes\Clip.html?clipAction=1
    O8 - Extra context menu item: Clip URL - C:\Program

    Files (x86)\Evernote\Evernote\\EvernoteIERes

    \Clip.html?clipAction=0
    O8 - Extra context menu item: E&xport to Microsoft

    Excel - res://C:

    \PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: New note - C:\Program

    Files (x86)\Evernote\Evernote\EvernoteIERes

    \NewNote.html
    O9 - Extra button: Send to OneNote - {2670000A-7350

    -4f3c-8081-5663EE0C6C49} - C:

    \PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote -

    {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:

    \PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Skype Click to Call settings -

    {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program

    Files (x86)\Skype\Toolbars\Internet Explorer

    \SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-

    B9BE-3C9C571A8263} - C:

    \PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: @C:\Program Files (x86)\Evernote

    \Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-

    11d2-a20b-00aa003c157a} - C:\Program Files

    (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
    O9 - Extra 'Tools' menuitem: @C:\Program Files

    (x86)\Evernote\Evernote\OLIEResource.dll,-101 -

    {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program

    Files (x86)\Evernote\Evernote\\EvernoteIERes

    \AddNote.html
    O11 - Options group: [ACCELERATED_GRAPHICS]

    Accelerated graphics
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters:

    NameServer = 8.8.8.8,8.8.8.4
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters:

    NameServer = 8.8.8.8,8.8.8.4
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters:

    NameServer = 8.8.8.8,8.8.8.4
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-

    4636-A375-3CB6248B04CD} - C:\Program Files

    (x86)\Microsoft Office

    \Office12\GrooveSystemServices.dll
    O18 - Protocol: skypec2c - {91774881-D725-4E58-B298

    -07617B9B86A8} - C:\Program Files (x86)\Skype

    \Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O23 - Service: Emsisoft Anti-Malware 7.0 - Service

    (a2AntiMalware) - Emsisoft Ltd - C:\Program Files

    (x86)\Emsisoft Anti-Malware\a2service.exe
    O23 - Service: Adobe Acrobat Update Service

    (AdobeARMservice) - Adobe Systems Incorporated - C:

    \Program Files (x86)\Common Files\Adobe\ARM

    \1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service

    (AdobeFlashPlayerUpdateSvc) - Adobe Systems

    Incorporated - C:\Windows\SysWOW64\Macromed\Flash

    \FlashPlayerUpdateService.exe
    O23 - Service: Adobe Genuine Software Integrity

    Service (AGSService) - Adobe Systems, Incorporated -

    C:\Program Files (x86)\Common Files\Adobe

    \AdobeGCClient\AGSService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112

    (ALG) - Unknown owner - C:\Windows\System32\alg.exe

    (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. -

    C:\Program Files (x86)\Common Files\Apple\Mobile

    Device Support\AppleMobileDeviceService.exe
    O23 - Service: Avast Antivirus (avast! Antivirus) -

    AVAST Software - C:\Program Files\AVAST Software

    \Avast\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:

    \Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Dragon Logger service

    (DragonLoggerService) - Nuance Communications, Inc.

    - C:\Program Files (x86)\Common Files\Nuance

    \loggerservice.exe
    O23 - Service: Dragon Service (DragonSvc) - Nuance

    Communications, Inc. - C:\Program Files (x86)\Common

    Files\Nuance\dgnsvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-

    100 (EFS) - Unknown owner - C:\Windows

    \System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-

    118 (Fax) - Unknown owner - C:\Windows

    \system32\fxssvc.exe (file missing)
    O23 - Service: Garmin Device Interaction Service -

    Garmin Ltd. or its subsidiaries - C:\Program Files

    (x86)\Garmin\Device Interaction Service

    \GarminService.exe
    O23 - Service: Google Update Service (gupdate)

    (gupdate) - Google Inc. - C:\Program Files

    (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem)

    (gupdatem) - Google Inc. - C:\Program Files

    (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @%SystemRoot%

    \system32\ieetwcollectorres.dll,-1000

    (IEEtwCollectorService) - Unknown owner - C:

    \Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:

    \Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown

    owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: MBAMService - Malwarebytes - C:

    \Program Files (x86)\Malwarebytes Anti-Malware

    \mbamservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown

    owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%

    \System32\netlogon.dll,-102 (Netlogon) - Unknown

    owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Network Service

    (NvNetworkService) - NVIDIA Corporation - C:\Program

    Files (x86)\NVIDIA Corporation\NetService

    \NvNetworkService.exe
    O23 - Service: NVIDIA Streamer Service (NvStreamSvc)

    - NVIDIA Corporation - C:\Program Files\NVIDIA

    Corporation\NvStreamSrv\nvstreamsvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc)

    - Unknown owner - C:\Windows\system32\nvvsvc.exe

    (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-

    300 (ProtectedStorage) - Unknown owner - C:\Windows

    \system32\lsass.exe (file missing)
    O23 - Service: Macrium Reflect Image Mounting

    Service (ReflectService.exe) - Paramount Software UK

    Ltd - C:\Program Files\Macrium\Reflect

    \ReflectService.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2

    (RpcLocator) - Unknown owner - C:\Windows

    \system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1

    (SamSs) - Unknown owner - C:\Windows

    \system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype

    Technologies - C:\Program Files (x86)\Skype\Updater

    \Updater.exe
    O23 - Service: @%SystemRoot%

    \system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner

    - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1

    (Spooler) - Unknown owner - C:\Windows

    \System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-

    101 (sppsvc) - Unknown owner - C:\Windows

    \system32\sppsvc.exe (file missing)
    O23 - Service: SpyHunter 4 Service - Enigma Software

    Group USA, LLC. - C:\Program Files\Enigma Software

    Group\SpyHunter\SH4Service.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service

    (Stereo Service) - NVIDIA Corporation - C:\Program

    Files (x86)\NVIDIA Corporation\3D Vision

    \nvSCPAPISvr.exe
    O23 - Service: Adobe SwitchBoard (SwitchBoard) -

    Adobe Systems Incorporated - C:\Program Files

    (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: TomTomHOMEService - TomTom - C:

    \Program Files (x86)\TomTom HOME

    2\TomTomHOMEService.exe
    O23 - Service: @%SystemRoot%

    \system32\ui0detect.exe,-101 (UI0Detect) - Unknown

    owner - C:\Windows\system32\UI0Detect.exe (file

    missing)
    O23 - Service: @%SystemRoot%

    \system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown

    owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100

    (vds) - Unknown owner - C:\Windows\System32\vds.exe

    (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102

    (VSS) - Unknown owner - C:\Windows

    \system32\vssvc.exe (file missing)
    O23 - Service: wampapache64 - Apache Software

    Foundation - C:\wamp\bin\apache\apache2.4.9\bin

    \httpd.exe
    O23 - Service: wampmysqld64 - Unknown owner - C:

    \wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe
    O23 - Service: @%SystemRoot%\system32\Wat

    \WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:

    \Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%

    \system32\wbengine.exe,-104 (wbengine) - Unknown

    owner - C:\Windows\system32\wbengine.exe (file

    missing)
    O23 - Service: @%Systemroot%\system32\wbem

    \wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:

    \Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player

    \wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner -

    C:\Program Files (x86)\Windows Media Player

    \wmpnetwk.exe (file missing)

    --
    End of file - 15512 bytes




    Any help would be greatly appreciated. Thank you in advance for your time.
     
  2. aldan

    aldan Active member

    Joined:
    Mar 24, 2007
    Messages:
    1,724
    Likes Received:
    42
    Trophy Points:
    78
    where is 2old when you need him.lol.all i can do is get you started.download and run a scan with adwcleaner from bleeping computer.get rid of anything it comes up with and post the logfile in your next post.then download and run a scan with junkware removal tool,also from bleeping computer.this will automatically get rid of anything it finds.post this logfile as well.then run a scan with malwarebytes and delete anything it comes up with.post this logfile as well.sorry if i seem to be a little incoherant here.pnuemonia does that to you.lol.hopefully this will get 2old started.

    http://www.bleepingcomputer.com/download/adwcleaner/
    http://www.bleepingcomputer.com/download/junkware-removal-tool/

    unfortunately hijack this is not very effective anymore.
     
  3. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Usually in the background.. lol

    Wheels, I got to go to work today but will try to catch you later today.. in the mean time do the following:

    Please download Zemana AntiMalware and save it to your Desktop.
    • Install the program and once the installation is complete it will start automatically.
    • Without changing any options, press Scan to begin.
    • After the short scan is finished, if threats are detected press Next to remove them.
    Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.
    • Open Zemana AntiMalware again.
    • Click on [​IMG] icon and double click the latest report.
    • Now click File > Save As and choose your Desktop before pressing Save.
    • Attach saved report in your next message.
    2oG :)
     
  4. wheelstb

    wheelstb Regular member

    Joined:
    Jan 15, 2007
    Messages:
    576
    Likes Received:
    0
    Trophy Points:
    26
    Here you go. I really appreciate all of help.
     

    Attached Files:

  5. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Hi wheels, it's been a while but, glad to help if I can.....
    Zemana picked up a few malware and probably more in there..
    Before continuing be sure that your system restore is activated so we can make a backup in case something goes wrong... Any old port in a storm! lol

    [​IMG] Scan with ZOEK

    Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
    Please also download the attached scriptfile, named zoekscript.txt.


    [​IMG] Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications here.

    Now, on your Desktop, drag and drop zoekscript.txt on Zoek.exe as shown below:
    [​IMG]

    Please approve any UAC prompt to allow this action to proceed.

    Answer Yes to the following prompt to allow the zoek script to run:

    [​IMG]

    This action causes Zoek.exe to start automatically. Please be patient while Zoek is scanning.

    When the tool finishes, the zoek-results.log is opened in Notepad.
    The log is also found on the systemdrive, normally C:\
    If a reboot is needed, the log is opened after the reboot.

    Please attach the zoek-results.log to your reply.

    This may clean you up or not... If not, we'll dig deeper.. just stay with me!

    2oG, I hate malware :( and when we are through, I'll give you some hints to stop getting it.... :)
     

    Attached Files:

  6. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,153
    Likes Received:
    134
    Trophy Points:
    143
    I turn that uac off as it does not work.
     
  7. aldan

    aldan Active member

    Joined:
    Mar 24, 2007
    Messages:
    1,724
    Likes Received:
    42
    Trophy Points:
    78
    yep,it truly is a pain in the arse.
     
  8. wheelstb

    wheelstb Regular member

    Joined:
    Jan 15, 2007
    Messages:
    576
    Likes Received:
    0
    Trophy Points:
    26
    Thank you to everyone for the help. It's good to know that you can come here and get expert advice. I wish I knew more about malware removal. It's fascinating. Unfortunately, all I know is how to accumulate it.



    Here is my log.

    Just from logging on to this webpage things seem to be better. My browser is not getting hijacked or is not full of ads.
     

    Attached Files:

  9. aldan

    aldan Active member

    Joined:
    Mar 24, 2007
    Messages:
    1,724
    Likes Received:
    42
    Trophy Points:
    78
    yep i learnt everythin i no about malware frum 2old,and i still dont no nothin.LOL just peeing on the fence.
     
  10. wheelstb

    wheelstb Regular member

    Joined:
    Jan 15, 2007
    Messages:
    576
    Likes Received:
    0
    Trophy Points:
    26
    Thanks. I guess if I want to learn I will just start following along.

    When I was younger I did not mind infecting the computer because I thought it was fun to fix it. My view has changed. It is still fun but sometimes they are beyond you, like this one.

    I suppose now is as good a time as any, I wasn't able to get avast antivirus to shut off. I don't like it. So, I just removed it. I have only spent time on this site. I still need a new antivirus. Which free alternative do you guys recommend? If you wouldn't mind saying why you like a specific alternative that would be great, just out of curiosity.
     
  11. aldan

    aldan Active member

    Joined:
    Mar 24, 2007
    Messages:
    1,724
    Likes Received:
    42
    Trophy Points:
    78
    2old is probably the best ive ever seen at malware removal.helped me with my first infection.i follow every post here pertaining to malware.i figure another 10 years or so i might be able to fly solo so to speak.lol
     
  12. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    he he, I haven't used UAC since it came out in Vista. Useless!

    Ok wheels, that cleaned up a lot of crap so let me know how it's doing and let's have a deeper look at it..

    [​IMG] Scan with Farbar Recovery Scan Tool

    Please download Farbar Recovery Scan Tool and save it to your Desktop.
    • Right-click on [​IMG] icon and select [​IMG] Run as Administrator to start the tool.
    • When the tool opens click Yes to disclaimer.
    • Make sure that Addition option is checked.
    • Press Scan button and wait.
    • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
    Please attach both logs to your next reply.

    2oG
     
  13. wheelstb

    wheelstb Regular member

    Joined:
    Jan 15, 2007
    Messages:
    576
    Likes Received:
    0
    Trophy Points:
    26
    Hi too old. Thanks for the help. I really do appreciate it. It seems like all the visible traces of malware are gone. No pop-ups, no browser hijacks etc. However, files and applications are crashing like crazy.

    I'm continually getting windows that tell me:

    COM surrogate has stopped working. (These have popped up in abundance.)

    Microsoft pen and touch input component has stopped working (I have never used it this component)

    GWX has stopped working.


    Windows Shell Common DLL has stopped working (multiple notifications of this as well)

    I will run the other application you suggested and post the results.

    Thanks
     
  14. wheelstb

    wheelstb Regular member

    Joined:
    Jan 15, 2007
    Messages:
    576
    Likes Received:
    0
    Trophy Points:
    26
    When I tried to run the Farbar Recovery Tool. The same window pops up that says Farbar Recovery Tool has stopped working.
     
  15. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,153
    Likes Received:
    134
    Trophy Points:
    143
    GWX is to do with windows 10.
     
  16. wheelstb

    wheelstb Regular member

    Joined:
    Jan 15, 2007
    Messages:
    576
    Likes Received:
    0
    Trophy Points:
    26
    Thanks. I should probably upgrade to 10. I just don't want to. For me Windows 7 works just fine. I digress.
     
  17. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,153
    Likes Received:
    134
    Trophy Points:
    143
    don't need to upgrade to 10 if don't want to.
     
  18. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    From some of that stuff it looks like maybe a drive problem.. Try running CHKDSK to repair disk problems. How old is your drive? Maybe also run SFC /scannow..
     
  19. wheelstb

    wheelstb Regular member

    Joined:
    Jan 15, 2007
    Messages:
    576
    Likes Received:
    0
    Trophy Points:
    26
    My hard drive is about years old. I will try and let you know.
     
  20. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Really makes no diff... acting like bad sectors and some system files not working.. do you know how to run a chkdsk?
     

Share This Page