SuperAntiSpyware

Welcome to MAjor Geeks!

Just skip it for now and continue. Try it again, after running Spybot, Malwarebytes and ComboFix. Then no matter what, move on to MGtools and then attach whichever logs you were able to obtain.

 

You have multiple AV programs installed. First instruction in the READ ME ask you to uninstall all but one . You must do this now!!

Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

• Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers.
• Then search for TDSSserv.sys
• Let me know if you find this or not.
• If you do find it, right click on it, and select Disable. Do not try to uninstall it.
• Also if this is found and you disable it, then reboot and see if you can run the other scans that would not run.

 

You also need to do the below which was also requested in step 1 of the READ & RUN ME.

Uninstall the below software:
Java 2 Runtime Environment Standard Edition v1.3.1_06
Viewpoint Media Player (Remove Only)

Then reboot your PC.

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

 

Yes be because you constanly keep bumping your posts. Have you read the below sticky thread?

Don't Bump! It Only Hurts You!!!

You Malwarebytes log shows that you took no action. Please run it again (make sure you update before scanning) and this time make sure you fix anything found before saving the log. Then attach the new log. We need to be sure everything was fixed.

Also please attach the SUPERAntiSpyware log. As requested in the READ & RUN ME, we want to see them even if nothing was found to verify correct versions are being run.

What is the below link on you Desktop? Delete it if unknown. If known, I suggest giving it a useful non-malware looking name.
"C:\Documents and Settings\All Users\Desktop\"
2hjjfb~1.lnk Dec 2 2006 1644 "2hjjfbnfggdkjgk.lnk"

Need to delete the below files if found. Let me know what you find.
C:\WINDOWS\system32\av.exe
C:\WINDOWS\system32\getwn32.dll
C:\WINDOWS\system32\av.dat

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).


Then attach the below logs:

• C:\ComboFix.txt
• first log from SUPERAntiSpyware
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

You did not update SUPERAntiSpyware and Malwarebytes as I requested. You need to update them first and then run new scans. Then attach the new logs.

 

This is just due to an improperly designed program from Logitech. They should not be trying to hook into every program that runs.

This error message was explained in the Using MGtools link in the READ & RUN ME. You do not have the Microsoft .NET Framework software installed.

Your logs are clean.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /u
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
   • Delete the C:\combofix folder from combofix (if it exists)
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
9. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

No! It is malware and should not even be there. Does it still show now?

Yes. See step 1 of the READ & RUN ME and the link given.

You're welcome. Surf safely and enjoy your holiday season malware free.

 

Put it on your Desktop as the instructions originally requested.

 

Yes! That is what normal mode is for. It is the mode you should "normally" be running in. You should not be using MSconfig for anything other then temporary debugging as stated in the info given in step 1 of the READ & RUN ME.

 

Only you would know. If you followed the instructions as written then everything would be correct.

Every piece of hardware is different. Thus I have no idea what your router means by this. If it has other choices like medium or high, medium may be more correct.

Yes it should automatically disable the Windows firewall. You can check by running Control Panel and selecting Windows Firewall. If it is not disabled then disable it.

 

Autorun may have been disabled along the way but this is a good idea anyway since many new infections make use of autorun to infect thousands of PCs each week. The last step in the How to protect yourself from malware even mentions disabling autorun. You should read that and the Microsoft link given.

I suggest that you post the exact word for word message in the Hardware Forum as this in not a malware problem.

 

Whenever you install any firewall, you have to approve whichever applications and websites you want to allow to have access. If you have blocked them, then you will not be allowed access. You need to read the instructions for the firewall and be more careful. This is not a malware problem. You should ask questions about software in the Software Forum.

 

We cannot tell you anything other than they did not find anything and that you are our of date with Malwarebytes. If you want to know if your PC is clean, standard procedures must be followed and that is to run all of the READ & RUN ME.

Post this in the Software Forum. Also step 1 of the READ & RUN ME gives you this Dealing with Startup Processes