Can I post a log?

Are you installing and running the VX2 plugin per the instructions on the download page?

Yes post your two logs as attachments. But make sure you have follow the instructions below for installing and running HijackThis:


- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

 

Did you run CCleaner per the READ ME FIRST. If so, I would have expected the items in your Recycle Bin and temp folder to be cleaned up now. You can also manually empty your Recycle Bin and c:\windows\temp folder. Check with BitDefender again.

You should not be attempting to have HJT fix O23 service entries. First services cannot be fixed that way. The first have to be stopped and disabled. And then the NT Service must be deleted. Second HJT has a bug that shows items to be missing when they are not. You do have two malware services we need to remove. I'll post a fix in my next message.

 

Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
On the page that opens, scroll down to Command Service (or if not found look for cmdService) ... then right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

Now repeat the above for:
.NET Framework Service ( or if not found look for .NET Connection Service)

Next, go back to HJT and select 'Delete an NT Service" ... copy/paste the following into the box that opens, and press "OK":

Command Service

If that does not work try entering the short name: cmdService

Now repeat the above for:
.NET Framework Service ( or if not found look for .NET Connection Service)

Now exit HJT but and reboot into normal mode. Post a new HJT log and tell me how things are working.

 

The short name was given in my directions: .NET Connection Service
Looks like it may be gone anyway but you can double check.

Please run MS Antispyware in safe mode. If it does not fix the problem with aproposmedia , post the log from MS Antispyware or tell be exactly what and where it is finding it. I would bet it is a registry key.

Also look to see if the below exist:
C:\Program Files\SysAI\AproposPlugin.dll
C:\Program Files\CxtPls\CxtPls.dll

If so, delete the SysAI and CxtPls folders.

 

You did not post a HijackThis log.

Try the below!

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixit.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixit.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes

If necessary, repeat it from safe mode.

 

Okay let's do two things:

1) Download this trial version of Ewido Security Suite

• Install ewido security suite
• Launch ewido, there should be an icon on your desktop double-click it.
• The program will have a window come up. One of the buttons on the left is to Update. Click the Update button.and then Start the Update. The update will start and a progress bar will show the updates being installed.
• After it completes the update, click the Scanner button

Now exit Ewido. Now print the below instructions or save them locally because I want you do have no browsers opened and also have no connection to the internet (unplug your cable) while doing the below.

Okay, reboot into safe mode with no network support and follow the steps below. (If you have any problems at all trying to get into safe mode to complete these steps, just run them in normal boot mode and make sure you tell me when you come back.)

Open up Ewido and do the following:

• Click on Scanner
• Then click Settings
• Under What to Scan? Select Scan every file
• Then click OK
• Click on Complete System Scan and the scan will start.
• Let the program scan the machine

While the scan is in progress you will be prompted to clean files that are infected. Leave the defaults selections (to Remove and backup) and click OK. To save yourself some time, you can select Perform action with all infections and then click OK. With the option to scan every file, a lot of cookies will be removed.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report

• Click Save report
• Save the report to your desktop or anyplace you will be able to find it to upload here.

2) run a full scan with MS Antispyware after booting in safe mode with no network support.

Now Reboot into normal mode and reconnect to the internet.

Come back here and post the Ewido Scan Report. Tell me what MS Antispyware found.

 

Another item to try is the removal tool in the below link:

http://securityresponse.symantec.co...re.apropos.html

 

Sorry to hear that you had to reformat. Did you try the Symantec tool first?

 

Okay! Too bad! I wonder if it works. Now that you reformatted, you need to make sure you get your system fully protected ASAP. See the below:

How to Protect yourself from malware!