annoying malware can't seem to remove

Hi,

I've run through the 'READ & RUN ME FIRST' scans and performed all the steps as specified. However, I am still getting pop-ups and regardless of which scan I perform and fix the problem never seems to go away.

The only thing found before the BitDefender and Panda Active scans was that Spybot found 1 x C-Dilla and fixed it. The BitDefender and Panda Active scans however found a lot more than this. I've hopefully attached the logs correctly.

I hope someone can help.

Thanks,

Dodo

 

Here are the extra scan reports.

 

You have several baddies on your machine, let's run an additional scan to assist in the removal.

Click on the link below and run the online scan...

Kaspersky Anti-Virus Online Scan

• Click on "Kaspersky Online Scanner"
  
• Click Accept to procede...
  
• If you get a popup askiing if you want to Install Kaspersky's ActiveX Control, click Yes to install it.
  
• If you get a Security Warning popup asking if you want to install and run kavwebscan_unicode.cab, click Yes to install it.
  
• After all updates are downloaded, click NEXT to continue...( Note it will take awhile to download these updates based on your connection speed).
  
• Click Scan Settings and select extended and make sure both boxes are checked at the bottom, Click OK to continue.
  
• Now click on My Computer and let it run!
  
• This scan may take a while but it is very thorough. After the scan is complete save the log as a txt file and attach it to your next post.

 

Here is the scan for Kapersky Online Scanner. I ran it in Normal Mode. Is that OK, or should i have gone to Safe Mode?

 

I apologize, I forgot to add the attaching of a fresh HJT log with the Kaspersky log.

Please attach a fresh HJT log so we can begin a fix.

 

No problem, here is a fresh log.

 

Please reboot into Safe Mode by pressing F8 when you see the BIOS splash screen.

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.compaq.com/1Q00C DT/0409/bl7.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00C572B9-9C0D-84F1-2552-CFCE65EEEDC6} - (no file)

O4 - HKCU\..\Run: [Lerm] "C:\WINDOWS\system32\SSTEM3~1\lsass.exe" -vt ndrv
O4 - HKCU\..\Run: [Eeuzm] C:\Documents and Settings\vishal.VITAFLO\My Documents\?dobe\alg.exe

O14 - IERESET.INF: START_PAGE_URL=http://companyweb

Again, make sure ALL browser windows are closed when you click FIX.

Now, navigate to and DELETE the following if they should remain:

C:\WINDOWS\system32\SSTEM3~1 ← Search for this folder and delete the folder if found!

C:\Documents and Settings\vishal.VITAFLO\My Documents\?dobe ← Search for this folder and delete the folder if found!

C:\WINDOWS\system32\fekptovn.dl$

C:\WINDOWS\system32\fekptovn.dll

C:\WINDOWS\system32\dqijfkga.exe

C:\WINDOWS\system32\ddapksoi.dl$

C:\WINDOWS\system32\ddapksoi.dll

Next, run CCleaner to clean up cookies and temp files.

After you complete the above, REBOOT and proceed with the rest of this fix...

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

here is a fresh HJT log. I didn't encounter any problems other than I couldn't find

C:\WINDOWS\system32\fekptovn.dll
C:\WINDOWS\system32\ddapksoi.dll

Also I did not see:

C:\WINDOWS\system32\SSTEM3~1 (you said I may not find it).#

The system is now working fine and no pop-ups so fingers crossed the baddies have been eliminated (after you have reviewed fresh HJT log).

Let me know if the system is OK and thanks for your help.

 

Your log looks good, are you having any current problems?

 

I'm notting having any problems at the moment, so fingers crossed the worst culprits have been eliminated. Thanks again for your help.

 

Your Welcome!

You should see this article on How to Protect yourself from malware!

Surf Safely!