Help please!

Hey guys,
I did everything in the "Read and Run me First" thread and scanned everything but I still get popups and I think im still infected.

Please help me I dont know hot to delete everything else ill attach the logs

Thanks!

 

You have multiple issues so we will have to address them one at a time. First thing I need to know is do you have Spy Sweeper purchased or is it a trial version? If you have it purchased update and run a full sweep removing everything it finds. If you do not have a subscription and it is a trial then I would suggest uninstalling because it is of no use.

Also, I would like for you to run the Bitdefender Online Scan listed in the READ ME. Once you completed this scan reboot and follow the steps in this sticky on
Running Ewido Anti-Malware.

Once you have completed these steps reboot and post a fresh HJT log.

 

I ran Bitdefender but I forgot to upload it.
Here you go

O yeah my spysweeper is just a trial and I did what you recommended and uninstalled it. Ill post a new HJT log ASAP.

 

Okay, also run Ewido and attach that log is possible along with a fresh HJT log.

Be sure you uninstall anything before we start a fix. See the thread below...

Uninstall Malware via Add/Remove Programs

 

OK I just got done running Ewido.
Heres the logs.

 

OK I still keep getting popups and I think im still infected =/

 

When you ran Ewido where you prompted to remove the found infections? If so run the scan again and remove all found infections. Once you complete thie reboot and post a fresh HJT log. If you can't remove them in Ewido let me know.

 

Yup I chose to delete the viruses but I think one or 2 were "delete failed"
heres another HJT log.

O yeah by the way, I was running AVG and it came across a virus called Spysheriff, I tried to fix it but it said it couldnt.

 

Follow the steps in this thread, once your done attach the log from the smitRem utility with a fresh HJT log.

SpywareStrike, Smitfraud, SpySheriff, SpyAxe & PSGuard Removal

 

OK I just got done with that..heres the Smitrem log.

I think I still have the virus, im running Panda right now Ill post the log and a new HJT log ASAP.

 

I still have the virus, and my desktop color changed by itself. =/

 

Scanned with Panda overnight heres the log ill post HJT after this one.

 

Fresh HJT log!!

 

Before we start the fix I would you to be aware your OS and IE are out dated and need updated ASAP. Once we complete the fix you must update to Service Pack 2 for security purposes.

Also, a few more major issues I notice, your running two antivirus programs and two firewalls. This is NOT recommended as running more than one of each will cause conflicts on your computer. You need to pick ONE and remove all the others. Once you have completed this reboot and attach a fresh HJT log.

 

Sorry, internet wasnt working, I am updating to SP 2 right now. I know AVG is an anit virus whats the other one? And whats the firewalls im using(I know Im using ZoneAlarm)?

 

Hey, I was installing SP2 but the computer crashed twice(im guessing from viruses)..so im stilling trying to update to SP2 like you said, and ill post a new HJT log.

 

For now lets not worry about SP2, right now lets address the muktiple antivirus and firewall issue.

I see you have Norton Personal Firewall and ZoneAlarm Firewall installed, also I see you have AVG AntiVirus, not sure if you have Norton AntiVirus but it appears you do per your log is may just be the Norton Firewall which I recommend uninstalling and using ZoneAlarm.

Once you have completed this step then attach a fresh HJT log.

 

Internet wont work after I uninstalled Norton, trying to fix the problem.

 

What version of Norton was it?

Using the Norton Removal Tool

 

Hello, my friend came over and repaired my computer and internet, I think im clean now, ill post a new HJT to make sure.

 

Okay, will be awaiting new log.

 

Here you go

 

Scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"

Next, run CCleaner to clean up cookies and temp files.

Once you complete this post, reboot and let me know how things are running and if your having any problems.

 

OK no problems so far, heres a HJT log just in case.

 

Please look in Add/Remove Programs for the following and uninstall them if found:

Save

Now, scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

O4 - HKLM\..\Run: [Win32 Security Protocol] secure32.exe
O4 - HKLM\..\Run: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKLM\..\RunServices: [Win32 Security Protocol] secure32.exe
O4 - HKLM\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKCU\..\Run: [Win32 Security Protocol] secure32.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKCU\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{11FBFB5F-78BC-4DD3-9758-E6F62C9C6DCC}: NameServer = 111.111.111.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B9933E8-0645-4C50-A177-28C3BFA005C7}: NameServer = 64.105.132.252 64.105.172.27
O17 - HKLM\System\CS1\Services\Tcpip\..\{11FBFB5F-78BC-4DD3-9758-E6F62C9C6DCC}: NameServer = 111.111.111.111
(If you are familiar with these entries you can leave them.)

Again, make sure ALL browser windows are closed when you click FIX.

Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

C:\Program Files\Save ← Delete this whole folder if it exist!

msconfig32.exe
secure32.exe
(Search for these two files, they will most likely be in C:\WINDOWS\System32. If you locate them see if they have any information, if they are part of Compaq you can leave them. If they do NOT have any information or information you do not recognize them delete them.)

Next, run CCleaner to clean up cookies and temp files.

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

OK i keep getting BHO called xeymi.dll(or something like that) and when i try to delete it from the system 32 folder it keeps coming back, also I still get popups, I will try to run through the Read and Run me thread one more time.

 

New HJT log

 

ChinoHills,

You must do this fixes in a timely manner, your log has tons of baddies now so I would recommend starting over running each step in the READ ME again. Be sure you run the online scans. Once you are complete attach the following logs.

• runkeys.txt - the log from GetRunKey.bat
• newfiles.txt - the log from ShowNew.bat
• CounterSpy - ONLY IF you were not able to run Windows Defender
• Bitdefender (Step 6)
• Panda Scan (Step 6)
• HijackThis

 

Runkey and newfiles logs, still running online scanners

 

I will be awaiting those logs, once I have the logs from the online scans and a fresh HJT log I will post a fix.

 

Heres the Counterspy log

 

I also need a fresh HJT log. Be sure you run the online scans and let them finish because you have a bunch of baddies.

 

Alright heres the Bitdefender log, running the Panda scan at the moment.

 

It would be best to attach the logs at once when you have them all. Once you attach the panda, attach a fresh HJT log last.

 

OK have a problem with trying to run Pands scan, it says error on page and i cant click on local disks.

 

Click on the link below and run the online scan...

Kaspersky Anti-Virus Online Scan

• Click on "Kaspersky Online Scanner"
  
• Click Accept to procede...
  
• If you get a popup askiing if you want to Install Kaspersky's ActiveX Control, click Yes to install it.
  
• If you get a Security Warning popup asking if you want to install and run kavwebscan_unicode.cab, click Yes to install it.
  
• After all updates are downloaded, click NEXT to continue...( Note it will take awhile to download these updates based on your connection speed).
  
• Click Scan Settings and select extended and make sure both boxes are checked at the bottom, Click OK to continue.
  
• Now click on My Computer and let it run!
  
• This scan may take a while but it is very thorough. After the scan is complete save the log as a txt file and attach it to your next post with a HJT log.

 

Alright heres the kapersky log and new HJT log.

 

oops I think I saved the bitdefender and kapersky logs the wrong way, here you go, open these ones instead

 

We need to get another virus scan because you have some pretty serious infections. You really need to run Panda but if you can't get it to run then run this one below.

Trend Micro's Free Online Virus Scan

 

Hey I was running smoothly through Panda scan but I lost my internet connection and I couldnt save the log, but I ran Bitdefender again.
I lost my internet connection from this error, I dont know if its caused by a virus.
http://i23.photobucket.com/albums/b392/souljaslim/comp.jpg

 

Why didn't you run the TrendMicro scan? Help me help you ok? Go to the READ ME, run as many online scans as you can successfully run, attach the logs and then we will begin a manual fix. Like I said you have some pretty serious infections, the online scans will make a dent before we start manually fixing these.

 

Heres the Panda scan.