Help removing malware - computer 4

This computer is more problematic than the last two. It has been running slow and I've removed a large amount of malware following the initial guide, however, it seems quite a bit remains. Also, there are a lot of unnecesary services running that I am researching and will disable once we clean up the malware.

I was not able to "show report" in Panda Activescan while in safe mode. I lost internet connectivity after the scan completed. I ran it in normal mode and was able to save the report. The number of detected items was the same in both modes.

Thanks

 

Let's run an extra scan on this one.

Please see the below thread on how to install and run Ewido Anti-Malware.

• Running Ewido Anti-Malware...

 

I followed the instructions for Ewido and it didn't find anything.

I've attached it's log and a new HJT log.

 

Please look in Add/Remove Programs for the following and uninstall them if found:

Ewido

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - (no file)

O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k00719/sb02a.cab
O16 - DPF: {90F7E144-984F-4FA6-83A7-C9C8DCB9974C} (RSActiveXObj Control) - http://cnet.radarsync.com/RSActiveX.ocx
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - http://www.futuredial.com/registration/installers/snapmedia/setup.exe

Again, make sure ALL browser windows are closed when you click FIX.

Next, run CCleaner to clean up cookies and temp files.

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

Followed all the steps and all went well except the following line was not showing up in HJT:
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - http://www.futuredial.com/registrati...edia/setup.exe

The computer is definitly running faster. I do have a question about two processes running:

1. C:\WINDOWS\system32\MsPMSPSv.exe
is this W32/sdbot worm?

2. C:\Program Files\Messenger\msmsgs.exe
Windows messenger is not selected to run in it's options. Is this messenger or one of the malware programs, such as W32/sdbot, that runs under the same name?

The HJT log is attached.

Thanks

 

No, it's a process which normally comes with a specific update of Windows Media player. It allows for the SDMI protocol (Secure Digital Music Initiative) to be used during dealing with music media.

No, it's set to run at startup, just remove it if you don't use it or want it to startup.

 

OK, thanks.

Other than reducing some of the unnecessary services, anything else showing up in HJT, or does it look clean now?

 

Your HJT log looks good, are you having any further problems?

 

No, it seems to be behaving well now. Thanks again for all the help!

 

Your Welcome!

Surf Safely!