Help with spyware please?

I'm attaching my logs for you all to review. This is my nephew's laptop. It wouldn't get online at all, until I installed & ran CCleaner & AdAware. AdAware found 41 critical items, so I thought it was time to run all Chaslang's directions. Everything has been done per the StickyThread. Thanks deeply in advance for any help. Respectfully, Shannon from Knoxville, TN U.S.A.

 

Hope this is all of the logs I need to attach. Please see previous post for HiJackThis log & the rest. Thank you!

 

Haven't heard yet from anyone. Was there something wrong with my post for help?

 

We are extremely busy in the Malware Removal forum, please be patient with us as we are all volunteer and post when time permits. We all have full time jobs and do this to help users when we have time.

 

Please EXTRACT HijackThis from the ZIP File to a Safer location. Here's how:

To create a new folder:

• Click START > My Computer > Local Disc C: > Program Files
• Now, Right Click on an Empty Area and select New > Folder & name it HijackThis and ENTER

To Extract HijackThis:

• Now, Right Click your HijackThis ZIP File and select Extract All > Next > and browse to your newly created HijackThis Folder
• (C:\Program Files\HJT) and click Next.

After you have completed the above steps to relocate HJT, run it from the new location. Please save your HJT log as a .txt file and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

The reason HJT needs its own safe folder is so that backups will be safely preserved. That way, if a mistake is made in the removal process, the mistakenly deleted entry can be restored.

 

Bjgarrick,
I'm sorry! I didn't mean anything by that post. I just wasn't sure if I had done my post correctly. I know that you all are volunteers who generously dedicate your time & your immense knowledge to help us & you are greatly appreciated! Here is my newest HJT log. I didn't realize that I had installed it into an incorrect location. I've done as you suggested. Thank you for your time & your help ! Shannon

 

Please look in Add/Remove Programs for the following and uninstall them if found:

SpywareHeal

Viewpoint Media Player

TrueCodec

Please make sure the Viewing of Hidden Files & Folders is enabled per the READ ME.

Now, look in Task Manager (Ctrl-Alt-Del) for the following running processes and, if you see any of them, try to END them:

isamonitor.exe

isamini.exe

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

O2 - BHO: (no name) - {8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d} - C:\Program Files\TrueCodec\isaddon.dll

O3 - Toolbar: Protection Bar - {1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - C:\Program Files\TrueCodec\iesplugin.dll (file missing)

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O21 - SSODL: gaonic - {f31aee4a-1530-4fef-8537-79c6973bff9a} - C:\WINDOWS\system32\tazth.dll (file missing)

Again, make sure ALL browser windows are closed when you click FIX.

Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

C:\Program Files\Viewpoint ← Delete this whole folder if it exist!

C:\Program Files\TrueCodec ← Delete this whole folder if it exist!

C:\Program Files\SpywareHeal ← Delete this whole folder if it exist!

Next, run CCleaner to clean up cookies and temp files.

After you complete the above, REBOOT and proceed with the rest of this fix...

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

Here's my latest HJT log. I followed all your instructions per your last post. The laptop is running a little slowly, but no real trouble. Thanks so much for all of your help!

 

Scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d} - C:\Program Files\TrueCodec\isaddon.dll (file missing)

O11 - Options group: [INTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart

Again, make sure ALL browser windows are closed when you click FIX.

Next, run CCleaner to clean up cookies and temp files.

After you complete the above, reboot and attach a fresh HJT log.

 

BJGARRICK, I cannot seem to upload my last HJT log as an attach. It keeps telling me that "upload failed". Any ideas? Thanx, Shannon

 

If you can't attach it, post it inline and I will convert it for you.

 

Here it is. Sorry. & Thanx a bunch!!!

Edit by bjgarrick: Inline log attached!

 

Your log looks good, are you having any further problems?

 

All running good. Thanks & you are the greatest! I really appreciate all the time & effort that you guys put into majorgeeks! We come here for all of our questions & have always been helped out tremendously. Thanks again

 

Your Welcome!

You should see this article on How to Protect yourself from malware!

Surf Safely!