malware problem

Welcome to Major Geeks!

Please follow the instructions in the READ & RUN ME in step 1 to stop using MSconfig to control startups. You must be in normal startup mode and remain there.

Also you are not using to current version of MGtools from the READ ME. Please download it from the link in the below thread and follow the instructions for using it.

Using MGtools

Then attach a new MGlogs.zip file.

Based on what you have attached thus far, I'm not seeing any malware problems. If you are finding spooldr.exe with some scanner, please attach a log that shows what and where it is being found. Perhaps it is only in System Restore.

 

Please do not make duplicate posts or bump your thread. It will not help you get an faster answer. In fact it will make it tak longer. See the below sticky thread:

Don't Bump! It Only Hurts You!!!

Doing a Windows repair was not a good idea and may have made your problems worse. You will have to work out any continuing issues with this in the software forum as these are not malware problems.

No it is part of Trend Micro OfficeScan.


Your logs still do not show any signs of malware; but I do question what all of the below from last November are. Do you know? I assume they may be part of these: Lexware Info Service and Lexware reisekosten 2007?

Code:

"C:\WINDOWS\system32\"
dnt27vc8.dll  15 Nov 2007      303104  "dnt27VC8.dll"
dntvm2~1.dll  15 Nov 2007       86016  "dntvm27VC8.dll"
dntvmc~1.dll  15 Nov 2007       90112  "dntvmc27VC8.dll"
lxbasi~2.dll  16 Nov 2007      180224  "LxBasics65VC8.dll"
lxbtr6~1.dll  13 Nov 2007      241664  "LXBtr65VC8.dll"
lxci12.dll    13 Nov 2007       81920  "LxCI12.dll"
lxcurr~1.dll  13 Nov 2007       61440  "LXCurr12VC8.dll"
lxdasi~2.dll  13 Nov 2007      188416  "LXDasi65VC8.dll"
lximpo~2.dll  13 Nov 2007      319488  "LxImport65VC8.dll"
lxmail~1.dll  13 Nov 2007      131072  "LxMail30VC8.dll"
lxprnu~1.dll  15 Nov 2007      208896  "LXPrnUtil10.dll"
lxter2~1.dll  13 Nov 2007      716800  "lxter20VC8.dll"
lxtool~2.dll  13 Nov 2007     1191936  "LXtool65VC8.dll"
lxtpsw~1.dll  13 Nov 2007       27648  "LXTPSW20VC8.dll"
lxuise~1.dll  13 Nov 2007       81920  "LxUISettings10VC8.dll"
lxxtre~1.dll  13 Nov 2007     1556480  "LxXtreme40VC8.dll"
lxxtre~2.dll  13 Nov 2007     5701632  "LxXtreme50VC8.dll"
pxttoo~2.dll  13 Nov 2007       69632  "PXTTool65VC8.dll"
zvkonl~2.dll  13 Nov 2007      552960  "zvkonline65VC8.dll"

 

VNC clients are not problems as long as you are the one that installed them.

Why? Now you have no restore points to return to. But if you reimaged your drive back to a point in time before all this began, it is again unlikely that you are having malware issues unless your image was made while your PC was infected.

If you are using SpyHunter you should uninstall it now as it is not a recommended program to use. Then delete the below folder if it still exists:

C:\Program Files\Enigma Software Group

XoftSpySE is not highly recommended either, but is not as bad as SpyHunter.


There still are no real malware issues in your logs. I do have to ask what the below is for though:

C:\WINDOWS\system32\WorkAfterReboot.exe


And you should delete the below files:
C:\WINDOWS\qfe81.tmp
C:\WINDOWS\qfe7A.tmp
C:\WINDOWS\qfe73.tmp
C:\WINDOWS\qfe6F.tmp
C:\WINDOWS\qfe66.tmp

 

It is not necessarily strange. Perhaps it was already removed. Is it still being detected? Where was it detected? It is quite possible that it was only in System Restore and when we do our final steps, anything in System Restore will be removed.

This is more than likely not due to malware. You just have the inability to scan your whole hard disk. It could be hardware problems. Your PC shows no signs of malware and also you said you just recently reimaged so it is again unlikely to be malware unless what you reimaged from was infected. Based on your logs, you are clean. But we can run a couple other scans to see if anything else is hiding that does not show in the current scans. It is possible that the spooldr.sys is hiding via a rootkit like infection.

Run this Running GMER to detect rootkits and attach the requested log.

Also run this Using ESET's Online Scanner and attach the requested log.

Is it a paid version of Spyware Doctor or a trial? If only a trial, uninstall it as it is not going to help you fix any problems and will only slow your PC down.

 

Post in the Software or Hardware Forum. They will probably ask for an Eventlog and any error messages being seen.

These last logs are also clean. In my previous message I asked the below questions but you did not answer them.

Based on what I have seen thus far, you have no malware to for us to remove. Thus, if you are not having any other malware problems, it is time to do our final steps. The link below will answer your question on what we recommend.

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix then UNINSTALL COMBOFIX (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN
   • Now type combofix /u in the runbox and click OK.
   • Note: The space between the X and the /U, it must be there.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used SmitFraudFix, you can delete all files and folders related to it now including the c:\rapport.txt log.
5. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
6. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
7. If we had you run Avenger, you can delete all files related to Avenger now.
8. If we had you run RenV.exe, you can delete it and the Log.txt file on your Desktop.
9. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
10. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
11. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
12. If you are running Windows XP or Windows ME, do the below:
    • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.
13. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

You're welcome. Surf safely!