Malware problems

Are your copies of Spyware Doctor and Spy Sweeper paid versions or free trials? Also is Spy Sweeper up to date with definitions? Have you run a full scan with it? Is it detecting Winlogonhook?

Let's get an installed programs list from HijackThis too!

• Run HijackThis, click Open the Misc Tools section
• Click Open Uninstall Manager
• Click Save List (generates uninstall_list.txt)
• Click Save, to save it to a file where you can find it.
• Attach the uninstall_list.txt file to your next message.

 

Start by uninstalling Spyware Doctor and SpySweeper. You also really should uninstall Kazaa Lite K++ v2.4.1 It is a unauthorized illegal clone of Kazaa and Kazaa is a very dangerous P2P server to use. It is loaded with all kinds a infected and mislabled files.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to add into the registry.

Make sure viewing of hidden files is enabled (per the tutorial).
Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/22efcc5f64218fd...p/RdxIE601.cab
O16 - DPF: {84B7AC1D-9AD1-474F-B6B0-FE1641DBFDFA} (ScanFile.FileScan) - http://www.contentpurity.com/xp/ScanFilexp.CAB
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) -
O16 - DPF: {CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_03) -
O20 - Winlogon Notify: wineak32 - C:\WINDOWS\SYSTEM32\wineak32.dll

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\TEMP <--- delete all file in this Temp folder
C:\WINDOWS\system32\wineak32.dll
c:\windows\system32\services <--- if this is a folder delete it. But DO NOT delete the services.exe file!!!
C:\Documents and Settings\Ken\Favorites\Health
C:\Documents and Settings\Ken\Local Settings\Temporary Internet Files\Content.IE5\AE0PN2RE\srvlkd[1].exe
If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log.

Make sure you tell me how things are working now.

 

You did not follow the directions this time for obtaining a Bitdefender log. You did it correctly the first time but this time all you posted is a log summary which is not useful.

Uninstall Windows Defender now. You no longer want or need it since you purchased Spy Sweeper.

Delete the below folder if found:
c:\windows\system32\services

Do you recognize the below stuff Panda is complaining about? What are drives H: and L: ?
H:\New Folders\Downloads\Lyrics\evillyrics\setup.exe[²ÜÇ\ExtractDLL.dll]
H:\New Folders\Downloads\Lyrics\evillyrics.zip[setup.exe][²ÜÇ\ExtractDLL.dll]
L:\H backup\NF\Downloads\Lyrics\evillyrics\setup.exe[²ÜÇ\ExtractDLL.dll]
L:\H backup\NF\Downloads\Lyrics\evillyrics.zip[setup.exe][²ÜÇ\ExtractDLL.dll]


How are things working now?

 

Spy Sweeper would be my first choice; however, it is not free like Windows Defender. In the READ & RUN ME we try to make use of free tools that can always be used by anyone. But if you already have a good malware blocker/scanner like Spy Sweeper, it is not wise to keep another real time blocker installed.

What hardware and software do you use to convert old tapes (I assume VHS) to mpg? I need to do a bunch of this and have not been impressed by the quality of things tried thus far. Especially after making a DVD out of it.

Do you mean the below lines?
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

HJT has some bugs where it reports things to be missing when they are not. So we typically ignore these unless they are malware related lines and none of yours are malware.


Your log is clean. If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!

 

Thanks for the info! I had been looking at a Canopus card which gets great reviews but come without software I believe.

Yes! The only item in it I do not recommend using is the hosts file protection. I don't believe in that and it often leads to other problems and can slow down surfing performance.

 

You're welcome and thanks for the info.