Need HELP Badly

Hi
Here is the problem , it is with my daughters machine. Im not sure how she got this problem since her machine is in another room . But when she opens up Explorer around 100 popups open up and the only way she can get out of them is to use her alt ctrl del. So naturally she isnt using her machine. Shes using mine. We have run Spybot , Adaware, Hijack this and of course her virus scan. It shows problems but when we try and delete them they say that they cannot be deleted or quarantined. I do have the Hijack this log but will wait to post it as suggested. Please someone help me I want my machine back
thanx
angelluv

 

Hi Angelluv,

Generally, it is a good idea to start with the Cleanup Tutorial HERE:

READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan and Virus Removal

There are only a few of us Volunteers who regularly offer advice in this forum. Running through the above Tutorial will remove a lot of stuff that would otherwise clog a HijackThis Log and save us valuable time.

Please let us know the steps that you are able to complete and the ones that give you problems. Note that you need to be in Safe Mode with System Restore OFF (if you have it) and have the Viewing of Hidden Files ENABLED as per the instructions in the link. Make sure to do the Online Scans.

Post back and let us know how you fared. Also, send us a HijackThis Log. Please be sure to follow the instructions below:

Note that your HijackThis should be up-to-date (v1.99.1) and MUST be extracted to its own safe folder – C:\Program Files\HijackThis!
Should you need a Fresh Download of HJT, get it HERE: HijackThis v1.99.1

Also note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

I’ve been tied up with work lately and cannot visit this forum too often these days, but somebody will try to take a look when they get a chance.

Best luck
PP

 

ok first off thanx very very much for such a quick reply
I have downloaded the new version of Hijack this and will run it tomorrow .
I will also invade her space and go on her system and do all that was suggested in safe mode. Once that is done i will come back and post what has happened.
Wish me luck
angelluv

 

AllRightyThen!! Good Luck!

 

ok here is the newly done hijack this log i havnt touched anything in her machine i dont want to screw things up.
angelluv

 

Hi Angelluv,

I will run through your log and post something fo you shortly.

In the meantime, please relocate HijackThis to a safer folder - C:\Program Files\HijackThis. You MUST do this before procceding!!

Also, you MUST visit Windows Updates and get updated immediately AFTER we clean the malware from your machine!!

I'll look at your log now. . . Hang in there

PP

 

AllRightyThen! Let's see if we can get you all fixed up!

Again, make sure HijackThis is in a safe folder! And off we go.....



Please look in Add or Remove Programs for the following and Uninstall them if found:

ClearSearch
Virtual Bouncer
DealHelper

Please print out these instructions so that you can operate with All Browser Windows CLOSED.
Please make sure System Restore is OFF and the Viewing of Hidden Files is Enabled as per the tutorial.

Now, look in Task Manager (Ctrl-Alt-Del) for the following running processes and, if you see any of them, try to END them:

wsxsvc.exe
vmss.exe

Now scan with HijackThis and Check the Boxes for the following:
R3 - Default URLSearchHook is missing

O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll
O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - C:\WINDOWS\Helper101.dll
O2 - BHO: SDWin32 Class - {277A4046-B470-4875-BB7F-7A556D0BEF7A} –
C:\WINDOWS\System32\vkqdk.dll
O2 - BHO: Search Bar - {4E7BD74F-2B8D-469E-A1F6-FC7EB590A97D} - C:\WINDOWS\DOWNLO~1\search3.dll
O2 - BHO: SafeGuard Protect PCShield - {564FFB73-9EEF-4969-92FA-5FC4A92E2C2A} - C:\WINDOWS\System32\PDF644d.dll
O2 - BHO: SDWin32 Class - {6488ACB1-04A5-4A67-847F-44A479CF9D55} - C:\WINDOWS\System32\tyxlm.dll

O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe
O4 - HKLM\..\Run: [tyxlmc] C:\WINDOWS\System32\tyxlmc.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\adl_dh.exe
O4 - HKLM\..\Run: [vkqdkc] C:\WINDOWS\System32\vkqdkc.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [vmss] C:\WINDOWS\System32\vmss\vmss.exe
O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\PDF644d.dll"
O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\PDF644d.dll"

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files Enabled and navigate to and DELETE the following if they should remain:

C:\WINDOWS\Helper101.dll
C:\WINDOWS\System32\vmss --> The Folder
C:\WINDOWS\BTGrab.dll
C:\WINDOWS\System32\wsxsvc --> The Folder
C:\WINDOWS\System32\tyxlm.dll
C:\Program Files\CSBB --> The Folder
C:\WINDOWS\System32\tyxlmc.exe
C:\WINDOWS\System32\adl_dh.exe
C:\WINDOWS\System32\vkqdkc.exe
C:\PROGRAM FILES\VBouncer --> The Folder
C:\WINDOWS\DOWNLOADED PROGRAM FILES\search3.dll
C:\WINDOWS\System32\PDF644d.dll
C:\Program Files\AWS --> The Folder

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

Reboot to Normal Windows and Scan with HijackThis and attach that log.
Let me know of any problems you may have encountered with the above instructions and how your computer is running now. I will try to check back when time permits . . . . Likely Sunday Evening.

Best luck
PP

 

alrighty i will do this for her tomorrow morning and will also be back on sunday evening. i have to say thanx again you rock. till tomorrow
angelluv

 

Happy to help

Will check back Sunday evening to see how you fared!

PP

 

PhilliPhan
wow what can i say but thanx so so much it worked like a charm and shes back up and running surfing away. now we just have to make her NOT let her boyfriend cruise the internet without supervision .
once again thank you very much
angelluv

 

You're Welcome Glad to hear things are back on the right track!

It would still be a good idea to submit a final HijackThis Log to make sure all the baddies are gone!

Also, did you go to Windows Updates and get Updated? This is Critical!! There are some really nasty pieces of malware these days, much worse than what you have seen here. . . .

You should have your daughter AND her boyfriend read Chaslang's Commandments!!

PP

 

okie dokie lol how corny
she said that she has updated her windows and will run hijack this again and give me the log to show you . i also told her to read the commandments and abide by them lol , teens geesh
once again thanx and as soon as she runs hijack this again i will give you a copy. hope i did it rite .
angelluv

 

Sounds good!

PP

 

alright here it is . i hope its all ok
and in advance once again i have to say thank you so much
angelluv

 

Hi Angelluv,

That version of HijackThis is waaay old and certainly not the one you used before. You should have your daughter delete that old version to avoid confusion.

Please attach a log from the new version if you like. If she is not having further problems and has fully updated her Windows, she may be OK. Either way, I'd be happy to doublecheck a fresh log if you'd like.

Best
PP

 

omg lol
that wasnt her doing it was mine i wasnt paying attention when i ran it i did it rather quickly not watching so i will get HER to do it and ill post it tomorrow. and ill tell her to delete the old one .
thanx
angelluv

 

I'll watch for it!

PP