Need to remove spyware

I am running Win XP Home & SP2 on P4 2.5GHz machine with 256 mb ram and 80 gig HDD. It has a lot of spyware etc that I am trying to get rid of. I have followed everything in the Read Me FIrst article and I have all the logs attached. Could you please check these and advise how to proceed. 3 logs attached but I need to attach 2 more, so they will be on another post. Hope I do this right! Thanks for your help.

 

Pt 2 with files attached

Needed to attach another 2 log files to my thread concerning the spyware problem.

 

You have many baddies, let's see if we can reduce those logs by running the new AVG AntiSpyware.

Download AVG AntiSpyware, save to your desktop and double click to install once it completes.

Once you have installed the program, download the updates using the link below. Once downloaded, double click to install.

AVG AntiSpyware Updates

After you have installed the updates, run the program from the icon on the desktop. Once it has opened run a full scan removing all found objects. After the scan has completed reboot and run a fresh Panda online scan and a new HJT scan and attach both logs.

 

Thanks for your reply. Have done all the AVGspyware bizzo and have attached the PandaScan log and the HJT log. PC is running much worse now. More popups, Pages not loading, got the 'About:Blank', no good news really! Sending this from another PC cause I couldn't load this page on that machine. Hope you can make something of it. Thanks again.
Maggie

 

Did you update before running the AVG scan? Did the scan remove anything? What were the results?


Let's move alone, please download Look2Me-Destroyer to your desktop.

Close all windows before continuing.

Double-click Look2Me-Destroyer.exe to run it.

Put a check next to Run this program as a task.

You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK

When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.

Once it's done scanning, click the Remove L2M button.

You will receive a Done Scanning message, click OK.

When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.

Your computer will then shutdown.

Turn your computer back on.

Please post the contents of Look2Me-Destroyer.txt and a new HiJackThis log.

 

Attached are the new HJT log and the L2M log. Thanks

 

Please look in Add/Remove Programs for the following and uninstall them if found:

AVG AntiSpyware

Please make sure the Viewing of Hidden Files & Folders is enabled per the READ ME.

Now, look in Task Manager (Ctrl-Alt-Del) for the following running processes and, if you see any of them, try to END them:

LimeWire.exe

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll (file missing)

O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Tom\Yinstall.exe
O4 - HKLM\..\Run: [WinSysModule] dsrss.exe

O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll

Again, make sure ALL browser windows are closed when you click FIX.

Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

C:\Documents and Settings\Tom\Yinstall.exe

dsrss.exe ← Search for this file and delete if found!

Next, run CCleaner to clean up cookies and temp files.

Once you have complete the above instructions, please reboot to normalo mode and follow the below.

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

Have uninstalled AVG AntiSpyware, stopped the limewire.exe process, ran HJTand fixed required entries. Booted into safe mode but both the c:\documents and settings\Tom\Yinstall.exe and dssrss.exe didn't exist. Flushed System Restore points. After reboot, ran HJT again and log file is attached. Might be a bit soon to say but I think it seems to be running better. No pop ups or browser hijacking anyway. Thanks for you help.

 

Follow up to previous reply - Security Centre is not accessible. Can't use Firewall, automatic updates etc. It says "The Security Centre is currently unavailable because the "Security Centre" service has not been started or was stopped...." tells me to resart the computer or sart the Security Centre service. Restart doesn't change anything and Security Centre is not listed in Services.

 

Please see this thread below, once you have completed it, attach a fresh HJT log.

SurfSideKick Removal

 

Followed instructions for surfsidekick removal and have attached HJT log. Only problem seems to be the missing Windows Security Centre mentioned in my previous post. Thanks

 

Before we begin, please download the following file. I would save to the Desktop or somewhere you can find it easily as we will be using it in a few minutes.

FixDXC

Now ,please look in Add/Remove Programs for the following and uninstall them if found:

DeluxeCommunications

If there is no Add or Remove Programs entry for this programs, click on Start, then Run and type the following in the Open: field:

Hit OK once you have entered the above.

The DeluxeCommunications uninstall program will load and you will be asked to enter a security code. Enter the security code in the file and then press the OK button. Follow the on screen instructions and reboot when prompted.

When you reboot, tap the F8 key to boot into Safe Mode

Once in Safe Mode procede with the next steps,

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll (file missing)

O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe

Again, make sure ALL browser windows are closed when you click FIX.

Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

C:\Program Files\DeluxeCommunications ← Delete this whole folder if it exist!

Next, run CCleaner to clean up cookies and temp files.

Locate the file FixDXC.reg and double click to merge to the registry.

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

When trying to Add/remove DeluxeCommunications, it said that program was already uninstalled..do I want to remove listing. Said yes. Typed C:\Program Files\DeluxeCommunications\Dxc.exe /u in run but it couldn't find file. Looked in Win Explorer and only file showing in that folder was DxcCore.dll so I rebooted into Safe Mode, ran HJKT checked the required 3 boxes and fixed them. Deleted the C:\Program Files\DeluxeCommunications folder in Explorer, ran Ccleaner, merged FixDXC.reg into registry, flushed the system restore points. After reboot, ran HJT and log is attached.
Running OK but I am still concerned about the Windows Security Centre being unavailable.

 

You HJT log looks ok, now we need to restore the Security Center Service. Once you have completed the below, reboot and see if the Security Center loads as it should.

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixme.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixme.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

 

Thank you for all your help but there was still a problem with the firewall and I just decided to reformat/reload windows and start fresh. We probably almost got there but I'm probably better off this way. Thanks again.

 

We could have fixed your issue without formatting. Anyway, glad you running good now.

You should see this article on How to Protect yourself from malware!

Surf Safely!