perfectedsecurity

Welcome to Majorgeeks!

Please run the below procedure and attach the smitfiles.txt log.

SpywareStrike, Smitfraud, SpySheriff, SpyAxe & PSGuard Removal

This may resolve your part of your problems! However you have more. One is a Qoologic infection we need to fix but we must run another quick scan to locate some hidden files to remove.

Now download FindQool by LonnyRJones

• Extract the files and place the FindQool folder into root folder of your hard disk. This is usually C:\
• Open the folder and run Qlocate.bat
• attach the contents of the txt.log which will open wen the scan is finished

You should also uninstall CounterSpy and if you plan on keeping it, re-install it properly. Never install programs into folders like you did with CounterSpy. It makes them look like malware when they are not running from their default folders. However, I would leave it uninstalled since you have too many similar types of these full blocking programs already installed.

Did you install the below Kontiki Secure Delivery service stuff? Do you really use this?
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\KService\KService.exe

 

Are you sure you waited long enough. Also look for C:\txt.log to see if it exists. Try running it again and make sure you wait for it to complete. We need to get this tool to run because you do have a Qoologic infection and there will be multiple hidden files we need to locate in order to fix it.

Okay so we will uninstall this if it is not needed.

Let's get an installed programs list from HijackThis!

• Run HijackThis, click Open the Misc Tools section
• Click Open Uninstall Manager
• Click Save List (generates uninstall_list.txt)
• Click Save, to save it to a file where you can find it.
• Attach the uninstall_list.txt file to your next message.

 

Let's do some house cleaning first before continuing.

Download and install the latest Sun Java version from http://java.com/en/

Once installed, uninstall the below from Add/Remove programs:
Advanced Searchbar for Windows
J2SE Runtime Environment 5.0 Update 4 <--- this is the old version

Are the below purchased versions of the programs? If not then uninstall them.
Adware Away v3.0.1
XoftSpy



Back to FindQool

Run it from a command prompt window. Click Start, Run, and enter cmd and click OK. Now assuming you have extracted FindQool to C:\FindQool , then enter the below commands in the command prompt window (follow each command by the Enter key):
cd c:\findqool
Qlocate.bat

Now tell me if you get any error messages! If so, tell me the exact message you get.

 

Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'. On the page that opens, scroll down to KService... then right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

Next, run HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config" button, and then the Misc tools' button ... select 'Delete an NT Service" ... copy/paste the following into the box that opens, and press "OK":

KService

If you get any error messages doing the above, just ignore them and continue.

Now exit HJT but do not reboot when it tells you it needs to. We will do that further down after running HJT again to fix some other items.


Make sure viewing of hidden files is enabled (per the tutorial).
If some of the items below are not seen, that's okay just continue. Other things we have done may have removed them already.

Please run HijackThis and click on the Open the Misc Tools Section button on the open page. Then select Open process manager on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click Kill process. Then click yes.
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\KService\KService.exe


After killing all the above processes, click Back.
Then please click Scan and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
F2 - REG:system.ini: UserInit=userinit.exe,xpjava.exe
O2 - BHO: Nothing - {8d83b16e-0de1-452b-ac52-96ec0b34aa4b} - C:\WINDOWS\System32\hp9759.tmp
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all
O3 - Toolbar: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\PROGRA~1\ADVANC~1\advancedsearchbar.dll (file missing)
O9 - Extra button: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\PROGRA~1\ADVANC~1\advancedsearchbar.dll (file missing)
O9 - Extra 'Tools' menuitem: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\PROGRA~1\ADVANC~1\advancedsearchbar.dll (file missing)
O16 - DPF: {134F7664-943D-3BB9-65F5-70B91DF46C86} - http://www.media-codec.com/v4/mediacodec-v4.620.exe
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\Program Files\KService
C:\WINDOWS\kdx
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OXIZG5A7\plugn[1].exe
C:\WINDOWS\backup\T\50909000.DAT
C:\WINDOWS\SYSTEM32\interf.tlb
C:\WINDOWS\SYSTEM32\ot.ico
C:\WINDOWS\system32\hp9759.tmp
C:\WINDOWS\SYSTEM32\xpjava.exe

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log.

Make sure you tell me how things are working now.

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

You mean Internet Explorer don't you. Explorer is not the samething as Internet Explorer (just call it IE or iexplore). Explorer is Windows Explorer which is explorer.exe and IE is iexplore.exe

Flush your IE cache. Also if you click Manage Attachments and it does not work, try click Refresh and then try Manage Attachments. Does that help?

Please attach a new uninstall programs list.

• Run HijackThis, click Open the Misc Tools section
• Click Open Uninstall Manager
• Click Save List (generates uninstall_list.txt)
• Click Save, to save it to a file where you can find it.
• Attach the uninstall_list.txt file to your next message.

Are CounterSpy, Ewido and Spy Sweeper paid subscription versions or free trials? If free, uninstall them as they expire anyway after 15 days and after 15 days Spy Sweeper is total useless. Also you have MS Antispware and the three of these together are a tremendous load on system resources.

Your log is clean. If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point. You need to get the below done ASAP. In your case, I suggest doing step 3 first (you have no firewall), step 2 second (you have no antivirus), and then step 1 (you need to get your Windows Updates). Then follow up with the remaining steps.

After that, you should work thru the below link:

How to Protect yourself from malware!

 

You're welcome.

Just use Add/Remove programs to uninstall the below. I previously asked you to uninstall these in message # 6.
Advanced Searchbar for Windows
J2SE Runtime Environment 5.0 Update 4

Then complete the steps of the How to protect thread I gave you in message number 10.