SmartSecurity has my kid's computer and I want it back

I ran Hijackthis and got the attached logfile. I hope you can tell me what to do to fix their computer and prevent me from having to sacrifice them one at a time until it goes away.......Thanks.

 

Welcome to MajorGeeks.com, please follow the steps below:

Please download HOSTER and then follow the below steps.

• Unzip HOSTER to a convenient folder such as C:\Hoster

• Run Hoster.exe, click Restore Original Hosts and then click OK.

• Click the X to exit the program.

http://www.majorgeeks.com/images/grenade.gif Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

http://www.majorgeeks.com/images/grenade.gif Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

http://www.majorgeeks.com/images/grenade.gifAfter doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

http://www.majorgeeks.com/images/grenade.gif Downloading, Installing, and Running HijackThis

 

I ran everything in your initial recoomendations list that I could get to run, but I was unable to disable the system restore as my right-click capability has been shut down by this SmartSecurity business. I'm attaching the logfile from HijackThis that I obtained after running all the recommended software.

 

Please download Spy Sweeper

• Click the link above to download the program.
• Install it. Once the program is installed, it will open.
• It will prompt you to update to the latest definitions, click Yes.
• Once the definitions are installed, click Options on the left side.
• Click the Sweep Options tab.
• Under What to Sweep please put a check next to the following:
  
  • Sweep Memory
  • Sweep Registry
  • Sweep Cookies
  • Sweep All User Accounts
  • Enable Direct Disk Sweeping
  • Sweep Contents of Compressed Files
  • Sweep for Rootkits
  • Please UNCHECK Do not Sweep System Restore Folder.
• Click Sweep Now on the left side.
• Click the Start button.
• When it's done scanning, click the Next button.
• Make sure everything has a check next to it, then click the Next button.
• It will remove all of the items found.
• Click Session Log in the upper right corner, copy everything in that window.
• Click the Summary tab and click Finish.
• Paste the contents of the session log you copied into notepad and save it as spysweeper.txt and attach it to your next post along with a fresh HJT log.

 

OK, now we're talking progress. I still can't right-click on the desktop and the backgrounds menu under "display" is greyed out so that I can't select a desktop background, but these are minor annoyances compared to the disaster the kids computer was before I followed your last set of instructions. I had to run the Spy Sweeper program several es before it managed to complete a full sweep and then reported no new findings. The 46 cases of malware, with 690+ traces, had all the memory on the machine tied up and it would just run out and lock up in mid-sweep. It's clear now, but I don't have a log of the sweeps since it had to be rebooted 3 times in the process. Here's the latest Hijackthis log. If you've got any tips for fixing the display annd right-click issues, I'd appreciate them.....but bottomline is that I am very grateful for the return of their computer. Thank you, thank you, thank you. My son is the most thankful, as he was first in line to be sacrificed to the computer gods in hopes of appeasing them if you hadn't provided a timely fix.

 

Can you attach the spysweeper log?

 

Here's the only thing I could find in the way of a logfile from Spy Sweeper, but I had to restart the computer three times and resweep each time, so I doubt the real information is still there.

 

You didnt attach anything? We wont worry about it this time, we will run it once more later to confirm everything was removed.

Download AproposFix by Swandog46

Save it to your desktop or to another folder of its own, but do NOT run it yet!

Now reboot your computer in Safe Mode! (You must be in safe mode or this fix will not work.)

Once in Safe Mode, double-click aproposfix.exe which will give you a chice of where to unzip/install the program to). This is called the Destination folder in the window that popsup. So either install it to the Desktop or the folder where you downloaded the aproposfix.exe file to. It will create a new folder named aproposfix. Open the aproposfix folder and double click on RunThis.bat to run the fix. Follow the prompts.

When the tool is finished, reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file that has been created in the aproposfix folder.

 

The Aproposfix wouldn't run, but here is the latest Hijackthis log.

 

OK, figured out that Aproposfix wasn't running because my desktop still won't allow me to enter or rightclick. I ran it from inside Program Files and got the following log.

 

Download this trial version of Ewido Security Suite

• First, please download and run CCleaner to clean temp files, cookies, etc; to make the log shorter.
  
• Install ewido security suite
  
• When installing the program, under "Additonal Options" uncheck..
  
  • Install background guard
  • Install scan via context menu
• Launch ewido, there should now be an icon on your desktop, double-click it.
• You will need to update ewido to the latest definition files:
  
  • On the left hand side of the main screen click update.
  • Then click on Start Update.
• The update will start and a progress bar will show the updates being installed.
  (the status bar at the bottom will display "Update successful")

If you are having problems with the updater, you can use this link to manually update ewido. Ewido Manual Updates

• Once the updates are installed, exit Ewido.
• Now print the below instructions or save them locally because I want you to have all browsers closed and also have no connection to the internet (unplug your cable) while doing the below:
• Click on Scanner
• Then click Settings
• Under What to Scan? Select Scan every file
• Then click OK
• Click on Complete System Scan and the scan will start.
• Let the program scan the machine
• While the scan is in progress you will be prompted to clean files that are infected. Leave the defaults selections (to Remove and backup) and click OK. To save yourself some time, you can select Perform action with all infections and then click OK. With the option to scan every file, a lot of cookies will be removed.
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report[/size][/color]
• Click Save report
• Save the report to your desktop or anyplace you will be able to find it to upload here.
• Reboot into normal mode and reconnect to the internet.

Once your machine reboots please attach the report from Ewido along with a fresh HJT log from normal mode.

 

OK, here's the logs from Hijackthis and Ewido. After I disabled my internet connection for the Ewido to run, it will not reconnect now, but I'll fight that one with the internet folks. I still have two other computers that are on my network here at home and doing fine.

 

Please look in Add or Remove Programs for the following and Uninstall them if found:

Ewido

Spy Sweeper

Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

O2 - BHO: (no name) - {A9FA6D0E-0649-45EE-923B-0D5CCFED4F2A} - C:\WINDOWS\system32\pdmi.dll (file missing)

O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

Again, make sure All Browser Windows are Closed when you Click FIX.

NEXT:
Run CCleaner to clean up cookies and temp files.

Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


After you complete the above, reboot and let me know how things are running.