Spyware has rooted my computer!!

Hey, Ive recently been attacked by some wierd spyware program which gave me toolbar pop ups saying my computer is infected and to download their program to delete it, it also changed my home page to issecurity.com or something, I have followed your instructions on what to do before anything else and have got rid of the toolbar popups and the redirection of my homepage but now it has killed my ADSL and wont let me use broadband as it comes up with a browser error but still lets me use my backup dialup. The spyware programs I ran have also identified some spyware but didnt clean all of them, please help!!

I couldnt run Windows defender as I am running XP and not XP SP2 and so ran counterspy, I couldnt run the online scanners in safe mode either as I needed to be in normal mode to use my dialup.

Cheers

 

Here are the other 3 attachments as requested, any help here would be greatly appreciated as I hate dialup!!

 

I apologize, you slipped right by us.

Please see this thread: WareOut Removal

When you have complete the above, fix the below entries with HJT.

Once you complete this post, reboot once more and attach a fresh HJT log.

 

Sweet, done. I ran fixwareout in safe mode because it didnt specify what mode to run it in, is this ok? DSL still doesnt work, I have also attached the fixwareout report log and also a new HJT log. cheers

 

Download Pocket KillBox

• Save it to your desktop or a place easy to find.
• Do not run it yet

Please look in Add/Remove Programs for the following and uninstall them if found:

lg_fwupdate

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Class - {DFEB67DF-4FD4-B8D6-5C98-738963CE9F16} - C:\WINDOWS\kqqca1.dll

O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ykjo1.exe] C:\WINDOWS\Temp\ykjo1.exe

O20 - AppInit_DLLs: \\?\C:\WINDOWS\System32\lpt6.byr

O21 - SSODL: gaonic - {f31aee4a-1530-4fef-8537-79c6973bff9a} - C:\WINDOWS\System32\tazth.dll (file missing)

Again, make sure ALL browser windows are closed when you click FIX.

Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

C:\Program Files\lg_fwupdate ← Delete this whole folder if it exist!

Next, run CCleaner to clean up cookies and temp files.

Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Now, Copy and Paste C:\WINDOWS\kqqca1.dll into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click NO.

Now, Copy and Paste C:\WINDOWS\Temp\ykjo1.exe into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click NO.

Now, Copy and Paste C:\WINDOWS\System32\lpt6.byr into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES and allow your PC to reboot.

• If you get an error message about Pending Operations, just reboot your computer manually.

After you complete the above, REBOOT and proceed with the rest of this fix...

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

All thats done now but DSL is still not working. BAD FILE HERE didnt exist, I have also attached another HJT log. Should I uninstall my ADSL drivers and programs re-install them?

 

I apologize, when I was typing I forgot to replace the "BAD FILE HERE" with the actual file name.

Run Killbox and enter "C:\WINDOWS\Temp\ykjo1.exe", without the quotations and then click yes to reboot. Once you have completed this let me know of every remaining problem.

 

Ive done that now but the file never existed, Still the same problem of ADSL not working, computer taking a bit of time to load up programs etc- I have attached another HJT log after this. Cheers

 

Your log looks good!

First, let me ask the basic questions, is the modem connected properly, powered on and service connected? Not being a smarta$$ but you would be suprised what I deal with everyday, lol.

If all is good with the above, can you access the DSL Modem via IE by typing the default gateway? Default on most is 192.168.1.254, Bellsouth anyway. If it lets you in, see what the status is and make sure your connected. If all is good in here then let me know so we can start on the computer end.

 

Yes everything is connected up properly and I have an active service. I have tried connecting to Http://10.1.1.1 and it can access that page and settings but still doesnt work on the internet, I have another modem which hooks up to USB and it works but the Router modem which connects to USB as well still doesnt.

 

Okay, if everything is connected and running properly and it still does not work then I would post this in the Networking or Software Forum. They will be able to focus a bit more and help you.

 

Sweet az, cheers for the help mate, I have another modem I can use till I get around to fixing it, at least I dont have any spyware anymore.

 

Let me know how everything works out. Good Luck!