Spyware, Virus Problem? - Heeeeeeeeellllp!!

I have been trying to fix this for days, but I am no expert. Can someone please lend a hand?

I first noticed a problem about 2 weeks ago. I downloaded a game from Real Arcade and my right speaker went out. Shortly after the left one went out too. Then I started getting other errors as well. I was able to reinstall the hardware and get my audio device back, but it blows out all the time. Norton's Live Update keeps getting turned off and I can't get anywhere near any sort of Windows Update from Microsoft. Thinking I had a driver error, I rolled back my sound card driver, but no help. I think this is a virus as it seems to slowly be affecting more and more files. It also takes forever to restart the computer. Certain files or programs will just freeze up. It tried to roll the system back, but no luck. Most errors seem to lead back to the System 32 folder. I've also had some Dr Watson PMD errors. But nothing seems to tell me what to actually fix. Arrgh. I also can not open Windows firewall, the 'System' icon or some other icons in Control Panel.

I did all the recommended fixes and am now completely baffled. One thing I know for sure: Windows\system32\CD_CLINT.dll is Cydoor adware. Do I just right click the file and delete it? Wheaterbug was deleted from my system by one of the fix programs. I have gotten some warnings from A Squared, but have no idea what to do about them. I'll try to attach the log. I am also perplexed about the log from Hijack this.

I am so frustrated, can anyone lend a hand?
A million thank yous!!!
LAR
PS - Tried to attach the A-Squared xml file, but couldn't do it. I also have the Kaspersky file, the BitDefender and Panda log.

 

Please see the below thread on how to install and run Spy Sweeper.

Running Spy Sweeper...

 

Tried to download Spysweeper twice, but I got error message that the program has been damaged, try to redownload. Should I run it anyway?
LAR

 

Uninstall what you have now, then get a fresh download and install it. Reboot into Safe Mode and run a full sweep.

 

OK, reinstalled Spysweeper and ran it in safe mode. It found adware: apropos, cydoor, bonzibuddy and limeshop. All were deleted, but I still have the same problem.

Thanks so much for you help! What a great site!

 

I requested you attach the log from Spy Sweeper, can you attach this log?

Download AproposFix by Swandog46

Save it to your desktop or to another folder of its own, but do NOT run it yet!

Now reboot your computer in Safe Mode! (You must be in safe mode or this fix will not work.)

Once in Safe Mode, double-click aproposfix.exe which will give you a chice of where to unzip/install the program to). This is called the Destination folder in the window that popsup. So either install it to the Desktop or the folder where you downloaded the aproposfix.exe file to. It will create a new folder named aproposfix. Open the aproposfix folder and double click on RunThis.bat to run the fix. Follow the prompts.

When the tool is finished, reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file that has been created in the aproposfix folder.

 

Wow - how do you guys know all this soooo fast?! When I go into safe mode, do I use networking? Also do I log on as Administrator?

Many Thanks!

 

Safe Mode w/ Networking is usually what we recommend choosing because you are most likely to get a desktop this way.

Yes, you do need to login as Administrator or at least an account with Admin rights.

 

I ran the fix - it was very quick. Here's the new Hijack log, but the other two logs are on the Safe Mode desktop. How do I get them to you? Do I email them from Safe Mode? I'm a-scared to go on line in Safe Mode.

Merci beaucoup, Monsieur Le Geek!

 

PS - I still have the same problem.

 

I need the Spy Sweeper log along with the Apropos fix log. Go in C:\Documents and Settings\YOUR USERNAME\Desktop and locate the logs then attatch them to your next post.

 

Aha! Did a search for them, but got nothing. Thanks for the tip. Turned out they are under Administrator.

Here's log.text. It won't let me attach Spy Sweeper though. I'm running Ewido now. It found Wild Tangent and one other so far.

 

I will check back sometime tomorrow, after your done with the Ewido scan attach this log as well.

Why can't you attach the SpySweeper log?

 

Many thanks! Is there anything else in the meantime?

Sweet dreams - zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz

 

Just be sure you have the latest updates for Spy Sweeper and Ewido. Remove all found infections...post the logs after your done with a fresh HJT log and I will check back tomorrow.

Running Spy Sweeper

Running Ewido Security Suite

(Just in case you need the links)

 

PS - I don't know why the Spy Sweeper log won't attach. I try to upload and get an Invalid File Type error message.

 

Make sure it's in .log or .txt format.

 

Got the Spy Sweeper file ready. I resaved it as a .txt file. I'll send the Ewido in the AM, it's not done yet.
Thanks!!!!

 

Here's the Ewido. Still having the same problem.

Is it ok to delete the Wild Tangent? Ewido said it is embedded in an archive file, so I left it in quarantine.

Thanks! I'll be back on this afternoon.

 

I am back on line and posted my logs. Anybody have any ideas? Please?

 

Download AproposFix by Swandog46

Save it to your desktop or to another folder of its own, but do NOT run it yet!

Now reboot your computer in Safe Mode! (You must be in safe mode or this fix will not work.)

Once in Safe Mode, double-click aproposfix.exe which will give you a chice of where to unzip/install the program to). This is called the Destination folder in the window that popsup. So either install it to the Desktop or the folder where you downloaded the aproposfix.exe file to. It will create a new folder named aproposfix. Open the aproposfix folder and double click on RunThis.bat to run the fix. Follow the prompts.

When the tool is finished, reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file that has been created in the aproposfix folder.

 

Woohoo! I seem to be fixed!! After MANY HOURS and DAYS of trying everything including your help, the help of an e-machine tech advisor, and the help of two Microsoft advisors, I finally found an answer. The third Micorsoft tech advisor had me try a bunch of things, and then finally, this is what worked: I went to "Start", "Run", typed in "sfc /scannow" and windows fixed whatever was wrong. He thinks one of the windows files got corrupted, possibly by a virus, and this reset all the files. I was then able to download all new Windows updates, turn on my firewall, etc!! Thanks SO MUCH for all the tips on the anit-malware downloads. I don't think I would have found the problem without cleaning my computer first.

MANY THANKS!
Lar

 

To confirm your clean, please attach a fresh HJT log from normal mode.

 

Here it is. Do you see anthing that I should fix or remove?

PS - Is it secure to leave these logs attached to this thread?

 

Please look in Add or Remove Programs for the following and Uninstall them if found:

Ewido

Spy Sweeper

Viewpoint

Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmredir.asp?region=east&bw=dsl&cd=4.0&bm=ho_sea rch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer customized for Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Navigate to and DELETE the following if they should remain:

C:\Program Files\Viewpoint ←–– Delete this whole folder if it exist!

NEXT:
Run CCleaner to clean up cookies and temp files.

Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


After you complete the above, reboot and let me know how things are running and if any problems remain.

 

Got it! I will do it tomorrow evening. Have to work tomorrow. By the way, what is Viewpoint? I've seen other people post that it should be removed. Did it come with my computer?

You guys are THE BEST!!

PS - Are there girl Geeks too?

 

Yes, I have met some girl geeks

Viewpoint is a browser plug-in able to display interactive 3D models, Macromedia Flash animations and interfaces, as well as streaming video but it is recommended it be uninstalled. I personally havnt had time to research why I just request it be uninstalled.