TONS of spyware

Welcome to MGs!

Can you please attach the log from Panda ActiveScan?

 

Maybe later.

Look in Add/Remove Programs and uninstall the below if found.
Anonymizer or SpywareKiller
AdDestroyer
MyWebSearch Email Plugin (or anything that says MyWeb in it)
SurfSideKick 3 (or any other SurfSideKick version)
Vbouncer or Virtual Bouncer
ZenoSearch

Let me know if you find any of these and if they would uninstall!

Is there a reason you are not using Microsoft Windows Defender? MS Antispyware is no longer the supported scanner by Microsoft.


Download Brute Force Uninstaller and unzip it to its own folder (like c:\BFU)

Download the attached alcanshorty.zip file save it to the same folder you put the Brute Force Installer into. Then extract the alcanshorty.bfu file from the ZIP into that folder too.

Start the Brute Force Uninstaller by doubleclicking BFU.exe

In the Scriptfile to execute: box copy and paste c:\bfu\alcanshorty.bfu
The click the Execute button to run the script.

Wait for the Completed script execution box to popup and then press OK.
Click the Exit button to terminate the BFU program.

Afterwards attach a new HJT log so we can finished fixing what remains.

 

What about my question on Windows Defender?

I'm looking at the rest of the log now.

 

I believe right now that the definitions are still getting updated but you can no longer officially download MS Antispyware from Microsoft and they will not be updating the program itself.

Make sure viewing of hidden files is enabled (per the tutorial).
Please run HijackThis and click on the Open the Misc Tools Section button on the open page. Then select Open process manager on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click Kill process. Then click yes.
C:\Program Files\Network\ipnetwork.exe
C:\windows\rlvknlg.exe
C:\WINDOWS\System32\mwinlsaw.exe

After killing all the above processes, click Back.
Then please click Scan and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R3 - Default URLSearchHook is missing
O2 - BHO: wb - {55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC} - C:\WINDOWS\system32\nsf11.dll
O2 - BHO: BMG3.LongTooth - {8110581C-FEA4-47AC-ADBC-DE958DD0F354} - C:\WINDOWS\System32\{8110581C-FEA4-47AC-ADBC-DE958DD0F354}.dll
O2 - BHO: (no name) - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - (no file)
O2 - BHO: (no name) - {D27DF2AC-C028-FF78-3D4B-72A2F9B8BA6F} - C:\WINDOWS\Sxrrlmoe.dll
O3 - Toolbar: Search - {6C68515E-13EF-A5E3-D4B4-231357B0E7BB} - C:\WINDOWS\Sxrrlmoe.dll
O3 - Toolbar: (no name) - {EA0D26BD-9029-431A-86E0-83152D67828A} - (no file)
O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe
O4 - HKLM\..\Run: [{B2-23-31-13-ZN}] C:\windows\system32\rkdsregj.exe CORN001
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\rlvknlg.exe -boot
O4 - HKLM\..\Run: [Proc999] C:\WINDOWS\SYSTEM32\VHYAQX.EXE
O4 - HKLM\..\Run: [NewFrn] C:\WINDOWS\newfrn.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWay\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Hymmvasr] C:\Program Files\Kwudu\Yywggq.exe
O4 - HKLM\..\Run: [emphjlk] C:\WINDOWS\emphjlk.exe
O4 - HKLM\..\Run: [Contextual Tool] C:\WINDOWS\z00098.exe
O4 - HKLM\..\Run: [cfkxvytA] C:\WINDOWS\cfkxvytA.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\System32\mwinlsaw.exe CORN001
O4 - HKLM\..\Run: [Bmexppch] C:\Program Files\Yxqoi\Vkjcqlh.exe
O4 - HKCU\..\Run: [SPYKILLER] C:\Program Files\Anonymizer\sk\SpyWareKiller.exe /BOOT
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\System32\irssyncd.exe
O4 - Startup: AdDestroyer.lnk = C:\Program Files\AdDestroyer\AdDestroyer.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\mwinlsaw.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE77-288B1E346E99} - C:\Program Files\FCAdvice\FCAdvice.dll

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete (some may not be found since HJT may delete them):
C:\Program Files\AdDestroyer <--- the whole folder
C:\Program Files\Anonymizer <--- the whole folder
C:\Program Files\FCAdvice <--- the whole folder
C:\Program Files\Kwudu <--- the whole folder
C:\Program Files\MyWay <--- the whole folder
C:\Program Files\Network <--- the whole folder
C:\Program Files\SurfSideKick 3 <--- the whole folder
C:\Program Files\Yxqoi <--- the whole folder
C:\WINDOWS\cfkxvytA.exe
C:\WINDOWS\emphjlk.exe
C:\WINDOWS\newfrn.exe
C:\windows\rlvknlg.exe
C:\WINDOWS\z00098.exe
C:\WINDOWS\Sxrrlmoe.dll
C:\WINDOWS\system32\nsf11.dll
C:\WINDOWS\System32\{8110581C-FEA4-47AC-ADBC-DE958DD0F354}.dll
C:\windows\system32\rkdsregj.exe
C:\WINDOWS\SYSTEM32\VHYAQX.EXE
C:\WINDOWS\System32\mwinlsaw.exe
C:\WINDOWS\System32\irssyncd.exe
C:\WINDOWS\system32\mwinlsaw.exe
C:\WINDOWS\system32\dwdsregt.exe

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log.

Make sure you tell me how things are working now.

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

Your log is clean. If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link. Also note that you must update the copy of Sun Java being used. The version on the PC is out of date. Make sure you get the latest from the link included in the below procedure and install it. Then uninstall your old 1.4.2 version.

How to Protect yourself from malware!

 

You're welcome. Surf safely.