[Chilly4572]

I keep getting pop-ups on my computer that just will not go away. I know that it is infected with spyware. I have downloaded and tried what you recommended to do first before posting a topic and nothing seems to be working. I am not familiar with the HiJackThis program at all. I downloaded ad-aware, ewido, and spybot....nothing seems to be working. I have a Spy Falcon program that will just not go away and a Spy Bouncer program as well. SOMEBODY PLEASE HELP!!!!!!!!!!!!

[Advertisements]

Hello and welcome to GeeksToGo. My name is Kat and I will be helping you.

Please open HijackThis and click the "Do a scan and save a logfile" button. When HJT is finished scanning, a new window (Notepad) will open. Copy and paste EVERYTHING in the notepad window into this thread. Do NOT do anything else with HijackThis. I will give you exact instructions on what to do when we are ready to use it.

I would also like to see one other simple scan/log....an uninstall list.

To get an Uninstall List from HijackThis:

• Open HijackThis, click Config, click Misc Tools
• Click "Open Uninstall Manager"
• Click "Save List" (generates uninstall_list.txt)
• Click Save, copy and paste the results in your next post.

Post both of these into your thread here. I will analyze both of them, and give you more instructions.

Please note that I work during the day, and don't have internet access there. If you reply during the day, I will get back to you as soon as I get home.

[Kat]

Hello and welcome to GeeksToGo. My name is Kat and I will be helping you.

Please open HijackThis and click the "Do a scan and save a logfile" button. When HJT is finished scanning, a new window (Notepad) will open. Copy and paste EVERYTHING in the notepad window into this thread. Do NOT do anything else with HijackThis. I will give you exact instructions on what to do when we are ready to use it.

I would also like to see one other simple scan/log....an uninstall list.

To get an Uninstall List from HijackThis:

• Open HijackThis, click Config, click Misc Tools
• Click "Open Uninstall Manager"
• Click "Save List" (generates uninstall_list.txt)
• Click Save, copy and paste the results in your next post.

Post both of these into your thread here. I will analyze both of them, and give you more instructions.

Please note that I work during the day, and don't have internet access there. If you reply during the day, I will get back to you as soon as I get home.

[Chilly4572]

I don't have HiJackThis, where do I download it????

[Chilly4572]

Here is the first part you asked for:

Logfile of HijackThis v1.99.1
Scan saved at 10:20:00 PM, on 3/21/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Plaxo\2.6.2.9\PlaxoHelper.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\AOL\1141266382\ee\aolsoftware.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

O2 - BHO: Nothing - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINNT\system32\hpA921.tmp
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Program Files\Security Toolbar\Security Toolbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Bouncer RunStartup] C:\Program Files\Bouncer\LiveUpdate.exe 201
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1141266382\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SpyFalcon] C:\Program Files\SpyFalcon\SpyFalcon.exe /h
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.9\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} (PopupSh Control) - http://206.222.17.18...ges/PopupSh.ocx
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe

---------------------------------------------------------------

Here is the second part you asked for:

Ad-Aware SE Personal
AOL Uninstaller (Choose which Products to Remove)
CleanUp!
ewido anti-malware
HijackThis 1.99.1
J2SE Runtime Environment 5.0 Update 6
Macromedia Flash Player 8
Macromedia Flash Player 8
Microsoft Internet Explorer 6 SP1
Mozilla Firefox (1.5)
Paint Shop Pro 7
Plaxo Toolbar for Outlook and Outlook Express
Security Toolbar
Spybot - Search & Destroy 1.4
SpyBouncer
SpyFalcon 2.0
SpywareBlaster v3.5.1
Viewpoint Media Player
Windows Media Player system update (9 Series)
WinZip



I am no longer able to open IE, I have Mozilla also and that is what I am using now....PLEASE HELP!!!

Thank you

[Kat]

Removal Instructions:Step 1:

• Print out these instructions as we will need to close every window that is open later in the fix.
• Download FixSF.reg to your desktop by right clicking on the following link and then selecting Save Link As or Save File as, depending on your browser.
  • Confirm that the file FixSF.reg now resides on your desktop as we will need it later.
• Download smitRem.exe ©noahdfear, and save the file to your desktop.
  • Double click on the file to extract it to it's own folder on the desktop.
  • If you look on your desktop you will now see a folder called smitRem.
• Go to your desktop and double click on the FixSF.reg file that you downloaded earlier. When it asks if you would like to merge the information, press the Yes button and then the OK button.

Step 2:

• Next, please reboot your computer into SafeMode by doing the following:
  • Restart your computer.
  • After hearing your computer beep once during startup, but before the Windows icon appears, repeatedly and quickly press F8.
  • Select the first option, to run Windows in Safe Mode.
  • When you are at the logon prompt, log in as an Administrator.
• When your computer has started in SafeMode and you see the desktop.
• Click on Start > Control Panel > Double-click on the Add or Remove Programs icon.
• Find the entry for SpyFalcon and double-click on it. Follow the prompts to uninstall the program, but do not allow it to reboot the computer if it asks.
• Also uninstall Security Toolbar and SpyBouncer SpyBouncer is a Rogue Anti-Spyware application. For more information, please see THIS SITE
• Delete the following files and folders (Do not be concerned if this folder does not exist):
  • C:\Windows\System32\dxmpp.dll <-- File
  • C:\Windows\System32\ginuerep.dll <-- File
  • C:\WINNT\system32\hpA921.tmp <-- File
  • C:\Program Files\SpyFalcon\ <-- Folder
  • C:\Program Files\SpyBouncer\ <-- Folder
  • C:\Program Files\Security Toolbar\ <-- Folder
• Close all Windows.

Step 3:

• Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
• If there is an uninstaller present for an infection that smitRem removes it will start this uninstaller.
• Simply click on the Uninstall button and allow the uninstaller to finish. When it is completed, it will close automatically and smitRem will prompt you to continue. Now you should press any key to continue.
• Wait for the tool to complete and Disk Cleanup to finish.
• The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed.
• Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Please make a reply here when you are finished with all the above instructions. Let me know of any trouble you encountered. In your reply, I need to see the following:

• A new HijackThis log, scanned for after all steps above are done
• The SmitRem log

[Kat]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.