1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Cannot get rid of Malware even with Spyware Doctor, now Internet is also not working

Discussion in 'Virus & Other Malware Removal' started by typhoonwinds, Nov 6, 2007.

Thread Status:
Not open for further replies.
  1. typhoonwinds

    typhoonwinds Thread Starter

    Joined:
    Jul 21, 2003
    Messages:
    58
    Hello,

    PROBLEM
    ======
    I am having a nightmare with my computer since last night. Out of no where, I got a pop-up on my screen saying that my computer was infected with "New Malware.n". I bought Spyware Doctor with Antivirus online to fix this problem. The scan found over 500 infections and removed it, but the pop-up message did not go away. When I ran the spyware doctor again, I got over 50 infections and I fixed those one more time. The pop-up on my screen increased to other infections (See: Sequence), and I can no longer connect to the internet. I ran the scan one more time and again I got 8 threats and 35 infections (see: Last Scan on Spyware Doctor). Any help would be appreciated.

    LAST SCAN ON SPYWARE DOCTOR
    =======================
    Here is what I got in the last Spyware Doctor scan that I ran. I was not able to fix these as the system froze when I clicked the "Fix" button. It took approximately 6 hours to scan.

    Adware.Advertising 1 Low
    Spyware.Known_bad_Sites 1 High
    Antivirus Deleted Files 15 High
    Trojan.Desktopscam 2 High
    Adware.Lpend!sd5 2 High
    Spyware.Rogue_Anti_Spyware_Products 4 High
    Adware.MediaGateway 1 Elevated
    Trojan.VX2_Look2Me 9 High

    Sequence
    ======

    When I rebooted my computer after scanning/fixing the files using spyware doctor, here is the sequence of steps tha happened:

    (1) Computer started booting up

    (2) Got a pop-up even before the desktop was painted:

    "Webscanx.exe has generated errors and will be closed by windows. You will need to restart the program. An error is being created."

    (3) I clicked OK to the above message and immediately got the following pop-ups in this sequence. When I closed one, the other pop-up opened up. All of these pop-ups stated that my cmputer was infected by the virus. The virus names and locations are given below from each pop-ups:

    (a) Generic PWS.j (C:\WINNT\System32\LYLoader.exe)
    (b) New Malware.n (C:\Documents and Settings\Default User-WIN)
    (c) PWS-OnlineGames.j (C:\Documents and Settings\Default User-WIN)
    (d) New Malware.n (C:\WINNT\System32\6.exe)
    (e) PWS-Mmorpg.gen (C:\Documents and Settings\Default User-WIN)

    (4) After closing all the pop-ups, the desktop was painted.

    (5) I got the following pop-up even before I clicked Internet Explorer.

    "Microsoft Visual C++ Runtime Error - Runtime Error! Program C:\Program Files\Internet Explorer\Iexplore.exe - abnormal program termination."

    (6) On clicking the Ok button, I could see the Internet coming up and then get the same pop-up as (2) above and the internet would close on clicking OK button.

    Hence, in short, I can't accress internet.

    I have attached the HiJackThis file below:

    ======== HIJACKTHIS ================

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:08:20 PM, on 11/6/2007
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\csrss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
    C:\WINNT\System32\DRIVERS\dcfssvc.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINNT\system32\stisvc.exe
    C:\program files\internet explorer\IEXPLORE.EXE
    C:\Program Files\Network Associates\VirusScan\VsStat.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
    C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
    C:\Program Files\Network Associates\VirusScan\Avconsol.exe
    C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
    C:\WINNT\Explorer.EXE
    C:\PROGRA~1\YAHOO!\browser\ybrwicon.exe
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe
    C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
    C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Common Files\efax\Dllcmd32.exe
    C:\Program Files\Common Files\efax\HotTray.exe
    C:\WINNT\system32\DllHost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\YAHOO!\browser\ycommon.exe
    C:\Program Files\Microsoft Office\Office\WINWORD.EXE
    C:\WINNT\msagent\AgentSvr.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINNT\System32\nzdd.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\YAHOO!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
    O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKLM\..\Policies\Explorer\Run: [MSDEG32] LYLoader.exe
    O4 - HKLM\..\Policies\Explorer\Run: [MSDWG32] LYLoadbr.exe
    O4 - HKLM\..\Policies\Explorer\Run: [MSDCG32 ] LYLeador.exe
    O4 - HKLM\..\Policies\Explorer\Run: [MSDOG32] LYLoador.exe
    O4 - HKLM\..\Policies\Explorer\Run: [MSDSG32] LYLoadar.exe
    O4 - HKLM\..\Policies\Explorer\Run: [MSDMG32] LYLoadmr.exe
    O4 - HKLM\..\Policies\Explorer\Run: [MSDHG32] LYLoadhr.exe
    O4 - HKLM\..\Policies\Explorer\Run: [MSDQG32] LYLoadqr.exe
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] (User 'Default user')
    O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\Realdownload0.exe
    O4 - Global Startup: KODAK Picture Transfer Software.lnk = C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe
    O4 - Global Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe
    O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC LightSpeed Self Support Tool\bin\matcli.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
    O12 - Plugin for .bat: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
    O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
    O15 - Trusted IP range: 206.161.125.149
    O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.mbakercorp.com/CFIDE/classes/CFJava.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122900205908
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
    O20 - AppInit_DLLs: kawdczy.dll
    O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
    O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINNT\System32\DRIVERS\dcfssvc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: McAfee Firewall - Networks Associates, Inc. - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
    O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
    O23 - Service: ptssvc - KODAK - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Telephotsgoogle (Wdswsdewn) - Unknown owner - C:\WINNT\system32\serdst.exe
    O24 - Desktop Component 1: (no name) - http://m /

    --
    End of file - 11610 bytes



    I would very much appreciate any help. Thank you.
     
  2. typhoonwinds

    typhoonwinds Thread Starter

    Joined:
    Jul 21, 2003
    Messages:
    58
    I really am stuck .... I tried everything and still can't get rid of malware or connect to the internet. Please help. I have tried to give all the details above that could be helpful to solve this issue. I am sure someone must have experienced this problem before and can help me with this. Thanks.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/648748

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice