02-18-2012 08:13 AM
Make new topic in malware discussions and i will help u.
02-19-2012 12:43 AM
Please download and scan with SUPERAntiSpyware Free
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".
Scan with SUPERAntiSpyware as follows:
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.
02-19-2012 09:19 PM
Can u give me a screenshot of that popup u are seeing?
02-20-2012 05:15 PM
It changes ads day to day. It always starts as cpv.servefeed.info as a blank screen then tries to go to an ad. Sometimes Trend blocks it as a bad web site but sometimes it goes through and I get the great oppertunity to buy whatcits for the best price.
02-20-2012 09:03 PM - edited 02-20-2012 09:36 PM
Do u recognize this application called spywareterminator which is on your computer?
Note: Please don't run any scanner or cleaner or making any change after the system booted or you may loose some files or folders.
Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt
Start C:\Windows\SysWow64\drivers\is3srv64.sys C:\Windows\SysWOW64\SZComp5.dll C:\Windows\SysWOW64\SZBase5.dll C:\Windows\SysWOW64\IS3DBA5.dll C:\Windows\SysWOW64\IS3UI5.dll C:\Windows\SysWOW64\IS3Win325.dll C:\Windows\SysWOW64\IS3HTUI5.dll C:\Windows\SysWOW64\IS3Inet5.dll C:\Windows\SysWOW64\IS3Svc5.dll C:\Windows\SysWOW64\IS3Hks5.dll C:\Windows\SysWOW64\IS3XDat5.dll C:\Windows\SysWOW64\SZIO5.dll C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe C:\Program Files (x86)\Common Files\iS3 C:\Users\All Users\STOPzilla! C:\ProgramData\STOPzilla! C:\STOPzilla! c:\Program Files (x86)\STOPzilla! C:\Windows\Tasks\SA.DAT end
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Now please enter System Recovery Options.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
•Click the button.
•Accept any security warnings from your browser.
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
02-21-2012 05:15 AM - edited 02-21-2012 05:41 AM
OK...Once back to normal windows run this fix.
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
:OTL [2012/02/08 11:15:52 | 000,000,334 | -HS- | C] () -- C:\Windows\7665361drv.spi [2012/01/22 21:44:29 | 000,061,440 | ---- | C] () -- C:\Windows\uninstall.exe [2011/07/26 19:55:52 | 000,008,935 | -HS- | C] () -- C:\ProgramData\OnLineIDCpl32.dll ipconfig /flushdns /c :Commands [purity] [resethosts] [emptytemp] [EMPTYFLASH] [CLEARALLRESTOREPOINTS] [Reboot]
02-21-2012 08:09 PM - edited 02-21-2012 08:44 PM
Are u still seeing pop ups?Simply delete all tools and unintall the tools that we installed and logs on your computer...And then keep Only AVPtool at your desktop.
Now the Analysis in AVP
Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information
On completion click the link to locate the zip file to upload and attach to your next post