Skip to content


Reply
Legendary Noble
malwarekiller
Posts: 3,967
Registered: ‎08-08-2011

Re: cpv.servefed.info

@none

 

Make new topic in malware discussions and i will help u.

—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.
Stone Emissary
rhc123
Posts: 32
Registered: ‎11-06-2011

Re: cpv.servefed.info

Here is log. I know your busy and I want to thank you for your help.

Please use plain text.
Legendary Noble
malwarekiller
Posts: 3,967
Registered: ‎08-08-2011

Re: cpv.servefed.info

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

 

Scan with SUPERAntiSpyware as follows:

  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.
Stone Emissary
rhc123
Posts: 32
Registered: ‎11-06-2011

Re: cpv.servefed.info

Please use plain text.
Legendary Noble
malwarekiller
Posts: 3,967
Registered: ‎08-08-2011

Re: cpv.servefed.info

Can u give me a screenshot of that popup u are seeing?

—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.
Stone Emissary
rhc123
Posts: 32
Registered: ‎11-06-2011

Re: cpv.servefed.info

It changes ads day to day. It always starts as cpv.servefeed.info as a blank screen then tries to go to an ad. Sometimes Trend blocks it as a bad web site but sometimes it goes through and I get the great oppertunity to buy whatcits for the best price.

Please use plain text.
Legendary Noble
malwarekiller
Posts: 3,967
Registered: ‎08-08-2011

Re: cpv.servefed.info

[ Edited ]

Do u recognize this application called spywareterminator which is on your computer?

 

Note: Please don't run any scanner or cleaner or making any change after the system booted or you may loose some files or folders.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

 

Start
C:\Windows\SysWow64\drivers\is3srv64.sys 
C:\Windows\SysWOW64\SZComp5.dll
C:\Windows\SysWOW64\SZBase5.dll
C:\Windows\SysWOW64\IS3DBA5.dll
C:\Windows\SysWOW64\IS3UI5.dll
C:\Windows\SysWOW64\IS3Win325.dll
C:\Windows\SysWOW64\IS3HTUI5.dll
C:\Windows\SysWOW64\IS3Inet5.dll
C:\Windows\SysWOW64\IS3Svc5.dll
C:\Windows\SysWOW64\IS3Hks5.dll
C:\Windows\SysWOW64\IS3XDat5.dll
C:\Windows\SysWOW64\SZIO5.dll
C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Program Files (x86)\Common Files\iS3
C:\Users\All Users\STOPzilla!
C:\ProgramData\STOPzilla!
C:\STOPzilla!
c:\Program Files (x86)\STOPzilla!
C:\Windows\Tasks\SA.DAT
end

 NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

NEXT

 

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the  button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on  to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the  icon on your desktop.

•Check 
•Click the  button.
•Accept any security warnings from your browser.
•Check 
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push 
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the  button.
•Push 
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt 


—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.
Legendary Noble
malwarekiller
Posts: 3,967
Registered: ‎08-08-2011

Re: cpv.servefed.info

[ Edited ]

OK...Once back to normal windows run this fix.

 

Warning This fix is only relevant for this system and no other, using on another computer may cause problems 

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot 

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
:OTL
[2012/02/08 11:15:52 | 000,000,334 | -HS- | C] () -- C:\Windows\7665361drv.spi
[2012/01/22 21:44:29 | 000,061,440 | ---- | C] () -- C:\Windows\uninstall.exe
[2011/07/26 19:55:52 | 000,008,935 | -HS- | C] () -- C:\ProgramData\OnLineIDCpl32.dll


ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please attach the log generated after the fix completion.
—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.
Stone Emissary
rhc123
Posts: 32
Registered: ‎11-06-2011

Re: cpv.servefed.info

Please use plain text.
Legendary Noble
malwarekiller
Posts: 3,967
Registered: ‎08-08-2011

Re: cpv.servefed.info

[ Edited ]

Are u still seeing pop ups?Simply delete all tools and unintall the tools that we installed and logs on your computer...And then keep Only AVPtool at your desktop.

 

Now the Analysis in AVP

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information 

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post 

Posted Image

—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.