Member Panel

atands · 04:46 AM

I am having also a problem with this trojan. If you have found a solution. Kindly email it to XXX . thx.

Edit: As this thread was originally posted in another users thread, here is the original for clarification [url=http://www.pchelpforum.com/spyware-adware/14376-spyware-wont-go-away.html#post107495]Spyware-wont-go-away[url]

@Atands, it is not a good idea to post your personal email in a post, we answer all questions here in the forums. Thx.

LGW

atands · 06:29 PM

Originally Posted by atands

I am having also a problem with this trojan. If you have found a solution. Kindly email it to altomc@yahoo.com . thx.

here is the Hijackthis log file:

Edited by Double A Ron:

Please read the PCHF RULES

ALL "Log" attachments MUST be posted as attachments and not pasted into posts

I've fixed it for you, don't worry too much about it this time

.

How to Attach Files

double_a_ron

Hi Atands, Welcome to the PC Help Forum.

We have an excellent team of security specialists who will be glad to help you out.

Though you've already submitted your Hijack This Log could you please follow the instructions in the *Prework* Link in my signature.

We'll get through tis together :azn:

PS. Sorry bout the lengthy edit on your post. I'm still trying to find the tutorial to posting those:computer_.

atands

Thanks Guys.

Yes. I have now followed the "prework" instructions (disabling restore and running the various programs and am attaching the log file for Ewido and Hijackthis.

Regards

joe5

Make sure you still have Ccleaner , and still have hidden files set to show and system restore disabled.

Please download FixWareout from one of these sites:

http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
When your system reboots, follow the prompts. Afterwards, Hijack This will launch. Close Hijack This, and click OK to proceed.
At the end of the fix, you may need to restart your computer again.

Then uninstallthese in add/remove programs if present:

RXToolbar
nSpyPC

And now boot in safemode and then fix these with hjt:

R3 - URLSearchHook: (no name) - {3B1DA251-EE8C-A657-EA48-C8BD67024681} - nmdllw.dll (file missing)
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\PROGRA~1\RXTOOL~1\sfcont.dll (file missing)
O4 - HKLM\..\Run: [bhoserv] stuffmon.exe
O4 - HKLM\..\Run: [InpriseMon] UserSp1.exe
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O4 - HKCU\..\Run: [teqq32] powerdll.exe
O4 - HKCU\..\Run: [TRPT] sysmon12.exe
O4 - HKCU\..\Run: [MsNetHelper] powerdll.exe
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/inst...l/pinstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05C1EFEC-FA2D-41AB-9667-F8929F1DF111}: NameServer = 85.255.116.42,85.255.112.185
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF795C81-2112-478F-B883-1A2DB7A38C4E}: NameServer = 85.255.116.42,85.255.112.185
O17 - HKLM\System\CS1\Services\Tcpip\..\{05C1EFEC-FA2D-41AB-9667-F8929F1DF111}: NameServer = 85.255.116.42,85.255.112.185
O17 - HKLM\System\CS2\Services\Tcpip\..\{05C1EFEC-FA2D-41AB-9667-F8929F1DF111}: NameServer = 85.255.116.42,85.255.112.185
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOL~1\sfcont.dll

Then run Ccleaner and delete the files in bold. Also do a manuall search for , and delete these:

stuffmon.exe
UserSp1.exe
powerdll.exe
sysmon12.exe
powerdll.exe
nmdllw.dll

Finally, please post the contents of the logfile C:\fixwareout\report.txt and a new hjt log.

atands

Thanks,

I followed your instructions above and am attaching the latest hijackthis logs 3 and 4. I think that the problem is solved!!

If so, thanks so much to your team. What a great service! Will let my associates know about it and try to promote you as much as possible.

Regards

Atands

joe5

The log3 is from before you followed the fix instructions it seems? Log4 is completely clean.

But can you also post the fixwareoutlog to check?
(C:\fixwareout\report.txt)